"Be kind. Everyone is fighting in a Fight Club you know nothing about.
Because we don't talk about Fight Club."

All of this and more.

This is far from over.

#Iran

For no reason.

"-teams aren’t drowning because they can’t write code fast enough. They’re drowning because they don’t know which code to write, they’re afraid to touch what already exists, or they’re unclear about how what they’re doing creates business value. The systems they’re tasked with modifying resemble a Rube Goldberg machine; one where half the mechanisms are on fire, the other half are forgotten legacy components, and the third half was recently added in an acquisition" 📄 https://matthewreinbold.com/2025/06/19/theproductivitytrap

The problem with scifi body armor

https://acoup.blog/2024/11/29/collections-the-problem-with-sci-fi-body-armor/

@nyrath Sounds like an interesting read:
"And the 'problem with sci-fi body armor' begins with the fact that most of these futuristic ‘hardsuits’ utilize little of any of the design language of those efforts. Instead, where real armors evolve against threats, fictional armors evolve as a visual language"

Stargazing

#WindowFriday #photography #princeton #nj #stainedglass #fensterfreitag

This past Wednesday, OWASP Ottawa had the pleasure of hosting Ahmed Shah, Mathieu Quirion and Kevin Tremblay from team Malleum for an informative session on Social Engineering.

The packed room and viewers-online were treated to a plethora of Social Engineering techniques, and how to detect and avoid them. Due to the content that was shared, the video is unavailable on our YouTube channel. However, from the behalf of the attendees, we would like to thank Ahmed, Mathieu, and Kevin for an insightful presentation followed by the networking session!

A special thanks to University of Ottawa for providing the space to conduct the session, and to Rewind for sponsoring the pizza! 🍕
.
.
.
.
.
#owasp #ottawa #cybersecurity #socialengineering #networking

can i tell some corporate employee who makes a burdensome request to get lost? sure, and i have before.

can i tell some corporate employee who makes a burdensome request required for compliance with a regulatory framework like the CRA that i won't do it and they have to do it themselves? sure.

note i ask "can i" here, and the answer is yes.

that's not the point though. the reality is more complicated. do maintainers *actually* have the psychological safety to reject these requests?

what is the actual psychological cost of saying no?

so maintainers are starting to push back on these requests, and demands for free labor on a project that they give away for free, as if it were a commercial product.

in response, rather than the government scolding corporations for abusing the commons, these corporations have instead pushed for governments like the EU to adopt regulatory regimes such as the CRA which pressure maintainers to do even more free labor, in the name of security.

everyone likes security, right? as practitioners, we don't want to harm anyone's security posture. so there is pressure on maintainers to comply with these regulatory frameworks, in the name of security.

i've written a lot of software over my lifetime, and released the majority of it as free software, because i just wanted to be helpful.

there was no point in hoarding it, and releasing it as free software allowed for others to take it and do whatever they wanted with it. sometimes, they send their improvements back to me. great!

well, not so much with corporations. pkgconf, for example, is in basically *every* major corporation's toolchain.

to make pkgconf scale for these corporations, and their complex DAGs, we had to rewrite the solver. fine, i suppose. some of that work was even sponsored, which is nice.

but the reality is that there are a few utilities in this world that exist in the critical path of basically every corporation. tools like pkgconf, curl, etc. if these tools break because corporations use them in new ways, generally we don't get help with fixing them, but we are expected to.

this position is what leads to critical libraries like libxslt being abandoned, and the same maintainer adopting a laissez-faire security policy for libxml2.

The Forever War

For some reason I had never read Joe Haldeman’s The Forever War, and recently decided to remedy that. Like most classic sci-fi novels, it’s a quick read, much shorter than most contemporary novels. It’s often been called a Vietnam veteran’s response to Robert A. Heinlein’s Starship Troopers. Haldeman himself disputes that, although he admits it’s heavily inspired by Vietnam, and overall much more antiwar than Heinlein’s story.

This novel originally came out in the early 1970s and is very much a product of its time.

William Mandela is a physics student in the 1990s drafted into the United Nations army in a war against an alien species: the “Taurans”. Unlike in previous wars, a high IQ is part of the criteria. The military wants elite fighters. Women are included, so in this imagined near future military, it’s a mixed force, with roughly half female.

As a morale boosting measure, the recruits in training are encouraged, even required, to have regular and promiscuous sex with their colleagues. Pot smoking is common and seen as just another recreational drug. And the automatic “Sir, yes sir!” chorus of obedience in previous generations is replaced with a “F— you, sir!” response, repeated with the same lack of enthusiasm.

After some training in Missouri, the recruits are shipped to a planet in the outer solar system called “Charon” (not to be confused with the moon of Pluto discovered years after this story was written). Here they learn to use an armored exoskeleton suit so prevalent in military sci-fi. The training is grueling and dangerous. Several recruits are killed. Eventually they graduate and are sent to their first posting.

Interstellar travel in this universe happens via “collapsars”, a type of naturally occurring wormhole naturally occurring wormholes between collapsars (black holes). [My thanks to Captain Button for the correction in the comments.] However the collapsars are often a substantial distance from local solar systems or each other, requiring months of travel time, typically reaching relativistic speeds. The result is that while the troops spend months in transit, years are passing at the bases and on Earth. The battles all seem to happen in solar systems near collapsar transit points.

The Taurans, when first encountered, don’t seem like very good fighters, but they learn quickly, and the war becomes a long slog.

When Mandella first gets back to base, he discovers that decades have passed. But he, his girlfriend, and many others are given a chance to cash out their backpay and return to civilian life, although they are warned that a lot has changed on Earth. When they take the cash out option, they get back to Earth in 2024, and discover that it is a dystopia, with overpopulation, sky high crime rates, society breaking down, and widespread misery. Mandella and his girlfriend eventually reenlist.

As the war drags on and the decades and centuries pile up, Earth becomes increasingly alien from the view of the older soldiers. Governments on Earth begin to encourage homosexuality as a means to keep the population under control, and eventually make it mandatory. Mandella, as one of the longest surviving soldiers, finds himself considered a sexual deviant by the new recruits.

There are some pretty good action and battle scenes in the book, but one theme throughout seems to be that military often doesn’t know what it’s doing. Also that it’s not the soldier’s friend. And that the future is going to be very strange by our standards, starting with the army a few years in the future, and getting progressively weirder as the story progresses.

Reading older sci-fi is always an interesting experience. In this book, we get to see a 1970s vision of what the 1990s and 2020s would be like, and how dominated that vision is by the preoccupations of 60s and 70s culture. Certainly our 2020s is far from perfect, but it’s a picnic compared to the nightmare presented in the book. Something for us to keep in mind when contemplating the predictions made today.

Obviously this book isn’t going to be everyone’s cup of tea, but I found it an interesting ride, worth considering if you’re looking for classic sci-fi to read.

#bookReview #bookReviews #sciFi #ScienceFiction #SciFi #SpaceOpera

Someone asked a great question in the comments of my most recent SGW article, and I wanted to share my response here because I actually had to math stuff out, so:

There are only about 24,000 people in the US who detransitioned because they weren't trans after all, according to the US Transgender Survey.

@mcc it's a testament to the predatory nature of the american legal system and the institutions it props up that even lawyers working pro bono for free software non-profits consistently can't help but reflexively write in clauses that give their clients eternal indemnity and irrevocable rights over your first-born and their descendants until the end of time

Nothing quite like eight ornery Aussies in the audience chorusing “that’s a comment what’s the question mate” under their breaths at a talk. It’s giving me life 🤩😅🤣✨

The Information and Privacy Commissioner of Ontario has completed a review into Daixin Team's massive cyberattack on five regional hospitals in 2023 and found hospital officials acted “adequately.”

Perhaps the most notable aspect of the report (from my perspective) was that the IPC said the hospitals were obligated to notify patients whose data had been encrypted (and not just those whose data had been exfiltrated). They saw no point in requiring that now, but wanted it noted that it should have happened.

So that seems to be making PHIPA's interpretation clearer for future victims of encryption incidents.

The full report makes an interesting read.

PHIPA Decision 284:
https://decisions.ipc.on.ca/ipc-cipvp/phipa/en/item/521986/index.do

#PHIPA #notification #incidentmanagement #databreach #ransomware

Pontificating in the shower drain of languages.

This absolute icon at Canterbury Pride 🩷🤍🩵

#Pride ⚔️

True humanitarian disaster is unrolling in #Russia as the authorities are switching off mobile Internet in places even very distant from the front line to stop Ukrainian UAVs. It has the unintended consequence that without mobile Internet you can’t buy vodka.

Since 2019 Russia introduced very strict regulations, according to which each sale of alcohol is registered in real-time (!) in an on-line system run by tax administration. This regulation is intended to enforce time restrictions on alcohol sales, so you can’t buy it after 23:00 and before 08:00, plus many more - for example on some holidays, in some locations etc.

If Internet doesn’t work, shops can’t register sales so they can’t legally sell alcohol. Risking huge fines and losing license, they won’t even offer “delayed registration” and widespread snitchery makes it really difficult to bypass these regulations.