This article covers upcoming deployment.

I haven't come across overall Indiana sentiment on this yet

There are many things I'm unhappy about in this matter:

• Deployment of Indiana guard for something the federal government should be doing.
• Putting Indiana citizen soldiers in a very difficult position: having to deal with immigration policies in actual practice, political shenanigans, dealing with humanitarian issues when the primary mission isn't saving lives. We are good at war and helping save lives, anything else is asking for trouble.
• Combining immigration policy with border protection. I don't like that they aren't separate. I feel like it's all political games, but someone convince me that we can't control borders without barring all immigration.
• Crazy talk about federalizing a state's national guard.
• Crazy talk about States and federal government clashing to the point of escalation. I don't think cool heads and reason win the day anymore. I feel like the populous seems willing to support more extreme measures these days
• Separation of service members from their families

On one positive side, this will give 50 service members and their families a first hand view of a major topic instead of hearing it from the news.

I know this is old and hinges on your favor of trump, but I have more respect for Sen. Young after this and his breaking away from Republican shenanigans regarding this border security.

End of globalization? Or over simplified and sensationalized?

TL;DW - Zeihan predicts the fall of China in the next ten years as an economic force.

Refuted by Cyrus Janssen, who says this is not likely.

https://youtu.be/ZHlrgUdgKP0?si=omQiYPSzB8XeqY-f

Janssen quotes Joeri Schasfoort and Martin Wolf.

Is the current world economy standard changing as drastically as predicted by Zeihan?

"How now, brown cow?" -Bugs Bunny

What should we teach about US historical figures? I've heard anything from:

• Teach everything about them, good and bad
• Don't teach about them at all
• Only teach the bad?
• Only teach the good

Can we teach a whole truth? Can we teach what historical figures did that was momentous, while also illustrating what they did we wouldn't accept today?

I asked for quotes regarding the topic, these are what I got. The explanations are from an LLM, not me.

Against judging with modern eyes:

> “Those who cannot remember the past are condemned to repeat it.” – George Santayana, philosopher

• This emphasizes the importance of understanding the values and norms of the past to avoid similar mistakes in the present.

> “Power tends to corrupt, and absolute power corrupts absolutely.” – Lord Acton, historian

• This highlights the dangers of judging historical figures in positions of power without acknowledging the corrupting influences of their roles and times.

> “One does not become enlightened by imagining figures of light, but by making the darkness conscious.” – Carl Jung, psychologist

• This suggests that acknowledging the darker aspects of history, including the flaws of historical figures, is crucial for true understanding.

> “We must judge a man by the circumstances of his own time, and not by those of ours.” – Thomas Macaulay, historian

• This emphasizes the importance of historical context when evaluating the actions and choices of historical figures.

> “The historian seeks to find out, not whether a thing is good or bad, but how and why it came to be.” – Leopold von Ranke, historian

• This emphasizes the historian's objective of understanding the motivations and context behind historical events, rather than applying modern moral judgments.

For a balanced approach:

> “We must acknowledge the sins of our past without losing sight of the progress we’ve made.” – Barack Obama, former US President

• This advocates for acknowledging both the achievements and failings of historical figures while recognizing the evolving moral landscape.

> “No one is born hating another person because of the color of his skin, or his background, or his religion.” – Nelson Mandela, former South African President

• This points to how societal norms and prejudices can shape the actions of historical figures, even those who ultimately condemned those same structures.

> “Let us put our faith in the intelligent progress of the colored race, not only in self-improvement, but in the capacity to forgive and forget the bitter past.” – B.T. Washington, educator and activist

• This encourages a nuanced approach that honors progress while acknowledging historical injustices without dwelling solely on blame and resentment.

> “The moral judgment of every historical action must be based on the knowledge of the period in which it was committed.” – Karl Marx, philosopher

• This argues that understanding the knowledge and beliefs available to historical figures is crucial for making fair moral judgments.

> “History is a gallery of portraits, in which the various faces appear dissimilar only because they are seen in different lights.” – Thomas Carlyle, writer

• This reminds us that historical perception can be subjective and influenced by the lens through which we view the past.##

Anyone else feel like this guy is a total piece of shit, or am I being unfair?

Interesting. I haven't heard of humanitarian parole.

I have serious issues with discussion in the opening segment of Security Now where Steve and Leo discuss the recent Apple backdoor implementation.

Various quotes:

"In fact, I think that the case could be made that it would be irresponsible for Apple not to provided such a back door."

"...most CEOs who are in the position to understand that with great power comes great responsibility..."

"I believe that they absolutely will protect the privacy of their users to the true and absolute limit of their ability."

"You always have had a way in, you just didn't tell anyone."

-Steve

These quotes speak to the corporate entity of Apple.

They go on to describe supporting this idea because: "What is Dr. Evil had the launch codes...". They use the scenario of the risk is worth it because of the potential for saving the world.

Discussion:

I feel most people assume their devices can be compromised by advanced agencies like the NSA for Americans, or by law enforcement proceedure, like a court order.

I don't have an iPhone, but I wonder if that is in the terms of service?

1. Should Apple have to tell you that they built in a backdoor that can open your device no matter what you do and by using the device, or agree to that? Maybe it's already there, maybe it truely was a secret, I'm more asking from the standpoint of should the comsumer/user be told?

2. Should the vendor be forced by law to reveal this? Arguments for yes are obviously revolve around privacy. I guess arguments against is criminals/bad actors will deliberately not choose this product? Non-American governments already have that policy because, duh, US Government has power to compel American businesses...

3. Do you think we should all accept this in the social contract of law and order? In order to keep citizens safe, the government must have the legal and technical ability to conduct legal search and seizer?

4. Would a backdoor into every technical item be OK under the circumstances that a court order was issued? If no, what about the time that a young kidnapped girl could have been found alive if authorities could have unlocked an iPhone (or any device)? If yes, what about every [insert your term for a government you think is bad here] government around the whole that issues their version of a "legal" process/order to unlock people's devices for the purpose of "national security", which based on your personal views, may be oppression or human rights violations?

5. Is there going to be a class action law suite coming? Should there?

I don't like the current state of this, change my mind.

Transcript of episode: https://twit.tv/posts/transcripts/security-now-956-transcript-

I'm not sure how to feel about this one, but I also wouldn't want to suffer.

Not sure why the restriction from lemmy.

https://fox59.com/news/roughly-130-bills-introduced-ahead-of-indianas-2024-legislative-session/

cross-posted from: https://infosec.pub/post/6945259

> Let's talk about root certificate management and the EU proposed QWACs. > > Steve Gibson of the security now podcast weighed in with opposition to the EUs proposed QWACs certs and cited a few other prominent figures also expressing opposition. > > Paragraphing their concerns, they proposed that mandating a bunch of new CAs introduced more risk and greater opportunity for abuse or compromise. Steve favors less CAs also being in favor pruning out most, but 6 or 7. > > At the moment, I don't care for browsers having their own certificate stores, as I would rather use the OS which I would use group policy for windows or use an automation tool for Linux. > > I am also in favor of pruning out certs, though I've never tested that in an enterprise. > > Does your organization allow non OS certificate stores? > > Does your organization prune out default root certs? > > How do you feel about the proposed QWACs?

cross-posted from: https://infosec.pub/post/6965473

> Does your choice of configuration management tool (Ansible, SALT, Puppet, Chef, etc) control tier 0 assets? (Authentication/directory servers, network equipment, etc) > > Do you consider your CM tool tier 0? > > If so, do you only allow access to it via privileged access workstations? > > Would you use GIT for the code repository? > > What about if the GIT repo was local and also controlled as a tier 0? > > What does your CM setup look like? >

Does your choice of configuration management tool (Ansible, SALT, Puppet, Chef, etc) control tier 0 assets? (Authentication/directory servers, network equipment, etc)

Do you consider your CM tool tier 0?

If so, do you only allow access to it via privileged access workstations?

Would you use GIT for the code repository?

What about if the GIT repo was local and also controlled as a tier 0?

What does your CM setup look like?

cross-posted from: https://infosec.pub/post/6670956

> I'm curious what tools, SaaS, or other solutions are being used for vulnerability assessments? > > DOD calls it ACAS, which is just an acronym for required assessment program of record they currently fullfil with Nessus scanner and related vender solutions. > > Anyone have Nessus experience that can compare to another vendor? Good, bad, etc?

cross-posted from: https://infosec.pub/post/6671372

> I'm not a vendor, I'm just curious what experience people have with implementing security control frameworks? > > DOD uses DISA STIGs. Else uses CIS benchmarks, or self developed based of NIST CSF? > > To what degree is your organization using any of these? > > Are they enforced? Monitored? > > Using any vendor solutions that don't suck? > > Does anyone care except you (hopefully 😉)

Let's talk about root certificate management and the EU proposed QWACs.

Steve Gibson of the security now podcast weighed in with opposition to the EUs proposed QWACs certs and cited a few other prominent figures also expressing opposition.

Paragraphing their concerns, they proposed that mandating a bunch of new CAs introduced more risk and greater opportunity for abuse or compromise. Steve favors less CAs also being in favor pruning out most, but 6 or 7.

At the moment, I don't care for browsers having their own certificate stores, as I would rather use the OS which I would use group policy for windows or use an automation tool for Linux.

I am also in favor of pruning out certs, though I've never tested that in an enterprise.

Does your organization allow non OS certificate stores?

Does your organization prune out default root certs?

How do you feel about the proposed QWACs?

cross-posted from: https://infosec.pub/post/6911236

> Is anyone running saltstack, and if so, are you doing gitfs for your repo? > > Do you have your pillar data in the repo? Or some other external? > > Are you doing one top file in base? Or top in each branch/environment? > > Is there a better way to do managed repo for salt?

Is anyone running saltstack, and if so, are you doing gitfs for your repo?

Do you have your pillar data in the repo? Or some other external?

Are you doing one top file in base? Or top in each branch/environment?

Is there a better way to do managed repo for salt?

I'm not a vendor, I'm just curious what experience people have with implementing security control frameworks?

DOD uses DISA STIGs. Else uses CIS benchmarks, or self developed based of NIST CSF?

To what degree is your organization using any of these?

Are they enforced? Monitored?

Using any vendor solutions that don't suck?

Does anyone care except you (hopefully 😉)

I'm curious what tools, SaaS, or other solutions are being used for vulnerability assessments?

DOD calls it ACAS, which is just an acronym for required assessment program of record they currently fullfil with Nessus scanner and related vender solutions.

Anyone have Nessus experience that can compare to another vendor? Good, bad, etc?

Has anyone heard significant criticism of Indiana's road?

I have. I'm wondering if there's merit to it, or we everyone thinks the roads where they live are bad.

I've driven out west and northwest where the composition of roads is different, loader like concrete, but they might not have temperature swings, use salt, or plow.

Marion County usually has bad roads compared to the suburbs, but that's a whole thing of its own

Thoughts?

Pure curiosity:

If you left reddit or another corporate platform under the banner of not being censored by their views or beliefs, what was that?

Wait. Before we open this can of worms, I'm not at all curious about an in-depth explanation of unpopular views or opinions that are generally extremist or that most reasonable people consider extreme. More of:

• I left reddit or some other because they censor...?
• The lemmy community is more for me because?
• I reasons my instance policies or moderators are better than the other platform is?
• The other platform restricted opinions or views regarding...?

If you feel like sharing, just summarize the general idea, please no indoctrination speeches.

Oh boy...