@slashdot The whole security theatre of Apple App Store and totally walled garden of closed platform of iOS et cetera formally "justified" by promise to prevent exactly _this_ type of shit of scam and fake apps from happening.
#security #securityTheatre #apple #scam
I'm trying to create a #password that fits the usual poorly designed password rules.
Minimum 8, max 30 characters... Almost as if they are storing it in a database rather than hashing it. 
The rule I'm enjoying most is "Not allow three or more consecutive characters"
Minimum of 8 characters, but no three together. Um... 
Today in confiscations at the #airport security: canned salmon, and three cans of sardine. The officer even called a "manager" so he could, wearing a suit, and with an expression of a person doing a very important job explan to me that salmon is liquid.
FWIW I was anticipating this, but I originally was planning to take a train, so...
... so here I am typing in a full name and generating a password, then confirming my E-mail address from another E-mail, then going back to the original saved HTML document to have it load a decrypted version it downloaded from the website.
And since my identity was never validated except by E-mail, none of that was more secure than E-mailing me a simple HTTPS link.
But worse, it makes users believe this is a valid way to interact by E-mail.
#security #securityTheatre #cybersecurity #encryption
"Didn’t Take Long To Reveal The UK’s Online Safety Act Is Exactly The Privacy-Crushing Failure Everyone Warned About"
This sentence sum it up:
"This is what happens when politicians decide to regulate technology they don’t understand, targeting problems they can’t define, with solutions that don’t work."
If we avoid the perfectly rational alternative that building the surveillance state I'd the goal in itself, whatever the cost or inefficiency in building it.
Oooh. Exciting times in #virginia #primary #elections. The county replaced our defective #securitytheatre bag. You may have seen my remark about people not knowing what a grommet is. Well, I know what one is, but our bag was defective and didn’t have one! Apparently we weren’t the only precinct like this. The county has been sending folks around to affected precincts with replacement bags.
Rest easy, America. This empty bag is sealed with a lock AND a numbered tamper evident seal. This is very secure air.
I’m not gonna stuff it full of fraudulent ballots until the Soros people get here with my check. If they don’t bring me the money, I’m not gonna put all my fake ballots in there.
9/
Tons of things have changed in the last few years. Lots of new numbered, recorded, tamper-evident seals have been added. Some make a lot of sense. Electronic poll books contain a crap ton of personal information. They include names, addresses, and dates of birth of voters. We want to keep those under lock and key except when in use.
This provisional bag is #securitytheatre though. What are provisional ballots?
When we have uncertainty about your eligibility, we give you a ballot anyways, but we put it in a special sealed envelope with all your details on it. It’s called a provisional ballot and the board of elections receives these and systematically verifies each one. All votes that are eligible are counted. (In the 2024 election I think there were like 16000 of them and 90-something percent were deemed eligible and were counted)
Each is in its own, individually sealed envelope. In the past, we just collected these off to the side until the end of the day. Then we counted them, gathered them up, and turned them in. Now they want this mini ballot box contraption with a lock and seal.
In my typical precinct we have, say, 3200 eligible voters, and we will see 1000 on a busy November Tuesday. Of those maybe 20 are provisional. There just isn’t opportunity for meaningful fraud here. And there is definitely no evidence of meaningful fraud. But now we have this additional, silly procedure with chain-of-custody and a recording process. It prevents nothing because nothing has ever happened. And we have compensating controls everywhere. Every ballot is accounted for.
Security theatre makes people think this is necessary because there’s some threat. There isn’t.
8/
#ebay needs to update their #GeoIP database.
I've just logged on from an old computer in my house, and it's sent me an email saying someone has logged in from Shropshire, which is over 100miles away, when most sites think I am based in North London (which is still wrong, but my ISP is at least based there).
No other site seems to ever think I'm in Shropshire.
I wish companies would just list the IP address and browser details in their "a new device had logged in to you account" emails, any other details seem to be totally wrong, and therefore useless 
#recaptcha #captchas are the worst form of #securitytheatre out there.
Not only are they slave labour, "free" training for #google but they are harvesting your data.
You get blackmailed to complete a craptcha, it steals your data, pretends to be "for security" and you can't access the site without it. It's EXTORTION.
google is the biggest #enshittification of modern life that exists and it needs to be destroyed.
If politicians knew what it was it would be illegal.
Sigh.
Eurostar still think they are operating an airport not a railway station platform.
@realPaser Den Erfolg einer Einwanderungspolitik daran zu messen, wie viele weniger jetzt über reguläre Kontrollpunkte ins Land kommen, ist ungefähr so sinnvoll, wie die Sicherheit der Luftfahrt an der Anzahl der konfiszierten Nagelclips festzumachen.
Is Node.js the future of backend development, or just a beautifully wrapped grenade?
Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.
When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.
Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.
Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.
Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.
I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.
So I wonder:
Is this the future? Or am I just… old?
Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?
Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.
@alice So last year on my way to Defcon my bag got pulled. Lockpicks, flippers, proxmarks, Mag stripe encoders, about 500 blank PVC credentials. you know what they wanted to text for explosives... my half used stick of OldSpice.
Read and weep. It is just Security Theatre.
Remember, Security is Hard, and no one wants to do it properly, because that requires effort and is inconvenient.
I'm sure that removing my belt when I go through security at the airport is keeping us all safe.
Or maybe not:
"Police are investigating after a 17-year-old teenager allegedly boarded a Jetstar flight with a shotgun and ammunition ...
"Dressed in hi-vis clothing the teen was thought to be a maintenance worker when he allegedly entered Avalon airport through a hole in the facility’s fence on Thursday afternoon.
"It is alleged he then walked up the boarding staircase and into the plane, where 160 passengers were onboard."
Nee, genau das Gerät war schon zig-mal gekoppelt.
"in der Nähe von Germany"???
Was soll dieser dämliche Quatsch - Das ist Chrome zu Google Pixel, ihr werdet doch wohl Schlüssel austauschen und das auch mal ein paar Wochen merken können???
Ungefähr *NICHTS* in dieser Nachricht ist korrekt.
Constant vocal and visual reinforcement that I should be "alert not alarmed" and "if it doesn't make sense day something." It feels like just after 9/11 but nothing like that happened. Really priming the fear pump and the so-called antisemitic attacks are being used as the driver.
