Marshall T. Rose

@DoctorLemma I was there too, many years ago, and saw exactly this. The Peabody Hotel and ducks for the win!

There is a hotel in the southern United States that employs a man whose official job title is Duckmaster. The position exists nowhere else in the world. Twice a day he puts on a red and gold uniform, takes the elevator up to the rooftop, and walks five ducks down to the lobby. They march across a red carpet to a marble fountain in front of the guests, then swim there until evening. The tradition started in 1933 when the hotel’s manager came back from a duck hunting trip with too much whiskey in him and dumped his live decoys in the lobby fountain as a prank. Guests loved it. A few years later, a former circus animal trainer working as a bellman at the hotel volunteered to look after the ducks and taught them to march. The hotel gave him the title of Duckmaster. He kept the job for 50 years. The ducks now live on the rooftop in a marble palace that cost the hotel $200,000 to build, with their own miniature replica of the hotel inside. The hotel’s French restaurant has refused to serve duck on the menu since 1981.

@iAnonymous3000 Back in 1992, the US EPAct went into effect, which (among other things) reduced the amount of water that a residential toilet could flush. Manufacturers complied with this. General contractors started scouring landfills looking for old toilets so they could refurbish them...

It should NOT be this hard to buy a privacy-respecting printer. Seriously. A printer should be one of the simplest devices in the house. You send it a document. It puts ink or toner on paper. That should be the whole relationship. Instead, the mainstream printer market has become a swamp of cloud accounts, mobile apps, subscriptions, cartridge DRM, remote diagnostics, vendor lock-in, and “smart” features nobody asked for. HP is the canonical example of how bad this got. HP+ ties the printer to an HP account, an internet connection, and original HP ink for the life of the device. Dynamic Security can reject cartridges based on vendor-controlled firmware rules. Instant Ink turns printing into a subscription relationship. Why does it need to talk to the vendor just to do the one job it was built for? And from a security perspective, this is a nightmare. A Wi-Fi printer is a computer on your LAN. It has firmware, network services, a web admin panel, default settings, cloud features, and sometimes stored documents or saved credentials. A compromised printer can expose services. It can: - advertise itself to the LAN - store print jobs and scans - keep address books and scan destinations - hold credentials for scan-to-email, scan-to-SMB, scan-to-FTP, LDAP, or remote management And it usually sits on the same network as your laptop, phone, NAS, smart home devices, and sometimes work machine. Used printers are worse. Assume the previous owner left behind Wi-Fi settings, scan destinations, address books, stored credentials, and cached documents. One reason to prefer black-and-white: many color laser printers can embed machine identification codes into printed pages. Yellow dots are the famous version. The broader issue is forensic marking. Good intel on this is weirdly hard to come by.

X family: We’re GIVING AWAY a full beef box this weekend!!! USDA prime, grass-fed & finished, dry-aged beef— raised right here in Lampasas, Texas What’s included: – 2 ribeyes – 2 flat irons – 8 wagyu burger patties – 2 lb ground beef – king sized picanha – cross cut bone-in short ribs We’ll ship it straight to your door!! to enter: • follow @ElkinsCattleCo • repost this • comment your all-time favorite beef cut must be in the U.S. (AK/HI not included) Winner announced monday 04/27 at noon CT ships out Tuesday 04/28 1 winner will be announced + DM’d from this account only. Good luck! 🙏🥩🇺🇸

I very much look forward to seeing some technical depth behind the product. I spoke with someone who knows a lot about audio and they had a list of about 10 concerns that dealt with physics. Many of these are mentioned below. Saying "solved by AI" (a paraphrase, sorry), isn't all that helpful to folks who are genuinely interested in the product. I can DM the list or put it here, if you wish.

Today, we're introducing Spectre I, the first smart device to stop unwanted audio recordings. We live in a world of always-on listening devices. Smart devices and AI dominate our world in business and private conversations. With Deveillance, you will @be_inaudible.

Achievement unlocked! I now have the @nym VPN running on my @Raspberry_Pi! Many thanks to the folks at Nym for building an arm64 package for use on Debian.

@molllllls937 @ouraring I had a similar situation over a year ago, I contacted Oura and they sent me a replacement – at no charge – within a week. I was so impressed that I got aGen 3 ring when came out. I am sorry that your experience is the opposite of mine.

My Oura ring has held an almost week long charge for over two years, until this week where it suddenly doesn’t last a day. I’m not sure why I’d take their $100 off offer when there are other rings to try. Anyone have a good experience with another tracking ring? @ouraring

@iAnonymous3000 Email has a place, and I hope that secure messaging largely supplants email for most applications. I personally would never use the term "secure email" (without quotes), because features trying to make email secure were bolted on much, much later...

@iAnonymous3000 @iAnonymous3000 raises valid issues about the underlying security protocols. I would very much like to see X's messaging have equal or superior security properties to signal, because competition is good, regardless of the political views of the provider.

I like and respect Elon, and I'm grateful to be on this platform. But when he claims 𝕏 Chat is "much more secure than email," I feel obligated to explain the technical reality to my audience. That statement is true in the same way a screen door is more secure than no door. But that's not the comparison anyone should be making. 1. 𝕏 Can Read Your Messages 𝕏 recently added safety numbers, which is a step forward. But here's the catch: your private key backups are stored on 𝕏's servers. Safety numbers help detect external hackers, but they cannot protect you if 𝕏 itself or a rogue insider, or a government with a warrant. @signalapp's safety numbers work because your keys never leave your device. There is nothing for Signal to turn over, even if compelled. 2. No Forward Secrecy From 𝕏's own documentation: "If the private key of a registered device is compromised... an attacker would be able to decrypt all Encrypted Direct Messages." One key compromise exposes your entire message history. Signal's Double Ratchet generates new keys for every message. Compromise one key, you get one message. Past messages stay encrypted. This has been the standard in secure messaging for over a decade. 3. The "Juicebox" Vulnerability 𝕏 stores your private keys on their servers using a system called Juicebox. Cryptographer @matthew_d_green's analysis suggests this implementation is software-only, lacking Hardware Security Modules (HSMs). A 4-6 digit PIN does NOT help protect this. That is trivial to brute-force if 𝕏 (or an attacker with server access) disables the rate limiting. 4. Full Metadata Exposure 𝕏 explicitly states metadata isn't encrypted: who you message, when, and how often. As former NSA director Michael Hayden famously said: "We kill people based on metadata." Signal uses sealed sender technology to hide even this information. 5. NOT Open Source 𝕏 promised to open source XChat and publish a whitepaper in June 2025. Neither has happened. Signal has been open source and audited for over a decade. The Bottom Line: I'm not saying don't use 𝕏. I'm saying don't use 𝕏 Encrypted DMs for anything you wouldn't post publicly. For actual private communication, use @signalapp. It's free, works on all platforms, and the cryptography has withstood a decade of scrutiny from academics and nation-states alike.

@iAnonymous3000 I say this not because I work for the same company as @iAnonymous3000, and I hope that thoughtful readers will not write off my thread as biased. I will go further and state that the hypothetical gold standard is reproducible client binaries.

@BrendanEich @McOriaro The privacy policy is at #brave-talk-learn" target="_blank" rel="nofollow noopener">brave.com/privacy/browse… . Also, premium calls have real-time transcription (English-only, sorry!) Pro-tip: recordings, transcripts, etc., are deleted within 24 hours, so download 'em if you want to keep 'em...

@McOriaro @_mtr @McOriaro just in case, this is the free => paid threshold, paid call count can go to hundreds that we've tested, possibly more (Marshall to confirm). Hope that was clear!

Use talk.brave.com.

@BrendanEich @McOriaro I have been on "confabs" with a couple of hundred "active" participants. You can also have calls with thousands of "passive" observers. Of course, I'm talking about Brave Talk Premium ... the free service is limited to 10 participants.

@BrendanEich @McOriaro It was pushed to production about 18 days ago. We have not changed the messaging (still says "Start free call (up to 4 people)"), because we're measuring how many free calls are going above the old threshold. I expect this to be "official" next month.

@McOriaro It's changing to 10, I thought already pushed to prod. Checking with @_mtr.

@aguscruiz And, as a final disclaimer… obviously, I don’t know how to compose a thread in X…

@aguscruiz relatively few in comparison to the commercial flights taking. Why were the USB ports removed in some equipment? I don’t know. I could guess that it dealt with power consumption, but that is an ill-informed guess on my part.

El gran @_mtr me cuenta que la última parte seguramente sea mentira inventada por el tipo pues la network de operaciones debe estar aislada de la de los usuarios, lo cual suena obvio si lo pienso por más de medio segundo 😅

I am happy to retweet this!