Tootfinder

Disclaimer, THIS IS NOT A JOKE.
This is the PM of Scottland, Pakistani Humza Yousa.
“JK Rowling could be arrested in Scotland for making a series of posts misgendering transgender women, under a newly-enacted hate crime law, a politician in the UK has warned.”
This is insane !!!
https://

RadioGenoa (@RadioGenoa) on X
In Scotland hate speech law supported by PM Humza Yousaf has come into force which will carry prison sentences of up to 7 years for statements deemed to incite hatred on the grounds of religion, sexual orientation and gender identity. The same PM Humza Yousa who denounces that…

Disclaimer, THIS IS NOT A JOKE.
This is the PM of Scottland, Pakistani Humza Yousa.
“JK Rowling could be arrested in Scotland for making a series of posts misgendering transgender women, under a newly-enacted hate crime law, a politician in the UK has warned.”
This is insane !!!
https://

RadioGenoa (@RadioGenoa) on X
In Scotland hate speech law supported by PM Humza Yousaf has come into force which will carry prison sentences of up to 7 years for statements deemed to incite hatred on the grounds of religion, sexual orientation and gender identity. The same PM Humza Yousa who denounces that…

Scammers are using sample videos of influencers with modest social media presence to create AI deepfake ads that often push offensive products and ideas (Washington Post)
https://www.washingtonpost.com/technology/2024/03/28/ai-women-clone-ads/

AI hustlers stole women’s faces to put in ads. The law can’t help them.
Artificial intelligence is spurring a new type of identity theft, altering people’s social media posts to sell erectile dysfunction pills or praise Russia’s Vladimir Putin.

Scammers are using sample videos of influencers with modest social media presence to create AI deepfake ads that often push offensive products and ideas (Washington Post)
https://www.washingtonpost.com/technology/2024/03/28/ai-women-clone-ads/

AI hustlers stole women’s faces to put in ads. The law can’t help them.
Artificial intelligence is spurring a new type of identity theft, altering people’s social media posts to sell erectile dysfunction pills or praise Russia’s Vladimir Putin.

This story details a valid cause for alarm with deep fakes and identity theft (without, apparently, recourse).
But I'm posting mainly to shake my head at the unintended pun with "bad actors" in the part I put in the screenshot.
"Women’s faces stolen for AI ads selling ED pills and praising Putin" - The Washington Post

AI hustlers stole women’s faces to put in ads. The law can’t help them.
Artificial intelligence is spurring a new type of identity theft, altering people’s social media posts to sell erectile dysfunction pills or praise Russia’s Vladimir Putin.

👍 New federal rule bars #transgender school bathroom bans, but it likely isn’t the final word
What to know about new federal rule that blocks transgender school bathroom bans | AP News
http…

What to know about new federal rule that blocks transgender school bathroom bans
A new federal rule seeks to clarify that a law against sex discrimination at schools includes gender identity, too. It's expected to spark another wave of lawsuits from states and advocacy groups. Most Republican-controlled states have adopted laws in the last few years aimed at curtailing the rights of transgender young people. The measures include restrictions on transgender girls participating in girls sports and on which school bathrooms transgender people can use. Some of them run afoul of…

When I used ‘Leo Varadker is the Taoiseach’ as an example of a contingent proposition in my lecture the other week, I didn’t realise it would be false before the end of the course!
The same happened with Theresa May when I taught this course a few years ago. I’m now considering putting money on Donald Trump disproving the law of self-identity! 😆 #philosophy

This story details a valid cause for alarm with deep fakes and identity theft (without, apparently, recourse).
But I'm posting mainly to shake my head at the unintended pun with "bad actors" in the part I put in the screenshot.
"Women’s faces stolen for AI ads selling ED pills and praising Putin" - The Washington Post

AI hustlers stole women’s faces to put in ads. The law can’t help them.
Artificial intelligence is spurring a new type of identity theft, altering people’s social media posts to sell erectile dysfunction pills or praise Russia’s Vladimir Putin.

https://www.irishtimes.com/crime-law/courts/2024/02/08/american-72-who-applied-for-irish-passports-under-names-of-dead-infants-pleads-guilty/

American (72) who applied for Irish passports under names of dead infants pleads guilty
Randolph Parker’s true identity was discovered after the FBI became involved

My current take on the #xz situation, not having read the actual source backdoor commits yet (thanks a lot #Github for hiding the evidence at this point...) besides reading what others have written about it (cf. #rustlang for such central library dependencies would maybe (really big maybe) have made it a bit harder to push a backdoor like this because - if and only if the safety features are used idiomatically in an open source project - reasonably looking code is (a bit?) more limited in the sneaky behavior it could include. We should still very much use those languages over C/C for infrastructure code because the much larger class of unintentional bugs is significantly mitigated, but I believe (without data to back it up) that even such "bugdoor" type changes will be harder to execute. However, given the sophistication in this case, it may not have helped at all. The attacker(s) have shown to be clever enough.
6. Sandboxing library code may have helped - as the attacker(s) explicitly disabled e.g. landlock, that might already have had some impact. We should create better tooling to make it much easier to link to infrastructure libraries in a sandboxed way (although that will have performance implications in many cases).
7. Automatic reproducible builds verification would have mitigated this particular vector of backdoor distribution, and the Debian team seems to be using the reproducibility advances of the last decade to verify/rebuild the build servers. We should build library and infrastructure code in a fully reproducible manner *and* automatically verify it, e.g. with added transparency logs for both source and binary artefacts. In general, it does however not prevent this kind of supply chain attack that directly targets source code at the "leaf" projects in Git commits.
8. Verifying the real-life identity of contributors to open source projects is hard and a difficult trade-off. Something similar to the #Debian #OpenPGP #web-of-trust would potentially have mitigated this style of attack somewhat, but with a different trade-off. We might have to think much harder about trust in individual accounts, and for some projects requiring a link to a real-world country-issued ID document may be the right balance (for others it wouldn't work). That is neither an easy nor a quick path, though. Also note that sophisticated nation state attackers will probably not have a problem procuring "good" fake IDs. It might still raise the bar, though.
9. What happened here seems clearly criminal - at least under my IANAL naive understanding of EU criminal law. There was clear intent to cause harm, and that makes the specific method less important. The legal system should also be able to help in mitigating supply chain attacks; not in preventing them, but in making them more costly if attackers can be tracked down (this is difficult in itself, see point 8) and face risk of punishment after the fact.
H/T @… @… @… @… @…

😜 From the guy with the 'never back down' PAC:
DeSantis guts "Don't Say Gay" law in deal with LGBTQ advocates - National Zero
https://nationalzero.com/2024/03/11/desantis-guts-dont-say-gay-law-in-deal-wit…

This https://arxiv.org/abs/2311.00414 has been replaced.
initial toot: https://mastoxiv.page/@arXi…

Universality of the angled shear wave identity in soft viscous solids
Mechanical stress within biological tissue can indicate an anomaly, or can be vital of its function, such as stresses in arteries. Measuring these stresses in tissue is challenging due to the complex, and often unknown, nature of the material properties. Recently, a method called the angled shear wave identity was proposed to predict the stress by measuring the speed of two small amplitude shear waves. The method does not require prior knowledge of the material's constitutive law, making it ide…

My current take on the #xz situation, not having read the actual source backdoor commits yet (thanks a lot #Github for hiding the evidence at this point...) besides reading what others have written about it (cf. #rustlang for such central library dependencies would maybe (really big maybe) have made it a bit harder to push a backdoor like this because - if and only if the safety features are used idiomatically in an open source project - reasonably looking code is (a bit?) more limited in the sneaky behavior it could include. We should still very much use those languages over C/C for infrastructure code because the much larger class of unintentional bugs is significantly mitigated, but I believe (without data to back it up) that even such "bugdoor" type changes will be harder to execute. However, given the sophistication in this case, it may not have helped at all. The attacker(s) have shown to be clever enough.
6. Sandboxing library code may have helped - as the attacker(s) explicitly disabled e.g. landlock, that might already have had some impact. We should create better tooling to make it much easier to link to infrastructure libraries in a sandboxed way (although that will have performance implications in many cases).
7. Automatic reproducible builds verification would have mitigated this particular vector of backdoor distribution, and the Debian team seems to be using the reproducibility advances of the last decade to verify/rebuild the build servers. We should build library and infrastructure code in a fully reproducible manner *and* automatically verify it, e.g. with added transparency logs for both source and binary artefacts. In general, it does however not prevent this kind of supply chain attack that directly targets source code at the "leaf" projects in Git commits.
8. Verifying the real-life identity of contributors to open source projects is hard and a difficult trade-off. Something similar to the #Debian #OpenPGP #web-of-trust would potentially have mitigated this style of attack somewhat, but with a different trade-off. We might have to think much harder about trust in individual accounts, and for some projects requiring a link to a real-world country-issued ID document may be the right balance (for others it wouldn't work). That is neither an easy nor a quick path, though. Also note that sophisticated nation state attackers will probably not have a problem procuring "good" fake IDs. It might still raise the bar, though.
9. What happened here seems clearly criminal - at least under my IANAL naive understanding of EU criminal law. There was clear intent to cause harm, and that makes the specific method less important. The legal system should also be able to help in mitigating supply chain attacks; not in preventing them, but in making them more costly if attackers can be tracked down (this is difficult in itself, see point 8) and face risk of punishment after the fact.
H/T @… @… @… @… @…

F! It!
Great Australian Pods Podcast Directory: #GreatAusPods

F! It! | Great Australian Pods Podcast Directory
Podcast: F! It! Host: Julie Ballangarry Category: News & Current Affairs Sub-Category: Culture & Identity, Government & Law, Politics First Episode: 2024 IWDA is proud to present F! It!