Yes. the system logs every entry/exit by keyfob.

Whether the building managers associate those fobs with individuals or even know how to look at the log is a different discussion entirely.

That said: If the building cares enough to have a lock on the door then they have a camera too and THAT is much more likely to be recorded. So if your “friend” depends on people not knowing he is entering or exiting his building for whatever reason… good luck with that.

Fun story time: I used to work at a facility that was VERY strict about people badging in and even out of many areas. At one point it came up in a safety debrief that there was no way to log who was inside or outside of an area… that required badging in and out. Could see someone’s brain cell trigger in real time as they proceeded to ask a lot of very pointed questions that boiled down to:

They had an access control list that was checked. They did not know how to access the log files to know when that list was checked or even the result of a check. The person who asked questions was pushed out of the company because it was easier.

If a government has you in the nebulous situation where you technically aren’t in the country yet and they want your phone, it doesn’t really matter what security system you have on there. You either give them access or go to a black site.

That’s why every company of “moderate” size ends up adopting a policy of “DEVICE for foreign travel”. You don’t take your actual work laptop/phone/whatever. You take a burner (except they hate the term “burner”) that can remote in but stores little to no data locally. And you realize that any good remote access software has logic to detect if you are accessing it from a security checkpoint and flag you…

So what does that mean for you, an individual?

• A super locked down device is just gonna get your ass beat… if you are lucky.
• A completely clean factory wiped device? That is going to raise a bunch of red flags (kind of rightfully) and more or less equate to the above

Like almost all things privacy/security related: Nothing is easy if you actually need it. A good friend of mine is a journalist and they semi-regularly do the kinds of stories that get a person “investigated”. And the reality is that there is nothing they can do, in software, to protect themselves. So what they instead do is have completely separate devices that are never in the same physical location. So, unless they are communicating with a sensitive contact, they always have a device that “looks real” because… it is. Texts from the partner about a dinner party next week, spam from facebook, etc.

And if they need to access something sensitive while on foreign travel or otherwise unable to get back to their “private” devices? Either buy a cheap laptop at a best buy equivalent or use one of their burner emails/accounts.

Like others said: That is probably just “normal” spam

But also? This is the same logic as “AI can’t draw hands” and all the other gotchas. We are in an arms race and have been for decades. Captchas have always been about “bots” and have increasingly been defeated by various forms of computer vision which are the basis for how a lot of “AI” works. And we are in the same place now.

And yet?

Mastodon is full of actual conversations between people. Someone says something. Someone else replies and an actual conversation happens where people respond to each other.

Lemmy? It almost always devolves into people trying to one up each other and aggressively talk at each other. It is like we speed ran reddit and went from “How dare you have a different opinion” to “I am going to cherry pick a sentence and build a whole fucking straw city from that”.

Honestly?

I vastly prefer almost everyone I have interacted with on mastodon over basically every lemmy user. Because lemmy still thinks it is reddit but also is totally over their ex but do you think he is thinking of me and can I send him a picture of your dick to show it is bigger?

Whereas mastodon? People kind of just want to talk. We largely understand that twitter has been a shithole for… most of its existence. So rather than try to reinvent it (bsky and threads) we are learning from it in the same way cohost learned from tumblr (and died even faster…).

And the lunatics who need to scream about what federation is and why it is The Future? They aren’t talking about basically anything else. They are keeping to themselves and talking about how amazing the community can be… while the rest of us are actually being a community.

Because the mastodon evangelists are horrible.

Back when there was any question of what platform to migrate to? Threads and bluesky were “Get an invite and make an account”

Mastodon was people insisting that EVERYONE needed to understand what federation is and the underlying philosophy. When really they should have just said “Sign up for one of these instances. It is like email where it doesn’t really matter what provider you have”. Countless times I tried to explain to folk on a message board or discord and would say “Just make an account on one of these four or five instances”. And, like clockwork, someone would “well ackshually” me and insist that people can’t use Mastodon without understanding the fundamental concept of federation and how picking the right instance is important and people can just delete and remake their accounts until they are satisfied.

So when it was time for the big influencers to move? They went to where people were already congregating and where they didn’t need to host an educational seminar to tell someone how to make an account.

It’s almost like this behavior comes from the training data.

Of course there will be dozens of forks. But there won’t be significant development on those forks (and there may be malware added to those forks…). Which means that ryujinx today is ryujinx until the end of time, most likely.

Like… how much meaningful development has been done to all those yuzu forks everyone was frantically making?

Part of it is the same “human speech” aspects that have plagued NLP work over the past few years. Nobody (except the poor postdoctoral bastard who is running the paper farm for their boss) actually speaks in the same way that scholarly articles are written because… that should be obvious.

This combines with the decades of work by right wing fascists to vilify intellectuals and academia. If you have ever seen (or written) a comment that boils down to “This youtuber sounds smug” or “They are presenting their opinion as fact” then you see why people prefer “natural human speech” over actual authoritatively researched and tested statements.

And… while not all pay to publish journals are trash, I feel confident saying that most are. And filtering those can be shockingly hard by design.

But the big one? Most of the owners of the various journals are REALLY fucking litigious and will go scorched earth on anyone who is using their work (because Elsevier et al own your work) to train a model.

If y9ou are close enough to a system of importance that you can spray it, you are close enough to compromise it in countless other ways.

This is just one of many physical access attacks. Just like “you could take a hammer to it”

Like, I know people want to think this is some Ocean’s Eleven heist waiting to happen. It isn’t. This is only viable if you can drench an area with helium (which means you can already gas everyone you care about) or you have such close physical access that there are so many other things you could do. At best it is an episode of Burn Notice where Michael has to rapidly improvise an escape where his CIA handler of the week already refused to give him something much more useful.

If you are close enough to spray a device you are close enough to just steal it. Or spray the owner.

If you are in a position where you can dump random gases into the air supply to the degree it impacts these devices then they are likely compromised in other ways as well.

… mostly the other way around?

Theoretically it is possible that a compromised machine could compromise a USB stick. If you are at the point where you are having to worry about government or corporate entities setting traps at the local library? You… kind of already lost.

Which is the thing to understand. Most of what you see on the internet is, to borrow from a phrase, Privacy Theatre. It is so that people can larp and pretend they are Steve Rogers fighting a global conspiracy while necking with a hot co-worker at an Apple store. The reality is that if you are actually in a position where this level of privacy and security matters then you need to actually change your behaviors. Which often involves keeping VERY strong disconnects between any “personal” device and any “private” device.

There have been a lot of terrible (but wonderfully written) articles about journalists needing to do this because a government or megacorporation was after them. Stuff like having a secret laptop that they never even take out of a farraday cage unless they are closer than not to an hour away from wherever they are staying that night.

I think any “privacy oriented OS” is inherently a questionable (kneejerk: Stupid and reeks of stale honey) strategy in the first place.

A very good friend of mine is a journalist. The kind of journalist where… she actually deals with the shit the average person online larps and then some. And what I and her colleagues have suggested is the following:

Two flash drives

• One that is a livecd for basically any linux distro. If you are able to reboot the machine you are using and boot to this, do it. That helps with software keyloggers but obviously not hardware
• One that is just a folder full of portable installs of the common “privacy oriented” software (like the tor browser) supporting a few different OS types.

Given the option? Boot the public computer to the live image. Regardless, use the latter to access whatever chat or email accounts (that NEVER are logged into on any machine you “own” or near your home) you need.

It isn’t about being reasonable.

If you are expected to track your time to this degree (and, to make it clear, the majority of employers actively don’t want you to), there is a reason. That reason usually being different funding sources. Generally a mix of grants and clients.

And if a client or grant source finds out you are lying about those? Maybe you only had enough work to do 34 hours instead of 40 hours in one week. Would you be cool paying extra because the guy repairing your muffler had a slow week?

And if people think being proud of a tool that openly talks about what everyone else silently does isn’t a red flag for employers? Hey, its a great job market so I am sure none of that will matter.

Tracking time is fine.

Normalizing your time to the hours you were supposed to work is a massive no no. Especially if you are expected to break down your hours per project.

I mean, you obviously do it. But you never put it in writing.

Pretending the most important use of bit torrent is Linux ISO’s is the kind of cya that people giggle at.

If a candidate I am interviewing has a tool to change their reported hours to me or clients on their public GitHub? That person is radioactive no matter how many times they say “but don’t do anything naughty wink wink”

So … it is a tool to automate time fraud?

Make sure to put this front and center on your CV

It isn’t about being “evergreen”. It is about having historical evidence.

Because maybe someone will do a study in 2030 and want to be able to compare to your UX research in the 2000s. If you wrote your paper properly they can reproduce your experiments (to the degree reasonable) and actually demonstrate progress.

Its the inherent disconnect between “News” and “Science”.

Science requires rigorous study and incremental advancement. A 2023 article based on 2022 data is inherently understood to be… 2022 data (note: I did not actually check but that is the timeline I assume. It is in the study).

But news and social media just want headlines that get people angry and reinforce whatever nonsense people want to Believe.

It is similar to explaining basic concepts. Been a minute since the last time I was properly briefed, but think stuff like “Do NOT say ‘theory’ of evolution. Instead, talk about how evolution is the only accepted justification based on evidence and research”