t3rmit3

t3rmit3 , 3 months ago

Alyaza's article finds are always fire!

t3rmit3 , 3 months ago

Yet the girls who sparked Teaneck’s protest movement are unbowed: a reminder that anti-Palestinian repression has failed to intimidate the younger generation.

'nuff said.

t3rmit3 , 3 months ago

I predict layoffs coming, along with PR campaigns blaming regulation, and pat-yourself-on-the-back bonuses for executives to follow shortly thereafter.

t3rmit3 , 3 months ago

Apple will put up with fines if it judges that if they manage to avoid the fine, the financial benefit will outweigh the fine.

If there's a 50% chance that I stand to make $100m, and a 50% chance to be fined $20m, it makes sense (if I'm unethical, like corporations are) to take that gamble. Even more so if I think I can use lawyers to shift the chances in my favor.

t3rmit3 , 3 months ago

Don't worry, they will bring back vagrancy laws and debtor's prisons, and let states fine people for being homeless, imprison them, and force them to work for free! New value-extraction plan for Capitalism to exploit!

t3rmit3 , 3 months ago (edited 3 months ago)

And a stateless, classless society is a central characteristic of Marxist-Leninism...

Capitalism intrinsically leads to market capture and monopolization, and the destruction of any free markets. Regulation to prevent that is inherently a control to prevent Capitalism's actual intrinsic characteristics from manifesting. Furthermore, slavery literally was the foundation of our Capitalist economy in the US, so no, they're not in any way inimical to each other.

Free Market refers to the ability of the private entities who own the means of production (i.e. companies) to compete with each other. Even if those means of production are in fact people. Free market has never been suggested to refer to individual workers having to be competitive in the market.

t3rmit3 , 3 months ago (edited 3 months ago)

Yes, but the profits of Mozilla Corporation are all owned by the Mozilla Foundation, which has to adhere to all the usual 501.c3 rules about spending (i.e. it must be in furtherance of the stated mission of the org).

t3rmit3 , 3 months ago

Secondly, the reason so few users donate to open source projects is because these projects are so poorly marketed to potential supporters.

That is a huge assumption to make without data to back that up. Do you have a list of open source projects with high numbers of user donations, with evidence that the numbers are due to marketing? Barring that, I think this is pure speculation.

t3rmit3 , 3 months ago

Do I think that better reach could have an impact on donations? Sure.

Do I think that lack of marketing is the reason for FOSS donations lagging behind other donation causes? Not at all; I think they are actually losing out on impacts, in most cases.

FOSS project donations are usually done by people who use the tool, and are interested in seeing it get improved. It's not a "good cause" donation, like feeding kids. If you are collecting money to help people, donors don't expect to receive something in return for giving. But I think it's incredibly unrealistic to think that people will see someone building a software tool, not have interest in using it themselves, but still donate money to support the project anyways.

Marketing a tool that isn't garnering much interest already probably isn't going to see the tool get much additional uptake, especially with how much free marketing already exists in the FOSS space. If you post your software on Reddit and Hackernews and ArsTechnica (all free to do) and aren't seeing interest, you're probably not going to be massively helped by a marketing org stepping in.

t3rmit3 , 4 months ago

People are not well educated about what AI actually is and what it’s good at.

And half the reason they're not educated about it is that AI companies are actively and intentionally misinforming them about it. AI companies sell people these products using words like "thinking", "assessing", "reasoning", and "learning", none of which are accurate to AI, but would be to AGI.

t3rmit3 , 4 months ago

We do require a BS in computer science

That's wild that people are still pushing the paper ceiling like this. I've been working in my industry for 11+ years, progressing from engineer to tech lead to architect, with several (very) large-scale, public projects successfully under my belt.

I don't have any degree.

Requiring a comp sci degree is a terrific way to filter out people who had to actually learn their shit and prove their worth, instead of relying on a name on a piece of paper to get them a job interview.

t3rmit3 , 4 months ago

it seems like an easy way to save time and money on hiring

If you are seeing this change based on whether you exclude people without comp sci degrees, what you're really seeing is your recruitment firm/ team's lack of effort or expertise. It's literally the job of recruiters to separate the wheat from the chaff. If you're doing it yourselves by putting hard restrictions on the recruitment team to remove the bad results they are letting go through, you should be taking a hard look at that company or team.

t3rmit3 , 4 months ago

Don't like hiring pregnant women? "Your academic track record doesn't reflect the standards of excellence that we expect our candidates to display."

Don't like hiring minorities? "Your academic track record doesn't reflect the standards of excellence that we expect our candidates to display."

Don't like hiring people with natural hairstyles, religious garb, or other 'unprofessional' but protected appearances? "Your academic track record doesn't reflect the standards of excellence that we expect our candidates to display."

t3rmit3 , 4 months ago (edited 4 months ago)

He's right; you can't be pro-paper ceiling and anti-elitist.

Degrees as a filter is useful due to the willful dismantling of our secondary education system, in order to gatekeep higher-paying jobs.

Rich elites want college to be too expensive or exclusive for regular people, so their rich kids who can go get to be first in line at jobs.

Rich, private high schools have advanced subjects like comp sci, pre-med tracks, pre- law, etc, while the people who can afford to send their kids there are lobbying state governments to cut public school funding and programs.

I did 3 years of comp sci, including 600-level courses in OS design, architecture, and even Assembly. Literally nothing in those courses is useful to my IT career. Everything useful that I learned before working in IT, that was IT-related, I learned independently from my college courswork.

t3rmit3 , 4 months ago

the benefit of shrinking your ... team

I'm not sure I agree with this premise at all, but if I'm roleplaying some bloodsucking shareholder who cares more about my own money than the livelihoods of people, or their work/life balance, etc, then I would say that shrinking the recruitment team should only happen once you have senior-level recruiters who know the products, tech stack, teams, and roles well enough that they can quickly and accurately assess resumes against what the company needs, just as fast as a larger but less-experienced team of recruiters could.

it seems like tech is full of imposters jumping from job to job, playing up their experience.

This is played up, in my opinion. I've done a decent amount of interviews in the past 5 years (more than 40 candidates, less than 100, but don't have an exact number), and only one of them I would say gave me 'impostor' vibes. There are plenty of candidates who talk up their game, but that is more the fault of companies listing every position as needing far more experience than the roles actually do. People are just optimizing to metrics.

Recruiters cannot spot these people, because they know all the jargon despite having none of the skills. This is why these technical interviews exist, but now those are even being gamed by people by studying leetcode.

This sounds more like someone who "knows enough to be dangerous", as it were. Forgive my ignorance of leetcode, but a quick glance makes it seem like it's a Learn to Code website? Is studying coding really gaming an interview, or just studying for the role? Unless your tech interviewers are asking questions directly off of there, doesn't a candidate answering the questions correctly just mean they learned how to do it? If the questions are about things unrelated to your actual work (like asking people to write a linked list, or a recursive function, etc etc), and people are able to answer those questions but not do the actual work, you should probably stop asking those kind of questions.

There is never going to be a way around having technical interviews; they're not even primarily there to weed out liars, they're there to make sure the skills the candidate does have are the right ones for the role. Even if every candidate was 100% honest, you'd still need technical interviews, because 2 completely legit and very skilled backend devs can have vastly different skills or specialties within that realm.

I’d be really curious what a high quality tech recruiter does vs the average.

First and foremost, they work directly with the hiring manager to understand the role, the tech stack, etc. They know the company and their "culture", and they do their own early vetting of candidates before things reach the interview phase, but after they have reached out to the candidates; asking about salary expectations (or ideally sharing the range for the role), asking candidates how many years of experience they have in 'x' maybe top-3 technologies for the role, etc.

t3rmit3 , 4 months ago

That would require a significant number of people to be doing it, to 'poison' the input pool, as it were.

t3rmit3 , 4 months ago

Only if enough people were doing this to constitute an algorithmically-reducible behavior.

If you could get everyone who mentions a specific word or subject to put a CC license in their comment, then an ML model trained on those comments would likely output the license name when that subject was mentioned, but they don't just randomly insert strings they've seen, without context.

t3rmit3 , 4 months ago

How do we welcome these contributions while lowering risk?

Why do the people using LLMs to modify a project need to make a PR back to the remote branch? Why can't they keep their 'weird' contributions on their own personal fork and use as they like?

If the answer is that they don't have the knowledge to build the app in order to test if the code works before submitting a PR, they shouldn't be submitting a PR in the first place. Code contributions come with an expectation of due diligence on the part of the submitter, to ensure that their code is not breaking anything or introducing obvious bugs and vulns (and of course, that it even works at all).

Democratizing coding means making the knowledge of how to do it more readily and freely-available, not having a computer spit out something that someone doesn't understand, and then telling that person, "congratulations, you're a code contributor".

People are submitting LLM generated code they don’t understand right now. How do we protect repos?

By not accepting PRs that do not properly meet contribution guidelines, like having tests that provide reasonable code coverage, etc.

t3rmit3 , 4 months ago

To be fair, we're not allowed to discuss many other means of stopping corporations from doing bad things on here...

Regulation failed as a framework for stopping corporations, in the US. Even when we put fairly strict regulations in place, they just get rolled back or de-fanged, and we end up right back here, more damaged than before. It's a losing battle, because regulations don't undo damage, just stymie it.

Active measures have a much better chance of actually working, but those are taboo.

t3rmit3 , 4 months ago

Can you post the text? Most of us don't and won't have NYT subs.

t3rmit3 , 4 months ago

Thing is, no one in pro football starts playing after they're adults, so we're asking minors to make the choice about lifelong CTE risk. By the time someone is eligible to play in the NFL, they are already deep into that life path, and have likely already put considerable stress on their bodies, and sacrificed other career options.

t3rmit3 , 4 months ago (edited 4 months ago)

Hi there! Information security guy here. This is essentially a super quick Incident Response run-through of the basic tools I use for malicious process discovery on Windows hosts. I'm assuming this is your own personal machine, or you have permission to do this.

1. Grab the Sysinternals suite's installer here and install:

• TCPView
• Process Explorer
• Process Monitor
• Autoruns

They are all included in the rollup installer, or you can grab them individually at those links. Don't install everything, or at least don't leave it all installed when you're done. It includes a lot of tools for debugging, which you don't want to leave lying around on your system.

2. Fire up Autoruns, and check under Logon and Scheduled Tasks tabs for any unusual entries. If you don't know what something is, and the Publisher is listed as Microsoft, don't mess with it. Any non-MS stuff in those 2 areas should be safe to disable without hurting your system.

3. Process Explorer gives you a live view of the processes running on your system, basically a more advanced version of Task Manager. You can scroll through it for unusual processes, and you can even check stuff like rundll.exe processes to see the arguments used to launch it, which is SUPER useful.

4. Process Monitor is essentially a history/ log view of all processes on your system, starting from when the program is run. Think wireshark, but for processes. You can filter out known-good processes. You can search for strings. If the process is launching, executing, and terminating too quickly to catch in Task Manager or Process Explorer, it will still show up in Process Monitor.

5. TCPView is sort of like netstat, but with lots more info. You can use that to watch for unknown network connections, in case the thing you're seeing is performing some kind of network beaconing.

6. Lastly, I would personally check for 3rd party driver software like printer software, Razer or other HID controllers, sound card software, etc. I've seen third party hardware controller software do weird stuff like this, because most of it is so badly written. I'd almost be more surprised if it turns out to be malware, than if it turns out some HP Printer software is doing an ink check every 10 minutes or something.

t3rmit3 , 4 months ago

Most of the IR that I do is within corporate production environments, so I can answer this with the tools I would use for Linux incident response, but there will be areas like Kernel Extensions that are MacOS-specific, which I don't have IR experience in, and can't speak to. Assume that sudo permissions are required for these.

Also note that I'm not including commands to look for active user intrusions (e.g. ssh keys, new users, sudoer edits, etc), just binary implantation like malware. Active human intrusion blows up the amount of places and things to check for, and for regular users who don't have regulatory reporting requirements, you're better off just restoring from a backup.

• ps aux :
  This lists all processes running under all users, not attached to a terminal session. This is a static list, unlike the live-updating list you get with top
• lsof -b -c |-u | -p -R :
  This lists open files. You can specify process names, PIDs, usernames, and more, to filter on. If you filter on PID, include the -R argument to get the parent process info for that process.
• lsof -i :
  This lists open files that have an active network port.
• netstat -antv -p tcp : It's important to note that on MacOS, netstat doesn't perform like it does on Linux (e.g. it won't give you process names), so you need to use the Mac-specific flags for it like these, and you'll need to combine that with lsof or ps to get more info about the processes.

There is apparently also a tool made by Apple called sysdiagnose that you can run to basically do a large-scale debug dump of your system, including lots of data about applications and processes. I can't claim any personal experience with this, but this guide (and part 2 here) go into using it to hunt for malware.

t3rmit3 , 4 months ago (edited 4 months ago)

I don't wish for other people to be paid differently based on what I'm doing.

Do you think that if a team member who is producing less starts getting paid less, they're going to work more? No, if anything they'll produce even less.

Have you honestly felt resentment towards someone else because you chose to do more work than they did? You're the one who controls how much work you do. How is it fair to them that your labor output level sets the bar for the salary? If they haven't been let go, then it actually seems like they're the ones closer to the actual proper output level for the salary, and you're the one overproducing. Also, studies show that people overestimate their own contributions towards group work and underestimate others'.

That mindset is how you get a bunch of workaholics who are all terrified that someone else is producing more.

Chillax. Find your own groove that you feel is fair to your pay, and live in it.

t3rmit3 , 4 months ago

Hell yeah.

t3rmit3 , 4 months ago

Thanks for this writeup! I've been interested in Graphene for a long time, but I don't buy phones very often, and I've never owned a Pixel phone, so I have to enjoy it vicariously.

t3rmit3 , 5 months ago

I mean, I think they literally provided the preferred, truthful version of the statement?

“We never invested in this because we want you to buy the paid version. Now that the paid version has completely eclipsed the free version we will be deprecating it”

t3rmit3 , 5 months ago

This definitely sucks for the average, non-technical user. We can all use Sublime3 or Notepad++ or whatever other replacement tool we prefer, but the average user has no clue about those and will be tricked into thinking that paid-for Word is the only real easy and good option.

t3rmit3 , 5 months ago

True, OpenOffice and LibreOffice are more direct replacements for a word-like interface. I use markdown for all my rich text editing needs, so in my mind Sublime3 and Notepad++ are the only replacement editors I think of (both support live markdown display with a plugin).

t3rmit3 , 5 months ago

This is a cycle that has existed for decades now. Hell, it's existed ever since Capitalism took hold, and laborers became just another "interchangeable part" to a business.

We were really bad about protecting workers from it, until it the combination of anti-labor actions by businesses disrupting WWI war manufacturing (resulting in the National War Labor Board), as well as the Great Depression-era judicial (and physical) fights over striking, resulted in actual labor protections under Hoover and Roosevelt.

Now we're seeing the effect of decades of corporate lobbying (as well as brain-dead "Libertarian" mindsets among Centrists and Republicans) to weaken employee protections. Businesses have realized that they can, without consequence, use cycles of firing and hiring to manipulate their financials to have more favorable short-term outcomes.

t3rmit3 , 5 months ago

Fuck me, I thought you were being facetious with that quote. He actually fucking said it...

t3rmit3 , 5 months ago

NYT has always been biased trash ever since I was old enough to start following news. They've been called out on it for years, and occasionally they run a piece defending themselves and pretending to be totally-absolutely-definitely unbiased... or they just blame the readers.

It got so bad, that last year a bunch of contributors publicly called out the editors for their anti-trans bias.

t3rmit3 , 5 months ago (edited 5 months ago)

Conservative policy proposals pretend that no one discriminates, which is not what MLK said, he was talking about the actual end of discrimination.

Conservatives want the law to be blind to discrimination, so they can do it without consequence, and claim that it was merit-based.

Affirmative action, which affirms the discrimination that is present in our culture and takes action to correct for it, does not judge anyone, it explicitly removes a judgement call as to who is most deserving of something, in cases where it has been shown that leaving that choice up to people will result in discriminatory outcomes, by allocating some percentage of a given resource to account for those unequal outcomes.

The conservative perception that affirmative action is discrimination is based on the false premise that everyone has equal opportunity extended to them, and thus allocating some fixed amount of resources for a group is making the outcome inequitable for another.

In reality, the outcomes are inequitable if left alone.

Your use of that quote is in-line with conservative distortion of MLK's beliefs.

Here's a quote from MLK, explicitly about this topic:

Why is equality so assiduously avoided? Why does white America delude itself, and how does it rationalize the evil it retains?

The majority of white Americans consider themselves sincerely committed to justice for the Negro. They believe that American society is essentially hospitable to fair play and to steady growth toward a middle-class Utopia embodying racial harmony. But unfortunately this is a fantasy of self-deception and comfortable vanity.

And from the article:

In reality, King was a proponent of affirmative action, writing in 1965 that “a society that has done something special against the Negro for hundreds of years must now do something special for the Negro.”

For a view into his less mainstream-publicized side, that you won't hear quoted by the Fox News or CNN crowd:

The problems of racial injustice and economic injustice cannot be solved without a radical redistribution of political and economic power.”

t3rmit3 , 5 months ago

If a system requires constant guardrails that run directly counter to its core tenets, that probably just means the system is bad, and you should go with one whose tenets are in-line with said guardrails.

t3rmit3 , 5 months ago (edited 5 months ago)

Sadly, Citizens United is just one of the most obvious manifestations of the Capitalist mindset that equates wealth to meritoriousness.

People will unironically say things like, "if you want healthcare, get a job", as though a lack of money negates your right to life. No surprise people think entities with wealth deserve more rights.

t3rmit3 , 5 months ago

all isms need governance always or they cant be stable

Where did I say anything about not having guardrails/ regulation/ governance? I said that if the guardrails run counter to the underlying system's core tenets, that is indicative the tenets are bad, to wit:

to fuck everyone over [to extract value] at all costs

That is Capitalism in a nutshell. Nothing within Capitalism as a doctrine calls for limits to be placed upon value-generation in favor of protecting people.

Contrast this to other systems, (even free market ones like Mutualism where regulation is not present) where an asymmetrical concentration of power is considered inimical or even contradictory to the system's tenets. Asymmetrical wealth and influence structures will always emerge even in those systems, but those systems are intended, from the ground up, to counter that, as opposed to Capitalism which intrinsically encourages and rewards that imbalance.

t3rmit3 , 5 months ago

The French just brought it to the forefront of modern history, but there's nothing new about the What or the Why of the French Revolution.
This is a simple cause/effect relationship that many societies have experienced. Too much concentrated power, whether through wealth or military might, will eventually be torn down and returned to the People.

t3rmit3 , 5 months ago

There is a lot that is oversimplified and a lot that is just plain wrong about hierarchy and anarchy (and certainly biology) in this rant, but just looking at the sheer amount of effort it'd take to respond to this was too daunting for me.

Thank you for taking the time to write this comment.

t3rmit3 , 5 months ago

Why does it have to be a video? I can read an article so much faster, and without needing to be somewhere by myself that sound isn't bothering anyone.

t3rmit3 , 5 months ago

Awesome, thank you!

t3rmit3 , 5 months ago

Fission isn't fusion, and saying he "wishes" people would use more fission power isn't actually doing anything to push for that. Fusion powering anything is still a literal fantasy for now, and in the meantime there is only going to be more fossil fuel use coming out of this. No one is currently building more fission plants for public grids, and he knows that perfectly well.

t3rmit3 , 5 months ago

And he wants it to succeed because he's invested money into it and wants to make more money, not because he cares about the environment.

t3rmit3 , 5 months ago

This, and other lies I tell myself...

t3rmit3 , 6 months ago

I felt like I was going crazy sometimes with how often people in the FOSS community insist that nothing is wrong when large companies are massively profiting off of unpaid labor that is meant to help people, by turning it into part of their closed-source product, so it's nice to see that well-known figures in the community are starting to wake up to this being a problem.

I think that non-commercial-use clauses are a good way forward for certain projects, and commercial licenses for others. I wish that the upstream contrib requirements had taken off, but clearly Capitalism and the FOSS mindset aren't compatible, and capitalism is more widespread.

If you let corporations have something for free, they'll find some way to ruin it.

t3rmit3 , 6 months ago

your landlord (the provider) takes care of all the maintenance

this is a dirty lie :P