Probably all you need to know is that when you see industry conferences about AI and CyberSecurity?

Yeah, they’re not about how to use AI to improve security with neat, new heuristic detection methods, and automated response scenarios.

They are about all the extra work you have to do, all the extra things you now need to be aware of and worried about, because AI so routinely introduces so many holes and exploits and flaws … in so many places that you normally wouldn’t think to check, because surely any person or team putting out that terrible of code would have been fired, right?

Beyond the methods one can use to ‘trick’ AI into doing things it isn’t ‘supposed to do’… mass AI adoption by large swathes of the economy is just literally a national security threat, it fundamentally compromises the security and integrity of tech infrastructure that now undergirds basically everything.

=D

So while Utah punches above its weight in tech, St. Paul area absolutely dwarfs it in population. Surely they have a robust cybersecurity industry there…

https://lecbyo.files.cmp.optimizely.com/download/fa9be256b74111efa0ca8e42e80f1a8f?sfvrsn=a8aa5246_2

Utah, #1 projected tech sector growth in the next decade, of all 50 states.

Utah, #8 for tech sector % of entire state economy, of all 50 states.

Minnesota?

Doesn’t crack top 10 for any metrics.

Utah may not be the biggest or techiest state, but it is way more so than Minnesota.

The National Guard just seems like a desperate move.

Again, this is my argument, but you are only seeing desperation as due to incompetence, not due to… actual severity.

When they’re deployed, they take orders from the the federal military,

Not actually true unless the Nat Guard has been given a direct command by the Pentagon.

and at peace, monitoring foreign threats seems like a federal thing.

… which is why the FBI were called in, in addition to the Nat Guard being able to report up the military CoC.

You call in the National Guard to put down a riot or something where you just need bodies, not for anything niche.

I mean, you yourself have explained that the Nat Guard does have a CyberSec ability, and I’ve explained they also have the ability to potentially summon even greater CyberSec ability.

I guess you would be surprised how involved the military is / can be in defending against national security threatening, critical infrastructure comprimising kinds of domestic threats.

Remember Stuxnet?

Yeah other people can do that to us now, we kinda uncorked the genie bottle on that one.

Otherwise, just call a local cybersecurity firm to trace the attack and assess damage.

It is not everyone’s instinct or best practice to immediately hire a contracted firm to do things that government agencies can, and have a responsibility to do.

If this was like, Amazon being comprimised, yeah I can see that being a more likely avenue, though if it was serious, they’d probably call in some or multiple forms of ‘the Feds’ as well.

But this was a breach/compromise of a municipal network… thats a government thing. Not a private sector thing.

EDIT:

Also, you are acting like either you are unaware of the following, or … don’t think its real?

https://en.wikipedia.org/wiki/Utah_Data_Center

Kind of a really big deal in terms of Utah and the tech sector and the Federal government and… things that were totally illegal before the PATRIOT Act.

Exabytes of storage.

Exabytes.

Utah literally is where the NSA is doing their damndest to make a hardcopy of literally all internet traffic and content.

Given how classified this facility is, I wouldn’t be surprised if their employees don’t exactly show up in standard Utah employment figures.

They literally don’t do anything other than have meetings and injest executive level reports.

CEOs are unironically the prime candidates for replacing employees with AI, from a direct cost to employ the employee perspective.

I don’t give LLM AIs much credit, but they are more intelligent than the average CEO.

Also, LLM AIs, when well-manicured… are generally better at corpospeak and not having massive ego trips than most CEOs.

Probably less likely to intentionally commit crimes as well.

gitlab

I refuse to use, or touch, C#, as a matter of principle at this point.

Only 0.43% of the population can write code.

Which doesn’t include you.

I will never lose the ability and my services will always be needed.

You are a highly, highly specialized, but also simultaneously low skilled worker who can only work with a very specific set of services, which are all paygated by vendors, who will immediately jack the fuck up out of their pricing as soon as they are able.

You are delusional.

Even in some hyper dystopia where all coding is outsourced to an AI, all you are is a prompt generator.

Do you think an AI that can write inefficient code… cannot write prompts?

You are a loon.

And the vibe coder is also blissfully unaware of all the zero days he/she has also deployed along with his prompted autocomplete output of a program.

Great work! Very efficient!

I’m totally sure said program doesn’t also needlessly pull in a gigantic mess of additional libraries, just to use one or two functions from it, I’m sure this is a very compute and memory efficient program.

And I am totally sure this will all work great and be easily reconfigured to keep up with any changing requirements, because we all know software devs always get very concrete, stable, and well defined requirements to work with.

And now we understand why MSFT buying github a some years back was a really big deal actually, and not just some kind of mostly neutral, generic expansionary business move.

Sure. But VPNs were around long before the consumer-oriented VPNs were a thing.

No argument there, you’re right.

(technically =P)

Or they just had one person handling their IT and needed help, and didn’t want to pay an outside contractor.

Nah, read the links I provided.

It went from the normal IT department, to the city level Emergency Response Team, to the Nat Guard and FBI.

Cities, larger ones anyway … often have their own sort of local mini-FEMA, who have their own capacities to order around other local agencies, but also have a whole bunch of protocols for… who to contact when something exceeds the capacity of everything they can more or less order around with their own authority.

I’m honestly surprised the National Guard was called at all. If If anything, that shows how backwards Minnesota is, or at least the mayor of St. Paul.

I am not in particular familiar with St.Paul specifically… but …

1. It could overall make sense given the capacities of the city (the Twin Cities, St. Paul + Minneapolis), and them knowing their own constraints.

2. It could also make sense if they rather rapidly at least suspected a very sophisticated, foreign threat actor.

That second half is kinda most of my argument:

Why would you start up the Military chain of escalation unless you either suspected a potential foreign nation state actor, and/or, critical infrastructure systems were breached, so critical that they’d been previously deemed an actual national security risk, should that happen?

I am not certain of what happened, nor certain of the validity of this logic… but this is my logic, from the original comment.

Sure, they could have just panicked. I don’t know that they did or did not.

But I have worked with people who’ve been employed by, led things like FEMA and DHS and City level emergency response teams, their specialities being the cybersec/netsec variety, and… this seems like actually following a previously outlined set of steps to me.

I’d expect that if my state government got hacked, they’d call in a local cyber security firm to come audit things, and we have plenty of them here (I’m in Utah, so not even a big state).

Ahahah, two things here:

1. Basically, see what I just wrote above.

2. Really? Utah, prime recruiting ground for the CIA, Utah, with the largest NSA data center complex in the country, possibly the world, that is archiving essentially all US internal communications they can so they can search through them later if need be, Utah, with more and more corporate datacenters all the time… you don’t class Utah as a big state, in terms of the tech sector?

Perhaps I am misunderstanding you, but I just find that silly.

I guess my confusion here comes from trying to reconcile the broad, colloquial understanding of a VPN, and the actual, precise, technical definition.

When a news article runs with VPN in a wide audience usage… 95% of people think SurfShark or Nord or PIA or whatever, something that is consumer oriented, that accesses/fancy proxies the broad internet, as you give in your first example, where it basically functions as a more elaborate set of proxies than what most people could probably manage on their own.

So… yes, it technically is a type 2 VPN as you’ve listed, but it technically isn’t a type 1 VPN, which is what 95% of people think a VPN is.

I’ve worked remote for a decently long while, and most other remote workers I’ve known… they do not have really any understanding at all that their work login thing… is fundamentally the same kind of VPN as Surfshark, just configured differently.

My goal was to emphasize this difference, but yeah, I could have used better wording.

And yes, I know as well that Nat Guard CyberSec are by no means the creme de la creme of cybersec specialists, but the fact that a top level Municipal agency went ‘oh fuck’ and basically escalated the issue to the next level of IT support, the State Nat. Guard… that means they got pretty fucking spooked.

Also, the FBI is involved as well, they’d be the ones to pass it up to NSA and/or Homeland Security, I think… and the Nat Guard would be the ones capable of passing it up to… Army CyberCom… and I think if it makes it up to either Army CyberCom or the NSA or Homeland Sec, well at that point, its theoretically possible that any member of the alphabet soup could be called upon, or at the very least, have it come up on someone’s desk.

I am not exactly sure what the CoC of escalation pathways is here, but it seems like this got escalated to as many people as the Municipal Emergency Response Team could, quite rapidly.

Its ‘the emergency response team looked at this for 24 hours and then called in another emergency response team’.

I mean, myself personally, I prefer to simp and fanboy for my favorite exploitative corperate overlord, because I’m sure there are good reasons everyone uses them, despite their well documented history of massive fuckups and fuckovers of all possible kinds!

/s

Do people need to (re)watch Fight Club?

Narrator:

A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside.

Now, should we initiate a recall?

Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X.

If X is less than the cost of a recall, we don’t do one.

It’s been like 25 years.

Did people like… genuienly not know this, forget about it?

IIRC, I genuinely, accidentally, first discovered internet porn on an elementary school computer, as a 5th grader.

Tried to go to the website for the whitehouse.

Turns out, the real website is whitehouse.gov, not whitehouse.com

At the time… yep, whitehouse.com was hardcore porn, this was way before school network admins… really even existed? muchless had any kind of url/ip blacklists.

So yep very old school, early days, near-miss or adjacent url hoarding… I think that would have been all the way back when expedia, yahoo, askjeeves were all still competetive search engines, and I am pretty sure I was using Netscape Navigator, hahahah!

Anyway, I was quite shocked, rofl, having grown up thus far literally going to church every weekend, being told by my parents that I couldn’t participate in the school Halloween festivities, as that was a ‘Satanic’ holiday.

Hooray fundamentalist upbringing!

The trick is not actually buying anything.

Just using it for an id verification.

On a site that actually doesn’t cost anything.

It could be done, over a 56k modem, guess how I know?

The astonishingly hypocritical part:

Guess who does payment processing for OnlyFans?

Visa.

And MasterCard.

=D

All you need to verify your id is a credit card!

Then you get all the pr0n you want!

Hope you didn’t borrow one from your parents!

No child has ever thought of that before!

No no, you don’t get it.

Random Windows ‘Powerusers’ obviously know more about programming and cybersecurity than people who actually do that for a living, as a professional line of work, duh!

See, I wrote a bash file once, so I basically know everything about software dev, especially on linux as well, which is basically just the whole OS is powershell, right?

/s/s/s

Removed by mod

I’m sorry, people still have or use these things?

Who is this stupid or lazy?

Yep.

I’ve been one.

Thats how I know what I am saying.

Like you’re not even challenging what I’m saying really, you admit that most PMs are technically incompetent, because their job is mainly playing office politics.

It didn’t used to be this way.

And it still doesn’t have to be.

A good PM is someone who actually knows their relevant field, and can also do some office politics, but much more importantly, is a responsible and helpful team leader.

A person with only an MBA just has a degree in how to play office politics and gaslight people.