• 0 Posts
  • 162 Comments
Joined 1 year ago
cake
Cake day: June 22nd, 2023

help-circle




  • You have to put on a show that you are sticking to those processes, on paper. But the fines for data breaches are generally way less than they save on not having a fully funded IT department and using security products that someone got a kickback for rather than the best product.

    “Hacking” isn’t some magical, intensely creative process for geniuses loke on TV. For the most part, it’s usually just finding the really common things that IT departments don’t do because they are underfunded and treat IT people like replaceable cogs. There is software out there to exploit those deficiencies. So they are forced to do things like use default or obvious admin passwords because who knows who is going to be there tomorrow to fix something and without the proper tools to store credentials, there’s no way to properly secure things.

    And when a security vulnerability is found, there’s a reason why many don’t bother informing the company before going to the media. Those companies pour tons of money into lawyers to avoid admitting the fault, often getting the innocent person who found the problem arrested, and never fix the actual issue. Just ask any pro whitehat security researcher not hired by the company all the things they have to do to protect themselves from being sued or arrested for “hacking” when they notice a problem.

    And government technical auditors are a rarity because the regulators are underfunded. So they might go through some small list of things during regular audits, but they don’t know to check if a DBMS system that contains backups and is stored “in the cloud” is using a default password or other common hacking targets. Hackers don’t go after the primary infrastructure most of the time. It’s not necessary because there are so many sloppy processes or left over insecure projects that “the last guy” was working on or that got defunded before it was completed, but only the primary infrastructure gets audited usually because that’s all there is time and money for.

    As for going somewhere else, there often aren’t other places to go and when there are they usually have the same problem because there’s very little reason for any of them to compete with each other. Most industries have consolidated so much that there are only a handful of parent companies left so it’s easy to collude just because their leaders are often all in the same room at conferences and such.








  • I stay away from proprietary stuff when there are great open source alternatives out there. A proprietary system will always be more driven by those funding it, than the needs of the user and nearly always turn users into products, selling their information.

    I’ve been using Firefox variants for a while. I use LibreWolf on desktop and Mull on mobile and a self hosted sync server so it works seamlessly. But there are others, or just use Firefox and disable or block telemetry. There are a few sites here and there that I don’t have the choice not to use and don’t like the privacy features or don’t render properly, so I keep Chrome around for emergencies. But that’s rare, mostly government sites.


  • Your links proved my point, not the opposite.

    France doesn’t have a storage place and desperately needs one. Same with Japan or the Fukushima disaster would have been much less impactful. They are closer to having one, but many scientists say their solution is not going to work permanently due to corrosion and earthquakes. Similar reasons to why the US stopped building their own storage facilities. They aren’t permanent enough and eventually will probably leak and require expensive, dangerous maintenance or abandoning the land, among other issues and cost overruns.

    As for reprocessing, the basic science is there, and has been for a long time. But it never has been and likely never will be profitable thus the headline using the word “could” and no one having built a prototype reactor. Fusion tech is closer to a usable state than these and different reactors produce different waste that requires different reactors to reprocess partially. Then to further process, a different reactor is required, etc. It’s not a simple process and the energy it produces might pay for maintaining the facilities, but not for the development costs to turn theoretical technology into workable engineering designs or the construction costs.

    Renewable energy is much more profitable when you include the cist of storage or reprocessing of nuclear waste, so as soon as companies have too much to store, they’ll leave the rest to taxpayers and move on.


  • Yeah I work for a major company in healthcare and they don’t allow Windows 11 for several reasons.

    But also outside of the healthcare data issue, there’s the legal issue of retaining data. Our company doesn’t allow us to retain emails for more than 2 years and there are lots of other retention policies, and software to enforce them, that don’t require keeping data, but instead require deleting it. This is a common trend in major corporations right now. You can’t have data hacked or subpoenaed in a court case if it doesn’t exist. Recall is great for micromanagement of employees, but bad for just about all other parts of a company. I don’t get who is behind this and who they think they’re appeasing with it.





  • DMCA is a tool for suppression of free information. It doesn’t require evidence that you’ve made a good faith effort to consider fair use or other legal complexity as it’s meant to take down the information before that is settled in court, but most commonly used to suppress information from a person or group who can’t afford to fight it in court. Microsoft’s Github has a history of delete first without risking their own necks to stand up for obviously fraudulent takedowns much less ones with unsettled law like APIs/SDKs.