Funniest/Most Insightful Comments Of The Week At Techdirt
from the what's-the-good-word dept
This week, our first place winner on the insightful side is weevie833 bringing some facts to the conversation about the perception of Conservative bias in Twitter content moderation:
Here is a research study (like, actual research) that provides nuance to the perception of Conservative bias in Twitter account deplatforming. Keep in mind that (as obvious as this is to say), Twitter is not a public square controlled by a socialist government – it is a private company in a capitalist economy for the purpose of making money through advertising. Twitter has ZERO interest in promoting the public good.
“Thus, among the politically active Twitter users in our study, Republicans and conservatives shared information from much lower quality sites than Democrats and liberals – even when quality was judged by a politically-balanced group of U.S. laypeople. This observation provides clear evidence for a political asymmetry in misinformation sharing in our dataset that cannot be attributed to liberal bias in what is considered misinformation or low quality news.”
“…we see a strong positive relationship between being more Republican / conservative and likelihood of being suspended (b = 0.45, z = 22.6, p < 0.001) when using political orientation as the sole independent variable in the probit regression. However, once low quality news sharing is added to the model, the association between suspension and political orientation is reduced by 56.2% (b = 0.20, z = 4.6, p < 0.001; see Figure 2b), and sharing low quality news is also strongly associated with suspension (b = 0.27, z = 6.6, p < 0.001).”
It may be true that Conservatives are deplatformed more than Liberals in pure number. But when controlling for misinformation / disinformation as a basis of suspension, that gap collapses. So, if Conservatives insist on feeding more crap into the system, you can expect a similar pattern of reaction from a privately held company concerned about its credibility as an advertising platform.
Of course, all this is moot since Elon took over, so who cares.
In second place, it’s an anonymous reponse to Musk’s statement that the Twitter algorithm is “overly complex and not fully understood internally”:
Err. Isn’t that because you asked the lion’s share of people who contributed key understanding to go find employment elsewhere?
It’s self inflicted wounds. Not quite all the way down, but He’s working on it.
For editor’s choice on the insightful side, we start out with a comment from Stephen T. Stone about the attacks on the Internet Archive:
I hope those publishers really wanted to encourage piracy—because that’s exactly what killing the Internet Archive is going to do.
Next, it’s T.L. with a reminder that there’s a reason congress is so bad at understanding technology:
Congressmembers would have better expertise on tech matters if the Office of Technology Assessment still existed. It was defunded in 1995 under Newt Gingrich’s “Contract to America” plan, because it was an unbiased organization that wouldn’t cow to political narratives. The Chew hearing is one of many instances that highlight both why Newt wanted to defund it, and why eliminating the agency was a detriment to politicians. (Ironically, Newt suggested shortly after the midterms that Republicans should come around to using TikTok to court young voters, despite the allegations of the app’s security risk.) Hopefully, someone in Congress will introduce legislation aimed at reviving the OTA somewhere down the line.
Over on the funny side, our first place winner is Pixelation with a comment about Twitter’s “shadowboosting” system:
I can’t believe Musk hasn’t shadow boosted Mike. After all of the publicity Mike/Techdirt has given him. How ungrateful!
In second place, it’s RyunosukeKusanagi with a comment about Ron DeSantis’s legal fight with Disney:
so… DeSantis is up Reedy Creek without a paddle?
For editor’s choice on the funny side, we’ve got one more comment on that subject, this time from Rico R. responding to the speculation about what Disney will do as Mickey Mouse heads towards the public domain:
Isn’t it obvious? Those higher-ups at Disney will then unthaw Walt Disney’s frozen head, install it to a robot body, and then revive Walt back from the dead. If he’s made alive again, we’ll have to wait until 70 years after his second death for Mickey Mouse to be public domain!!
Finally, it’s Kevin A. Carson with a comment about our post noting that Musk has “effectively admitted” that he burned down more than half of Twitter’s value:
On the plus side…
…at least there’s something he can do effectively
That’s all for this week, folks!"
Game Jam Winner Spotlight: Escape From 1927
from the gaming-like-it's-1927 dept
We’re nearing the end of our series of posts showcasing the winners in all six categories of the fifth annual public domain game jam, Gaming Like It’s 1927. So far we’ve featured Best Remix winner Lucia, Best Visuals winner Urbanity, Best Adaptation winner To And Again, and Best Deep Cut winner The Pigeon Wager. Today, we’re turning the spotlight on the winner of the Best Digital Game category: Escape from 1927 by Jacob P. Silvia.
The first three Hardy Boys novels were some of the higher-profile works to enter the public domain this year, and it’s a bit surprising that we didn’t get more entries based on the iconic characters. But that void is capably filled by Escape From 1927, which turns the first book (The Tower Treasure) into a fully realized point-and-click adventure/hidden object game. At first glance, you might think it was slapped together with minimal effort — the graphics especially look sloppy and perfunctory at first. But as you start to play, you realize that the game is aware of this, and its tone harmonizes with these elements to make the whole thing funny and charming. The time constraints of game jams force designers to make sacrifices, especially on things like graphical polish, and the best designers find ways to turn that sacrifice into an opportunity. This game’s tongue-in-cheek attitude is a prime example.
And, indeed, later in the game there’s a joke in the dialogue that directly acknowledges this, but I don’t want to spoil it. In fact there are several funny lines and jokes that I don’t want to spoil, and the best of them are on a subject that is a surefire way to our heart: copyright and the public domain. Better still, one such joke is actually woven into one of the game’s puzzles in an excellent marriage of narrative and mechanics. I can’t describe that puzzle in full without spoiling it — you should just go play it for yourself — so instead I’ll just tell you that at one point you’re interrupted by a copyright maximalist ghost:
Overall, the gameplay and the puzzles are all very simple and straightforward, and it only takes a few minutes to get through the game. But this, too, is made to feel appropriate as part of the overall package. The game is constantly winking at you, knowing that it’s going to make you crack a smile. As a complete, original, memorable, and entertaining game that speaks directly to the themes of copyright and the public domain, Escape from 1927 is a deserving winner of Best Digital Game.
Congratulations to Jacob P. Silvia for the win! You can play Escape From 1927 in your browser on Itch, plus don’t forget to check out the other winners as well as the many great entries that didn’t quite make the cut! We’ll be back next week with the final winner spotlight.
Filed Under: game jam, games, gaming, gaming like it's 1927
3CX Knew Its App Was Being Flagged By AV Platforms, Did Very Little During Supply Chain Attack
from the whoops dept
"If you don’t use the 3CX VoIP platform, or work in the MSP space with companies that do, you may have missed the news that the company suffered a massive supply chain attack over the past few days. With comparisons being made to the SolarWinds fiasco, this was really, really bad. Unsuspecting clients of 3CX had Windows and Mac versions of the app to hundreds of thousands of customers deployed on their computers with malware snuck inside. That malware called out to actor-controlled servers, which then deployed more malware designed to allow for everything from browser hijacking to remote-takeover of the computer entirely. A hacking group associated with the North Korean government is suspected to be behind all of this.
Security firm CrowdStrike said the infrastructure and an encryption key used in the attack match those seen in a March 7 campaign carried out by Labyrinth Chollima, the tracking name for a threat actor aligned with the North Korean government.The attack came to light late on Wednesday, when products from various security companies began detecting malicious activity coming from legitimately signed binaries for 3CX desktop apps. Preparations for the sophisticated operation began no later than February 2022, when the threat actor registered a sprawling set of domains used to communicate with infected devices. By March 22, security firm Sentinel One saw a spike in behavioral detections of the 3CXDesktopApp. That same day, 3CX users started online threads discussing what they believed were potential false-positive detections of 3CXDesktopApp by their endpoint security apps.
✓ Here’s the problem with that last paragraph: the detections for the malicious code actually began before Wednesday, March 29th. In an updated ArsTechnica post, it turns out that customers were noting that some AV agents were flagging the 3CX installer and app going all the way back to March 22nd, a week earlier. And these customers were noting this on 3CX’s own community forums.
“Is anyone else seeing this issue with other A/V vendors?” one company customer asked on March 22, in a post titled “Threat alerts from SentinelOne for desktop update initiated from desktop client.” The customer was referring to an endpoint malware detection product from security firm SentinelOne. Included in the post were some of SentinelOne’s suspicions: the detection of shellcode, code injection to other process memory space, and other trademarks of software exploitation.
Others were, in fact, seeing the same thing. These customers were busy writing exceptions for the application, figuring that a signed/trusted app from the manufacturer itself was likely resulting in a false negative. Other users followed suit. 3CX remained silent until Tuesday, March 28th.
A few minutes later, a member of the 3CX support team joined in the discussion for the first time, recommending that customers contact SentinelOne since it was that company’s software triggering the warning. Another customer pushed back in response, writing:
Hmmm… the more people using both 3CX and SentinelOne get the same problem. Wouldn’t it be nice if you from 3CX would contact SentinelOne and figure out if this is a false positive or not? – From provider to provider – so at the end, you and the community would know if it is still save and sound?
This is, of course, precisely what should have happened. Instead, the 3CX rep said there were too many AV providers to go out there and call them all. Then he or she mentioned that they don’t control the antivirus software, but instructed the user to “feel free to post your findings” once they had called SentinelOne themselves.
Those findings were on display for everyone the following day when the attack and compromise of 3CX became very, very public.
You really would think that after SolarWinds first and Kaseya second, tech companies would know better than to ignore this sort of thing and actually talk to the security firms that are flagging their products."
Filed Under: antivirus, hack, supply chain attack, vulnerability
Companies: 3cx
RELATED CONTENT
No comments:
Post a Comment