I’ve boosted a bunch of things here about trans rights and written to my MP on the subject a few times and donated to a few relevant places. It’s not really about trans people for me though. I expect they are all on the same spectrum from awful to awesome as everyone else, probably with a similar distribution. The ones I know are at the good end, but that’s not exactly an unbiased sample set.

Gender is not something I consider part of my self identity, so the idea someone would consider it such an important part of theirs that they’d go through a load of effort and risk persecution to change how they present it is alien to me. That doesn’t matter. I don’t need to understand your motivations to respect and support a choice that harms no one and brings you happiness.

But each of the times trans people are in the news, there are two kinds of people involved. There are trans people, doing people things and wanting to be treated as people. And there are others who have decided that they get to be the arbiter of how other people define their self identity and are trying to use social pressure, legal pressure, violence, or some combination to enforce their beliefs. And I have a very strong opinion that those people can go fuck themselves.

And this is never about trans people. They’re just the current most visible target for these people. They weren’t the first and they probably won’t be the last. And the only way that they will be the last is if enough people push back against the bigots.

Most people have a self identity that has some things that are personal choice, some that are part of early childhood experiences, and some that are genetically biased. I don’t need to know which of these are responsible for any part of yours. If your gender, hair or skin colour, religion, favourite Linux distro or sports team, or whatever are important parts of your self identity, the important thing for me is that you think they’re important. If you define yourself in ways I don’t understand, then we’re different kinds of weird people. If you decide you have to police how other people define themselves, we have a problem.

:blobcatthinkingsmirk: Hey if you put a DEI policy in your open source projects, the feds can't use it now right?

-= We hoped we never had to do this but here we are and we now have to do this. =-

American trans humans are under threat and like in 1930s Germany, they now have to GTFO of their home country.

We have decided we need to collect some information on the possible ways out.

So we made a wiki.

We are collecting information on possible exit routes into various countries. We focus on work, study and self employment visas as they are available at the moment.

https://transworldexpress.org/

Drop what you are doing and read this incredible story from Wired, if you can. After that, come back here.

https://www.wired.com/story/edward-coristine-tesla-sexy-path-networks-doge/

It mentions that a 19 y/o man who's assisting Musk's team and who has access to sensitive government systems is Edward Coristine. Wired said Coristine, who apparently goes by the nickname "Big Balls," runs a number of companies, including one called Tesla.Sexy LLC

"Tesla.Sexy controls dozens of web domains, including at least two Russian-registered domains. One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market.While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review."

The really interesting part for me is Coristine's work history at a company called Path Networks, which Wired describes generously as a company "known for hiring reformed black-hat hackers."

"At Path Network, Coristine worked as a systems engineer from April to June of 2022, according to his now-deleted LinkedIn resume. Path has at times listed as employees Eric Taylor, also known as Cosmo the God, a well-known former cybercriminal and member of the hacker group UGNazis, as well as Matthew Flannery, an Australian convicted hacker whom police allege was a member of the hacker group LulzSec. It’s unclear whether Coristine worked at Path concurrently with those hackers, and WIRED found no evidence that either Coristine or other Path employees engaged in illegal activity while at the company."

The founder of Path is a young man named Marshal Webb. I wrote about Webb back in 2016, in a story about a DDoS defense company he co-founded called BackConnect LLC. Working with Doug Madory, we determined that BackConnect had a long history of hijacking Internet address space that it didn't own.

https://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-of-hijacks/

Incidentally, less than 24 hours after that story ran, my site KrebsOnSecurity.com was hit with the biggest DDoS attack the Internet had ever seen at the time. That sustained attack kept my site offline for nearly 4 days.

https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/

Here's the real story behind why Coristine only worked at Path for a few months. He was fired after Webb accused him of making it known that one of Path's employees was Curtis Gervais, a serial swatter from Canada who was convicted of perpetrating dozens of swattings and bomb threats -- including at least two attempts on our home in 2014. [BTW the aforementioned Eric Taylor was convicted of a separate (successful) swatting against our home in 2013.

https://krebsonsecurity.com/2017/09/canadian-man-gets-9-months-detention-for-serial-swattings-bomb-threats/

https://krebsonsecurity.com/2017/02/men-who-sent-swat-team-heroin-to-my-home-sentenced/

In the screenshot here, we can see Webb replying to a message from Gervais stating that "Edward has been terminated for leaking internal information to the competitors."

Wired cited experts saying it's unlikely Coristine could have passed a security clearance needed to view the sensitive government information he now has access to.

Want to learn more about Path? Check out the website https://pathtruths.com/

#OnThisDay, 31 Jan 2013, women in Paris are officially allowed to wear trousers.

The 1799 law required women to ask police for permission to "dress as men", or risk being taken into custody. Amendments in 1892 and 1909 were made to allow women to wear trousers if they were holding horse reins or a bicycle handle.

The law was widely ignored.

Najat Vallaud-Belkacem, France's minister of women's rights, lifted the ban as “incompatible with the principles of equality between women and men”.
1/2

@inyourbits thanks for your work on this — and the ping! I don’t have time to look today, but will try to find some after the holidays.

Opening Ceremonies have concluded. Woo, that was a LOT of information!

It is now time for our keynote speaker, Aeva Black, of CISA, to kickoff the Blue Team Con 2024 general conference.

“How to be a Responsible Consumer of Open Source Software”

What an amazing Keynote address from Aeva Black of the CISA! We hope you learned as much as we did!

For those who aren't already subscribed to the @openssf podcast: What's in the SOSS? I wanted to let you know that one of my FAVORITE episodes was published yesterday.

I sat down with my buddy @aeva to chat about the public sector view of open source security :

https://openssf.org/podcast/2024/08/27/whats-in-the-soss-podcast-12-cisas-aeva-black-and-the-public-sector-view-of-open-source-security/

PS what AREN'T you subscribed? Click here: https://openssf.org/podcast and subscribe from your favorite platform.

#opensourcesoftware #cybersecurity

🚨 ANNOUNCING 🚨
Blue Team Con 2024 Keynote

Aeva Black (@aeva), Section Chief of Open Source Security, CISA

Learn more about Aeva and the Keynote Address here: https://blueteamcon.com/keynote-blue-team-con-2024/

Latest from the CISA blog: Jack Cable and I share our thoughts on how to apply lessons learned from #opensource software to #AI.

https://www.cisa.gov/news-events/news/open-source-artificial-intelligence-dont-forget-lessons-open-source-software

This is a good slide from eric byrnes demonstrating how the taxonomies around supply chain attacks tend to put all the weight on the developers

@adamshostack @dave_aitel

😾 …

( TY for the example )

NEW: Telegram leaks your IP address to anyone in your contacts during a call. And a researcher has created a tool to easily exploit this.

The company says this is expected behavior, so there's nothing to fix or change. But users may not be aware of it.

https://techcrunch.com/2023/10/19/telegram-is-still-leaking-user-ip-addresses-to-contacts/

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has announced it is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect these crucial units from hacker attacks.

https://www.bleepingcomputer.com/news/security/cisa-offers-free-security-scans-for-public-water-utilities/

@adamshostack nothing else is possible without that :)

Just released — CISA’s open source security roadmap

http://go.dhs.gov/oxh

Can’t tell you how excited I am to have @aeva on our team here at CISA. Looking forward to working with them and supporting them on #SBOM and other issues around Security at Scale across the OSS ecosystem.

"We are suggesting, however, that if policy makers only consider the commercial vendors of products based on open source, they will miss an important part of the ecosystem. They may inadvertently provide vendors more encouragement to withhold fixes to open source projects. They will also fail to address the millions of open source projects that are not supported by any vendor" - @aeva & Gil Yehuda

https://aeva.online/blog/2023-oss-security-conundrum/

#opensourcesoftware #cybersecurity

Sorry, ID Verification for open source developers is like the dumbest shit I’ve ever heard. @aeva has it right: trust the process. #shmoocon