Shmoocon

Turned Out The Shmoo

Wrap up in a sense.

My legs really weren’t working well yesterday morning, so forewent the talks, and just guzzled coffee (and this very strange gluten-free cranberry-orange muffin) in seating area up front. Telmnstr found a few people he knows, and Squidly1 floated in for a few minutes.

It was fluttering snow…and, as I said, I wasn’t working well physically (and I’m still not a day later), so I cancelled my short-bus ride, and grabbed a ride back to my perch inside the Beltway Swamp

We watched the couple of final things, including the closing from the sofa in the living room. My wife, who was just my girlfriend when she accompanied me to some of the early conferences, seemed to be mildly interested.

But after next January, they’re finished. Maybe someone will work up a replacement. Maybe not. Six of one, half-dozen of the other.

I am planning to go to the final. The trip is a nice respite for me, but there’s often things that leave me just shaking my damn head, sloshing around my already-scarred brain.

I’ve been really digging into heterodoxy lately. There’s certain things you’re supposed to believe, and do but few people really ever quantify whether these things are effective.

But towards the end of the closing, they gave prizes for the lock-picking competitions.

It’s kind of fitting accompaniment to this thing’s tagline. No security measure is unbreakable. That allows you to delete anything, and everything.

So you spread things around so you can reconstruct later if you want or need to.

Listening to this on and off as I write. This kinda plays into part of what I was doing at the hotel, and with the conference. Just pay the bits to grease the wheels, make your experience easier. I bet I could have navigated my suitcase to and drom the hotel room.

But I didn’t.

Why?

Because one, my body was rebelling against the strain I was putting on it, and two, paying the fee really isn’t a concern for me, but it might make the day of the recipient. What I paid to save me the pain of doing this, cost me less than fifteen minutes of my work labor.

Just pay it, and move on with your life.

That kind of relates to the Finding Freedom podcast ep. I appreciate what the guest is doing building a different social media app.

Great.

A lot of those really bad companies^TM make their money off scanning and selling your information.

Got it.

Pay ’em, and they stop doing that.

I apologize for getting really distracted here.

Shmoocon is, and was a lot of fun. I will do what I need to do to go to the last one next year.

Probably even if they make me wear a face diaper.

Shmoocon #7

I watched the last ones in “Belay It” on the stream from the hotel room. My legs just didn’t want to walk anymore.

Nothing particularly notable, unfortunately. Maybe it was general MS bleh killing my interest. Maybe it was the random hotel network dropouts.

Did make it down to try and watch the trivia contest. I didn’t;t have a pen to participate, and I couldn’t;t see the questios=ns to try to answer them.

We went to the bar for desert and more drinks. Good conversation, at least. Reminiscing about conventions of the past, and discussions of plans for the last one next year.

I think I’ll miss Shmoocon, but the whole experience is completely different for me than it was in the early days when I was coming up from Tidewater.

I have to wonder how much the mandatory masking is killing session attendances. Who knows?

Shmoo #2

Watching this about FEDRamp.

Off-the-cuff notes:

There’s a bot on Discord that searches for FIPS, and replies “FIPS is stupid.”

DoD has a strange ix of FIPS and old AF DoD controls

You should be using KMS.

Tenable now does have now have FEDRamp auth for scans.

Focus on identity control and change management.

You do inherit some things from Azure or AWS, but it doesn’t fix everything. It does make documentation package simpler.

Advicee is to use FEDRAmp mod over ____ (for small biz). It helps some, but very few products can actually use it. Tailored? Taylor’d?

Still not clear how POA&Ms can be aggregated.

If you’re in planning, use Rev5 for new things. Other Rev4 can stick for a while, but don’t do anything new.

Push to actually make one-stop shop.

LOE for POA&Msmis very, very, very high.

OMB has solicited comments on IT regulations, related the initial guidance on FEDRampl

Question about using LetsEncrypt certs on FEDRamp. (And you’re reading on a site sekur3d by LE..)

I do kind of understand what they’re trying to do, but I have kind of an automatic repusion towards it.

The idea of sending out really not-even-beta-leval solutions really just bothers the hell out of me.

zOMGSEKUREREST bits, showing that things are good is one thing…but you should have to show that A) the product sorta kinda works in the lab first, and B) scans of that sorta kinda working product happened before you plugged it in to the fucking Internets.

Too much of what I’ve seen lately fail on both of those questions.

But we’re moving way faster than before…IN AGILE SPRINTS….putting out things that probably don’t work as intended, and have quesitonable security.

But, like, it costs a bunch moar, so it must be good.

Shmoo #3

Ewe Can’t Truss You’re Ears.

Speaker from Totes-didn’t-used-to-do-evil company.

Focus on helping those of us who can’t see very well, or at all.

Lots of discussion of masking things in unicode to try to lure people into visiting bad sites.

I think there might be potential for doing things like confidence intervals, and requirements surrounding the levels required for browsing/redirection. So, the speech to text hit on a potentially-malicious return. The speech-to-text might think it’s 100% confident that that’s what the user wanted.

But you look at the actual amount of traffic to that site, you can say, no, that weird unicode look-alike isn’t what the user was trying to get to.

Were you trying to get to Google, gee-ooh-ooh-gee-ell-eee-dot-com? If yes, hit, “go.” If not, hit “stop.”

For my own stuff, I’m teetering on the edge of legal-blindness. I think last check, I was something like 20/70 in my right (and previously non-dominant) eye, and uncorrectable to 20/400 in my left. I still can type, but some of the predictive things of things like SMS on my iPhone are very beneficial to me.

If I’m not sure, I use a search engine (rarely the totes-didn’t-used-to-do-evil one the speaker worked for….I would say that I’m mostly DDG, with some Bing, and a smattering of Brave), and try to get to the best result.

I do see well enough to do that. But even if I didn’t, I still think there’d be a good way to answer a series of binary questions to get me to where I actually wanted to go.

Death Rattles

Muted by the mandatory masks?

I’m here. They announced that next year is the last one.

Kind of have a room to myself for a bit; my roommate, my old biz partner, is running late.

So. Checked in. Going to go watch some of the interesting first-day talks.

Not sure what I think so far, honestly. Some back-and-forth among the assimilate waiting to check in. While the people I was talking to weren’t from a long way away, it was far enough to really justify a hotel room. Since I’ve been up here in DC, I haven’t tried to do the stay-at-home, and see the talks model. While Im inside the Beltway, it just seems like it’d be tedious taking a cab, or riding Metro.

Time to get downstairs….

Twiddle Thumbs

Furiously preparing for Shmoocon. Um. I guess it’s kind of taking away from me trying to pay my protection racket that’ll let me keep working. Until my vision finally gives up the ghost.

I have until May. The goal is to basically finish this coming week.

And I’m not doing anything for the week between Christmas and New Year’s.

Except take my damned shot.

I was really worried about being late last month. I’m not sure if that was coming across in my writing.

Maybe that sort of thing gets lost in the November writing streaks.

Considering abandoning the November streaks after next year (year fifteen), but we’ll see. Really trying to commit to skipping what I’d been doing in the summer.

Had a pretty good conversation with my wife about the occupational licensing requirements that are pervading the business environment lately. Thou shalt pay union dues, and pay some group’s protection racket, even if you’re not gonna need a degree in MDDR. (It’s pretty lazy to say that every politician with whom you disagree is a Fascist while ignoring the kind Communist regimes from the last century. Many, many, many policies I see floated in Maryland would fit right in in East Germany. But we’re not going to talk about East Germany. Or Romania. Or any of the other nasty places from behind the “Iron Curtain.” Maybe I should make it a point to visit Victims of Communism Museum.)

I should make it a point to do that. I think going to the book signing, and the Liz Phair show was the sort of thing I was excited about moving up here.

We’ll see how the Shmoocon weekend goes. What do I take with me, what do I smuggle back?

Running Late

Didn’t get a Shmoocon ticket, but I think i might have a hookup.

If not, I’ll just take time, and watch online.

Still a little upset that they’re still on with the fu^H^Hmasks.

*wanders away and back*

Yeah, it looks like I’m going. Okay.

They haven’t released the schedule yet. I’m sure there’ll be something interesting.

Aside: the predictive text in the browser as I’m typing is really annoying. I miss the days when I could write my entries in EMACS.

Next week, I get to pay that IT organization’s protection racket. Something to do the week before Christmas. I do have to go in one day for work, but it’s fine.

I’m going to do a few things I enjoy.

Immediate thing is that it’ll give me a chance to write compulsively…which I’m not supposed to be doing.

Oh well.

So little motivation to do anything today.

Sunday

Watching the dwindling bits of Shmoocon.

A bit intersting, but I’m having trouble maintaining focus. One of the talks about disinformation amplification was interesting. I’m hoping it’s posted online soon so Justin can view it for Fact Check This. The speaker didn’t touch too much on how the sketchy information actually feeds into the fact check sites.

Missing Context!!1!

The talk on reporting requirements (and the enabling legislation) was interesting.

Just reporting things a) may not be feasible in the arbitrary timelines, b) might actually negatively affect security, c) doesn’t fit nicely with existing bureaucracy, and; d) might not really tell anyone anything worthwhile.

It’s a shame, and has given me a new perspective on this. The hard-and-fast deadlines really might not do any good. Hmmmm…

But I keep getting distracted by other things.

First, and probably most predictably, was the latest The Fifth Column.

Major takeaways? 1. I had the same thoughts as Moynihan on the San Francisco reparations to black residents; OJ deserves reparations for discrimination he faced in his native city grown u0. 2. The anti-war advocates are proving, once again, that they’re full of shit.

That last bit goes to the disinformation talk I watched. “The Usual Suspects” seem to actually get wrapped into these Russian disinformation campaigns. The one “expert” who’s gotten quite a bit of traction among Libertarian circles the past few years, actually cited something because it had Edward S. Herman’s blessing.

Who’s that? The guy who, with Chomsky, denied the Cambodian genocide. Distortions At Fourth Hand

The are not credible people.

They spent years saying the Russians weren’t going to invade Ukraine.

Then when it happens, it’s because Nazis.

They’re also the ones who said that the US dollar was going to collapse because of the Federal Reserve’s money printing.

And nothing about the collapse of the Euro. LP National will tell you that’s also because of the Federal Reserve.

Countries whose currencies are backed by hard assets will be fine. Like Iran. Their currency is doing great. Please don’t check other news sites, and just go to AntiWar.com. (And I feel filthy for even opening that site….)

Time to watch the closing plenary, and football. Me and the micro-dog.

Afternoons and Coffeespoons

The second half of that stolen title is from my lethargy; I didn’t sleep well last night after being awoken by screaming neighbor kids around 0600.

Topics

I watched the one on the helicopter with OSINT.

The presentation on helicopters was interesting.

The speaker was a bit miffed at Elon Musk over suspending the account(s) that’d been giving out his aircrafts’ locations.

Not sure what you do about that. It’s not really economically viable to pair up aircraft the way you would cars.

I don’t like the account(s) being suspended/silenced, but I do understand why he’s doing what he does.

The ones matching the vaccine QR codes to users gives me a little bit more confidence if there’s isolation and no logging at the places of verification. Several ID factors there, and could assure privacy if there’s no record of check-ins; if the syst4em is isolated without any tallying ability. But it gets to be something like voter ID rules. Naturally, it’s racist if you have to show an ID for anything, and there’s a potential for multiple use of the ID and QR code….

But it does make me feel better than some of the more radical proposals that have been out there…..WEF, Chinese Social Credit score style things.

Still, I maintain that it’s completely inappropriate for private companies to be checking these sorts of things. In some instances, governments are forcing corporations to od it. I disagree with that.

For the companies that are doing it without coercion, fuck you. I’m not giving you money. Certainly not now, and quite possibly for the rest of my life. Your management chose to do this, and you get to live without my business. Good job.

I will not going to go to Madison Square Garden. Your management’s choices caused that. Even if there’s some sort of legal retribution, I’m out. It’s your loss. Apologies to whoever’s performing there, but they made the bed, and they have to sleep in it.

Same goes for the regional burger chain who wanted to see vaxports to even walk in the door to buy a takeout order…I enjoyed your food, but never pay for it myself, again. I also won’t come sit down in one of your stores. If someone else buys and delivers your food, I’d probably eat it, but you’ve lost me as a customer.

I’m also a bit happy I’m not there at the conference, too. If I’d paid for a ticket before the stupid mandate, I might have still gone.

But I’m not going to buy a ticket with your arbitrary decisions.

(I didn’t look at going being a bit short of money courtesy some crypto scammers who’ll remain nameless….)

I also watched the talk talk on textiles and technology.

I guess I understood where she was going at first, but she lost me at the end.

Though I’m hesitant to link to the site, they do have a good copy of the Christmas Letter.

Nobody owes you a job. Certainly nobody owes you a job where you currently live.

I’ve listened to a lot of discussion lately about how artificial intelligence will change how people work…and it’s not a bad thing.

There will always be a market for things that aren’t as perfectly-crafted as a computer would do it.

How many Amish furniture shops are around? Why would you buy from someone who crafted a piece by hand when there’s little question about whether you could actually get something of better quality that’s machine-made?

So more watching tomorrow. I 0robably should look more closely at what’s on tap.

More Less Moose Than Ever

My wife is throwing in some comments here and there as I’m watching.

Watching this right now.

Again, I go back to my thoughts of the past few days.

Government is not going to fix anything.

I understand, and somewhat appreciate, actually, what he’s saying.

He touches on the not-criminalizing-civil-disputes stipulation, but that’s what fucking happens every single time you get government involved.

Worry about “over-criminalizing” things.

What happens when you criminalize anything?

Men with guns. Ultimately that’s what you’ve done when you go to the government to solve an issue.

You stuck the bad sections about “downloading and copyrighting.” Okay? How the hell does anything work if you’ve outlawed those?

Burn this book

Yeah, and if someone can use tools to recite the ideas on to paper, it’s back.

And what does government do, then? They kill people.

I appreciate his role as an attorney, certainly, but I don’t think there’s any benefit to enacting more spaghetti treaties, laws, and regulations.

Do something straightforward to address a particular problem.

Everything should be temporal. Do something to address a particular issue for a limited period of time. If the limited term doesn’t resolve what the remedy attempted to fix, renew it. If it didn’t fix it, pass something different. If the problem went away on its own, great; move on.

Cato, an organization to which I donate, regularly talks about the Wilson Era Jones Act.

Why is that law still in effect?

Move on.

He also talked about signatories just ignoring parts of a ratified treaty, even after attempting to have problematic sections removed, just ignore the parts that don’t fit.

I’m shocked. Shocked. It’s almost as if treaties, being figments of government, don’t work.

Happy to hear his opposition to RealID.

Kind of speaks to where I push back agains the zOMG CBDC!!1! crowd.

Even in the most-authoritarian places, people exchange with each other. There’s trade among the Norks. There[s trade inside the most brutal prisons. People trade with each other; it’s what we do as humans. Yes, you can have my eggs. I don’t like eggs. Even if you don[t have anything to offer me immediately, you can have them. Maybe you’ll help me with something in the future. If not, so what; I wasn’t going to eat them, anyway.

Government can’t stop exchange…short of doing one of the things it does well — kill people.