Month: August 2020

~ Brin ~ Leave a comment

rustingbridges:

voxette-vk:

mathemagicalschema:

okay I keep wondering: when you take OTC pain meds like acetaminophen or ibuprofen for ordinary aches and pains – a headache, joint pain, whatever – do you actually notice a difference? Can you consciously tell that your pain is lower after you’ve taken them? Because I never have, even taking acetaminophen plus whatever NSAID at inadvisably high doses. It’s conceivable that I could find an effect if I kept a spreadsheet logging my pain levels before and after dosing – do they really have a stronger effect than that for most people? I’ve been on some prescription NSAIDs before and had about the same experience.

my options for noticeably-helpful pain management basically start with heat/ice and then jump right up to weed or opioids, which kind of sucks. temperature-based solutions are not terribly portable (icy-hot et. al. is far more unpleasant to me than any pain it might help with), and weed/opioids might make me feel better but don’t, generally, leave me any more functional. Voltaren gel works, kinda, in the area where it’s applied, for a couple minutes? and anyway, you can’t get it OTC in the States.

How likely is it that I have some sort of fucked-up drug metabolism thing?

They work for me

I usually stop noticing as much discomfort when I take OTC meds for headaches or w/e, but then it usually takes some effort to start noticing those pains in the first place, so while I think they help I’m not super confident

Ibuprofen does approximately nothing for me, but a couple years ago my doctor prescribed me extra-strength naproxen for late-onset dysmenorrhea and it turns out naproxen *does* work. (And it makes periods lighter, too!)

In fact, just two days ago I had this thought process:

Me: “Huh, the pain in my heel is almost completely gone today. I wonder if that splinter I couldn’t reach worked its way out.”

Also me: ‘…or it could be that pre-menstrual naproxen you started on last night.

Me: “…or that.”

Tags:

#reply via reblog #is the blue I see the same as the blue you see #menstruation #injury cw #medical cw

Don’t use Bridgefy at protests

~ Brin ~ 1 Comment

{{previous post in sequence}}

mostlysignssomeportents:

34b0e47a9de07ac985c1df576b2c4e53d81b7642

There are two iron laws of security that are often tragically ignored:

I. “There is no abstract ‘security’ – only security from some specific threat”

II. “There is no security in obscurity.”

Bridgefy, an app that’s been billed as a way for protesters to communicate securely, illustrates both of them.

Bridgefy is an offline messaging tool – a mobile app that uses Bluetooth to pass encrypted messages around a crowd  where there is no internet access.

It was originally billed as being useful for big festivals and concerts out in the countryside, where there were lots of people but little or no internet connectivity.

However, as protests have spread around the world, the company has promoted its product as a tool for at-risk protesters seeking to coordinate uprisings for which they might face severe retaliation, including imprisonment, torture and murder.

https://arstechnica.com/features/2020/08/bridgefy-the-app-promoted-for-mass-protests-is-a-privacy-disaster/

In April, a group of Royal Holloway researchers audited the app and found it severely unsuitable for these contexts, potentially exposing users to life-threatening hazards. They told the company about these flaws then, but have only now published their findings.

https://martinralbrecht.files.wordpress.com/2020/08/bridgefy-abridged.pdf

The researchers’ findings reveal that the threats to users from using the app at festivals are very different to the threats that protesters face in repressive regimes (“There is no abstract ‘security’ – only security from some specific threat”).

They also find that the product team made a bunch of mistakes that they overlooked, a common problem (it’s why I can’t find my own typos!) that exposed users to attacks from anyone who knew how to hunt for these errors (“There is no security in obscurity”).

For example, the app sends the ID of both the sender and recipient of every message “in the clear” (without encryption). That allows an attacker who intercepts this metadata to assemble social graphs: Alice knows Bob, Bob knows Carol.

This might expose concertgoers to some risk (for example, if Carol is arrested for selling drugs, Alice and Bob’s messages to her might put them under suspicion). But in a protest context, that exposes the whole movement to risk.

What’s more, the identifiers the app uses are tied to users’ phone numbers: an attacker at a concert would need access to a database that maps phone numbers to real identities. A state-level adversary can simply demand these connections from the phone company.

But not all the flaws in the system stem from the differences in threats at concerts and protests. Some of Bridefy’s flaws threaten users in ANY context, and stem from the developers’ own blind spots about errors in their thinking.

For example, the system doesn’t have any “out of band” way to initialize keys between users. That means that when Alice wants to send a secret message to Bob, she first announces to the whole network that she is Alice and this is her public key that Bob should use.

An attacker in the network can – rather than passing that message on – replace it with a message that substitutes their OWN key, and thereafter intercept, read, and relay all the messages from Alice to Bob (a “man in the middle” attack).

Worse than that, the actual encryption formatting used for the messages is PKCS #1, a system that has been deprecated since 1998 due to unsalvageable flaws.

The app also fails to do vital forms of input sanitization: it doesn’t check for “zip bombs” – small compressed files that, when decompressed, expand  to junk files that are millions of times larger. These bombs could crash enough devices in the network to shut it down.

Though Bridgefy has known of the vulnerabilities since April, they are only now announcing them. They attribute the delay to their fruitless internal efforts to remediate these defects, and their ultimate conclusion that their system needs to be rebuilt from the ground up.

They say they are now doing that work, rebuilding the app around the Signal protocol, which is very robust and has been widely probed to identify and shore up weaknesses.

It’s good that they’re doing this. A third iron law of security is that “Security is a process, not a product” – that is, security is always contingent, and requires constant tending and upgrading to patch newly identified defects.

We can’t and shouldn’t expect products to be perfectly secure – all we can ask is that product teams are transparent about which threats they considered in their design, how their products work, and which defects have been identified in them.

Unfortunately, while Bridgefy is doing the right thing by acknowledging these bugs, thanking the reasearch team, and fixing the bugs, the rest of their conduct is less than exemplary.

It was wrong to promote an app designed for concerts as a tool for protesters without considering the differences in the threats to those user populations.

Worse, though the team has known of these defects since April, they didn’t start correcting the record on end-to-end encryption promises until June. And, as Dan Goodin points out on Ars Technica, their messaging continues to imply that it is safe to use.

Bridgefy: even worse than previously believed.

(They lost me at “must have Internet during installation” [link]; I didn’t even get as far as security.)

((*reads articles* wait, hang on, verification is optional now? did Bridgefy become an actual functional mesh system in December and not tell anyone?? Bridgefy: *better* than previously believed???))

(((of course the *other* part of my misgivings about them were vague shady-corporation vibes, which have now intensified)))

Tags:

#promoted the above from a tag ramble because I thought it ought to be fully part of the thread #and also to be able to include that very relevant and timely link #101 Uses for Infrastructureless Computers #reply via reblog #oh look an update

~ Brin ~ Leave a comment

headspace-hotel:

forget the Internet things that would be incomprehensible 2 years ago phenomenon

where is the appreciation for Internet things that you could show to someone from 3000 BC and be almost sure they’d get a kick out of it

 

headspace-hotel:

A short list of things that probably would be funny to humans in any time ever:

  • objects shaped like dicks
  • funky dances
  • dancing badly to bangin music
  • dogs being stupid (we’ve had those idiots domesticated for 30,000 years)
  • teenage boys being stupid
  • slapstick
  • that video where the guy is singing/chanting while bouncing on a tree branch and it abruptly breaks under him
  • that video where two guys are trying to get their phone out from behind a fence with sticks and one loses his stick so the other climbs the fence, gets the stick, and ignores the phone
  • literally any video with animals acting like people

 

headspace-hotel:

Now what I need is like a bunch of memes and funny shit arranged on a timeline showing the earliest time period where they would be funny/understandable.

Obviously you’d have a lot that’s based on really recent pop culture references, but by like, 2,000 BC…a lot of tropes our stories still use have been established, there are stringed instruments, people have pet cats and dogs…so much would be familiar you know…Ancient Egyptians would love funny cat compilations and you know this is the case and they would probably love the videos of people playing guitars for pleased or unimpressed pets.

Tags:

#history #embarrassment squick

~ Brin ~ Leave a comment

tumblr_oe547hwmqa1t58g0so1_500

tumblr_oe547hwmqa1t58g0so2_500

tumblr_oe547hwmqa1t58g0so3_r1_500

tumblr_oe547hwmqa1t58g0so4_r2_500

tumblr_oe547hwmqa1t58g0so6_r1_500

tumblr_oe547hwmqa1t58g0so5_r2_500

tumblr_oe547hwmqa1t58g0so7_r1_500

tumblr_oe547hwmqa1t58g0so8_r1_500

tumblr_oe547hwmqa1t58g0so9_r1_500

tumblr_oe547hwmqa1t58g0so10_r1_500

brawltogethernow:

theblondebat:

sixofclovers:

the butts match

this is all I could think of with that frigging batman conspiracy post memes ruin lives bruce.

WE JUST TOOK THIS MEME TO THE NEXT LEVEL HOLY GOD I’M DYING LOL.

In retrospect this continuation seems obvious.

Tags:

#Batman #comics #fanart #anything that makes me laugh this much deserves a reblog #high context jokes #(sort of) #(I mean the context *is* given at the end but I expect it’s funnier if you already know the context)

~ Brin ~ Leave a comment

wafflesrisa:

Here’s something cute

When lockdown happened in the UK it happened very suddenly. At the law firm I work at, our office building emptied overnight when everyone was told to work from home. No time to clear our desks, no time to bring office plants home.

Fast forward three and a half months – everyone assumes that their plants are dead.

But then! An email goes round! It’s turns out that one of our security guards is a florist, and –

the security team has moved EVERY SINGLE PLANT from all 12 FLOORS of our office building into the cafeteria. It’s been turned into a temporary greenhouse. Cacti and succulents and spider plants and terrariums and potted ferns

AND! Each plant has been INDIVIDUALLY LABELLED by hand with post-it notes with name and desk location so the plants can go home after lockdown ends

To give some indication of the scale of the endeavour:

6e2264b88377624ac47c6aa2a94c0747ebffcfdd

If you zoom into the centre right photo you can see one of our security team happily waving

The plants are being taken care of tenderly. They get sun and water and are spending happy times with other plant friends

Tags:

#plants #adorable #covid19 #illness mention

~ Brin ~ Leave a comment

tilthat:

TIL That a 19-Year-old student hid a spy camera in his clothing to take secret street photos in the 1890s, taking pictures of people in a natural state, rather than in the strict posing trends that dominated in photography during those years.

via reddit.com

 

heythatsprettynifty:

7e370e66dfe3d16b4312a0dfb386baa384368e51
edc6c950b07bf98db6fa70742050ec0ee0df4276
7d3a54d888ba36c27185939e35db8c1fffc66bb5
73d1377e5b75a1f84736498aea6560ce4b877106

Here’s a few!

 

cicadianrhythm:

A young man definitely not hiding a camera from the 1890′s in his clothing

8398dd16e33eac53e64e542fd04f175cf62dd4f9

 

t-a-c:

6783fc53fffee541297d79c70cd7edd0af9657ef

 

sera-wasnever:

Not to detract from joak but here’s what the camera looked like

cf7f7636ffca7aed2a8eeedc4c7d2879694c0a9f
5019829b38cf8ec00d4e1ecd00677364c7fad93c

It was 14cm diameter but the lens poked through a buttonhole in his waistcoat from where it was hanging around his neck, and he has a piece of string from that lever on the side to his trouser pocket to take the photos. (Also! It could hold six four cm photos, so viewing them on your phone screen is probably about full size)

 

andhishorse:

Sure, the actual hiding might not be that great, but who would see that and think “ hidden camera ”. Who would have any possible frame of reference to be able to deduce “ that guy has a camera in his coat, that’s a thing that people do ”.

Tags:

#the first lifelogger necklace!! #history #101 Uses for Infrastructureless Computers