• 21 Posts
  • 258 Comments
Joined 2 years ago
cake
Cake day: May 8th, 2023

help-circle
  • to lose 100% of the court cases where they try this defense

    I don’t think the litigants actually know this. The shady characters they are paying for the information probably know that, but represent that it will just work if they do it right.

    Imagine you have some kind of legal problem, and you go to your lawyer, and your lawyer tells you they know what to do that will let you win. You’ll probably do it. Now for the litigants, it is the same thing, except instead of a lawyer, it is some person with an Internet and/or in real life following, who dazzles you with lots of fake formality that aligns to your preconceptions of the legal system based on TV. Of course, it is all just pseudolegal and a scam, but you don’t know that.

    Now you might except that some critical thinking and/or research of authoritative sources like case law, or consulting a real lawyer might let the litigant see that it is a scam, but critical thinking skills are not as common as you might hope, and secondary education in many places doesn’t cover much about the law or how to do legal research.

    Consider that 49.8% of voters in the 2024 US Presidential election voted for Trump, even after seeing the first term. Many people are easily hoodwinked into acting against their own best interests, especially if they are convinced there is a community of other people like them acting the same way (SovCit like groups do have some numbers), that people who endorse those theories get a lot of recognition / are influential (the leaders of the groups can create that impression), and that their theories have a long traditional backing (usually they make up a historical backstory).


  • That catholics should practice confession is a religious belief. But the confidentiality part is from canon law - i.e. in terminology of most other organisations, it is a policy. It is a long-standing policy to punish priests for breaking it, dating back to at least the 12th century, but nonetheless the confidentiality is only a policy within a religious organisation, and not a religious belief.

    Many organisations punish individuals who break their policy. But if an organisation has a policy, and insist that it be followed even when following it is contrary to the law, and would do immense harm to vulnerable individuals, then I think it is fair to call that organisation evil - and to hold them culpable for harm resulting from that policy.

    Even if the confidentiality itself was a core part of the religious belief itself, religious freedom does not generally extend to violating the rights of others, even if the religion demands it. Engaging in violent jihad, for example, is not a protected right even in places where religious freedom cannot be limited, even if the person adheres to a sect that requires it.




  • A1kmmAtoAsklemmy@lemmy.mlWhat laws, is any, does this break?
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 days ago

    IANAL, but it is an interesting question to consider whether it would be illegal in Australia (if anything, as a test to see if the right laws are on the books to block this kind of thing). The laws are likely different in the US, and it might vary from state to state.

    The Fair Work Act 2009 (Commonwealth), s325 provides that:

    An employer must not directly or indirectly require an employee to spend, or pay to the employer or another person, an amount of the employee’s money or the whole or any part of an amount payable to the employee in relation to the performance of work, if:

    (a) the requirement is unreasonable in the circumstances; and

    (b) for a payment—the payment is directly or indirectly for the benefit of the employer or a party related to the employer.

    I think you could imagine the employer arguing a few lines:

    • The employee is not required to spend, it is only a factor in promotions and not retaining the same role. OP said you can “get in trouble for not using this” - countering this defence perhaps depends on proving what kind of trouble to show it is a requirement. In addition, under s340, employers are not allowed to take an adverse action against an employee for exercising or proposing to exercise a workplace right, and adverse action includes discriminating between and employee and other employees of the employer.
    • That the employee is not required to pay any particular person, they can choose what to buy as long as the select from a prescribed list. However, I think that could be countered by saying this is an indirect requirement to spend, and the “or another person” attaches to the “pay” part, so I don’t think that argument would fly.
    • The the requirement is reasonable - however, that could be countered by arguing the privacy angle, and the fact that this is for personal shopping, far outside the reasonable scope of an employment relationship.
    • That the payment isn’t for the benefit of the employer. I think that could be countered firstly by arguing this is a requirement to spend not pay, and event if it was to pay, it is indirectly for the employer’s benefit since it allows them to attract and retain clients. The way they are pushing it could further prove this.

    So I think it would probably be contrary to s325 of the Fair Work Act in Australia.

    Another angle could be the right to disconnect under s333M of the Fair Work Act:

    An employee may refuse to monitor, read or respond to contact, or attempted contact, from an employer outside of the employee’s working hours unless the refusal is unreasonable.

    If someone has a work and a personal phone, and has the app on the work phone, but refuses to use take the work phone or install an app on their personal phone so they can respond to tracking requests from the employer, then maybe this also fits.

    I also wonder if in Australia this could also be a form of cartel conduct - it is an arrangement of where purchases (other than those the company should legitimately control) are directed centrally under an arrangement by an organisation.

    Under s45AD of the Competition and Consumer Act 2010,

    (1) For the purposes of this Act, a provision of a contract, arrangement or understanding is a cartel provision if: (a) either of the following conditions is satisfied in relation to the provision: (i) the purpose/effect condition set out in subsection (2); (ii) the purpose condition set out in subsection (3); and (b) the competition condition set out in subsection (4) is satisfied in relation to the provision.

    So the purpose condition has several alternatives separated by ‘or’, one of which is:

    (3) The purpose condition is satisfied if the provision has the purpose of directly or indirectly: … (b) allocating between any or all of the parties to the contract, arrangement or understanding: (ii) the persons or classes of persons who have supplied, or who are likely to supply, goods or services to any or all of the parties to the contract, arrangement or understanding; or

    It sounds like there is a solid argument the purpose condition is met - they are allocating where people who are part of the arrangement (employees) shop.

    They’d also need to meet the competition condition for it to be cartel conduct. For this to be met, the arrangement might need to include the clients of the company:

    (4) The competition condition is satisfied if at least 2 of the parties to the contract, arrangement or understanding: (a) are or are likely to be; or (b) but for any contract, arrangement or understanding, would be or would be likely to be; in competition with each other in relation to: … © if paragraph (2)© or (3)(b) applies in relation to a supply, or likely supply, of goods or services—the supply of those goods or services in trade or commerce; or

    So it could be argued that this is a cartel arrangement between the company, its clients, and its employees, and so attract penalties for cartel conduct.


  • bootloader unlocking

    I used to buy Xiaomi products because of the bootloader unlocking, but in practice it is a dystopian nightmare - they have built it so to unlock the bootloader you need a cryptographic signature from them, and they don’t give that out all that easily.

    You have to sign up for an account with them, use a Windows-only tool to request unlocking, and they have a long wait period (deliberately imposed) to unlock, which sometimes randomly restarts. The wait period is different for different models, and can be weeks.

    Their support are unwilling to help unlock immediately even for replacement devices where you want to get up and going quickly - if your device breaks (they are not the most durable phones IMO, as you note) and you get a replacement, you’ll have to wait the time again before you can restore a backup of a phone using a custom ROM.

    It’s possible they have improved, but because of their attitude around what I can do with my own hardware, I’ve stopped buying Xiaomi gear.


  • It is possible for all of the following to be simultaneously true:

    • The Israeli War Cabinet are war criminals and terrible people for slaughtering civilians in Palestine and Lebanon.
    • The Houthis are war criminals and terrible people for targeting civilians in Israel.
    • The US Trump Administration are war criminals and terrible people for killing civilians in Houthi-controlled areas.
    • Hamas are war criminals and terrible people for targeting civilians.

    While all of the above crimes are of roughly the same type (albeit for different reasons), they do differ in extent - the Israeli War Cabinet is responsible for the most suffering by a wide margin.

    I think it is a morally consistent position to condemn all of the war crimes above, although perhaps to prioritise efforts condemning the bigger ones.




  • As an experiment / as a bit of a gag, I tried using Claude 3.7 Sonnet with Cline to write some simple cryptography code in Rust - use ECDHE to establish an ephemeral symmetric key, and then use AES256-GCM (with a counter in the nonce) to encrypt packets from client->server and server->client, using off-the-shelf RustCrypto libraries.

    It got the interface right, but it got some details really wrong:

    • It stored way more information than it needed in the structure tracking state, some of it very sensitive.
    • It repeatedly converted back and forth between byte arrays and the proper types unnecessarily - reducing type safety and making things slower.
    • Instead of using type safe enums it defined integer constants for no good reason.
    • It logged information about failures as variable length strings, creating a possible timing side channel attack.
    • Despite having a 96 bit nonce to work with (-1 bit to identify client->server and server->client), it used a 32 bit integer to represent the sequence number.
    • And it “helpfully” used wrapping_add to increment the 32 sequence number! For those who don’t know much Rust and/or much cryptography: the golden rule of using ciphers like GCM is that you must never ever re-use the same nonce for the same key (otherwise you leak the XOR of the two messages). wrapping_add explicitly means when you get up to the maximum number (and remember, it’s only 32 bits, so there’s only about 4.3 billion numbers) it silently wraps back to 0. The secure implementation would be to explicitly fail if you go past the maximum size for the integer before attempting to encrypt / decrypt - and the smart choice would be to use at least 64 bits.
    • It also rolled its own bespoke hash-based key extension function instead of using HKDF (which was available right there in the library, and callable with far less code than it generated).

    To be fair, I didn’t really expect it to work well. Some kind of security auditor agent that does a pass over all the output might be able to find some of the issues, and pass it back to another agent to correct - which could make vibe coding more secure (to be proven).

    But right now, I’d not put “vibe coded” output into production without someone going over it manually with a fine-toothed comb looking for security and stability issues.


    • Measles estimated case-fatality rate: 1.3%
    • Estimated US population: 346,715,067
    • Measles deaths if everyone in the US got measles: 4,507,295
    • Upper limit on estimated MMR vaccine caused anaphylaxis: 0.000066%
    • Anaphylaxis case-fatality rate: 0.3%
    • Estimated vaccine-caused fatality rate: 1.98 * 10^-7 %
    • Estimate vaccine-caused fatalities avoided by not vaccinating US population: 0.69
    • Net increase in fatalities from switching to measles natural immunity for everyone in the US: 4,507,294

    So it would only be better if he wants an extra 4.5 million Americans to die.




  • Years of carefully curated anti-intellectualism in every bit of media they consume, because facts didn’t suit the wealthy (smoking is bad for you, fossil fuels are destroying the planet, private prisons drive more recidivism are facts that get in the way of someone making lots of money). Those fighting facts that aren’t on their side have embraced a number of other groups with anti-intellectual elements (white supremecists / neo-nazis / anti-woke, religious, anti-vaxxers, natural health advocates) to create alliances of anti-intellectual thought.

    This has driven increasing polarisation in the US; 49% of republicans approved of JFK as president, and 49% of democrats approved of Eisenhower. It went down over time - other party approval was 30% of Carter, 31% of Reagan. There was a break in the pattern (44% for Bush Senior), but back on track to 27% for Clinton, 23% for Bush, 13% for Obama, 7% for Trump (first round), and 6% for Biden. So in other words, Americans are so polarised that they’ll vote for whoever their side puts up, and for one side, being anti-intellectual is actually seen as a strength.

    I think many of the people who started the anti-intellectualism ball rolling on purpose are wealthy neoliberals who believe in laissez-faire free trade as a fundamental value, and so there is a certain aspect of ‘leopards ate my face’ to this leading to the anti-intellectualism extending back to rejection of mainstream economics (even though the neoliberals’ preferred theory is notoriously flawed, Trump’s approach to pulling economic levers is wholesale rejection of all theory rather than replacing it with something less flawed).


  • Traditionally legal tender means that a person / entity has to accept it for the payment of a debt - i.e. they can’t refuse cash and say you didn’t pay them because you didn’t use some other method.

    However, in many retail scenarios there is no debt - there is an exchange of payment for goods, and so the traditional common law legal tender rules do not prevent retailers from refusing that exchange (i.e. customer doesn’t get the goods, retailer doesn’t get the money, the transaction just never happens) on the grounds of payment methods.

    Some places have additional laws on top of legal tender that might require retailers to accept cash.


  • A1kmmAtoMildly Infuriating@lemmy.worldSelect a tip
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 months ago

    The awkwardness here actually works in favour of abolishing tips and replacing them with the pay being factored into higher prices.

    No one wants to be the sucker - human nature is that people are generous if they think everyone else is generous, but if they feel that others are not ‘pulling their weight’ on generosity and are instead taking advantage, that’s the fastest way to dry up other people’s generosity. Right-wing media use this fact to undermine support for social welfare - e.g. if 0.001% of welfare payments are fraudulently taken, they set editorial policy that makes it seem like beneficiaries are rorting the system instead of being truly needy.

    But when it comes to tipping, the dynamic actually works the other way - people feel generous by tipping, even though it is harmful long term. If a few people ahead of someone in the line don’t tip, should they be the sucker who does tip? And for the employee, you want them to be the advocate on the inside for forcing people to pay their share instead of taking advantage - by having the displayed price be the total upfront price that includes the compensation for employees, instead of an optional tip.


  • A1kmmAtoMildly Infuriating@lemmy.worldSelect a tip
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    There is a minimum amount of total money the employee could make before they’d go and work somewhere else instead. So if, hypothetically, everyone in a country where tipping is common even for non-exceptional service just stopped paying tips, hospitality employers would be forced to pay more to stay competitive with other non-customer-facing industries.

    Of course, a drastic shock to the economy like that would probably cause a lot of upheaval, as some employers struggle to accept the new norm.

    However, the same thing would work even if the change was slower - e.g. if 5% of people didn’t tip, and did it very obviously and vocally, and then the practice spread as it reached 10% and so on.

    Obviously it sucks for the employees who get hit by the first few non-tippers, but over the long term it would be for the better for worker rights. So I could absolutely see it working.

    That said, I say this from a country where tipping is not the norm (except maybe the occasional ‘keep the change’ for exceptional service), and the law and expectation is that the most prominent displayed price is the total price you pay - and people react very negatively towards businesses seen as trying to bring in American style tipping culture.


  • The FBI pressured Apple to create an encryption backdoor to bypass their security features

    This was more like a hardware security device backdoor - the key was in a hardware security device, that would only release it after receiving the PIN (without too many wrong attempts). But the hardware accepts signed firmware from Apple - and the firmware decides the rules like when to release the key. So this was effectively a backdoor only for Apple, and the FBI wanted to use it.

    Systems would create a public audit trail whenever a backdoor is used, allowing independent auditors to monitor and report misuse of backdoors.

    This has limits. If there is a trusted central party who makes sure there is an audit log before allowing the backdoor (e.g. the vendor), they could be pressured to allow access without the audit log.

    If it is a non-interactive protocol in a decentralised system, someone can create all the records to prove the audit logs have been created, use the backdoor, but then just delete the audit logs and never submit them to anyone else.

    The only possibility without a trusted central party is an interactive protocol. This could work as: For a message (chat message, cryptocurrency transaction etc…) to be accepted by the other participants, they must submit a zero-knowledge proof that the transaction includes an escrow key divided into 12 parts (such that any 8 of 12 participants can combine their shares to decrypt the key), encrypted with the public keys of 12 enrolled ‘jury’ members - who would need to be selected based on something like the hash of all messages up to that point. The jury members would be secret in that the protocol could be designed so the jury keys are not publicly linked to specific users. The authority could decrypt data by broadcasting a signed audit log requesting decryption of certain data, and jury members would receive credits for submitting a share of the escrow key (encrypted so only the authority could read it) along with a zero-knowledge proof that it is a valid and non-duplicate escrow key. Of course, the person sending the message could jury shop by waiting until the next message will have the desired jury, and only sending it then. But only 8/12 jurors need to be honest. There is also a risk jurors would drop out and not care about credits, or be forced to collude with the authority.

    Cryptographic Enforcement: Technical solutions could ensure that the master key is unusable if certain conditions—such as an invalid warrant or missing audit trail—are not met.

    Without a trusted central party (or trusted hardware playing the same role), this seems like it would require something like Blackbox Obfuscation, which has been proven to be impossible. The best possibility would be an interactive protocol that would need enough people to collude to break it.