Indeed. This was not such an issue when everybody had their own website or blog or whatever, and you had to seek out content intentionally... It's the active intervention of an algorithmic megaphone that is causing the damage. To me this is when it stops being free speech and starts being corporate policy that needs to be regulated.
Delighted to see something made in Ireland that didn't come from a multinational... The Zorin brothers have worked on this since they were teenagers.
https://stconleths.ie/the-zorin-brothers-technology-for-huma...
They were even on the national news a few weeks back!
Excellent piece, captivating.
I found many parallels here to managing IT. So much of control theory and systems engineering is relevant to developing and deploying cloud systems, improving performance etc...
Many times I've seen engineers polishing and optimizing the code of an existing system without ever questioning the process itself or indeed the paradigm. I myself was in that position, spent 5 years optimizing the parameters of a complex system, only to realize that system was put in place based on faulty assumptions that were never questioned. The whole thing could have been removed and performance sped up 200%.
In my experience people ~25 years of age and younger, who are not tech-savvy enough to install an adblocker, simply do not surf the web. Everything is an app, thus the internet browser becomes an online shopping (no/very few ads) and "googling" tool, though this second use is fading away as well with the rise of LLM chatbots. The ads baked into short-format content are much less obtrusive than the popups or fake download buttons of yore—though in my view this makes them even more insidious. I've witnessed my friends not even realize a video was an advertisement until they'd already watched it in full.
* Grain of salt; just the anecdotal opinion of a jaded zillenial.
Is this a submarine article for food corps or what?
Yes, it's hard work to make food by hand, but for fucks sake, our ancestors did it for generations, without any modern appliances or temperature controlled ovens.
This article was so long, I don't even know the point was. Is she trying to say that UPF is not so bad? That you should just give in? At the end of the day it just comes down to priorities. There is almost nothing more important than what goes into a child's developing body. Maybe skip some of the after school activities and cook with them instead.
Ancestors didn't have the hyper-scheduled calendar controlled lives of two working professionals plus child rearing. Something has to give in such situations.
Priorities are 100% it. My parents were able to raise me on a single income where any processed foods were a special treat maybe once per quarter. We were quite poor compared to our peers, and a lot of our veggies came directly from our own urban garden. Staples in bulk from the food co-op in 50lb bags, and at least a few hours per day was spent on meal prep from base ingredients.
There is no way you are getting that out of the general population these days without wholesale changes to the entire economy. We are built to keep every working adult busy 24x7.
That's before you get into the inanity (or insanity if you prefer) of social expectations these days re: child rearing.
I think you can do a whole lot better than the lunch in the opening paragraph pretty easily.
It need not be all-or-nothing. I've been improving my diet for 10 years, as I started to learn more about nutrition.
Instead of a Crustable sandwich, get some turkey at the deli counter and some prepackaged whole wheat bread. Still processed, but better. Maybe after a while, move to getting bread from some whole food bakery or something. If you don't have time or money to jump all in, start taking steps.
> Is this a submarine article for food corps or what?
Read it and make a case about whether it is or isn't, this is your idea. Is there merit to it, or does it only dovetail with the same convenient demonization of a habit you can vaguely ascribe to worse parents or poorer people?
Sure looks like it. Expect more of this ultra processed "news" propaganda with all of the partisan hack trad and social media consolidation out to manufacture consent of low information scrolling consumers who then try to gaslight the sane into believing nonsense.
No one with a functioning brain believes for a second that HFCS-laden Mt Dew Code Red or Flamin' Hot Doritos Max XXXX Blast Ultra are health food.
For those who hated the unmaintainable mega spreadsheet of death, MS Access was actually a quite decent solution. It allowed you to sprinkle some structure and maintainability onto a spreadsheet without losing the accessibility and ease of development.
You could whip up really functional UIs without much coding knowledge. 20 years later and I still don't know what the replacement for Access is in today's world...
Amen. IMHO the equivalent nowadays would be AirTable - big fan of this, especially now they’ve added Interfaces which is the equivalent of the MS Access UI layer.
You don't need to send 32GB of emails, you only need to send 32GB of traffic. Setting up a TLS connection and sending EHLOs ad infinitum can generate traffic without hitting any "message size < 8MiB" filters.
What's the threat model here? A scenario where the attacker controls the plaintext being sent but doesn't know what the plaintext is seems quite unlikely.
Search for 'sweet32 attack' . it's pretty much this technique - i think.
The CVE mentions that attack type atleast, and it has its own .info site to explain what it is...
The message type jeroenhd mentioned is useful here, as it generates a predictable response from the server, without having to sent actual email over it or authenticate against it. (so an external attacker can generate the needed encrypted traffic, with predictable / known plaintext). They dont know emails being sent, but they do know the response to EHLO. once the attack is acheived, they have a key, and can decrypt also other traffic sent by the service if you manage to capture it.
I'd say the thread-model or whatever is thus, someone who can sniff your email traffic and can speak to your smtp server. (if they can do the first, certainly they can do the second.)
its much harder to get to the email traffic outside of your network, but not impossible. (ISP for example can grab it easily.... - so in certain regions this might be a big risk - nasty governemnts etc..)
In your example, the attacker already has the session key for the TLS connection, so they don't need to run this attack to decrypt the traffic on that connection. And running the attack does not help them decrypt any other connections.
Sweet32 depended on the attacker being able to send an arbitrary amount of traffic over a connection where they did not control either of the endpoints, and with that connection also carrying the data they wanted to steal. That doesn't map at all to the proposed "infinite stream of EHLOs" attack.
The suggested attack was the attacker writing an infinite stream of EHLOs on a connection. What's the scenario where an attacker has full control of the SMTP control framing, but doesn't have attack to the payloads?
reply