Stefan-H (u/Stefan-H)

Stefan-H commented on Disaster awaits if we don't secure IoT now spectrum.ieee.org/iot-sec... · Posted by u/mdp2021

GuB-42 · 3 months ago

Please read the article before commenting, because I find the proposed solution a bit worrisome.

Of course we should secure IoT, but the article is about one very particular kind of security: roots of trust. The idea is that devices shouldn't run unsigned software, so forget about custom firmwares, and generally owning the hardware.

There is a workaround, sometimes called "user override", where the owners can set their own root-of-trust so that they can install custom software. It may involves some physical action, like pushing a switch, so that it cannot be done remotely by a hacker. But the article doesn't mention that, in fact, it especially mentions that the manufacturer (not the user) is to be trusted and an appropriate response is to reset the device, making it completely unusable for the user. Note that such behavior is considered unacceptable by GPLv3.

There are some cases where it is appropriate, GPLv3 makes a distinction between hardware sold to businesses and "User Products", and I think that's fair. You probably don't want people to tinker with things like credit card terminals. But the article makes no such distinction, even implying that consumer goods are to be included.

Stefan-H · 3 months ago

How user antagonistic changing code on IoT devices should be is highly dependent on the threat model for the devices. I'm happy to trust home users to flash their lightbulbs and door locks (though the company might not see that as acceptable to their brand reputation if their lock is compromised nonetheless), but I would prefer not to trust the hundreds of IT departments and engineering teams to properly vet the code they are flashing onto industrial control systems when lives are at stake - centralized authority and accountability with high visibility on the code base that is flashed to the devices is what is needed there.

Stefan-H commented on Disaster awaits if we don't secure IoT now spectrum.ieee.org/iot-sec... · Posted by u/mdp2021

mystraline · 3 months ago

> Guy Fedorkow is a Connection Science Fellow at MIT, a Distinguished Engineer at Juniper Networks, and a contributor to the Trusted Computing Group.

Talk about the worst corporate doublespeak - 'trusted computing'.

It also goes by DRM, or rental hardware, or you never actually own it cause someone else retains permanent digital control.

There is NO trust here, only control and power in never actually selling anything.

And since we're talking of IoT, this goes hand in hand with proprietary corporate clouds, anti-FLOSS like Home Assistant, rental in the form of sales, forced firmware upgrades that remove previous features to gatekeep and resell what you promised.

I don't even need to read further. Anybody, and I do mean anybody, who uses the moniker 'Trusted Computing', should be ignored, blackballed, and relegated to the bin of computing.

Stefan-H · 3 months ago

Are you familiar with the academic field of security and the notion of trust in trusted computing? The IoT devices that is being discussed in the article are for industrial control systems, not necessarily your home lightbulb. The threat model is different. Do you want every municipal power company to be trusted to properly vet the code they are putting on these devices, or do you want to trust the device manufacturer to be the one who can put code on the devices?

Stefan-H commented on TLS certificate lifetimes will officially reduce to 47 days digicert.com/blog/tls-cer... · Posted by u/crtasm

grey-area · 5 months ago

Since you’ve thought about it a lot, in an ideal world, should CAs exist at all?

Stefan-H · 5 months ago

What alternatives come to mind when asking that question? Not being in the PKI world directly, web of trust is what comes to mind, but I'm curious what your question hints at.

Stefan-H commented on Are people bad at their jobs or are the jobs just bad? annehelen.substack.com/p/... · Posted by u/moonka

Paul-Craft · 5 months ago

I'm sorry, but that is delusional. It is not possible for humans to forego emotion in favor of logic.

Stefan-H · 5 months ago

It's really just about giving yourself enough time to think before you respond. That's the entire difference between a reaction and a response. You can use dialectical and cognitive behavioral therapies to help develop the tolerance to do that. Mindfulness and meditative practices like those in zen buddhism have proven helpful to me as well. Perhaps you're taking an extreme interpretation of my using the word "logic" and instead you could use "wise mind" or even just "considered thought" as the response in lieu of an emotional one.

Stefan-H commented on Are people bad at their jobs or are the jobs just bad? annehelen.substack.com/p/... · Posted by u/moonka

saturn8601 · 5 months ago

How do you slog through something you truly hate?

More than a decade ago I was hired as an intern at Colgate-Palmolive as a software developer. Turns out they were(are?) one of the largest SAP deployments in the US. The entire company revolved around SAP. Due to lack of college graduates knowing SAP, they took great pains to treat me extremely well and train me (a CS major) in ABAP using SAP Netweaver.

My project was more ambitious than the rest of the group because I had enough courage and bravado to be assigned a project like that. In fact I made it a point to be 'brave' and make myself look really good in front of the upper level managers. I tried to know everyones name, even in other departments and to be super polite and humble around any sort of manager there. When I finally got some tasks to do, I was so miserable that I finished multiple days without getting anything done. I felt so depressed thinking that I slogged through four years of CS for this?

In the end I managed to finish last in the cohort and Colgate took the rare(at the time)decision to not extend me a full time offer. I felt like a complete failure because I didn't put in 100% and I felt like I let my mentor down.

At the same time I know that I truly hated it. To this day seeing pictures of SAP GUI gives me anxiety and makes my stomach turn. How do you overcome something like that and push on? It does not always seem like a sure thing. I sometimes think what if I had pushed through and gotten the offer? I'd probably still be at Colgate like my mentor was.

With the benefit of hindsight I have learned to be super appreciative and thankful for them treating me so well but im glad circumstances led me to not ending up there. But really who knows if it would have been better in the long run? Whenever I see Colgate it actually evokes positive memories of that time. But the biggest thing I learned was to not bite off more than you can chew and if you don't truly love what you are doing there is another path out there.

Stefan-H · 5 months ago

"How do you slog through something you truly hate?" - I don't.

When signals that a role is not aligned with my needs start cropping up, I begin searching for a new role passively, and as the situation develops I speed up my search.

"I felt like a complete failure because I didn't put in 100% and I felt like I let my mentor down" - to thine own self be true. I have failed to put in 100% at some jobs, and sometimes i regret it more than others. I have narratives that legitimize my laziness or lack of commitment based on some previous slight from the company, or a missed promise on their part, but I hold myself accountable.

"How do you overcome something like that and push on? It does not always seem like a sure thing" Resilience is a wildly varying trait of folks, and depends on your emotional and mental state. "First world problems" are a great example, one when is socialized at a certain comfort level, missing that causes distress. Some working conditions are truly untenable, in which case do what you have to do, but otherwise do the best with the situation you're given.

Stefan-H commented on Are people bad at their jobs or are the jobs just bad? annehelen.substack.com/p/... · Posted by u/moonka

Paul-Craft · 5 months ago

Where I come from, "hav[ing] all the rational reasons to be afraid" and pretending otherwise is called a delusion. I prefer to see the world as it is.

Stefan-H · 5 months ago

"... is called a delusion". What I am suggesting is not delusion, it is mindfulness and cutting through delusion. When one is presented with something that elicits a fear response (whether the stimulus is rational or not) the goal is to quiet all of the "lizard brain" reactions, and instead formulate a well reasoned response. "Fear is the mind-killer" - while from fiction, still rings true to me - if you react out of fear you will short-circuit internal processes that are far better at long-term reasoning even when at the expense of short-term comfort.

Stefan-H commented on Are people bad at their jobs or are the jobs just bad? annehelen.substack.com/p/... · Posted by u/moonka

tmpz22 · 5 months ago

> What I learned is to not to be afraid. Regardless of what is happening around you.

Were you perhaps financially secure enough not to have to fear anything? Or tenured (Bell Labs!) that unemployment wasn't actually a threat to you? YMMV.

Stefan-H · 5 months ago

While YMMV, a fear response is a choice. You can have all the rational reasons to be afraid (like the bottom of your hierarchy of needs being unmet) and choose to act out of cold rationality rather than fear. Then it becomes a self-fulfilling prophecy - if you can act without fear even when there is justified reason to be afraid, you will be able to easily do so when it isn't justified.

Stefan-H commented on Are people bad at their jobs or are the jobs just bad? annehelen.substack.com/p/... · Posted by u/moonka

zw123456 · 5 months ago

I recently retired after 45 years in tech. I started out in 1978 at Bell Labs. I have had great jobs and terrible jobs. Great bosses and horrific bosses. And all the things in between. I did not just survive, I thrived and beyond and worked at 3 start ups and a bunch of other companies large and small. What I learned is to not to be afraid. Regardless of what is happening around you. Fear is the enemy. Don't be afraid to be weird or crazy or whatever is causing you to be timid.

Stefan-H · 5 months ago

As someone who is more in the middle of my career rather than the end of it, I would like to echo your sentiment. I have had plenty of roles where I was tasked with things that were out of my depth, and the answer is to just not let it be. There is always a path to get the answers/skills you need to do what is asked of you, you just might not know the path yet, so the core skill (and where I think fear comes into the process) is accepting that not knowing something now is never a hinderance so long as once can do self-directed learning. The rest is reality testing if what you just learned is actually able to solve your problem. If it isn't, then repeat ad infinitum until it is.

Stefan-H commented on California bill aims to phase out harmful ultra-processed foods in schools thenewlede.org/2025/03/ca... · Posted by u/PaulHoule

SirMaster · 5 months ago

Plenty of schools in the US have kitchens and cook their foods from scratch...

Stefan-H · 5 months ago

Source? My Suburban school district primarily heated up foods from Sysco.

Stefan-H commented on OnlyFans models are using AI impersonators to keep up with their DMs wired.com/story/onlyfans-... · Posted by u/impish9208

Stefan-H · 9 months ago

The monetization of social and parasocial relationships (from advertising in social media to the industry around influencers and celebrities of all types) might be one of the cruelest things in modern capitalism.