Contractors are giggling about your Alexa and Siri requests in chat rooms.

This remake of Blow Up seems completely unnecessary.

"We take the security and privacy of our customers' personal information seriously," an Amazon spokesman said in an emailed statement.

The team comprises a mix of contractors and full-time Amazon employees who work in outposts from Boston to Costa Rica, India and Romania, according to the people, who signed nondisclosure agreements barring them from speaking publicly about the program. They work nine hours a day, with each reviewer parsing as many as 1,000 audio clips per shift, according to two workers based at Amazon's Bucharest office. [...]

Occasionally the listeners pick up things Echo owners likely would rather stay private: a woman singing badly off key in the shower, say, or a child screaming for help. The teams use internal chat rooms to share files when they need help parsing a muddled word -- or come across an amusing recording.

Sometimes they hear recordings they find upsetting, or possibly criminal. Two of the workers said they picked up what they believe was a sexual assault. When something like that happens, they may share the experience in the internal chat room as a way of relieving stress. Amazon says it has procedures in place for workers to follow when they hear something distressing, but two Romania-based employees said that, after requesting guidance for such cases, they were told it wasn't Amazon's job to interfere. [...]

Previously, previously, previously, previously, previously, previously.

Tags: , , , , ,

Recent movies

Since there's nothing interesting happening in the news today, I might as well post some movie micro-reviews.

The Crow: Upon a recent re-watch, I have a few observations:

  1. This movie is about Ellis Act evictions. That's the entire plot.
  2. Candyman is also a movie about a Vengeful Spirit fighting Gentrification. Therefore they are set in the same universe.
  3. I always forget that Tintin is Lord Nikon. In my headcanon, following the events of Hackers, after all of his white friends went away to college, Nikon's life took an unfortunate, more explicitly criminal turn. RIP Nikon.
  4. So now Hackers and Candyman are set in the same universe.
  5. To this day, a Graeme Revell score is enough reason for me to go see a movie.
  6. I saw a very clean 35mm print on a big screen, and even so, this movie is just so, so blurry. The mastering is crap. I truly hope that they never, ever re-make this movie -- it is and should remain a monument to Brandon Lee, and remaking it would just be an insult to him -- but I wish someone would re-master it, by which I mean, digitally generate a better render of every single frame. Throw some of that Fury Road tech at it and make a watchable 4K version.
  7. A reminder about that TKK performace.

The Matrix: I re-watched all three to get in the mood for our upcoming screening of the first one on the occasion of its 20th anniversary. The first one is still a fantastic piece of filmmaking. That first scene, where we see Trinity performing the most incredible ass-kicking we've ever seen, and then she learns that Agents are inbound and she just turns tail and runs. She's afraid of someone? That's how you set the stakes. Also the dojo scene: "Do you think that's air you're breathing?"

The second two... can confirm: they are still an incoherent, babbling mess, and they make you like the first one less in retrospect. The freeway chase is pretty good. The Merovingian has a nice suit. That's about it.

And it reconfirms something I thought about Sense8: "Did they love that 'Burning Man rave in Zion' scene so much they had to expand it to 12 episodes? Yeah, I think they did."

Repo Man: I still love this movie so much. It's ridiculous. You should go watch it again.

The Magicians: I re-watched it from the beginning and it still holds up. The current season is killing it. And can I say how much I love that the Library Planets are triple mobius toruses? That makes so much sense to me in a Borgean way I can't explain. I am especially liking that the show is now totally "off book", because the show was always so much better than the books, largely by disregarding them.

The Man who Killed Hitler and Also The Bigfoot: This was great, and it was definitely not the movie I thought it would be. I mean, yes, those two things do happen, but mostly it's about how much he regrets them both, and they really make that work.

Perfect Skin: It's a "creepy stalker kidnaps and abuses a girl" movie, this time with non-consensual tattooing, so it's fair to ask "Why is this the story they chose to tell, again and again?" But the villain has this calmness to him and lack of mouth-foaming insanity that makes Stockholm Syndrome seem not-entirely out of the question. So, good acting and production. But still, "This story, again?"

Alita was pretty good. It was simple, but much punchy. It's relatively faithful to the manga, which is not necessarily great beause a lot of the manga was pretty stupid, such as her piece-of-shit boyfriend. The parts of it that were ripped off by Altered Carbon just made me angry at Altered Carbon all over again.

Vox Lux: This was really hard to watch. Good acting, but another movie about deeply unpleasant people. And it didn't really have much of an ending: I guess she just carries on being deeply unpleasant, the end?

Happy Death Day 2U: I am, as always, a sucker for Groundhog Day movies. This one is not as good as the first one, but still fun. It didn't waste a lot of time, so to speak. It adds some nice wrinkles in the cosmology, but it suffers from too much dumb slapstick. The "I am a blind French student in a beret and striped shirt" bit was stupid enough to almost overpower the whole rest of the movie. Why. Why would you do that, why. And the Dean doing his best Ed Rooney.... You are no Ed Rooney, Sir. Also, time travel fusion cores are clearly graduate level work, not undergrad, so why is that dude still living in the dorms?

Slaughterhouse Rulez: Well I should have known to veto it base solely on that "Z". Simon Pegg and some kids fight monsters, which sounds promising, but 3/4ths of it is on the theme, "English private schools are full of rich, bullying assholes", which was a daring revelation that I'm pretty sure has never before been committed to film.

Previously.

Tags: , , ,

My 50 most popular blog posts from 2018

This time I omitted any posts earlier than 2017, since there were still a few perennial favorites in the list.

Previously.

Tags: , , ,

Never post photos of your keys

A hacker might do something untoward with them.

Previously.

Tags: , , , , ,

Webshit Weekly

Who Are My Investors?

The Saudis are being assholes in public again, so some people are starting to wonder if they're willing to be picky about where their money comes from. Hackernews isn't, for the most part, but they seem attracted to the idea that it's probably okay to take money from assholes if you think nobody will notice. Failing that, try to get some other people between you and the assholes. A few Hackernews just declare that there's no such thing as an asshole. I rarely* recommend reading "Hacker" "News" comments, but if you want to see the inner strugglings of people who just aren't sure if they should, through their labor, enrich murderers, this is the place to do it.

* never.

Previously, previously, previously, previously.

Tags: , ,

Today in Ono-Sendai News

A traveling executive receives messages from his office electronic mail system by means of a hand-held computer and modem at a public telephone.

Also, today is the 23rd anniversary of Hackers.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , ,

Today in Ono-Sendai News

D10D3 Cyberdeck64 v3


Previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , ,

A webshit shits webshit about webshit

This week's n-gate:

  • A parasite compiles buzzwords into a Google Docs text file. In response, a Hackernews apostate suggests that perhaps building a lasting business at a sustainable pace is within the realm of possibility. The Hackernews Re-education Squad parachutes into the resulting panic to firmly explain that hockey-stick growth followed by acquisition or IPO is the only acceptable path forward, and that making a low-six-figure income in an affordable community is a dangerous myth. The real question is: during your normal, necessary, not-excessive twelve-hour work day, are you more productive before dawn or after dusk? [...]

  • An Internet has a hobby. Hackernews likes to watch. The hobby involves Lisp, whose evangelists are so ancient and terrifying that the Rust Evangelism Strike Force declares the entire comment thread a no-fly zone and produces new maps marking the area as lost territory, impenetrable to the faithful.

Previously, previously, previously, previously, previously.

Tags: , ,

STARTTLS Everywhere

Similar to Let's Encrypt, the project providing free SSL certificates for web servers along with tools to auto-renew them, STARTTLS Everywhere is trying to build some tools to make it easier to configure your mail server to encrypt mail in transit, and do so with properly signed certificates.

What I only just realized is that it's pretty easy to use Let's Encrypt certs as SMTP TLS certs, if you have already been using self-signed certs: you just need to add your MX to the list of domains in the cert and install that cert into Postfix:

smtpd_tls_cert_file = /etc/letsencrypt/live/dnalounge.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/dnalounge.com/privkey.pem
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_key_file

They have a page that tests your server, but it's terrible, don't bother. If it detects a single problem it just says "Nope!" without telling you what the problem is. A better tester is at checktls.com which will actually tell you what it thinks went wrong.

Wow, Everything's So Messed Up. How Is STARTTLS Everywhere Going to Help?

We have three primary goals for STARTTLS Everywhere:

Improve STARTTLS adoption.
We want to make it easy to deploy STARTTLS with valid certificates on mailservers. We're developing Certbot plugins for popular MTA software, starting with Postfix, to make this a reality. [...]

Prevent STARTTLS downgrade attacks.
In order to detect downgrade attacks, we're hosting a policy list of mailservers that we know support STARTTLS. This list acts essentially as a preload list of MTA-STS security policies. [...]

Lower the barriers to entry for running a secure mailserver.
Email was designed as a federated and decentralized communication protocol. Since then, the ecosystem has centralized dramatically, and it has become exponentially more difficult to run your own mailserver. The complexity of running an email service is compounded by the anti-spam arms race that small mail operators are thrust into. At the very least, we'd like to lower the barriers to entry for running a functional, secure mailserver.

Yeah, see, that last part is the kicker. Only crazy people like me run their own mail server, because Google has managed to almost completely de-federate the world's email infrastructure. "Google has most of my email because it has all of yours".

Why would anyone run their own mail server?

"As an act of defiance against the Google hegemony" is probably not a selling point that resonates with very many people.

Nor is, "I really enjoy reading my logs and seeing Error 421: To protect our users from spam, mail sent from your IP address has been temporarily rate limited."

So, you know, maybe some day everyone who still runs their own email server will have certificates installed, and maybe enough of those certificates will be signed by a CA that validating the cert before exchanging mail might be a practical thing to do. But it's more likely that by then, email will have been killed as a concept. All it would take would be for Google to decide, "Fuck it, we're just not going to federate with anyone any more."

You know, like they did with GChat, single-handedly killing Jabber / XMPP.

They don't quite have the market share on the email side to get away with that right now, but maybe they will someday. But even today, they could probably get away with saying "We're no longer accepting SMTP connections, period": they'd just have to bully Outlook, Yahoo and iCloud into peering in some new way that locks everyone else out. They'd do this under the guise of "solving spam", which it wouldn't.

In summary, everything is terrible.

Previously, previously, previously, previously, previously, previously.

Tags: , , , , ,

Because we are in the Stupidest Timeline, this was the plot of Charlie's Angels.

Cops Can Find the Location of Any Phone in the Country in Seconds, and a Senator Wants to Know Why:

"I am writing to insist that AT&T take proactive steps to prevent the unrestricted disclosure and potential abuse of private customer data, including real-time location information, by at least one other company to the government," a May 8 letter sent from Wyden to the President and Chief Executive Officer of AT&T reads. [...]

In his letter to AT&T, which has similar text to letters sent to other carriers, Wyden writes that this check amounts of "nothing more than the legal equivalent of a pinky promise."

"The fact that Securus provides this service at all suggests that AT&T does not sufficiently control access to your customers' private information," the letter adds.

In Shocking Drop of Second Shoe:

Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US:

Most of the users in the spreadsheet are from US government bodies, including sheriff departments, local counties, and city law enforcement. Impacted cities include Minneapolis, Phoenix, Indianapolis, and many others. The data also includes Securus staff members, as well as users with personal email addresses that aren't explicitly linked to a particular government department. [...]

"Location aggregators are -- from the point of view of adversarial intelligence agencies -- one of the juiciest hacking targets imaginable," Thomas Rid, a professor of strategic studies at Johns Hopkins University, told Motherboard in an online chat. [...]

"Track mobile devices even when GPS is turned off," the Securus website reads. "Call detail records providing call origination and call termination geo-location data," it adds.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , ,

  • Previously