35fbe7d3d5b9 (u/35fbe7d3d5b9)

35fbe7d3d5b9 commented on Health care data breach affects over 600k patients, Illinois agency says nprillinois.org/illinois/... · Posted by u/toomuchtodo

nemomarx · 2 months ago

Does it need to be hosted on your servers? Could you provide something to the customers where they host the data or their local doctors office does it?

Can you delete it after the shortest possible period of using it, potentially? Do you keep data after someone stops being a customer or stops actively using the tech?

35fbe7d3d5b9 · 2 months ago

Professionally, my company builds one of the largest EHR-integrated web apps in the US

Ask me how many medical practices connect every day via IE on Windows 8.

35fbe7d3d5b9 commented on A monopoly ISP refuses to fix upstream infrastructure sacbear.com/xfinity-wont-... · Posted by u/vedmed

motbus3 · 4 months ago

The always caressing hand of the free market and no regulations.

I've been through this multiple times. A lawyer friend of mine told me that in such cases only going through a legal battle would solve the problem but the amount of money and time for the zero return will get no interest of any lawyers.

You'll be out of luck unless yourself are a lawyer or you know someone being affected who is up to this tedious battle

35fbe7d3d5b9 · 4 months ago

I am reminded of the troubles my parents experienced with their phone service when I was a kid. We lived out in the country, and every time it rained the lines would pick up horrific static. It was too much to have a voice conversation, let alone support the (slow) dial up Internet we used.

A multitude of technicians came out and apologetically said there was a problem somewhere in a line, but they couldn’t get approval to really dig in because there just weren’t enough complaints - they theorized there was just one broken line somewhere in a bundle that water would seep in to, and we drew the short straw.

Finally, one technician very quietly suggested that my parents go to the phonebook and call the state public utilities regulation commission. I still remember that their number was found on the one blue page in the telephone book.

Within a few business days, there were half a dozen lineman out stringing new lines, and a supervisor apologizing to my parents, promising the issue would be fixed that day, and giving his direct line to them with the instructions to call if they ever had phone trouble again.

My dad generally distrusts the government, but still marvels at that response to this day.

35fbe7d3d5b9 commented on Weekend projects: Chicken Squisher 3000 lcamtuf.substack.com/p/we... · Posted by u/robinhouston

the_gipsy · 5 months ago

Do the chicken go back in to sleep before dusk?

Do the predators never attack during the day?

35fbe7d3d5b9 · 5 months ago

> Do the chicken go back in to sleep before dusk?

Yes - they are remarkably consistent in following the sun. Most automated doors wait until well past dusk, after which all the birds are up.

> Do the predators never attack during the day?

Raccoons and hawks are the predators I have had to worry about the most. Of them, raccoons are primarily nocturnal, and hawks are best dealt with by having plenty of covered spaces in your run and a rooster to watch the skies.

35fbe7d3d5b9 commented on YouTube asks channel owner to verify phone, permanently overwrites personal info old.reddit.com/r/VirtualY... · Posted by u/Tijdreiziger

Cu3PO42 · a year ago

Depending on jurisdictions, it may not be about security, but just a regulatory requirement. I need to confirm any transaction made in the bank's app on my phone, so I feel my card is sufficiently secure in that sense. However, businesses here are required to collect my billing information for transactions that do not happen in person and unfortunately address is defined to be a part of that.

That said, I fully agree with you. I see little reason that buying, for example, a video game online needs my billing information more than walking into a store and buying it there, possibly with the same card.

This just reminded me of a quote: "If cash were invented today, it would be illegal." I forget who (first) said it, but it rings true.

35fbe7d3d5b9 · a year ago

> I see little reason that buying, for example, a video game online needs my billing information more than walking into a store and buying it there, possibly with the same card.

In your latter example, a nexus clearly exists between the business selling you a video game and the state, so sales tax collection is patently obvious.

When you buy online, they have to ask - it’s the only way to figure out the proper jurisdiction.

35fbe7d3d5b9 commented on Twitter blocked my account for a tweet I did not make jacquesmattheij.com/twitt... · Posted by u/jacquesm

david927 · 4 years ago

As someone with a 15-year-old account here, I can verify that Jacques is in a special, small group of members of this community with recognized user names -- based on a long and impeccable record of substantial knowledge and respected expertise.

35fbe7d3d5b9 · 4 years ago

Counterpoint: mulch your account every so often.

It fights the development of cliques and forces people to focus on the message, not the messenger. And it sharpens your own need to make a good point, rather than posting as $KNOWN_USER and waiting for the clicks.

I've done this roughly every ~1-2 years or so since I joined about a decade ago, so my ~8-9k of aggregated karma is spread across multiple accounts.

On that topic, it's about time to rotate to a new one. Catch you all on the other side ;)

35fbe7d3d5b9 commented on Assume your devices are compromised go350.com/posts/digital-s... · Posted by u/_oe8s

jamiek88 · 4 years ago

If your threat model is infinite can you trust anything?

35fbe7d3d5b9 · 4 years ago

The good news is that I think no one human is at risk of such an attack. The way I’d frame it: if you assume the NSA can break AES-256 in reasonable timeframes, or the CIA runs every single Tor node, that knowledge gets compartmentalized to such a degree that next to nobody knows, and attacks would only be used at the highest levels against the most significant state level threats. Hell, I wager they wouldn’t even risk parallel construction for fear that it’d tip their hand.

35fbe7d3d5b9 commented on Justice Clarence Thomas uncovered a seven-year-old bug in my program (2013) franklinchen.com/blog/201... · Posted by u/nafnlj

amf12 · 4 years ago

The title makes it seem that "Justice Clarence Thomas" uncovered the bug - but that's not true. The bug was uncovered during a routine pre-processing operation.

35fbe7d3d5b9 · 4 years ago

Without Thomas taking an action - speaking - the bug would remain undiscovered. I think that counts.

35fbe7d3d5b9 commented on NSA employee indicted for transmission and retention of defense information justice.gov/usao-md/pr/na... · Posted by u/DyslexicAtheist

academia_hack · 4 years ago

The phrasing in the press release makes it sound like this is some sort of intrinsically grave offense, but it's quite possibly an innocent mistake. It sounds like this guy's colleague switched companies from one where they were cleared to one where they were not, but they continued to communicate about classified stuff.

Maybe that meant Unkenholz emailed a PDF marked TOP SECRET to his colleague in order to help some foreign entity harm US interests (obviously a terrible thing to do and worth being outraged about). But it could have also been him sending an email along the lines of "What SD cards did you order for [classified widget]? We're making more of them and I want to be sure I get all the same parts that you did for the prototype?"

Both cases violate the letter of the law, but locking a human being in a cage for a decade or more over the second one seems like a horrific misinterpretation of the concept of justice. Wish the press release was clearer on what side of the line this case falls on.

35fbe7d3d5b9 · 4 years ago

Popehat notes that this kind of reporting often oversells the likely sentence: https://www.popehat.com/2013/02/05/crime-whale-sushi-sentenc...

So it’s very possible this could end with a far less significant penalty, depending on the circumstances.

35fbe7d3d5b9 commented on Mystery GPS Tracker on a Supporter’s Car eff.org/deeplinks/2022/03... · Posted by u/cooperq

35fbe7d3d5b9 · 4 years ago

> Several weeks ago, an EFF supporter brought her car to a mechanic, and found a mysterious device wired into her car under her driver's seat

If I saw this device under my seat I'd assume it was part of some electronic system and never touch it. The only thing that I'd see that would make me go "huh" would be CDMA – and even then I would probably assume it was part of my car's infotainment system like my old Saab's OnStar that used a Verizon 2G CDMA network that died before I purchased the car.

I have a pretty good mechanic as well, and unless I was complaining about a jammed seat adjustment, he wouldn't be down there to see. I wonder if he'd even be able to eyeball it as suspicious as he's an independent; who knows what kinds of things get hooked up below seats.

Assuming this part isn't narrative, kudos to those who found it. Now where should I go look?

35fbe7d3d5b9 commented on Feds arrest couple, seize $3.6B in hacked Bitcoin funds washingtonpost.com/nation... · Posted by u/mikeyouse

bostonsre · 4 years ago

I don't understand why he wouldn't move to somewhere that doesn't have an extradition policy with the US. If you go down that path, it seems like you should probably be willing to abandon your life. It's the same with Ross Ulbricht, seems like it would be terrifying living with that sword of damocles hanging over your head absolutely constantly.

35fbe7d3d5b9 · 4 years ago

Humans notoriously overestimate their competence and underestimate dangers they face. Combine that with a federal investigation that's going to be slow because 1) it's complex and 2) the feds will happily investigate you for years if it increases their chance of a conviction, and you've got a recipe for people who think they got away with it right up until the moment of arrest.