2025.05.30

May. 30th, 2025 06:46 am
lsanderson: (Default)
[personal profile] lsanderson
Local News
These Minnesota cities were named among the top 250 "Best Places to Live" in the country
By Aki Nace
https://www.cbsnews.com/minnesota/news/minnesota-cities-best-places-to-live-2025/

Pfas detected in US beers in new study, raising safety concerns
Researchers point to contaminated water after ‘forever chemicals’ found in all but one of 23 sampled beers
Tom Perkins
https://www.theguardian.com/us-news/2025/may/30/beer-pfas-forever-chemicals

Over a barrel: lack of sugar throws Cuba’s rum industry into crisis
This year’s tiny harvest casts doubt on the spirit’s recent resurgence, once a bright spot in the island’s economy
Ruaridh Nicoll in Havana
https://www.theguardian.com/business/2025/may/30/over-a-barrel-lack-sugar-cuba-rum-industry-crisis-harvest

Is every memecoin just a scam? Experts on whether Andrew Tate and Trump are fleecing their followers
After I was turned into a memecoin, I looked into the hype behind the crypto that only a tiny percentage of people profit from
Matt Shea
https://www.theguardian.com/technology/2025/may/30/is-memecoin-scam-crypto-trump

We’re minimizing the horror of Trump’s military birthday parade
Judith Levine
https://www.theguardian.com/commentisfree/2025/may/30/trump-military-parade-fascism

So long, Elon: the cuts didn’t go to plan, but you completely shredded your reputation
Marina Hyde
https://www.theguardian.com/commentisfree/2025/may/30/elon-musk-tesla-investors-doge

‘Death is not a mystery’: what happens to your body when you’re dying?
Experts say knowing more about death – or ‘death literacy’ – can actually help quell fears of dying
Katie Camero
https://www.theguardian.com/wellness/2025/may/29/what-happens-when-you-die

Remains of Mayan city nearly 3,000 years old unearthed in Guatemala
Pyramids and monuments suggest Los Abuelos was a significant ceremonial site, archaeologists say
Agence France-Press in Guatemala City u
https://www.theguardian.com/world/2025/may/29/mayan-city-remains-guatemala-los-abuelos-unearthed
[syndicated profile] bruce_schneier_feed

Posted by Bruce Schneier

There’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share.

There’s a website—of course—and a video, well-produced and scary. But the campaign won’t do much to improve cybersecurity. The advice isn’t reasonable, it won’t make either individuals or nations appreciably safer, and it deflects blame from the real causes of our cyberspace insecurities.

First, the advice is not realistic. A nine-second pause is an eternity in something as routine as using your computer or phone. Try it; use a timer. Then think about how many links you click on and how many things you forward or reply to. Are we pausing for nine seconds after every text message? Every Slack ping? Does the clock reset if someone replies midpause? What about browsing—do we pause before clicking each link, or after every page loads? The logistics quickly become impossible. I doubt they tested the idea on actual users.

Second, it largely won’t help. The industry should know because we tried it a decade ago. “Stop. Think. Connect.” was an awareness campaign from 2016, by the Department of Homeland Security—this was before CISA—and the National Cybersecurity Alliance. The message was basically the same: Stop and think before doing anything online. It didn’t work then, either.

Take9’s website says, “Science says: In stressful situations, wait 10 seconds before responding.” The problem with that is that clicking on a link is not a stressful situation. It’s normal, one that happens hundreds of times a day. Maybe you can train a person to count to 10 before punching someone in a bar but not before opening an attachment.

And there is no basis in science for it. It’s a folk belief, all over the Internet but with no actual research behind it—like the five-second rule when you drop food on the floor. In emotionally charged contexts, most people are already overwhelmed, cognitively taxed, and not functioning in a space where rational interruption works as neatly as this advice suggests.

Pausing Adds Little

Pauses help us break habits. If we are clicking, sharing, linking, downloading, and connecting out of habit, a pause to break that habit works. But the problem here isn’t habit alone. The problem is that people aren’t able to differentiate between something legitimate and an attack.

The Take9 website says that nine seconds is “time enough to make a better decision,” but there’s no use telling people to stop and think if they don’t know what to think about after they’ve stopped. Pause for nine seconds and… do what? Take9 offers no guidance. It presumes people have the cognitive tools to understand the myriad potential attacks and figure out which one of the thousands of Internet actions they take is harmful. If people don’t have the right knowledge, pausing for longer—even a minute—will do nothing to add knowledge.

The three-part suspicion, cognition, and automaticity model (SCAM) is one way to think about this. The first is lack of knowledge—not knowing what’s risky and what isn’t. The second is habits: people doing what they always do. And third, using flawed mental shortcuts, like believing PDFs to be safer than Microsoft Word documents, or that mobile devices are safer than computers for opening suspicious emails.

These pathways don’t always occur in isolation; sometimes they happen together or sequentially. They can influence each other or cancel each other out. For example, a lack of knowledge can lead someone to rely on flawed mental shortcuts, while those same shortcuts can reinforce that lack of knowledge. That’s why meaningful behavioral change requires more than just a pause; it needs cognitive scaffolding and system designs that account for these dynamic interactions.

A successful awareness campaign would do more than tell people to pause. It would guide them through a two-step process. First trigger suspicion, motivating them to look more closely. Then, direct their attention by telling them what to look at and how to evaluate it. When both happen, the person is far more likely to make a better decision.

This means that pauses need to be context specific. Think about email readers that embed warnings like “EXTERNAL: This email is from an address outside your organization” or “You have not received an email from this person before.” Those are specifics, and useful. We could imagine an AI plug-in that warns: “This isn’t how Bruce normally writes.” But of course, there’s an arms race in play; the bad guys will use these systems to figure out how to bypass them.

This is all hard. The old cues aren’t there anymore. Current phishing attacks have evolved from those older Nigerian scams filled with grammar mistakes and typos. Text message, voice, or video scams are even harder to detect. There isn’t enough context in a text message for the system to flag. In voice or video, it’s much harder to trigger suspicion without disrupting the ongoing conversation. And all the false positives, when the system flags a legitimate conversation as a potential scam, work against people’s own intuition. People will just start ignoring their own suspicions, just as most people ignore all sorts of warnings that their computer puts in their way.

Even if we do this all well and correctly, we can’t make people immune to social engineering. Recently, both cyberspace activist Cory Doctorow and security researcher Troy Hunt—two people who you’d expect to be excellent scam detectors—got phished. In both cases, it was just the right message at just the right time.

It’s even worse if you’re a large organization. Security isn’t based on the average employee’s ability to detect a malicious email; it’s based on the worst person’s inability—the weakest link. Even if awareness raises the average, it won’t help enough.

Don’t Place Blame Where It Doesn’t Belong

Finally, all of this is bad public policy. The Take9 campaign tells people that they can stop cyberattacks by taking a pause and making a better decision. What’s not said, but certainly implied, is that if they don’t take that pause and don’t make those better decisions, then they’re to blame when the attack occurs.

That’s simply not true, and its blame-the-user message is one of the worst mistakes our industry makes. Stop trying to fix the user. It’s not the user’s fault if they click on a link and it infects their system. It’s not their fault if they plug in a strange USB drive or ignore a warning message that they can’t understand. It’s not even their fault if they get fooled by a look-alike bank website and lose their money. The problem is that we’ve designed these systems to be so insecure that regular, nontechnical people can’t use them with confidence. We’re using security awareness campaigns to cover up bad system design. Or, as security researcher Angela Sasse first said in 1999: “Users are not the enemy.”

We wouldn’t accept that in other parts of our lives. Imagine Take9 in other contexts. Food service: “Before sitting down at a restaurant, take nine seconds: Look in the kitchen, maybe check the temperature of the cooler, or if the cooks’ hands are clean.” Aviation: “Before boarding a plane, take nine seconds: Look at the engine and cockpit, glance at the plane’s maintenance log, ask the pilots if they feel rested.” This is obviously ridiculous advice. The average person doesn’t have the training or expertise to evaluate restaurant or aircraft safety—and we don’t expect them to. We have laws and regulations in place that allow people to eat at a restaurant or board a plane without worry.

But—we get it—the government isn’t going to step in and regulate the Internet. These insecure systems are what we have. Security awareness training, and the blame-the-user mentality that comes with it, are all we have. So if we want meaningful behavioral change, it needs a lot more than just a pause. It needs cognitive scaffolding and system designs that account for all the dynamic interactions that go into a decision to click, download, or share. And that takes real work—more work than just an ad campaign and a slick video.

This essay was written with Arun Vishwanath, and originally appeared in Dark Reading.

Interesting Links for 30-05-2025

May. 30th, 2025 12:00 pm

(no subject)

May. 30th, 2025 09:44 am
oursin: Brush the Wandering Hedgehog by the fire (Default)
[personal profile] oursin
Happy birthday, [personal profile] nancylebov!

Mines

May. 30th, 2025 12:25 am
ysabetwordsmith: Cartoon of me in Wordsmith persona (Default)
[personal profile] ysabetwordsmith
The Mine Ban Convention (the 1997 Landmine Convention) ban is one of the greatest humanitarian achievements of our time. Yet now, this legacy is under threat.

Poland, Finland, and Estonia are now discussing quitting the global landmine ban. Latvia and Lithuania have already voted to leave but could still reconsider their decision. If we stay silent, more may follow—and Europe could unravel 25 years of progress in protecting civilian life. More lives and limbs will be lost
.

Read more... )

D.O.P.-T.

May. 29th, 2025 08:29 pm
weofodthignen: selfportrait with Rune the cat (Default)
[personal profile] weofodthignen
A heat wave is forecast for tomorrow. Much worrying and warning by the Chronicle. I also got my first bad air alert of the season—ozone "unhealthy for sensitive groups".

(no subject)

May. 29th, 2025 09:34 pm
james_davis_nicoll: (Default)
[personal profile] james_davis_nicoll
One of my vows running Fabula Ultima was suppress my control freak tendencies, which is why while my master PC chart lists names, core stats, figured stats, defensive stats, classes and which class abilities each PCs, it does not detail what each ability does, nor does it list spells.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
yet

Daring to be a beginner again

May. 29th, 2025 08:12 pm
brithistorian: (Default)
[personal profile] brithistorian

I went to an online manga drawing class put on by my local Japan America Society tonight. I haven't drawn in years, and I haven't really had any formal instruction, so I made a conscious decision before going in that I Was going to forget everything I think I know about drawing and just follow the teacher's instructions, even if they don't make sense to me or if I think I can see a better way, and to trust in the process. I think I did okay!

A manga-style girl in a kimono, drawn in pencil by me on 29 May 2025.

D.O.P.-T. (yesterday)

May. 29th, 2025 01:55 pm
weofodthignen: selfportrait with Rune the cat (Default)
[personal profile] weofodthignen
Forgot again ...

The housemate informs me we're going to lose our landline; AT&T, evil empire that it is, has successfully got out of the requirement to continue actual phone service for those who want or need it. So we'll be reduced to cellphones and a replacement service that doesn't work when PG&E, the even eviller empire, decides to cut the electricit, or when a natural disaster or a bit of wind or an employee accidentally hitting a switch makes it cut out.
brithistorian: (Default)
[personal profile] brithistorian

If you knew this song was coming, then you had to expect that it was going to a be song of the day here. I mean, come on: Former Weki Meki leader Ji Suyeon's first song since Weki Meki disbanded? You had to know I'd be all over that! Fortunately, the song lives up to my expectations: Suyeon's voice sounds beautiful, and the video, showing her wandering through a variety of nature scenes, is a treat.

oursin: image of hedgehogs having sex (bonking hedgehogs)
[personal profile] oursin

My attention was recently drawn, as we say, to an early C20th composer, and I thought, that name sounds familiar, so I pottered off to look at my database of notes, and yes, they were hanging out in sex reform circles, interesting, no, especially as they seem generally to be described as 'reclusive' -

So anyway, I went to look up their entry in the Oxford Dictionary of National Biography and it is all about The Music (they were also apparently a top-level performer as well as prolific composer) and nothing about this other aspect.

And some while ago I perchanced to look up the ODNB entry for an early C20th lawyer whom I had come across in those same circles, and he was all about anti-censorship, and reforming the divorce laws (and we suspect also handling these sensitive matters for his mates in his professional capacity, no doubt) -

Very worthy.

He was also, I have come across indications in correspondence and biographies, rather a Not Safe In Taxis kinda guy, or at least, the handsy menace of the 1917 Club.

I don't actually know if there's a procedure for saying to editors of ODNB 'Hi, I have Further Info', let alone 'by the way, it's dishing the dirt'.

amodei's warning

May. 29th, 2025 11:14 am
thistleingrey: (Default)
[personal profile] thistleingrey
Upon due reflection, I think this Axios piece (which I read yesterday) deserves more attention:
https://www.axios.com/2025/05/28/ai-jobs-white-collar-unemployment-anthropic
AI could wipe out half of all entry-level white-collar jobs — and spike unemployment to 10-20% in the next one to five years, Amodei told us in an interview from his San Francisco office.

Don't panic. Strategize.

Birdfeeding

May. 29th, 2025 01:11 pm
ysabetwordsmith: Cartoon of me in Wordsmith persona (Default)
[personal profile] ysabetwordsmith
Today is cloudy and cool.  It rained yesterday.

I fed the birds.  I've seen a few sparrows and house finches.

I put out water for the birds.

EDIT 5/29/25 -- I set out the pots of thyme to be planted later today.

EDIT 5/29/25 -- I planted two golden lemon thymes, one silver thyme, and one lime thyme in the goddess garden.  :D  The first two are old favorites, the last is new to me.

EDIT 5/29/25 -- I went back outside to do more yardwork, but it's drizzling now.  I did take a few pictures of the goddess garden with the new thyme plants.

EDIT 5/29/25 -- I did a bit of work around the patio.

EDIT 5/29/25 -- I set up the last of the wire planters with already potted flowers.  The narrow pots I have are awkward in the wider planters.  I think for future reference, I'll watch for wider, lower pots either in late-season sales or possibly next spring.  Those are good for combination plantings anyhow, which I like making.

EDIT 5/29/25 -- I trimmed grass along the east end of the new picnic table.

I've seen a male cardinal and a male indigo bunting.

EDIT 5/29/25 -- I filled 2 of the 6 taupe trough pots with half composted manure and half potting soil, then put them at the east end of the new picnic table.

It's drizzling again.

EDIT 5/29/25 -- I filled 2 more of the 6 taupe trough pots with half composted manure and half potting soil, then put one at the east end of the new picnic table and one at the west end.

It's drizzling again.

EDIT 5/29/25 -- I filled the last 2 of the 6 taupe trough pots with half composted manure and half potting soil, then put them at the west end of the new picnic table.

I've seen a fox squirrel.

EDIT 5/29/25 -- I sowed seeds in the taupe trough pots: Edible Flower Mix in one, Fragrant Mix flowers in one, 'Early Giant' leeks in one, 'Vine Peach' cantaloupe in one, borage and parsley in one, dill and 'Fluid Evolution' cilantro in one.

I watered the newly planted things.

As it is now dark, I am done for the night. 

james_davis_nicoll: (Default)
[personal profile] james_davis_nicoll
My backup email is james@jamesdavisnicoll.com

Added later

My panix email has been restored.

Photo cross-post

May. 29th, 2025 11:14 am
andrewducker: (Default)
[personal profile] andrewducker


Gideon's nursery had photos taken. I like them.
Original is here on Pixelfed.scot.

Profile

supergee: (Default)
Arthur D. Hlavaty

March 2025

S M T W T F S
      1
23456 78
91011 1213 1415
16171819202122
23242526272829
3031     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated May. 30th, 2025 01:20 pm
Powered by Dreamwidth Studios