• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: July 11th, 2023

help-circle
  • Logical fallacies don’t necessarily disagree with facts. While the most common examples are simply unsupported statements that sound supported, very often we don’t have the luxury of working with clearly factual statements as a basis.

    All rhetoric is at the end of the day a fallacy, as the truth of the matter is independent on how it is argued. Yet we don’t consider all rhetoric invalid, because we can’t just chain factual statements in real debates. Leaps of logic are universally accepted, common knowledge is shared without any proof, and reasonable assumptions made left and right.

    In fact one persons valid rhetoric is another persons fallacy. If the common knowledge was infact not shared, or an assumption not accepted, the leap in logic is a fallacy.

    I would try to focus less on lists of fallacies or cognitive biases and more on natural logic. Learn how to make idealised proofs, and through that learn to identify what is constantly assumed in everyday discussions. The fallacies itself don’t matter, what matters is spotting leaps in logic and why it feels like a leap in logic to you.

    After all, very often authoritive figures do tell the truth, and both sides of the debate agree on general values without stating them. If someone starts questioning NASA or declares they actually want more people to live in poverty, they did infact spot very real logical fallacies in the debate, but at the same time those fallacies only exist from their point of view, and others might not care to argue without such unstated common ground.


  • I’d love if they added a minimum security-update time for the OS. 5 years of OS upgrades should be the norm, and at least 7 more years of life-support, where security updates are provided.

    It is ridiculous how fast phones become unsupported and unsafe. The systems are so specialised that open source OS can not support them all. It’s all proprietary technology, dependant on proprietary code.

    Once the last security update is shipped, the phone very quickly becomes a serious security vulnerability. Modern messaging formats such as emails and whatsapp become potential vectors of an attack. Visiting a Website might be enough to compromise ones phone. Even if every application you depend on didn’t already drop support, the phone is basically e-waste because of the OS.

    On this front, Apple has actually been decent. They support their old hardware much longer than many android brands. However I still think anything below 10 years is absolutely ridiculous as it renders the whole device unusable.

    I wonder if in future we will have the same issue with cars and other items now dependant on internal computers.



  • The only thing I can remember is this person who bragged about buying few domain-names and just waiting them to go up in price. I can almost understand companies issuing SSL certs selling domains, or having some services along those domains.

    But in this instance it was a national domain, meaning the state handled the top-level domain and all infrastructure and work related to keeping tabs on the domain names. What they did was buy general words when they were cheap and popular, and just sat on the domain name for all this time. They still haven’t done fuck all with any of them, just waiting someone else to go through with the business plan they thought for five seconds some decade ago, and then extort that company for money.

    So taking limited resources as a speculative investment is the only thing. Generally any form of investment where you expect to extract money for doing absolutely nothing except having an idea and paying some of your pre-existing money to hoard it.

    You aren’t even inventing an idea at that point. Infact, you are relying on the idea being obvious enough that someone in the future will actually do something along those lines. It’s not an innovation. Absolutely nothing happened outside your own head until you swooped in to charge a fee on someone that actually did something.



  • I didn’t know Specter or Meltdown can be exploited through a website, that’s good to know.

    I should have been more specific on this issue: old hardware is much less common to exploit than old OS or software, so buying new hardware for the sake of hardware security might not be necessary for ones threat scenario. However if there is a risk of a malicious actor accessing or stealing the hardware, then the hardware is definitely relevant.

    Similarly I do think one can do a lot with old hardware if they can find a usecase with less needed privileges.


  • This depends on your threat model and circumstances:

    Old versions of OS are generally a security risk.

    Old hardware may lack some modern security features near the hardware level. However these usually protect against tampering with BIOS or bootloaders. In general threats like this need physical access to the machine. I don’t know much about TPM and keystorage in general, but those are what this might concern.

    Other than that, old networking hardware might have vulnerabilities that are either not patched with software or are impossible to path. This extends to any device and all device-drivers, but network-devices to me sound the most exposed surface.

    This risk however depends on not just the device but the usage as well. If you use it inside a local network, you lose a layer of defence. If you use it in an untrusted network, you are exposed directly.

    I would usually not be concerned about old hardware as long as it can run a modern OS I trust. This means most laptops are fine, but phones not so much.

    Especially phones with no access to patched applications become less and less secure as time goes by. Old hardware is a small risk; old OS is a concern; old browser on said old OS and you can bet there is at least one serious, well-known and already used vulnerability.

    I’m personally tinkering with an old 4th-gen iPad, hoping to secure it or at least jailbreak it. However I am not expecting it to ever be a safe device after that, but a glorified IOT device.