lippard✅

@[email protected]
749 Followers
1.5K Following
2.8K Posts
former infosec career @ financial services, healthcare, and telecoms; threat intel, cyber exercises, secops, et al. fan of history and philosophy of science, epistemology, law, logic, critical thinking. Worked on two Ph.D. programs w/o completing; former Multician.
Lippard Bloghttps://lippard.blogspot.com/
GitHubhttps://github.com/lippard661
lippard✅Mar 3
Joseph CoxMar 3
New from 404 Media: CBP tapped into the online advertising ecosystem to track peoples' movements, according to an internal DHS document. Shows for the first time DHS tracked phones via process for putting ads in ordinary apps—video games, fitness apps, many more https://www.404media.co/cbp-tapped-into-the-online-advertising-ecosystem-to-track-peoples-movements/
CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements

An internal DHS document obtained by 404 Media shows for the first time CBP used location data sourced from the online advertising industry to track phone locations. ICE has bought access to similar tools.

404 Media
lippard✅Jan 12
Looks like Grokipedia has been expanding out profiles on everybody with a Wikipedia page based on publicly sourced stuff on the web. My Grokipedia page is enormous compared to my Wikipedia page. Its chronology is extremely confused, but otherwise the facts seem accurate (and accurately referenced), though there's a lot of biased language. In my case that seems to be almost entirely in my favor. Stop trying to make me like you, MechaHitler, it won't work. (PDF link to view without visiting Grokipedia: https://www.discord.org/lippard/Grokipedia-Jim-Lippard.pdf )
lippard✅Jan 7
Took me long enough, but I just realized my WiFi access point logs show a lot of vehicle traffic in my neighborhood. Not quite an ALPR, but I've got date/time stamps, SSIDs, and MAC addresses of passing vehicles with WiFi.
Show threadlippard✅Jan 6
I made a short comment on the video pointing to www.multicians.org, but it has been deleted.
Show threadlippard✅Jan 6
Also: https://dwheeler.com/trusting-trust/
Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers

David A. Wheeler's Page on Countering 'Trusting Trust' through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers

Show threadlippard✅Jan 6
BTW, see pp. 51-52 (pp. 55-56 of the PDF) for the core insight of Thompson's reflections on trusting trust, a decade before he wrote it. https://csrc.nist.gov/files/pubs/conference/1998/10/08/proceedings-of-the-21st-nissc-1998/final/docs/early-cs-papers/karg74.pdf
Show threadlippard✅Jan 6
For detailed accurate information about Multics from the people who built it and used it--including all the code and an emulator for running it yourself--see: https://www.multicians.org
Multics

Multics was a mainframe time-sharing operating system begun in 1965 and used until 2000. It was a major influence on subsequent computer operating systems.

lippard✅Jan 6
Ken Thompson slags on Multics while admitting he never used it. My experience, as someone who used it from 1979 into the early 1990s and worked on it professionally from 1983 to 1989, is quite different from his impressions from the very early days of the project. https://www.youtube.com/watch?v=rDyoiy04g3c
Thompson: Multics was a horrible platypus!

YouTube
lippard✅Jan 5
[object Object]Jan 5

please stop playing fucking games with the meaning of end-to-end encryption, thanks

cc nextcloud (whose end to end encryption is effectively an expensive inconvenient no-op, see https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf which the project never fixed or even acknowledged), seafile (whose “end-to-end” encryption sends your password and key to the server), fucking proton (whose end-to-end encrypted LLM features aren’t end-to-end encrypted at all), et al

e: see replies for an important note on the nextcloud paper!

lippard✅Jan 5
Blocked this crafted packet (I see a lot of attempted gre tunnel probing): gre 109.136.79.171.62036 > 46.123.169.5.162: C/x/Counter[!init SEQ]_38_2a_10_fd_f5_8e (DF) (DF)