In the video scheduled to be posted on YouTube apparently there were more elements (talked about their own dressing style and not feeling either a man or a woman - according to some articles which translated the pages in russian).

I think this is overall irrelevant anyway. In their manifesto they go all over the place ideologically, from holocaust praise to trans rights, apparently. It’s not like there was a consistent motivation behind, they were clearly unwell mentally - reporting depression and suicidal thoughts for years - and did the shooting to be killed.

In this case I am quite happy to be out of the loop, frankly. I can live in blissful ignorance of at least this stuff.

I feel completely out of the loop when stuff like this happens.

I went looking around and found an article that expanded a lot on this topic, https://maxread.substack.com/p/who-killed-jean-pormanove

This is contradicting the neoliberal mantra, that it is totally the individuals fault and thereby justified.

Sorta. But anyway, neoliberalism is far from the only oppressive ideology.

Also Islam with its prohibition of interest is incompatibile with capitalism

I really don’t think so. Interests are not really a foundational pillar of capitalism. Private property of means of production is.

obey God

And did god (or gods) speak to them? Or there is always a translation layer that includes other people; prophets, messiahs, clergy, shamans, visionaries, etc.? Still a hierarchy. Still a means of control. Who decides what the gods say controls people. That’s exactly the problem with religion.

About the soviet union and other antireligious countries: there are multiple ideologies that can lead to oppression. I am definitely not going to say that without religion oppression wouldn’t exist. I am saying that religion is an enabler for it.

Derubricating everything to the “external” imperial forces is dismissive and forgets centuries of violent history, including those of Muslim empires. Islam, like most religions is bigoted, intolerant and barbaric.

A common argument is that Jesus would be a socialist by todays definitions

And that’s nonsense.

I agree with you that the institutionalization is an issue, but that is an issue of the particular institutions, not the religion itself.

No, I think it’s actually religion and religious thinking specifically the problem. Institutionalized religion is just the natural consequence of the issue.

Religion is fundamentally a reactionary ideology because it prescribes an external entity (or entities) which decided how things should be. This deresponsibilizes people and inherently justifies the existing. All the religious emancipation still happens under the umbrella of a reality that has to work in a certain way.

For example, most religions tend to accept suffering and poverty as a given, as a test or as something that in general is by design. Assigning virtue to being oppressed (like in case of some Christian messages) is far from a revolutionary stance, it’s a tool aimed at controlling those who are oppressed.

If in millennia every religion ever has been used to crystalize a power hierarchy in humanity (from the clergy to caste systems), maybe there is a reason. And the reason is that religious thinking and mindset inherently enables these hierarchies.

So accommodating and tolerant. Many countries have the death penalty for apostates, in others it might be technically legal but you would still face harassment from police and general institutions. Isn’t this wonderful?

https://en.m.wikipedia.org/wiki/Apostasy_in_Islam_by_country

Classic overcorrection I have seen many times: western countries have mostly a Christianity problem, and to counter the bigotry, racism and intolerance, progressive people take the defense of other barbaric, intolerant and bigot religions.

This is especially frustrating when it comes from a leftist perspective. Religion is a form of institutionalized control and oppression, and as such is a fundamental enemy of the working class.

The weather man? I think he fit very well. Same for Lord of War. I know they are both 20 years old, but still.

Someone runs MongoDB unauthenticated, bound on 0.0.0.0 with production data, on a computer without a VPN, and the problem is the WiFi?

Like I get what you are saying, but this sounds like saying that we should ban speedbumps because imagine there is a guy with a loaded gun pointed at a kid with no safe, finger on the trigger, and high on coke, if the car hits the speedbump the toddler is gone. Yeah, but I would hardly say the speedump is the issue.

This is not really a common or easy attack, especially for any meaningful service (that is probably in preloaded HSTS lists).

It’s not like this is the only shared network. In airports millions of people everyday connect to the same network.

That tracking is done in a much more effective and capillary way by tracking cell towers. I think MAC tracking is a much better option, assuming there are enough of these APs to track.

Email is almost always zero-access encryption (like live chats), considering the % of proton users and the amount of emails between them (or the even smaller % of PGP users). Drive is e2ee like chat history. Basically I see email : chats = drive : history.

Anyway, I agree it could be done better, but I don’t really see the big deal. Any user unable to understand this won’t get the difference between zero-access and e2e.

They compare it to proton mail and drive that are supposedly e2ee.

Only drive is. Email is not always e2ee, it uses zero-access encryption which I believe is the same exact mechanism used by this chatbot, so the comparison is quite fair tbh.

How would you explain it in a way that is both nontechnical, accurate and differentiates yourself from all the other companies that are not doing something even remotely similar? I am asking genuinely because from the perspective of a user that decided to trust the company, zero-access is functionally much closer to e2ee than it is to “regular services”, which is the alternative.

Scribe can be local, if that’s what you are referring to.

They also have a specific section on it at https://proton.me/support/proton-scribe-writing-assistant#local-or-server

Also emails for the most part are not e2ee, they can’t be because the other party is not using encryption. They use “zero-access” which is different. It means proton gets the email in clear text, encrypts it with your public PGP key, deletes the original, and sends it to you.

See https://proton.me/support/proton-mail-encryption-explained

The email is encrypted in transit using TLS. It is then unencrypted and re-encrypted (by us) for storage on our servers using zero-access encryption. Once zero-access encryption has been applied, no-one except you can access emails stored on our servers (including us). It is not end-to-end encrypted, however, and might be accessible to the sender’s email service.

Over the years I’ve heard many people claim that proton’s servers being in Switzerland is more secure than other EU countries

Things change. They are doing it because Switzerland is proposing legislation that would definitely make that claim untrue. Europe is no paradise, especially certain countries, but it still makes sense.

From the lumo announcement:

Lumo represents one of many investments Proton will be making before the end of the decade to ensure that Europe stays strong, independent, and technologically sovereign. Because of legal uncertainty around Swiss government proposals(new window) to introduce mass surveillance — proposals that have been outlawed in the EU — Proton is moving most of its physical infrastructure out of Switzerland. Lumo will be the first product to move.

This shift represents an investment of over €100 million into the EU proper. While we do not give up the fight for privacy in Switzerland (and will continue to fight proposals that we believe will be extremely damaging to the Swiss economy), Proton is also embracing Europe and helping to develop a sovereign EuroStack(new window) for the future of our home continent. Lumo is European, and proudly so, and here to serve everybody who cares about privacy and security worldwide.

They actually don’t explain it in the article. The author doesn’t seem to understand why there is a claim of e2e chat history, and zero-access for chats. The point of zero access is trust. You need to trust the provider to do it, because it’s not cryptographically veritable. Upstream there is no encryption, and zero-access means providing the service (usually, unencrypted), then encrypting and discarding the plaintext.

Of course the model needs to have access to the context in plaintext, exactly like proton has access to emails sent to non-PGP addresses. What they can do is encrypt the chat histories, because these don’t need active processing, and encrypt on the fly the communication between the model (which needs plaintext access) and the client. The same is what happens with scribe.

I personally can’t stand LLMs, I am waiting eagerly for this bubble to collapse, but this article is essentially a nothing burger.

Porsche is German I believe. Maserati is Italian.

Yeah indeed they are not comparable. I have a huge pickup truck in my building and is on another scale. The problem is also that it’s a vicious circle, the more you see cars this big on the road, the more you don’t want to be the only one with what looks like a go-kart in comparison.

Sorry, but your spelling was too funny and I have to nitpick. Porsche and Maserati*

I said funny because you might want to look up what “porche” means in colloquial Italian.

Indeed these are generally super/sports car, and you see very few of them in Europe, except for exceptionally rich places. Even in Europe though you see many SUV in cities and I started seeing more and more huge tanks (like pickup-trucks), which I think are more common in US right now.

If I were in the security team of that company, I would never accept ACLs on the bucket as a sufficient compensating control for this risk. Here the best most reasonable would be encryption, which would make the bucket being public relatively unimportant.

When you are collecting so sensitive data (potentially including personal data of people not using your service), you simply can’t even imagine doing that by storing the data unencrypted.

Edit: grammar

Because it’s unnecessary in almost all cases. So far there is only one community which forbids people to comment based on who they are, but otherwise the rules boil down to standard acceptable behavior according to common sense. It’s also a nuisance for users: I am quite sure nobody wants to click several times and be derailed to check rules (on mobile) for every comment they want to write in every post they see on a feed. If this would be expected as standard behavior, I would guess even less interactions will happen.