I'm moving my mastodon account over to librem.one. If you want to follow me going forward, you can find me at social.librem.one/@kyle

Interesting that Sri Lankan govt. response to the terrorist bombings includes temp blocks on FB, Instagram, WhatApp and other social media both to "stop the spread of misinformation" and "to prevent further extremist attacks and retaliatory violence." nytimes.com/2019/04/22/world/a

@kylerankin So ultimately human teachers become a luxury good and cash-strapped school boards save money by hiring fewer teachers and buying heavily-subsidized tech to replace them.

@kylerankin You see this in Silicon Valley today. Tech billionaires send kids to private schools that tout being tech-free and hands-on with human teachers.

Education is moving to a divide along class lines: the rich are taught by humans in a tech-free environment. Everyone else will be taught by computers subsidized by Big Tech in exchange for data and lock-in.

@kylerankin Of course they are using Chromebooks, so Google gets to share in the data bonanza.

Zuckerberg funded FB engineers to make a "personalized learning" platform for Kansas kids. Besides the educational concerns, how much personal data is this program storing indefinitely? Who gets access to it? nytimes.com/2019/04/21/technol

How exactly do you "accidentally" write software that logs into an email account, pulls down the contact list and stores it in a FB database? businessinsider.com/facebook-u

@kylerankin I'm encouraged by the new emphasis on ethics in engineering and how many engineers are starting to speak up (or vote with their feet) when companies order them to build unethical machines.

Software engineers are indoctrinated to believe: "People only hate ads when they aren't relevant." This doctrine has led to over 20 years of mass data collection. It's a lie, and if more engineers dared to question it, we'd get a lot further on .

@kylerankin 3: Great early post-mortem given circumstances. Affected servers, what attackers did, what Matrix did, what users should do, timelines, promises of more detail later.

@kylerankin 2a: One approach is CI signing/shipping code to dev repo, admin logs into prod to trigger prod pkgs sync from dev to prod. Make attacker have to backdoor the code itself.

@kylerankin 2: Many orgs deploy to prod straight from CI. Jenkins is red team gold. Always separate dev/prod completely. Dev access should never lead to prod access.

@kylerankin Takeaway 1: Matrix response to take down prod, rebuild from scratch in relatively short order, is commendable and all orgs should be aim to be able to do the same in similar circumstances.

This post-mortem of today's Matrix prod compromise is great for its transparency and cautious response. Also a clear demonstration why dev infrastructure (Jenkins or otherwise) should not be allowed to access prod. matrix.org/blog/2019/04/11/sec

Will Google be contributing to the "community" software these companies are named for, or the proprietary "enterprise" software these companies sell and spend most of their efforts on? zdnet.com/article/google-chall

@kylerankin In short, why stop with killing the stalkerware industry when you can kill the worst parts of the adtech industry too?

I hope @evacide can kill stalkerware. Solving for that threat solves so many others. Real solutions would also stop general-purpose tracking from far too many phone apps (and phone vendors). wired.com/story/eva-galperin-s

If marketing is a conversation, then Social Media marketing is a conversation with Apollo Robbins youtube.com/watch?v=LoUSO_Mj1T

Show more
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!