Headline buries the real lede a bit in my opinion; the author has gotten a snapshot of the no-fly list from 2019. Presumably the system under attack processes more up-to-date versions of it regularly.
I wonder which no-fly list it is. Is it a government no-fly list that would contain suspected international criminals and terrorists, or an airline's private no-fly list that would contain people who cause a ruckus on flights, drunks, anti-maskers, and so on. Maybe one shared between airlines? I would imagine that second list has grown substantially since 2020 given all the craziness airlines have had to deal with since then.
>[...] the vast majority of people who have disputed travel and appeal to the Department of Homeland Security’s Traveler Redress Inquiry Program are not on the terrorist watchlist. Most people on the terrorist watchlist are still able to fly within the U.S. A very small subset of people on this list are on the “No Fly” list.
[...]
>The No Fly List is a small subset of the U.S. government Terrorist Screening Database (also known as the terrorist watchlist) that contains the identity information of known or suspected terrorists. This database is maintained by the FBI’s Terrorist Screening Center.
So, shouldn't this list be public information anyway? It's not even suspicious people they're watching, by the sound of it the no fly list is only for people they have concrete evidence of terrorist activity for. Imo the public has a right to know those identities.
> the nofly csv is almost 80mb in size and contains over 1.56 million rows of data. this HAS to be the real deal (we later get confirmation that it is indeed a copy of the nofly list from 2019).
“The CSV file format is not fully standardized. Separating fields with commas is the foundation, but commas in the data or embedded line breaks have to be handled specially. Some implementations disallow such content while others surround the field with quotation marks, which yet again creates the need for escaping if quotation marks are present in the data.
The term "CSV" also denotes several closely-related delimiter-separated formats that use other field delimiters such as semicolons.[2] These include tab-separated values and space-separated values. A delimiter guaranteed not to be part of the data greatly simplifies parsing.
Alternative delimiter-separated files are often given a ".csv" extension despite the use of a non-comma field separator. This loose terminology can cause problems in data exchange. Many applications that accept CSV files have options to select the delimiter character and the quotation character. Semicolons are often used instead of commas in many European locales in order to use the comma as the decimal separator and, possibly, the period as a decimal grouping character.”
I think it's valid to argue that you shouldn't be able to put some of commas, quotes, and newlines inside fields at all. And comma versus semicolon.
But that doesn't extend to using backslash escapes in something that's legitimately trying to be CSV. That's someone getting confused and implementing a mix of data formats, or trying to be clever and making an extended CSV format.
It’s valid to argue that, but that means you can’t use CSV for many real-world data sets.
That, in turn, means you almost cannot use CSV in any robust solution. Even if, today, your input doesn’t have commas, quotes or newlines, can you guarantee it won’t tomorrow, next year, etc?
Unless it's a CSV file exported from a Nordic locale Excel, in which case your CSV exports will use semi-colon as column separators and commas as decimal points. And yes the filename will still end with ".csv"
So the following Excel export I just did will parse perfect fine with your CSV parser but give you completely the wrong thing:
That has nothing to do with the Nordics, but with the decimal separator. In locales that use a comma as the decimal separator (i.e., most European locales), Excel uses a semicolon as CSV separator.
I thought it strange too. I saw what the issue was, and just "fixed" it be correcting the data in the CSV. For the lulz, I guess I could have played with the parser's options on deciding what is needed to be escaped. However, the data would have still been incorrect as the '\' is definitely not part of the desired content, so ultimately it was better to correct the input. i would kind of rather the import die than having the potential foot gun of '\' in a field for later sabotage.
If I’m not mistaken RFC 4180 says that quotes should be escaped by prepending them with another quote, so “” and not \” (these are not double quotes but my phone won’t let me type normal quotes), but yeah I guess it is a rather perverse value to put in a csv.
Some planning, some building out new stuff (usually clean work), some repairing active geysers of partially processed data that's getting all over the place fouling up the works.
I have. All I'm saying is this plus someone who left 10 years ago who can't and shouldn't have written a CSV parser using regular expressions. Input row:
Also seems to have gotten a crew list from the CommutAir’s CASS or possibly from other airlines as part of the shared deadheading crew list, which includes crew addresses and employment information.
There were also prod AWS credentials in the files exposed in Jenkins.
Basically any air charter service (no matter how small) will have access to the no fly list. It's honestly surprising that it's not up to date online within minutes.
If I was the US government, I would add some fake but legitimate-looking IDs in such lists, different ones for every airline I send the list to, so I can identify who leaked the list ex post facto, and come down with God's Wrath on any airline that leaked theirs.
But then, I am not a Bond-esque criminal organization bent for world domination.
And as always... Never use production data in the test pipeline.
At the very least, I don't think the company was operating like every random developer should have full-access to the no-fly list, which is what they de-facto gave them when they dumped an old copy into the test pipeline.
As a software engineer even I sometimes can't help romanticising hacking in my imagination. But so many times it turns out to be just like some company left the front gate wide open and the "hacker" walked in and took a look around.
Underneath all the garbage, good story. But Holy Hell, why do bloggers write so terribly and self-indulgently? That's a half hour of my life I'll never get back that shouldn't have been more than 10 minutes. Don't they have Ritalin in Australia? They really should.
Aussie, can confirm. They have Vyvanse, Dexamfetamine, Adderal and Ritalin.
I didn't mind reading this one though, was a novel change to see sentences starting without capital letters.
Since when are passport numbers supposed to be sensitive information? This isn't something you could use for identity fraud in any normal circumstances.
Don't all sorts of person-related details come in handy to stage a social engineering hack? Maybe a caller could demonstrate legitimacy by coughing up a passport number. At this point, it may impress me more than someone having found my SSN (_love you for that, Equifax_). Yet, SSN is still by many institutions considered something that should be stored in the vault.
I don't know if you are joking or I need to break it to you that in most cases passports are the de facto identification for foreigners and passport S/Ns are being used as part of identification procedures.
In the US there are basically 2 forms of ID cards currently, one says “Federal Limits Apply”, the other does not. The one that says “Federal Limits Apply” requires a backup identity document to verify in some cases like buying a gun, or flying. Passports are often used, and while the TSA is going to verify the info on the passport, others likely will just verify if it looks real enough or check that the number actually exists and go no further.
They change frequently? My passport is the longest-lifetime form of ID I'm offered, the absurdity of using Social Security Number as an ID aside. Most passports last for 5-10 years in my experience, and I'm not sure the number changes when you renew it.
> I'm not sure the number changes when you renew it.
Of course it does. Numbers used to identify people generally don't. Passport number identifies the individual document, mostly so it can be checked against INTERPOL's SLTD database.
Interesting hack, but this seems quite the brazen confession to a fair number of computer crimes. If I were the author, I'd be worried about getting arrested and potentially extradited for this. Especially as he deliberately downloaded a load of confidential information after gaining access, and then shared it around. He'd be looking at years in prison for this, in the US.
Switzerland's federal constitution prohibits extradition of swiss citizens to foreign powers. Now technically, this one amendment can be overriden by a mere act of Parliement, so unless there is a special act I'm not aware of, they are safe.
I had always assumed that the “no fly” list was a phrase and that it didn’t refer to an actual list, but rather a database with more detailed information than a “can they fly?” Column with a Y/N entry. In pharmacy we have a database we have to access when we suspect there is abuse, fraud, or diversion of controlled substances. The database is regularly updated with current information about prescriptions that were dispensed including location, prescribing physician, etc. I had always assumed the “no fly” list would be something similar. Now that I think about it though, that wouldn’t be efficient or useful at all. It would make sense for it to be much more simple.
I naively thought a secret list (file) with secret data is not distributed among random developers of random organizations in full but having a private access point where specific persons could be checked for no fly list by those with right for it, audited, with measures to avoid abusing the service. Potentially with training set available for developers separately. There are services where the accuracy of certain data can be validated (i.e. for cars by license plate and other data) so those who query should already possess the data of a particular person when using it and not just browse everyone in the secret list they please.
I had a friend with a common Indian name get bounced off a flight and then be unable to book flights after it turned out he shared his name with someone on the no-fly. He had to petition his senator/congress person to get off it. TSA had no easy way to prove innocence. It was very clear the list was just a list of names with no useful or distinguishing unique fields with it.
This was roughly 10 years ago, so things might have changed, but at the time it seemed like federal agencies could easily append to the list, but there was no standard process to get off it. I'd guess there are obvious incentive for agencies to add ("hey look, we've found terrorists", even if nothing was actually done about it), and none to remove people from it.
Network connectivity in airports can be patchy at best, and connectivity from the airport internal network to the internet even worse. All the check-in and boarding systems are designed to be able to work offline (with semi-automatic reconciliation afterwards). You have to query the no-fly list at check-in and boarding, so it's more resilient to have a list that can be loaded airport-side every morning
yeah, surprised as well. In finance, there is ofac for people forbidden from moving money, but it's also typically used as a service/db instead of passing around csv files to everyone. Very bizarre.
There are various aggregators who combine this list and a bunch of other sanctions/related lists like the BIS Entity List which is probably what he was referring to.
Have you ever witnessed this file being used by companies moving money stored in S3 as "shitlist2019.txt" for screening incoming transactions in production? Because that's what the article is alluding to.
Indeed, the de-editorializing of the title made the interpretation more ambiguous. I'd actually prefer the real title ("how to completely own an airline...") or a more clear adjustment ("how to hack an airline...").
I was disappointed too. I wouldn't know what to do with an airline, I never had one, I wouldn't even know which one I'd like, perhaps Virgin Airlines?, but the thought of having one was exciting still.
I too was at first annoyed by a bit of an overhyping in the title and the overall style as well, until I remembered how it felt when you discovered something yourself, or even just read a good clever report from someone else. You get this rush that this is the coolest craftiest thing in the world.
For those unaware, maia is a pretty prolific hacktivist, and it has been indicted by a grand jury for a variety of USA govt penetrations but has USA proceedings on hold until it's extradited, which it's confident won't happen.
Isn't weev hiding in Transnistria after he got released on a technicality that allows them to go back after him in another district court or something?
I was thinking the courts ruled he got tried in the wrong jurisdiction so prison had to release him. He basically GTFO'd before they had a chance to refile and is hiding in an unrecognized territory inside Moldova.
This is clearly on the darker side of gray-hat. Hate to be preachy but anyone seeking to emulate this sort of attack-finding should consider their ethical obligations as a computer scientist and follow best practices for responsible disclosure. It appears this was completely ignored here, including sharing stolen sensitive data of normal people with whoever can plead a case.
Am I missing something? It seems Maia didn't share the data at all, and only offers to if someone can demonstrate they will use it responsibly.
Moreover, depending on the contents of the list, this likely offers proof of what is generally suspected, that the no fly list is a form of discrimination and authoritarian overreach, targeting people that haven't been convicted of a crime but are "suspected" due to race, religion, etc. The whole thing is probably unconstitutional/illegal, but it's hard to prove that since it's been secret.
This seems like a clear case of hacktivism- trying to expose an unethical government program for what it is, so that it can be stopped.
We're talking about a no fly list which every airline in the world has a copy of. There's at the very least hundreds, if not 10s of thousands, of employees of airlines alone that have access to this list.
If people had such an innate propensity to divulge secrets, surely the employees who setup that faulty jenkins server would have already sent you a copy of the no fly list, right?
And I would agree that it has been leaked, probably a lot, and that any halfway competent government intelligence agency in the world has copies if they feel they need them.
That isn't really a counter-example to my point which is just that it is stupidly naive to suggest that Maia is somehow exempt from these concerns.
If you want to argue that its all pointless secrecy theater, then I'd agree with that entirely.
Probably thousands of airline and US government employees have had access to this list over the years. Yet neither you nor me can see anything on it, here in January 2023.
This is why such a list should be public. You don't trust random grey hat hacker at .gay TLD to distribute the list to people who won't do harm with it. I don't trust the government to not distribute it, accidentally or otherwise, to people who want to do harm with it.
In fact, the government does do harm with it, by putting people on it without telling them (they might send a letter, that's not guaranteed), and you only get to find out a few hours before your flight when you get rejected at security.
Furthermore, this particular government fails to properly secure info all the time. Seems the last two presidents have been just leaving classified papers strewn all over the place.
No, I'll trust the gay hackers over the government, thank you very much.
Sure. But that isn't the naive position that just because someone is Good(tm) that they will be careful with secrets. That's just the position that keeping secrets and having Kafkaesque bullshit is itself bad, so it doesn't matter, and the right thing to do is just post it on a pastebin hosted in Russia and call it a day.
Depends what exactly they mean with "demonstrate". It can mean email from J. Random Person with "pinky promise I will use this list for good", or it can mean "well-known journalist with a clear public track record".
The problem is to define "demonstrate" and the criteria. Remember the gatekeeper is now an unemployed gal who "know lot's of things about cyber security" according to her main page. Seems likely a competent bad actor could easily impersonate a well-meaning reporter...
Yes, security through obscurity isn't security, but this also seems incredibly irresponsible for any "security researcher". AFAIK, just basic standard good practice is to report the flaws and allow a reasonable interval before publishing, and there seems to be no hint of this.
Modern society really is held together with duct tape, baling twine, and a few pieces of bubble gum...
>>Remember the gatekeeper is now [...] unemployed [...] who "know lot's of things about cyber security" according to [its] main page. Seems likely a competent bad actor could easily impersonate a well-meaning reporter...
Good to see that; thanks for digging deeper. I hope he has done this behind the scenes and the holes are patched, because I'm sure that by now, someone with worse intent has already followed those footsteps...
> CommuteAir added that the server, which was taken offline prior to publication after being flagged by the Daily Dot, did not expose any customer information based on an initial investigation.
If TFA (may not be accessible right now) is to be believed, “the” server is a very generous understatement of the size of the exposed infrastructure, and customer information was very much accessible if not accessed per maia’s words. So seeing a statement like this from the CommuteAir PR people actually makes me feel less reassured, not more. (The attacking side looks better so far—maia itself is not a “watch the world burn” type, judging from its breach history, even if its writing makes you wonder whether the absurdist parody is deliberate or the author is in fact slightly manic. Kind of like Justine Tunney.)
> Stealing source code and making it public isn't really helping anyone, most likely this is just an ego-inflation bragging exercise... A lot of these so-called hacktivists claim noble goals but then it later transpires to be down to other more selfish reasons,
There are a lot of ways a hacker can get attention and gain notoriety to inflate their ego. They could be causing harm to people, breaking things, causing chaos, and spreading lies. There are a lot of invisible whitehats around doing good out there. The evil stuff stands out a lot more. Responsibly reporting the data leak issue in that mental health app, and being willing to reveal the data about the no fly list to someone (if it feels they're the right someone), that all seems pretty good to me.
hacktivists are just people who try to make the world better through hacking. There's no requirement that they never do anything else for any other reason, or that they only ever hack for a really good cause, or that they never take any pleasure in the recognition they get for their actions or in what they've accomplished.
What's even the point in looking down on someone for doing good things in order to gain a positive reputation? Isn't that something we hope people will do?
Snowden was a compromised asset of Russia, working for them. Most of what he released had nothing to do with his stated purpose. People have all kinds of reasons for doing that sort of thing. Sometimes they really believe in the other country, sometimes it's entirely selfish. We won't know even if he says something on the topic, since we can never know his mind, and he'd demonstrated that he's dishonest.
> Snowden was a compromised asset of Russia, working for them.
So Snowden was a Russian asset, who wanted to go against Russia by leaking information about a US surveillance program, and then after failing being a Russian asset, went back to Russia...??
I'm having a lot of trouble with this line of logic, can you point me to something credible on this?
I can 100% believe there was a selfish purpose, but this doesn't seem like it.
>>go against Russia by leaking information about a US surveillance program
The information Snowden leaked was in no way against Russia, it benefited Russia enormously.
Even the stuff that was on his claimed point created turmoil in the US to this day, which harms the US and only helps Russia
The other stuff he leaked helped Russia directly, and directly endangered and likely got killed US people and/or assets.
and of course he claimed his laptop was secure while he was in Hong Kong on his way to Russia. Anyone who thinks it stayed that way and he was allowed/invited to stay in Russia is a fool.
There is nothing he did that didn't harm the US and benefit Russia, and he was a very successful Russian op. the mere fact that it is still being debated here in the Us shows how successful it was, even if just a provocation/disinformation operation.
In an attempt to sound like he had noble reasons for leaking hundreds of thousands of unrelated secret documents to journalists, Snowden claimed it was watching James Clapper's congressional testimony in March 2013 that triggered him to start downloading and exfiltrating classified material.
This was a lie. He'd actually started collecting his trove of stolen documents many months prior, in mid-2012, coinciding with arguments with his managers. He had a grudge against his employers, and he acted upon it.
Snowden also never mentions that nation-state adversaries got all of this material too. The intelligence agencies of China and Russia must have been rubbing their hands in glee when he fled to them in quick succession. No wonder Russia continues to protect Snowden from being brought to justice in the US, from their point of view he did a stellar espionage job for them.
That's not the only bullshit from Snowden either. Even little things like his claimed $200k salary when it was actually closer to $100k-ish. He's a serial fabricator full of grandiose claims about himself and what he did.
I would like Snowden just as much even if his reason was "I was bored and just felt like fucking some shit up".
I also think this was likely good for the NSA. Their internal opsec and controls seem like they were terrible if they existed at all. Snowden was a wake-up call to do better, and hopefully that makes the US even more secure than it was before.
> Snowden claimed it was watching James Clapper's congressional testimony in March 2013 that triggered him to start downloading and exfiltrating classified material.
This was a lie. He'd actually started collecting his trove of stolen documents many months prior, in mid-2012,
Did he say that the lies to congress were what "triggered to him to start downloading", or was that what finally convinced him to take the truth to the public instead of continuing to bring his concerns to other people within the intelligence community? If I remember correctly, he'd been investigating what looked to him like an unconstitutional program for a while.
> coinciding with arguments with his managers. He had a grudge against his employers,
Nobody gives up their well paying job (while also making sure they'll never work in their field again), risks their life and their life with their loving partner, gives up their freedom, gives up ever seeing their family again, etc all because they get into an argument with their boss.
> Even little things like his claimed $200k salary when it was actually closer to $100k-ish.
That'd be a weird thing to lie about, but he has clarified that issue. According to him the $200,000 was his "career high" salary. He took paycuts at Booz Allen Hamilton in order to get closer to the material he wanted to access. He ended up making $122,000 a year, but that wasn't the most he'd ever made doing intelligence work. Is there some evidence that shows he never made $200,000?
There's no evidence that Snowden brought his supposed 'concerns' to anybody in his chain of command, prior to defecting to Russia. The documents he began stealing in 2012 weren't targeted towards the bulk data collection program - he exfiltrated whatever he could lay his hands on, which of the hundreds of thousands of items were mostly military secrets, and classified information on intelligence work abroad. The claim that this was all driven by watching Clapper testify in committee is a convenient lie, a cover-up for what he was really doing: a massive theft of secrets across the board.
Serial liars do often go back and 'clarify' their lies once called out, it's part of spinning a web of deception. Admitting any wrongdoing, as normal people might do, isn't on the agenda for people like Snowden, all puffed up and full of ego, living off their own bullshit.
Not only did he defect to Russia and enjoy being celebrated there, he also has many people in the US and allies lauding his espionage, filmmakers and journalists gushing over his narrative and airbrushing out inconvenient facts. What a series of accolades for a liar and thief. He seems to revel in this 'wise whistleblower-in-exile' act he's carved out for himself while remaining Putin's pet. This treacherous escapade worked out better than he ever could have imagined.
I think the point here is to expose the nofly list as an unethical and/or illegal government program by leaking it to journalists that can evaluate and summarize it's contents, not to help them secure it better.
White hat hacking assumes that the hacked party is doing normal or ethical business, and that helping them secure it would be generally beneficial.
Also, I'm pretty confident that Maia, as a famous hacker and cybersecurity expert, isn't going to be easily duped by someone impersonating a journalist, and knows how to verify such things.
after your comment, I looked at her main page more closely and found that she mentioned "it/she" in a superscript the middle of a paragraph, so that's what I corrected it to.
I do have to say that, while it's polite to use people's preferences, when just reading an article and posting a quick comment, it's pretty casual, and (almost always) no offense is meant, so none should be taken. Note that the bulk of the comments here are all over the map, and I'm sure no one means to be offensive.
I get the impression that she's/it's doing this from a place of pain and desire to lash out, and "the system" is an easy target for her to fix onto. Not out of any sense of morality.
That's an odd take but I'm getting old. Once you cross 30 its incredibly to spot when someone is an NPC laundering hate in the guise of reading minds. They're clearly young or angry, so you let it go.
The adjective is missing from your comment so I mean not sure whether you meant to write that it's incredibly easy or hard. I certainly do not presume to be a mind-reader, but I do have experience with gender dysphoria. Self-hatred is a hell of a drug.
She appears to have talent in connecting these data sources, but she's also in way over her head when it comes to motivation. On the world chessboard, she's a pawn. I can easily imagine that she's being egged on to do harm to the quasi-neutral but not isolated society that is now her life raft.
Maybe we should or shouldn't, but the potential victims of this aren't just some greedy corporation. Leaking the no fly list could cause irreparable harm to individuals whose names are on it or even similar, causing discrimination by employers and other organizations.
Top secret stazi lists should absolutely be shared. It's why we have 'we have right to know' laws, so the government can't just lock people up in a jail and disappear them.
I think you may not be reading the parent comment correctly. They're saying that those on the list have a right to privacy, therefore outright leaking the list is wrong. Being able to find out whether or not you are on the list is not incompatible with maintaining others' right to privacy.
> those on the list have a right to privacy, therefore outright leaking
Those Americans on list have a right to question their accuser in court before a right (to travel) is restricted. When did we agree to suspend due process, 14th amendment?
I am reading it correctly. They do not have a right to privacy, because we all have the right to know who the government is keeping on lists. Regardless the line of thinking reeks with hypocrisy - the government of the United States has been doing nothing but trampling privacy, yet when it comes to top secret government surveillance state programmes they hold it close to their chests
I don't understand your reasoning. To me, you seem to be saying that since the state violated everyone's privacy, the general public now has the right to violate these individuals' privacy even further to get back at the state.
Publishing the list as-is would also imply that you believe the state is infallible and can't err when putting people on this list. There are thousands of people out there who have redress numbers because they have the same name as someone on the list. Can you imagine if getting a redress number is necessary for employment? Leaking the list would ironically increase the state's control.
(edit: Again, I'm not disagreeing with letting individuals find out if they themselves are on the list, just disagreeing with the method)
What the fuck is wrong with you? Do you understand the repercussions of it being found someone is on a no-fly list (because we all know the US government makes mistakes).
While this is true, it is also true that many people think "where there's smoke, there's fire".
Or, to put it another way, governments can make people disappear by publishing such lists and having the police be busy somewhere else when a mob happens.
And then, what, some hapless person on there gets doxxed and some red neck asshole rolls up on their house and shoots them cause ‘Merica? After 9/11 we had these idiots killing brown people left and right just because “they could be terrorists.”
Don’t be so naive. Lists of people are almost inherently dangerous things. I don’t like that a no-fly list exists in the first place but it would be completely irresponsible to just publish it and wash your hands of it.
If someone was on a no fly list and they wanted the general public to know, they could just put it out there themselves. No? This seems more likely to be used as a form of public shaming than a way to expose injustice.
> If someone was on a no fly list and they wanted the general public to know, they could just put it out there themselves. No?
How would they know? How would they prove it?
There's a known case a few years ago where a woman was trapped away from the US for 3 years - her estranged husband put her on the list when she went to visit her parents, and boom, she's not allowed into the US and no-one will tell her why, making it easy for him to get divorced and keep the house.
(If she'd known what had happened, and been able to put her hands on enough money, she could maybe have flown to Canada/Mexico and entered overland; all she knew was she was denied boarding)
>There's a known case a few years ago where a woman was trapped away from the US for 3 years - her estranged husband put her on the list when she went to visit her parents, and boom, she's not allowed into the US and no-one will tell her why, making it easy for him to get divorced and keep the house.
How does one "put her on the list"? It's not that easy.
Apparently if you happen to be working in the right government department then it is. It was only discovered when he applied for a promotion and they did an extended background check.
You can almost certainly get anyone put on this list by simply creating an email account like firstname.lastname@protonmail.com and sending out a few threatening emails to the right places.
It's not like the federal government sends you a letter to tell you about it and what to do if you have an issue with it. While you raise a valid concern, I think it's a lot more likely to function as the basis of a class action suit - a sufficiently plausible and timely piece of evidence that would move a court to compel proper discovery.
If you are a U.S. citizen or lawful permanent resident, and the TSC determines that you are on the No Fly List, DHS TRIP will send you a letter informing you of your status on the No Fly List and providing the option to submit and receive additional information.
Yes...after you submit a form asking why you were denied boarding, as was stated in the opening paragraph. You don't get notified automatically when you are put on the list.
I have been told a few times that I am on the no fly list, so I avoid planes - that, and I am nearly 7 feet tall.
Is my only way to discover if I am allowed on an airplane is to buy a ticket and get subsequently denied on the boarding gate/security? No FOIA request, or anything similar, to circumnavigate this?
Yes this is insane. I’m a U.S. citizen and if I’m not allowed to fly because of some arbitrary national security measure then that measure had better be public information and known before I book a ticket.
If my government has denied you the right to travel without telling you why I genuinely and sincerely apologize and take responsibility because it should not work like that and ideally I should be able to vote out the people who made that decision.
The Bill of Rights makes no distinction between citizens and non-citizens in its text. It says that rights belong to people, not exclusively to citizens of the several States.
The Equal Protection clause protects citizens and non-citizens alike, e.g. Graham v. Richardson, 403 U.S. 365 (1971)
The first amendment protects aliens once they are admitted to the US, Bridges v. Wixon, 326 U.S. 135 (1945)
There is a right to travel that is an extension of the first amendment rights to freedom of association and freedom of expression.
Are you sure of that? Rights attributed generally to "the people" in the constitution can be limited from being enjoyed based on immigration.
For instance, "the people" have the right to keep and bear arms but god help you if you're here irregularly or on a tourist visa and do not meet one of the exemptions. Sure non-immigrants are persons but federal law doesn't give a fuck.
Granted, this is a Washington State court ruling on the basis of the WA state constitution (which has a stronger RKBA provision than the federal one). But there were similar rulings in other states, and if I remember correctly, at least one of them cited the federal constitution.
As far as the "exemptions" go, it might simply be that nobody ever challenged them before - I mean, as a non-immigrant alien who can get kicked out quite easily in any case, why would you go and antagonize the feds if you can just buy an Alaska hunting license online for $60 and make them happy that the requisite checkbox has a mark in it? But also, until Bruen, the courts tended to defer to various onerous licensing restrictions and requirements even for citizens.
The second amendment is one of the few exceptions rather than the rule. It is difficult to argue for inclusion in "the people" who have the right to bear arms when excluded from selective service and from the definition of the unorganized militia.
By your logic women unaffiliated with service are excluded then. The unorganized militia, by US code, is (you can look up the code but this is pretty close) basically able bodied military age male citizens.
Throwing in all these constraint when the constitution clearly say "the people" without qualification which magically means basically everyone one place but not most everyone somewhere else seems kind of arbitrary to me, but then again the courts seem to have held up visitors aren't people so hey. This is why I'm not a lawyer because really such fuckery makes my brain melt. If I were the sole sitting justice of the supreme court I'd say the qualification is a person is one unit of people and thus they have the rights of the people. IMO if you're one of "the people" then when the constitution uses "the people" unqualified elsewhere that's you -- which by symmetry means if you can't own a gun you're not a person and have none of the other rights of the people.
State law in the state where I live defines the unorganized militia without regard to sex.
At least the 7th circuit agrees with you, (United States v. Meza-Rodriguez) even if there are other federal appeals circuits that don't. So this is something that will likely go to the Supreme Court eventually.
What if you are a US citizen, and it has recently been discovered you have been secretly dealing arms to Russia against current sanctions. And while authorities do not currently know your location they suspect you will be flying to/from Russia very soon?
That's totally different - indictments are usually sealed before arrests in the kind of case you're talking about and there is longstanding precedent for that to prevent flight from prosecution. They would arrest you for ITAR and IEEPA violations before you board. That kind of thing happened long before the no fly list. That is different than an opaque list with a million people on it most of which have never been accused of anything and where there is an expensive appeals process and the government is allowed to use secret evidence.
> The No Fly List is a small subset of the U.S. government Terrorist Screening Database (also known as the terrorist watchlist) that contains the identity information of known or suspected terrorists.
The TSA comment above is pretty straight forward but to be fair the wiki article is filled with instances of speculation.
I had the impression from the article that anyone could submit the form requesting information if they were so inclined; I just meant that most people probably only find out when they're denied. Then again, being 7 feet tall they might be doing you a favor.
Hah, indeed. As a side note, foreign nationals can likely determine their no fly list status from the Foreign Assets Control (OFAC) sanctions programs list. I put together an excel workbook of that data (shared link below [0]); it contains OFAC's Specially Designated Nationals list (SDN), and non-SDN sanctions consolidated set. OFAC sanctions lists can be directly searched [1] and accessed via ftp [2]. In the excel workbook I shared below it's interesting to web search the entities listed as "CYBER" (see the sdn_cyber tab).
What are you talking about? The list is literally designed to harm those people. It's a no-fly-list. If anything, having it public could provide public pressure to get them off the list.
It also provides proof to the victims that they were on it. It may not bring justice from the same government that put them there in the first place, but spreading their stories may (hopefully) reduce its legitimacy and revoke the consent of the governed.
Though I don’t like the idea of it, I’m also not certain that I know better than people whose careers are in national defence. I’m not convinced that it’s a black and white thing. There are bad actors out there, and sometimes it’s clearly advantageous to hide information from them, which means hiding it from everyone.
Maybe there are reasons this is short sighted or I’m missing a greater point. I’d be interested to hear ideas in any case.
Breaking into private S3 buckets because you are bored is not considered an appropriate “Step 1” by the _professional community_ (people who get paid to do this for a living) at large.
Among people who plan to be financially rewarded for their work and also not be in handcuffs, Step 1 is usually to “Get written permission”.
Perhaps this is just my autism speaking, but am I the only one who gets completely freaked out by sentences like the above? "It" refers to inanimate objects, things which can't have free will, do crimes, or be prosecuted.
It's almost like you're talking about how a lawnmower decided to run a child over and then incriminate itself by boasting about it on social media. It makes no sense!
I know she picked that pronoun herself, but I really wish she didn't. It just makes communication difficult.
Competing access needs: autists need regularity, ??s ("the category of people who go by it/its") need ... creativity? chaos? uniqueness? Those goals are at direct odds.
(I'm going to presume here that crimew doesn't actually want to be considered an object, because we don't generally respect objects' pronoun choices. So calling them an "it" in the grammatical way would be paradoxically self-defeating; we call objects he/she all the time and they usually don't complain.)
This is also why I will always defend the use of "they" as valid. There has to be at least one universal pronoun.
Yes, it's likely that I am more challenged by the grammatically incorrect pronouns than most neurotypicals in this thread, thanks for pointing that out.
A lot of people who like to cry 'transphobic!' may wish to understand that there are people who need accommodation in our society other than trans people, and that heralding chosen pronouns as truly inviolable will sometimes make other people less comfortable.
That said, I have so far managed to avoid any such accusations in this thread, thankfully.
I fail to see how any of the mentioned pronouns are ungrammatical.
As for competing needs and such, in this case it’s as easy as using she/her (as maia lists that as one of its pronouns), in other cases it’s usually acceptable to use they/them or no pronouns at all. The only thing that is generally absolutely unacceptable is (knowingly) using the wrong gendered pronouns or using gendered pronouns when the person only uses non-gendered pronouns.
It's not that it's hard in any absolute sense, it's that imposes an ongoing overhead cost on people who may already pay a high cost to interact at all. (Also, of course, a cost on reading discussion about it. (Does that 'it' refer to the discussion or the author? You don't know! Have fun investing effort to work it out, every single time it's used.)
I wonder what the motivation was. Anarchism is mentioned elsewhere, so if I wonder if that’s a motivating factor here. At any rate, I appreciate that people are trying their best to be respectful. Personally, I’d also prefer to use “she” if that’s alright with her (it?). This becomes confusing quickly when we’re also trying to use it abstractly to refer to arguments and concepts.
I totally understand wanting to be respectful, but respect goes both ways. She needs to respect the fact that her odd pronouns are literally breaking the English language for people who want to use them.
I personally think that the ultimate end game for pronouns in English will be creations of new ones with no connotations (so easy to apply like names) that get incorporated into the language or more likely an eventual move to a single pronoun that applies to everyone. Chinese, for example, only differentiates in written form so would be an easy adjustment. They is every high schoolers preferred choice in essays before English teachers complain.
I'm not sure how the under 20 is adjusting but in my groups of mid 20 to late 30 nobody is trying to disrespect anyone by not using preferred pronouns, but it just slips out from decades of usage, and people just end up replacing pronouns with the person's actual name after multiple times apologizing. The having to remember multiple names when meeting someone just doesn't seem tenable long term.
> more likely an eventual move to a single pronoun that applies to everyone
Oh god i hope. As a german, we have pronouns for all nouns. So far no societal backlash against those, but they just seem totally useless to me (beside maybe a teeny tiny bit of "forward error correction"). You just have to learn them. Surest way to spot an immigrant. Then there is job titles. In the US, "nurse" seems to be used for both genders, but the words origin is female. Yeah, we have that as well for many jobs. Others usually have suffixes. Ofc we want to be welcoming to all. You can imagine the job listings...
You can't 'break' a language. You either just follow its rules or flaunt them. If your output is still comprehensible - which 'it' as a pronoun is - it's still language. Back in the day English used to have two pronouns for 'you'. Was merging them both into one pronoun also literally breaking the language?
She's actively making the language less comprehensible by breaking the rules. Multiple times in this thread, people have said "it" and I've been confused as to what - or who - they're referring to.
I'm not a language historian, so I don't have an opinion on your last question.
Really not. Most sentences can be easily rewritten without pronouns. I know a bunch of trans people and have trouble remembering who likes to be called what, so I just reduced the number of direct references. It's not that hard to do, because most conversations don't involve so many subjects that it becomes complex.
People seem to be assuming that this request for certain pronoun usage is made in good faith. Asking to be called "it" is probably just trolling on "its" part. "It" would probably laugh at the people bending over backwards to accommodate.
Have you considered that someone who chooses "it/its" as its pronouns is intentionally trying to break the English language with said choice? In this case, it is Swiss, and therefore it is likely not a native English speaker which could be a factor as well.
The singular only version of "they" is "they", just like the singular only version of "you" is "you". "You" was formerly plural, with "thou" as singular, but "thou" has since fallen into disuse.
> "You" was formerly plural, with "thou" as singular, but "thou" has since fallen into disuse.
Sadly. Overloading "you" and "they" feels rather clunky. I wish it got rid of "he" and "she" instead - gendering pronouns is completely useless, and that's coming from someone whose native tongue genders much more than just pronouns...
You was always both singular and plural, but in the singular form it was the formal second person pronoun, whereas thou was the second person singular informal pronoun; it's the same as the difference between du/Sie in German, tu/vous in French, or je/u in Dutch. This is why the King James bible uses thou: it's intended to feel more accessible to its readers with a friendly tone.
https://en.wikipedia.org/wiki/You says the singular "you" didn't occur until Modern English, and the singular form 'ye' died out in the 1600s with early Modern English.
The King James Bible, published 1611, uses "ye" as the singular form of the formal "you", as in "Ye shall know them by their fruits."
] In a period of rapid linguistic change the translators avoided contemporary idioms, tending instead towards forms that were already slightly archaic, like verily and it came to pass.[87] The pronouns thou/thee and ye/you are consistently used as singular and plural respectively, even though by this time you was often found as the singular in general English usage, especially when addressing a social superior (as is evidenced, for example, in Shakespeare). ...
] Another sign of linguistic conservatism is the invariable use of -eth for the third person singular present form of the verb, as at Matthew 2:13: "the Angel of the Lord appeareth to Joseph in a dreame".
I've been trying to figure this out and just end up being more confused.
One issue is that song's use of "ye" seems to be from the 1750s, so about 150 years after the KJV usage, which in turn was somewhat archaic. English changes.
> In Early Modern English, ye functioned as both an informal plural and formal singular second-person nominative pronoun. "Ye" is still commonly used as an informal plural in Hiberno‐English and Newfoundland English
So it's possible that the KJV uses "ye" only for formal singular second-person, even if was also used more widely used for informal plural, and as that informal plural became more widely used, it became the go-to way to translate the Latin, which is in plural.
Sure, but that’s not what the page says. The Wikipedia article says that. The page says “it/she”. From what I’m familiar with, the order is usually “singular/plural” and when multiple are preferred I’m used to seeing it written as you notated it here as pairs in a list e.g. she/her, him/his, they/them, it/its, xe/xim, etc, in a list. I guess I can infer that’s the intention, however, which is fair enough.
But that really didn’t have much to do with what I was discussing. That was a separate argument about how we use “it” to refer to objects as a rule. Humans are objects, but we also generally prefer to think of them as objects of a higher order variety. In conversation, we take advantage of this to parse and interpret context more quickly. Choosing to do otherwise makes it more difficult to know if the “it” I just used in this sentence is Maia, some other object, or an abstract point I’m making in this discussion. Anyway, that’s why I prefer she/her.
> Perhaps this is just my autism speaking, but am I the only one who gets completely freaked out by sentences like the above?
Hi, fellow autist here.
Yes, it feels like my brain hits some speedbumps with that particular pronoun. I wouldn't say I get "freaked out" though; it's just unfamiliar yet.
Despite what other comments claim, I doubt this is agrammatical. "It" is part of the same grammatical class (the class of pronouns!!) and so fits anywhere "he" or "she" does.
> "It" refers to inanimate objects, things which can't have free will
Could you bring yourself to see the choice of "it/its" pronouns exactly as a self-identification with things that feel no agency of their own? I don't know why Maia claims those pronouns, but I'd get this motivation for sure.
This is the result of most of progressive society saying that it is socially acceptable for a person's preference of expression to mean more than grammar and clearness of communication.
It may do so in English, but it is Swiss, so probably also speaks German, where 'it' - 'es' is Genus Neutrum, exactly meaning neutral gender. For example 'the child' - 'das Kind' is neutrally gendered. Hope this makes sense.
In English, animals are routinely referred to as "it", and they're obviously animate.
So, at most it could be said that "it" doesn't normally refer to persons... but even that's not true if you include sci-fi in your definition of "English language". When dealing with topics such as non-standard biological sex and/or gender fluidity, older sci-fi works would often use "it" for such people without any implication of non-personhood.
I find it particularly amusing that you used the wrong pronoun while scolding me to use the correct pronouns for her.
If that doesn't prove the impracticality of using "it" as a pronoun, I don't know what does.
It breaks the rules of English that we all understand subconsciously, so it's difficult to do without consciously thinking about every single usage of a pronoun in a sentence, which is not how most people type.
I use the word "they" in that context all the time regardless of gender or pronoun. I actually thought about that before using it. It's a common use of the word "they" in casual English.
While VPN's shouldn't be the only device, it seems like that should be part of any competent security posture. E.g. Jenkins should only be accessible from known VPN endpoint IP addresses.
And the s3 buckets/dynamodb/whatever other data you store should be vpc restricted. Ours are like this by default, for exceptions (like aws services that run in some internal vpc that's not exposed) you can make an exception per role.
From the accompanying (and linked) Daily Dot article[1]:
> On the list were several notable figures, including the recently freed Russian arms dealer Viktor Bout, alongside over 16 potential aliases for him.
> [...]
> Numerous names included aliases that were common misspellings or slightly altered versions of their names.
For non-natively-Latin names, the US government is thorough to the point of hilarity in including every possible romanization and misspelling of one, and they list full names not their individual parts so combinatorics ahoy, as well. For example, if you know a bit of any Slavic language written in Cyrillic, browse the Russian sanction lists, it’s going to give you a chuckle.
In all seriousness, this actually makes perfect sense given the prospective consumers of the lists may not have any clue about the languages the targeted people speak. It’s just that the article makes 16 aliases sound vaguely sinister, whereas if you’re a Russian—or, for that matter, a Ukrainian or a Belarusian—that’s just a reasonably low estimate for how many romanizations of your name people may think up. (Not that Bout isn’t sinister as hell.)
"On Wednesday, Public Safety Minister Bill Blair said in the coming days, certain travellers, like Sebastian Khan, will be able to apply for a Canadian Travel Number, a unique number they will be able to use when they book a flight to distinguish them from people on the list."
Soon they'll give everyone a number so they can travel. And print it out in physical form too. And call it a passport.
Shouldn't take much for this to overflow beyond 2**whatever names, which is probably going to be all sorts of fun for the 1970s software probably involved in processing this data.
> In March 2021, crimew was indicted by a grand jury in the United States on criminal charges related to her alleged hacking activity between 2019 and 2021. The charges were unrelated to the hack of Verkada. Her home and her parents' home were raided by the Swiss police at the request of United States authorities, and her electronic devices were seized. People used the hashtag "#freetillie" to express support for her in the aftermath of the raid, and the Swiss magazine Republik compared her to Jeremy Hammond and Aaron Swartz.
No you just (by constitution) have to swear allegiance to the crown to become a lawmaker, which makes you a perjurer if you don't acknowledge their power.
Also is the monarch not commander in chief their armed forces? I thought being under the command of the queen / monarch was part of their oath. If your soldiers are sworn to do what the queen says that seems like a lot of potential power.
Yeah, it's crazy to me that the UK has no armed forces, the military are all personally bound to the monarch. The king has interfered in politics too, so arguments based on royalty not being active are off to a bad start.
Probably not. But if you owned a warehouse and you left it unlocked without security, and someone steels from it stuff that is owned by somebody else, then maybe you are liable somewhat.
Fiduciary responsibility [1] is closer to the concept that applies here in my opinion. Companies have a fiduciary responsibility to protect the company and thus the investment in the company for the investors and shareholders.
> Please don't complain that a submission is inappropriate. If a story is spam or off-topic, flag it. Don't feed egregious comments by replying; flag them instead. If you flag, please don't also comment that you did.
Are you asking, what purpose was there in bringing the hammer of the American Justice Department and down onto a random grey hat hacker? The same as always: enforce rigid authoritarianism and blind bureaucratic SOP.
Remember kids, clicking the "next page" button on court document websites is legal, doing it with javascript is a felony, off to jail with you, join the rapists and murderers!
Nah history in information security repeats daily. How many unsecured mongodb databases exposed to the internet and unsecured S3 buckets did we see? Credentials have been committed to github so often that Github chose to build an automated alert system on their own dime that you don't even have to sign up for. How many times have lastpass and Experian been breached? How often do we STILL see sql injection attacks, a problem that has been actually solved for decades?
Well, the word used was "authoritarianism", and I believe this is commonly used to refer to a political system, not to individual acts. Please correct me if I'm wrong.
The US breaks their own laws and international laws when going after individuals who embarrasses the US government, including deploying the military if it suits them.
It is a bit like when telecom companies sent bribes to terrorists in order to gain telecom contracts. It not that they intend to do bad things, but occasionally they have to break the law when law stands in the way.
You believe the usa is a democracy? Despite high barriers to voting and the fact that in three federal executive elections in recent history the State gave power to the candidate that lost the popular vote?
Despite the fact that the State allows for bans on women's healthcare despite the majority of population supporting guaranteed access to women's healthcare?
Despite the fact that the State has criminalized marijuana despite the fact that the majority of the population wants it decriminalized?
The USA is not as authoritarian as some places. Obviously that is true. It's a pretty good place to live, comparatively. But don't aid the State in grasping more power. What a terrible end to the American experiment, I predict: PATRIOT act type laws passing again and again while the people allow themselves to be distracted by culture war. History repeats itself except this time the intelligentsia aren't participating voluntarily for self gain, it seems many of them (here) are letting fascism just get away with it because, I dunno, maybe they see themselves on the side of the arbitrarily decided "big tech" actor in the culture war?
Who knows. To me it just seems a repeated pattern of fascist-tilted ideologies coopting contradictory pro worker and nationalist rhetoric and responding to all criticism by retorting that there's no alternatives but ${somePlaceNobodyWantsToLive} so we better just accept things as they are.
Are they though? Bernie Sanders wasn't even allowed to debate as a popular presidential candidate because he didn't have a corporate sponsor or Super PAC funding.
If voters are only choosing amongst candidates put forth by the establishment, and the establishment relies on funding and support from special interests, then democratically elected is somewhat different than democratically selected, isn't it?
I wasn't referring to the executive branch of the US government, in fact that branch has been chosen by state appointed electors and not individual citizens since its beginning.
First, I only wrote "if you think...", so I did not attribute any opinion onto the OP.
Second, however, there is good reason to believe that OP might hold that opinion, since OP wrote about how the purpose of some actions of the American state, via the American Justice Department, were to "enforce rigid authoritarianism". Whose rigid authoritarianism could that refer to in this context, other than an alleged US-American one?
You are correct that I think the USA government is an authoritarian one, insomuch as it is very reactionary or at least conservative, and engages in incredible acts of authoritarianism and imperialism.
I don't think it's anything like authoritarian regimes, wherein a single individual (DPRK) or party (PRC) maintains absolute power. However, it is authoritarian in its representation of its single interest: billionaires and corporations (which famously have personhood in the usa and are explicitly granted political power via legislation).
I wish you wouldn't take a bad faith interpretation of my position by strawmanning me as if I'm claiming the usa is like the DPRK. I'm not alone in my viewpoints, and considering the rise of leftism in the usa, at the very least you would be well served to pay attention to what we're saying if nothing else so you aren't blindsided by a sudden wave of anti-establishment blowback. Read Cory Doctorow's "Radicalized" for some fun fiction on the dangers of laughing away criticism of the problems in the usa as just silly disaffected leftists who aren't "realistic."
In any case I doubt what I'm claiming, if you take it in good faith, is really all that controversial.
Do you want to live in a country where you could be churned through viciously unfair court systems for potential years because you used JavaScript to access APIs that you didn't know were intended to be accessed only by humans through web browsers? Because that's happened to people in the usa.
Do you want to live in a country where you could go to jail for fixing your own tractor, or iphone? That's what the American government is leaning towards.
Do you want to live in a country where human rights aren't guaranteed if the State can pick a demographic trait about you that renders you inhuman in certain situations? The USA is doing that right now to women and their bodily autonomy, and transgender people for same.
Do you want to be a target when you travel because your government armed revolutionaries and then radicalized them against The West by pillaging their country for natural resources? This America has done uncountable times.
So why deny reality? Don't you want the usa to be a better place? You don't have to be a communist to think so. You can simply want the things I mentioned to go away. There's no reason America can't just be a milquetoast capitalist state with whisps of socialism in their healthcare and transportation industry like plenty of nations across the world. Why assume that's a slippery slope to whatever scary thing you think I believe?
The US might not be authoritarian overall but the people who wind up in positions of power in the various institutions that run it sure seem to have a much greater authoritarian bent than the populace in general so when they can get away with it (like when prosecuting a hacker or arresting a bootleg cigarette seller) they try to go all out. The kinds of people who routinely complain about these excesses often turn right around and complain that specific kinds of criminals they don't like aren't getting treated badly enough and it drives me up the wall.
Would you please stop using HN primarily for ideological battle? Regardless of ideology, that's not allowed here, because it destroys what the site is supposed to be for.
Here's a quick test I just derived to assess how authoritarian the country you currently live in really is: you go to a main square in your country's capital on a busy day and start declaring in a loud voice that, in your opinion, the country's current leader has no idea what they're doing, that all her/his political ideas are idiotic, and that the people of the country would be better off with almost anybody else in his/her position.
Keep doing this for a little while.
The level of authoritarianism of your country can then be measured by the reaction of government officials.
I find this incredibly one dimensional. Apply your rule to a country where government officials are smart enough to leave in the release valve of a little bit of protest and you'd let them get away with basically anything.
Certainly one way authoritarianism manifests itself is through blatant restrictions on freedom of speech.
America, being a nation of highly evolved authoritarianism, has found better ways. Nobody on earth does better marketing than the USA. Nobody. And what else can we call marketing when a government does it other than propaganda? Get someone leaking that the government was doing illegal spying? No worries, he's a Russian agent! Got some upstart kneeling on a football field to protest police brutality? Champagne socialist, race baiter, disrespectful of the American flag, boom, done, we can keep doing police brutality. And bonus, we now have a new angle to culture war: pro and anti cop. Tie being pro cop to owning a pickup truck and just like that you've got people making it their entire identity. Easy! Didn't have to arrest a single person (other than a couple hundred peaceful protestors of course).
No need to arrest the person shouting that the president is an idiot, or a fascist, or whatever. That doesn't matter because the American electoral system is rigidly locked into two parties that serve the true electorate regardless of which is in power: billionaires and corporations. Shout all you want! It doesn't matter all that much.
But should you challenge the true electorate, that's an entirely different story. Why is stealing from the cash register come with a quick trip to jail, yet the largest form of theft in the usa is wage theft, the punishment for which is at worse a fine? And that's if you can hire a lawyer to do the hard work for you: unlike when you steal from the cash register, the State is unlikely to send an attorney general to launch an investigation on your behalf.
Authoritarianism can manifest itself in many ways when you're smart about it. Try to repair a John Deere tractor on your own, lemme know how it goes. Try to grow what you want on your farm, lemme know how it goes. Try to get a medical procedure, well the State might let you, unless you're a woman or transgender.
Grow your own marijuana and then smoke it, lemme know how that works out.
You may be allowed to protest the president, but stand in front of a courthouse with a sign that says "Google jury nullification," let me know how it goes.
Stand in front of a police station with a sign that says "Black Lives Matter," tell me how it goes.
Stand in front of a Whole Foods with a sign about pissbottles, let me know how far the cops force you to move on threat of arrest.
I triple dog dare you to walk into an American police station and request to make a complaint against an officer. I quadruple dare you to change your mind and try to leave if they ask for ID during the process.
Ever driven in South Texas? Lemme know what happens when you try it and refuse to stop at the random border patrol points that aren't on a border, despite being constitutionally "guaranteed" to not need to randomly show proof of citizenship to jackboots asking.
So you can shout about the president. Big deal. You can do that in many places. The power of the authoritarianism isn't vested in that office in the usa. The president is an agent of those interests. The tricky thing about the usa, and the reason it's not a fully fascist state, is those interests are just diverse enough to be unable to collude fully. I think it's on that path though.
Do you think the only measure of authoritarianism is number of prisoners per capita?
At any rate, I was reading that countries like China have alternatives to prison called “administrative detention”. Maybe we should just change the name of our prisons so we can goose the stats?
The US (at least the Republican party & some supporters) possesses other authoritarian traits as well, such as using excessive force to quell protests, pushing a narrative which alienates outgroups (Mexicans, Muslims...), or widespread surveillance.
Obviously it's not as bad as China or Russia, but it's not exactly a bastion of hands-off governance either.
Indeed, it's a matter of degree. I wouldn't call it autoritarian relative to the world, but it's lagging behind Western Europe and a bunch of other countries.
No I think we meet all other reasonable measures also. The experience of freedom in the US is the freedom to make increasingly virtual and arbitrary consumer choices. That’s pretty much it. It’s not the experience of freedom of speech in practice, not free time, not freedom from usurious debt, not the freedom of rising prosperity, not freedom from opaque government interference and meddling.
When people use the word “authoritarian” they are just signaling that they believe the narratives that our media speaks with one voice about those bad, bad other countries.
To be fair, the skills required to do what is written about here are basically fancy-googling, not exactly "most capable hackers" level. The author walked around town and turned the knob on all the doors they could see. Some doors weren't locked.
Technically easy, operationally virtually impossible - everyone will slip up eventually.
Also, the need for recognition often drives any human endeavour - and that leads hackers, criminals, etc to boast of their exploits to at least someone … who might be under observation, or under pressure to give up information to escape severe punishment for their own activities.
Prolly the need for recognition because if you hack from public wifi with tails tor mullvad, brand new laptop with specific hardware and so on I don't see how you can get caught up
Don't forget the time machine to go back to warn past self about the one time they slip up just prior to when they decide to really go all in on the haxoring.
Some parts of the internet never forget, and the anonymous graph is only anonymous if all of it is anonymous. 99.999% isn't good enough.
No doxxing was necessary, Tillie did it all publically, publishing on a home server, making announcements on Telegram under their real name. I don't quite get it either, but they specifically didn't want to hide in (pseudo)anonymity.
Can Confirm. I was big into telegram communities at that time and joined when her group was public. I have nothing to prove because I delete all my stuff but the indictment shows screenshots and transcripts from the group. She literally posted selfies on Twitter sometimes.
I don't agree with most of her more radical views and find her methods to be too extreme, but she clearly stood behind them and didn't hide
crimew's stated viewpoint and goals are "radical transparency". Hiding her legal name would go against this goal. It has nothing to do with competency and everything to do with her worldview.
In reality it’s like a kid listening to the beatles, but with computers. I’m a younger millennial that grew up entrenched in ‘hacker culture’ and even then there was a clear fetishisation of the good ol’ days.
Not to start a flame war, but no, people use vim and Emacs because they're productive with them. I've certainly tried alternatives like vscode seriously and find I prefer vim.
In my case, it was using Linux distros pre-vscode that got me into emacs. In that era, your choices for general-purpose developer-oriented file editor were (a) emacs, (b) vim, (c) something that was ported from another OS and either running in an emulator or running atop a library stack that barely worked on your architecture and would take like thirty seconds to boot up.
vscode didn't exist when I learned vim, and Visual Studio was only on Windows, and I had seen demonstrated that people using vim seemed to be a lot faster manipulating and navigating code.
Feels like a passing of the generational torch as elsewhere in the thread there’s large arguments about pronouns while younger people who are way past that are out here getting into wide open Jenkins servers for active airlines lol
I think you're misunderstanding a few things, particularly the nature of commentary.
People comment mostly when they think they have something topical to add that hasn't been said. And pronouns are something people feel much more able to have opinions on that doing scans for open servers.
The vast vast vast majority of people of any age won't comment at all.
Good rule of thumb: NEVER assume that the views of commentators are in any way representative.
Not sure if amusing but referring to someone as "it" makes it seem like an insult. I realize (per the bottom of the wiki article) that those are the chosen pronouns but still.
Consciously using retro design is very much a thing in industrial design, architecture, and so on; it only makes sense that it would come to websites, too (and indeed you'd expect younger people to be doing it; most retro _anything_ takes inspiration from a time period before the designer was around).
Seriously? I know like none of the tools or terms they used, like wtf is shodan?
In general the author doesn't seem to follow the white hat guidelines, and I'd be worried what they've done is quite illegal (possibly on a federal level if the nofly list is so secret)
maia[0] (it/she pronouns) is almost certainly aware of that this is illegal, and has been indicted by a grand jury for other government hacks.
shodan[1] is a search engine that deals in hosts and ip addresses rather than web pages, and is a goldmine for finding everything from exposed ip webcams to jenkins instances.
US law is neither a universal law nor an international one.
Accessing computer systems owned by a US company based in the US might constitute a violation of US law, but the hacker is based in Switzerland - where US law does not apply.
As you can see in the linked Wikipedia article, accessing these systems is probably not illegal in Switzerland, thus, for all intents and purposes, no crime was committed.
Here's an indictment from 2019 for similar activities. It's a crime in the U.S., thus prosecutable in the U.S. The question is whether Swiss authorities cooperate, not the jurisdiction.
The jurisdiction is quite questionable. If someone in north Korea would decide I'm guilty of breaking some bizarre law, I couldn't care less. Why would a Swiss citizen care about what the united states think is a crime?
It's easier to get extradited to the US than to North Korea
In fact I don't think any countries will extradite you to North Korea. There's plenty (including many in the neighborhood of Switzerland) that extradite to the US for at least some crimes.
According to its Wikipedia page [1], Switzerland doesn't extradite their nationals (including maia) without consent. maia might be trapped in Switzerland, but as long as it stays there the US can't get to it.
Legalities aside, it's morally wrong to hack a server, disregard reasonable disclosure, and publish (even to a selected group) an in-depth list of personal information; all for political reasons! (at least going off what their Wikipedia page describes as their motivations).
"Look at you, hacker. A pathetic creature of meat and bone. Panting and sweating as you run through my corridors. How can you challenge a perfect immortal machine?" — Shodan
You actually have most likely come across mentions of shodan if you use HN often. It is that search engine for insecure systems like exposed/insecure webcams.
I know those tools and i agree. There's no skill required to use a search engine for compromised/misconducted servers to find a compromised/misconfigured server and then pile around on it. I don't think it's so good to publish it instead of reporting to the airline but I'm pretty sure that is for political reasons considering the author's political views.
I think she used publicly available common tools in this regard without specific knowledge of the airline industry. Even searching the internet is a special skill for those never used a computer or held a smartphone but is a no brainer for those never created a search engine algorithm.
As a nontechnical person who enjoys this stuff, also wasn't familiar. Anyone have a good rec for a starter guide for a nontechnical person to be able to do similar research (albeit in ideally more of a white hat approach)?
Oh it must be nice to be able to do things like this, while only keeping an eye out for the laws of your own country, safe in the knowledge that your government won't extradite you for breaking the laws of another country.
Those are pretty standard ACARS messages. It's the only time I've seen SOH/STX/ETX used, probably because originally in the 70s they were designed to be typed used with Telex machines.
The headline made me think this was about a scheme where you register as an airline, just to get access to the list. I mean, how many planes do you need to own to be an airline?
assuming i was willing to ever interact with a SOAP api in my life which i sure as hell am not
^^^ this killed me. i'm sure everyone who has ever interacted with a SOAP api feels the same. god bless this tiny kitten/person/hacktivist, the world needs more of this energy.
This is gonna be random but I love people just shamelessly being themselves on the Internet. This person is literally a kitty cat playing around and I find that adorable~
This would be a good candidate for a k-anonymous API where you can query if a specified full name, DoB, etc., is in the list without divulging the list or the request.
> CommuteAir added that the server, which was taken offline prior to publication after being flagged by the Daily Dot, did not expose any customer information based on an initial investigation.
So the fact that she has gained access to this restricted list, has somehow granted you entitlement to it? Or are you implying that every person on that list should be doxed to satisfy your curiosity?
She's already been indicted on federal charges for hacking. Not being allowed to fly wouldn't be the main issue if she found her way into an American airport or airliner.
Reading that wiki page, it sounds like he's on his way to a long stint in prison, or worse. Wouldn't be surprised if he gets black-bagged now that he's attacking critical national infrastructure and encouraging others to do so.
Someone who continues to deliberately misgender after being told about it - especially using "he" when the person's name (Maia) is traditionally a woman's name - seems to care quite a bit.
If you use binary genders you use male or female ones and people tend to use the same pronouns once they start with them. If someone uses gendered pronouns you shouldn't take that to mean that's the one the subject prefers but rather that's the gender the person who wrote it perceived.
If they truly don't care to perceive a gender then a 50 / 50 pick. When I look at it's picture I honestly couldn't tell you if I perceive more male or female so I would've done same as op and picked one randomly and then for consistency not change it, even if some unrelated party tried to confuse things by making me change it.
Surprised to see this guy wasn't already in prison due to his previous antics, and it's too bad he didn't responsibly report this issue through the proper channels. Everyone's luck is bound to run out at some point.
I'm not confident that is it safe to link to the site operated by such hacktivist. I prefer to see link for news article on HN headline, rather than criminal hacker's website itself, but I don't know rules.
> Suspected members of the IRA, the Irish paramilitary organization, were also on the list.
Oof the international politics always come out in things like this. Twitter also publicizes all of its suspensions and bans. There's a Wikipedia article with a list of all the notable suspensions since 2010. It's interesting to see that, contrary to popular narratives, many of the international groups banned were actually far-left aligned.
The list gets really boring the more you scroll down however. The last notable ban was Paul Graham for simply sharing their Mastodon handle. A boring dystopia indeed
> It's interesting to see that, contrary to popular narratives, many of the international groups banned were actually far-left aligned.
The list that Wikipedia determines "notable suspensions" is probably not the best gauge to counter "popular narratives". What Wikipedia chooses to highlight is often the sum of actual popular narratives - not simply popular protests [1]- which is sourced almost entirely from the media and then filtered through the culture found among Wikipedia power users.
A raw database of suspensions and their rationale [2] would probably be the only useful analysis.
[1] The people most often protesting bans aren't always the people getting the most media-sourceable attention for their bans
[2] Recent leaks show that that the US state/federal gov employees (and other well connected power players) often sent lists of tens/hundreds of accounts to be banned and Twitter employees often retroactively found reasons to do so when the given reason wasn't justified. So both the rationale and "notable" part both have questionable value for general analysis
It's also possible that wikipedia (and the editors there of) are more likely to be far-left aligned / knowledgeable -- thus leaving the far-right unaccounted for.
That said, I also see bans of accounts with few followers regularly being far-right (white supremacist jokes for instance). They may just not be able to gather large followings at this point and / or be on alternative platforms.
????? I just went through the entire table of suspended people and there were almost no far left groups besides Antifa. Most of the suspended were either far-right/alt-right, trump related, doxing related or spreading miss-information.
That doesn’t mean the “they” here isn’t unclear. I wasn’t sure whose Mastodon handle Paul Graham shared. I certainly didn’t think OP meant he shared his own handle.
To be perfectly pedantic, this should only be confusing if referring to the Mastadon employees. Otherwise, if referring to the non-person entity, singular or plural appropriate syntax would be “it”.
They originated around the same time, but singular you was initially only used for addressing superiors/showing respect (using the plural second person pronoun as a singular for this purpose is still a thing in a bunch of languages), a few hundred years later “you” became the standard second person singular pronoun while “thou” fell out of favour.
A very modern convention is now using “they/their” when a person may not be aware of someone’s preferred pronoun. And even still, I have also seen people abandon gendered pronouns entirely.
It's also a very old method. In fact, he/she is a later evolution of the English language. "He/his" used to be more equivalent to "it/its". It wasn't until ~15th century that the modern "he/him" and "she/her" fully evolved. "They/them" meanwhile was in full use by the 14th century
This train of thought makes no sense. The fact that something originated in Old English doesn't at all mean it's dead. He/She also originated in Old English, just a little later. Should I make fun of people using he/him, she/her pronouns because they're "clinging to Olde Anglishe"? lol
It’s also just far easier to use a plural pronoun to refer to a singular person to reflect the idea that you’re talking about their whole persona, brand, work, etc… and not just specifically the human being, IMO.
> contrary to popular narratives, many of the international groups banned were actually far-left aligned.
Massachusetts state police posted a photo on twitter from inside one of the emergency management command post whatever facilities.
In the background was a projector screen showing a web browser and in the toolbar was at least one link to a facebook group for one of the occupy movements.
Of course, no visible bookmarks to any of the state's numerous white supremacist or far right groups.
Those polo-shirt-and-khaki wearing clowns? From numerous accounts by witnesses, reporters, and photos on twitter they received what amounted to a police escort from the public transit station where they all parked, all the way into the city...and then from the transit station to their protest site. And then back again.
See: FBI report from a decade or two ago citing the huge problem with white supremacist groups infiltrating law enforcement.
After seeing the title but before clicking on the article, I thought this would be about a legal hack rather than a security hole. More specifically, creating the minimum possible corporation that qualifies as an airline (so that you literally own an airline), and then saying to the government, "hey, we need the nofly list, we're an airline, see?". The actual hack sounds way easier, to be sure, but I still like my version the best.
I came here to make the same comment. Also, I now know that .gay is a tld and I'm trying to figure out how to take advantage, registration isn't terribly cheap, but the only restrictions are ones that don't apply to any of my ideas.
Relatively off-topic, but I absolutely love the 90s/early 2000s vibes I get from this. I can't remember the last time I saw a webring, much less one with animated logos.
This whole thing has made me incredibly happy to see that somewhere, someone out there on the internet is pwning people for stupid vulnerabilities and posting about it on a site that looks like this one. I admit the flashing ACAB really did it for me.
It's even more entertaining when the people who make it weren't even alive or old enough to understand or have memory of it. It's a bit of a trip for me.
Made me realize that 'vintage' basically means to many people 'things that are before my living memory' and it can literally only be 0 to 5 years back before they were born.
This guy is a (hobbyist?) security researcher who responsibly alerts companies of vulnerabilities.
However are his actions of downloading the no fly list and offering to share with journalists legal? Or does that cross into overreach and criminal activity?
The laws around digital access to networks are archaic and very broad, they were mostly defined in the 80s and 90s. I believe any unauthorized access (i.e. not having consent from the owner/operator) to a private network is technically a crime. Even if the Jenkins server was open, I bet finding and using the S3 credentials would have crossed the line of the law. Those S3 buckets are private and if you didn't have permission to access them, even if you have the credentials because you found them elsewhere, you could be breaking the law.
Regards the archaic laws I'm not convinced, they tend to just parallel real world crimes. For example if you parallel it to the real world then the crime of trespass covers the Jenkins server situation (you can trespass on land that is open and easy to access) and you still commit a crime if you enter a house where you found the key on the floor outside the door, which covers the S3 situation.
Just accessing could also be seen as just looking through the window. And the lack of safety as a lack of curtain.
Trespassing implies a presence, this could be seen as installing some software or code to maintain access on a system.
Now let's imagine the OP went to the airline office and found that the door was open, on a desk there was a printed version of the nofly list, he takes a picture of each page and leaves. He would face 20 times less prison time.
Yes there's clearly a discrepancy regarding punishments but the point I was making was about the initial crimes. I'm also not saying I agree either; certainly a lot of the punishments for crimes in America seem disproportionate to the offences commited.
> downloading the no fly list and offering to share
(This is a genuine question) but where's the actual value in having this list?
I'm afraid I regard it as yet another piece of security theatre.
Full disclosure: my passport always fails to scan at the UK Border automated gates.
I had a discussion this week with yet another border agent after getting another "seek assistance" message and having to queue for a manual check.
I pushed for more information on why, for the last couple of years, it refuses to scan.
He suggested it's because I have very common first and middle names (although my surname is not common at all), so let's say I'm called Alice Bob MacQuaffle, someone called Alice and/or Bob is "on a list" somewhere. I would bet a substantial sum there is no-one on any terrorist watch list called MacQuaffle.
This sounds like someone approved a ridiculously broad match, meaning anyone called Alice and/or Bob is inconvenienced every single time they go near a border.
I would prefer to be safe when travelling just like the next guy, but matching watch lists using common first names ... only .... really?
We can be pretty sure it's not to protect anyone. Anybody too dangerous to allow on an airplane should probably be behind bars. What it does accomplish is letting the government punish people without justification let alone a trial and with pretty much no transparency or consequences when innocent people end up being hurt by it. I imagine that's a power which is hard to surrender, and 'we the people' haven't exactly been insisting that they give it up either.
> Someone who the US deems a danger but isn't in the US would fit this criteria.
If the bad person isn't in the US there's no need for US airlines to maintain a list of them which prevents them from getting on a plane, but then just sends them on their way to arrange other travel plans. What we want for really bad people outside of the US who should be arrested on sight at airports are warrants. Signed by judges. Not secret lists with no oversight or transparency, and not sending dangerous people back out into the American population.
Someone who is apparently so bad they can't be allowed through airport security into an aircraft, but only if that aircraft is travelling to or within the US?
Yet someone who is apparently so innocent they can't be arrested/detained/charged with anything, anywhere, and so are free to travel the rest of the world.
Doesn't sound right to me. A normal clause of that form would look like "she/her" and indicate that the pronoun is "she" as the subject of a clause and "her" otherwise.
This would indicate that maia wants to be referred to as "it" as the subject of a clause and "she" otherwise.
Both preferred multiple alternatives for nominative case (“it/she”) and preferred single alternatives for nominative and accusative case (“she/her”) are commonly used. When at least one of the pronouns involved are traditional pronouns rather than neopronouns this is pretty clear as to which is being used (though unless they are both standard pronouns, its ambiguous as to the accusative case to use with the neopronoun, but of course it indicates that the standard pronoun and its corresponding accusative form are acceptable, so that’s not really a problem), though if they are both neopronouns it might be ambiguous in theory (in practice, if they are both neopronouns, its always the second nominative/accusative form, not the multiple alterantives form.) Occasionally, you’ll find neopronouns presented in a triplet where the third is possessive case (which really should always be the case with neopronouns, since otherwise you’re left to conjure up your own possessive if one is needed.)
Well, thank you for explaining. I have complete respect for anyone's choices in this area but I'll leave the opinion on this particular choice to myself.
Edit: looking at other comments, it seems like it might not be the correct explanation after all?
As someone else noted, GP is just misunderstanding a frankly confusing subject. There are essentially two common ways for people to specify their pronouns.
Some people desire a single set of pronouns, and indicate this using the nominative/accusative pair (she/her, they/them, ze/zer).
Other people accept either of two different sets of pronouns, and indicate this preference using the two nominative forms separated by a slash (she/they, they/he, and apparently, it/she).
Because we already arbitrarily assign different pronouns to different people, usually based solely on their appearance, and there is no harm in letting people pick which type of gendered (or less gendered, in the binary sense) association they'd rather have.
There's an easier fix for that, instead of having to memorize everyone's "unique" preference (xy/xor/xeps), change the language to avoid the issue. "They" for everyone is the only logical evolution.
My native language doesn't have a he/she differentiation..
You don't have to memorize shit. When you refer to someone and they tell you "I prefer pronoun X" just use that pronoun for the rest of the interaction. If you interact with them regularly or they are important to you somehow, you will remember, the same as you remember a pet name or nickname or screenname. If you forget and interact with them again they will remind you. They will likely not be angry if you forget occasionally, and using their chosen pronouns will please them and endear them to you. They only get hurt if you obviously do it on purpose.
It's literally identical to the concept of learning someone's name, yet humans largely don't have a problem with that.
What? When you're interacting with a person, you don't need to know their pronouns. They are the first person in front of you, so the pronouns are "you" and "yours".
The third person pronouns kick in when talking about them, to someone else, almost certainly in their absence.
I know someone who says... it's pronouns are "it"... and using that really does make me uncomfortable, I agree. I _think_ (it hasn't necessarily told me this directly) that the choice may be intentionally to make people uncomfortable... like, why shouldn't you be uncomfortable thinking about gender? Lots of people are uncomfortable with gender, why shouldn't you be too? I think of it as a sort of art project... I'm not sure if it would be comfortable with that characterization or not. It also understands that some people can't handle this and will accept "they" without being offended, but really prefers "it", so if you're its friend and want to make them comfortable.... (I still don't love writing it even here with anonymous referent!)
I thought it was the right that accused the left of being precious snowflakes who aren't able to handle being uncomfortable ever? Why should you being uncomfortable be a blocker to referring to someone as they prefer, right? Being uncomfortable is part of life.
> the homepage really does say "hello i am maia arson crimew (it/she)".
> I'd feel uncomfortable referring to anyone as "it" though
In Five Children and It (published in 1902), the "It" of the title is a magical creature. However, one of the characters is a human baby who is always referred to with the pronoun "it". I glossed right over that reading the book as a child, but I found it pretty disturbing rereading as an adult.
However, once rereading the book had called the phenomenon to my attention, I noticed that it's not uncommon for me to want to refer to a generic child as "it". I wouldn't refer to a specific child that way.
So referring to a person as "it" is sometimes the normal thing to do. (And, of course, intensely inappropriate at other times.) On the other hand, the intro appears to specify that maia arson crimew wants people to use "she", an exclusively subject pronoun, as the object pronoun for she. That is deeply unnatural and virtually nobody will be able to comply; it's much worse than using "it" for a person.
> However, one of the characters is a human baby who is always referred to with the pronoun "it". I glossed right over that reading the book as a child, but I found it pretty disturbing rereading as an adult.
While it's uncommon today (and I think uncommon even by the time that book was written), use of 'it' for babies was definitely A Thing at one point.
I think a similar case would be if someone black asked you to call them an n word. They may be comfortable with that, but I am afraid others probably won't.
It's not good that you are uncomfortable when it asks you to talk about it with its preferred pronouns. It's 2023, it's about time you try to do what it ask you to do. When it tells you its preferred pronouns, try as hard as you can to follow it.
"It" has a pretty clear meaning in English, and it is not as a pronoun for people.
You seem eager to reduce this to "just" a pronoun issue, but it's not the same as calling someone "he" or "she", whatever they might prefer.
No one gets to single-handedly (re)define the English language for everyone else. "It" in this usage does not fall in to normal English usage, other than to mock people. That they want to use it nonetheless or whatever reason, that's fine with me. I will always listen to that and do my best to oblige with that within reason. However, radically different meanings for words in common grammatical structures, for me, falls outside of "within reason". Other people may choose different, and that is fine too.
In the absolutely fantastic novel Too Like Lightning there was a character that is famous for the life-like dolls made of it. Eventually it comes to term with the fact that its preferred identifier is "it" because it feels more comfortable being referred to as a doll, or inhuman, i.e. literally objectified, than it does with being considered traditionally human.
I also feel uncomfortable using "it" as a pronoun, luckily this person seems comfortable with "she/her" as well so we can just use those instead.
Maybe it’s something well know in the us/ gay sphere, but what does it refer to? I get to call the person he/she backwards so she/he feels acknowledged, I get calling one’s/they instead of he because it may be a woman and they will feel discriminated. But it referring to a person?
As an older trans person who's been subjected to targeted hate speech in public, I used to be pretty uncomfortable with younger trans people using it/its pronouns. It's understandable, let's give people some grace.
No one is obliged to endure morally sane discomfort for the sake of someone else’s comfort.
This isn’t “I don’t want to call her him because he’s a she.” The person you’re replying to has a very valid discomfort with reducing a person to an object’s pronoun. Completely understandable and defensible and beyond the apparent needs of the author.
I agree with you on this, but I feel a need to note that "it" refers to non-persons, not just inanimate objects. It's perfectly normal to refer to animals as "it", and it is also quite common to use it for babies (and even more common for fetuses). Not that this makes it any less weird to ask to be referred as "it", mind you.
Letting people choose whether to be referred to as men, women, or neutral (perhaps using neo-pronouns or singular them/they) is perfectly fine. But re-purposing existing words with other meanings is not. And "it" has a very specific meaning, one that just doesn't apply to conscious adult people. If I asked to be called "the object" that would not be a reasonable request, anymore than asking to be referred to as "it".
And particularly for "it" and other objectifying language, it has the huge problem that it makes other people uncomfortable. Especially those who overhear without being aware of your preference (imagine sending an email to a new client with text like "in my absence, contact my colleague X, it will assist you, it is an expert").
If I'm in a mixed group down the pub I won't at all be surprised if somebody (usually female) walks up to the table and says "hey guys" as a greeting, intending to include male, female and enby members of said group.
If I'm on the internet I'm not going to try and use "guys" as gender neutral because I fully expect I'd be misunderstood by a decent percentage of people reading if I did.
So I wouldn't say people are necessarily pretending, it's entirely possible they're just used to it being neutral and forgetting that for a bunch of people it very much isn't.
That's socially though - when talking about people I've slept with, I acknowledge I'd expect people to read 'guys' as only referencing the male-identified ones. Though I'm more likely to use 'dudes' for that purpose myself, because confusion around 'guys' can go in both directions.
A lot of people say this, and I WANT this to be true because I don't know of a similar term that really works. I don't think most women agree.
When my best friend came out as trans, I struggled to come up with a good way to refer to everyone as a group in a "hey everyone" kind of way. I eventually realized it's a stupid concept all together and walked into the room of my now mixed gendered friends while shouting "SUP CHODES!".
I think you're confused. The main person in the OP is crimew. The Daily Dot article talks about her in the first few paragraphs but towards the end they talk about a different security researcher that came across the same-ish list from a different source
I digged a little into this and to my understanding did she never actually 'hack' but just used publicy open data in a smart way which apparently is not illegal under swiss law.
I wish we just used “they” always. I am fine with people not wanting certain pronouns but I find it very tedious to track different pronouns in my head. Especially in a professional setting gender shouldn’t matter at all.
I have found ways to almost always write and talk with gender neutral pronouns, without sounding too weird. After working with colleagues that use gender neutral pronouns, I find myself being careful not to assume any gender specific pronouns, which means in most cases just not using them.
As an Australian, we seemed to develop a culture of calling everyone 'mate' regardless of gender etc. Helps since I can't ever remember a persons name, even after they've said it directly to my face.
I've got no issue with people wanting to use different pronouns, though usually I try to keep it neutral in conversation anyway. "They/their" is extremely easy to use without much thought.
I'm pretty sure this is one of those things that's true in the Northern half* of the country that people think applies everywhere, like crocodiles and jellyfish that kill you. I've lived in SA and Vic all my life and all my friends would just be insulted if I called them cunt instead of mate.
* "Northern Half" of course meaning above the Barassi Line and probably adding the NT, not the real geographic north.
Yeah, is there really interesting distinction. I was educated in a very conservative part of the country and they/them was the default Standard English practice. It wasn't about gender but it was about familiarity.
My pet peeve about using "they" is it seems to imply an undue politeness or superiority. Plurality is an ancient metaphor for power, and many languages today have the same form for a plural "you" and a polite "you". Another example is the royal "we".
Did you know you is actually the plural and the singular is thou?
My problem with any of this switching around is that since it's used by a very small minority in a very forced way, until it becomes mainstream in the way 'you' has become mainstream, it's confusing af.
I've had multiple instances when a they was mentioned in a decision and I had to ask, " wait I thought we only had one designer on this ticket who else got added... Oh you're using singular they.. got it"
We used to have that in English with the formal "you" and informal "thou", but politeness lead to the near-exclusive use of "you" until "thou" became archaic. And now that it's archaic, people think it must have been formal. Funny little circular journey.
I wish everyone was just named James. I had a good friend named James and it’s much easier to call everyone that than to learn a bunch of individual names.
The whole point of pronouns is to reduce cognitive overhead. If pronouns become something you have to remember for each person then you might as well drop them from the language and use names all the time.
It makes sense to me that individuals should have names. Pronouns tend to be much less information dense, and are used as shorthand. It doesn't make sense to me that pronouns should capture gender, as opposed to hair color, height, or age.
The property that pronouns capture is essentially arbitrary. That's why Romance languages assign gender to stuff like telephones and sandwiches.
The point of gendered pronouns is that sentences very often have two nouns: a subject and object. If you have only a single pronoun, then any sentence can only use a pronoun to unambiguously refer to one of those. If you have two pronouns and you randomly and evenly distribute them across various subjects, then it's fairly likely that the subject and object will get difference ones and you can now unambiguously use pronouns for both.
Since a very large fraction of human speech pertains to other humans and since human sex is a roughly 50/50 distribution, it makes some sense that we used gender as our mostly arbitrary thing to assign a pair of pronouns too. We could have used, say handedness instead, but with only ~10% of people being left-handed, the odds of a sentence being about a righty and a lefty is much smaller.
Pronouns are basically like special variables in a REPL that let you refer to the most recent expression. It's nice if you can refer back to a couple of them.
Why even use articles or pronouns, a better way would be to unambiguously mark every word with whether they're the object subject or whatever role it is in the sentence. Maybe tack on more flags as you need them for more information as needed
Hence why forcing my team to learn Hungarian has really been a no brainer and will really start to pay dividends in the next decade when we finally reach a working professional proficiency
Well, it certainly is a much stronger disambiguater than those other signals. Dividing a population in half is a pretty powerful technique.
Though now that I think about it age is also potent - you get the same rough division w.r.t relative age (younger vs older than the speaker), and you can divide the population roughly into quarters with ease and accuracy. Do miss and ma'am count as pronouns here? They code for age as well as gender
Hair color and height dont really have the same sort of dividing power broadly speaking.
Still, your line of thought there about what a pronoun should capture is intriguing.
I don't disagree with you in principle, but this take ignores the boots-on-the-ground reality for trans and nonbinary people.
Trans and nonbinary people are using this as a shibboleth to determine whether they can feel safe around you. You are not someone who wishes nonbinary or trans people harm, but unfortunately, there is a large segment of the population that does. The act of using someone's preferred pronouns is an act of saying "you are safe with me, I do not wish you harm." This is not a default or automatic assumption they can make, as it likely is for you.
Many trans and nonbinary people, through no fault of their own, have PTSD from how they've been treated by others. Even those that have not experienced hatred or violence directly are no doubt aware of the statistics.[0] You're correct that, in many cases, this is a mental health problem. It's an accommodation for a colleague or friend that needs your help, for now.
I have trans relatives and colleagues, and several I knew before they came out / transitioned. They've been understanding and patient when I have made mistakes, just as any normal person would be. It's not about hating people - in either direction. It's about treating people with kindness and respect and reminding those who are scared that you are on their side.
Yeah, I have trans friends and former colleagues, and can confirm all of this. I'd love to live in a world where it wasn't controversial or dangerous, but we are not in that world yet.
At least it got flagged! But since I can't reply to it and put some effort into typing a reply, I hope you don't mind me dropping it below.
---
What? I agree that for my tastes a lot of people take gender very seriously. But it seems wild to me to think this is somehow a new phenomenon.
For millennia in many societies one's society-assigned gender determined a great deal about one's status, including what work you could do, what work you could do, and what sort of violence against you was acceptable. And in a lot of times and places, misgendering somebody was used as a deliberate insult and could even be seen as "fighting words", legitimate legal cause for violence.
The only thing that has changed lately is a bit of individual freedom in picking that role for one's self. For those people, many consider it rude to ignore their choices, partly because of the history of gender, but partly because those people are targets of bigotry and violence. There's a whole list! https://en.wikipedia.org/wiki/List_of_people_killed_for_bein...
All moral codes have a "coercive" element to them, just like all legal codes do. If you're going to be rude, people may, gasp, say something about it. You trying to establish a different coercive moral code against that isn't somehow better. And getting all het up about it in this specific case, instead of all the other codes of politeness, suggests it's not really "coercive" morality you care about.
Personally, it seems to me that trans folks have a pretty hard role in life. They always did, but now at least they're getting to be open about it. I'm glad to support them in that; calling them how they want to be called seems like literally the least I could do. Indeed, as a thoroughgoing nerd, I spent a lot of my childhood getting shit on for being different, so I'm happy to help make space for different kinds of difference.
It looks like you posted a strident reply and then replaced it with something anodyne. Given that people have already replied, that strikes me as both rude and confusing. Just so everybody knows the edit history, here is your original comment:
----
>At least it got flagged!
Ah yes, censorship is good when it is an opinion you do not share, right? That I was flagged is wrong on the part of hacker news, and whoever got that ball rolling.
>All moral codes have a "coercive" element to them
Coercion is good too. Are you sure you're not the baddie here? Are you really sure?
>as a thoroughgoing nerd, I spent a lot of my childhood getting shit on for being different, so I'm happy to help make space for different kinds of difference.
Another popular strawman. I stated explicitly "live how you want" and yet you assert that I'm against difference or outcasts. You lied.
>trans folks have a pretty hard role in life
I'm speaking specifically of custom pronouns. If you cut off your junk and wear a dress, I think its rude not to call you "she". It is a shitty kind of idea that encourages people to introduce new error modes into their relationships, and the bitter irony is you think you're doing people a favor by doing that.
>Anyone who doesn't have the capacity to accept being called any pronoun has a mental health problem.
By this metric the vast majority of humanity has a mental health problem, and you're an exception. Most cis, het men do not like to be called she or a girl.
Yeah, that's pretty special. Personally as a cis nerd, I find the neurotypical obsession with gender roles pretty weird. I think we would be healthier if there were less of it, and like that we seem to be heading that way. But I don't think that makes everybody mentally ill.
Worth drawing a distinction between gender roles, which are mostly "socially constructed", and gender identity, which is someone's inherent sense of their gender (with a strong biological component).
Gender identity is an essential part of what makes us human. Some people have a stronger sense of it than others. To the extent that mental illness describes an actual objective thing, having a gender identity does not make someone mentally ill, because it doesn't by itself disrupt one's healthy functioning in society. It is when that gender identity is invalidated by others that it can affect people's mental health (just like calling someone a slur or insulting them can affect their mental health). It is still not an illness, though.
I don't want to involve myself in this argument but I will say that I can not see their original post. It displays as just "[flagged]" for me. I don't know if that's the app I'm using or what, but I cannot see the post.
Really? I see the "[flagged]", and the post, it's just slightly dimmer and I had to manually open it. I'm using no special extensions or anything, just a normal browser.
I’m curious to learn: if “they” is being added to style guides as a way to refer to a singular human without implying any gender, is “it” the same or is there a somewhat different meaning behind the usage?
"It" is not generally used in English to refer to people, and generally carries a dehumanizing or even pejorative connotation when used to refer to a person (it's not unheard of to see "it" used as a slur against binary trans people, for example-- using "it" in place of preferred pronouns).
Use "it" if someone specifically requests that "it" be used to refer to them. Don't if they do not.
"They" has been used as a singular pronoun as far back as the late 1300s, but for the case where you didn't know the gender of the person or the gender was not relevant. Using it for someone whose gender is gender is known but is not male or female is much newer.
Here's an article with details [1].
The problem of what pronoun to use for someone who is neither male or female is not new, of course. That article says:
> There have always been people who didn’t conform to an expected gender expression, or who seemed to be neither male nor female. But we’ve struggled to find the right language to describe these people—and in particular, the right pronouns. In the 17th century, English laws concerning inheritance sometimes referred to people who didn’t fit a gender binary using the pronoun it, which, while dehumanizing, was conceived of as being the most grammatically fit answer to gendered pronouns around then
I'll add that while the OED dates the singular they to the mid-14th century (betw. 1335-1361), use as to avoid gendering an individual is found from ca. 1450; the OED also gives earlier attestations for them (1429) and their (1398) of the same usage.
>Hasn’t it always been the case that you could use “they” as a way to refer to a singular human without implying any gender?
Yes, since Shakespearean times.
For example: "I saw someone walking down the street the other day, they were carrying a guitar" -> a normal use of they as the 3rd person singular pronoun.
No, and it’s frustrating for people who had it hammered into their reading and writing habits all through school. I can’t read a singular “they” without mentally tripping on it.
> No, and it’s frustrating for people who had it hammered into their reading and writing habits all through school. I can’t read a singular “they” without mentally tripping on it.
If you mean "no" in the sense that this specific sentence isn't true:
> Hasn’t it always been the case that you could use “they” as a way to refer to a singular human without implying any gender?
then you are mistaken, as sibling comments point out. Certainly there is a history of teaching people not to use singular 'they' (I don't know how long, but I was certainly taught it), but people have actually been using singular 'they' for a long, long time, and usage trumps fiat at least in English.
I once saw someone who goes by “it” explain that it liked “it” because it has a sort of ungendered quality to it, whereas “they” is instead gender-neutral. It explained that we use “they” to refer to humans because we assume humans are gendered, and the implied gender is the quality that makes “they” (or for that matter “he” or “she”) implicitly refer to a human. But it rejects the notion humans must be gendered, or that humans without gender are not human.
I'm not sure I agree with that argument, but it got me to think. It blends the linguistic and the philosophical.
Grammatically, “they” and “it” are the same gender, they differ in number.
Semantically, the difference in their singular use (prior to very recent evolutions) is that they was rarely used for specific known humams, and it was never uses for humans (but frequently for living things with sex and to whom grammatical gender corresponding to sex could also be used, in cases where the sex was unknown or unimportant, similar to the use of “they” for humans.)
So, while I find the idea of “they” as gender neutral but “it” as emphatically ungendered conceptuallt interesting, I don't really think it reflects historical usage differences.
OTOH, I suppose there could be debate about different presumptions of social gender vs grammatical gender here, too.
Should we overhaul all languages that use gendered language? I speak French and often think in French (le/la, etc), obviously I speak English, but a lot of modern English comes with heritage from cultures, languages, hell even concepts of thought (yes thinking in differently languages gives unique perspectives of the world).
Of all the most useful projects to humanity (diverting asteroids, developing free energy, curing cancers, solving childhood poverty, etc) in any top-3 list I'd put "having a single common language that is super-simple to learn and master and which everybody is taught from childhood".
Let's not change English or French then, but leave them as "classical" languages, but teach kids the new easy/expressive/explicit one. No gendered nouns, no phrasal verbs, no reported speech markers, etc.
Completing this initiative makes all the other ones easier to complete. And it's not like it's much more complicated than the other complicated things we donate to and try to push forward every year.
No - please do not use "it" as a catch-all pronoun for an unknown person. "It" is generally a dehumanizing term for a transgender person - though a minority use it as a pronoun (in those cases, go for it).
I’m not asking if they’re interchangeable. Just if “it” differs from “they” in some way in the above context where it sounds like that’s the individual’s preferred pronoun?
Yes, calling someone “it” has been a ridiculously offensive thing to do in my life experience.
It would be such a shame if groups that pride themselves on inclusivity had a socially acceptable reason to exclude lower-class and neurodivergent people...
It's really not that hard to keep a mental lookup table for each person and their custom pronouns and declensions.
Another pretty elegant solution I've found if there's too much confusion amongst our team is to suggest people switch to learning Hungarian which doesn't have gendered pronouns. A few years of intense study is a small price to pay so that we can avoid the catastrophic mistakes of accidentally calling someone who's not in the room the wrong gender
Unfortunately I tried that. After 3 years of Hungarian classes, I had a peer that demanded I speak to them in Klingon because they identified as hypermasculine. Now I have to start over again.
No, it's fine as is. I think you have は and が backwards but neither of them imply ドイツ語 is "doing something" even though it's the subject of the sentence. It's a pro-drop language so meanings that don't make sense are just excluded.
I was split between で or は, forgot all about が. Funnily enough I think omitting the particle altogether would have made more sense.
Edit: After further reading は seems to work fine. In this case I think both work but が places greater emphasis on the german language being the thing not understood. で however was totally incorrect :P. But due to the tacit nature of informal Japanese I think the context already informed the reader who doesn't understand what.
が marks the subject, and the subject of わかる is the thing that's being understood, not the thing that's doing the understanding.
(Maybe you meant subject in the non-grammatical way? It's confusing.)
Either way, は is fine in this sentence to the best of my understanding.
It marks ドイツ語 as the subject, and thus the thing being understood.
Bullshit. Why is a word that explicitly removes all identity connotations randomly dehumanization? Its one of the most neutral ways of indicating another, In the same way that "comrade" is.
> explicitly removes all identity connotations randomly dehumanization
It's not randomly dehumanization, the neuter gender that the pronoun system preserves has always communicated inanimacy (read: nonhuman-ness) against the masc/fem animate genders. Etymologically, this distinction has been more primitive than the masc/fem distinction. One feature of the neuter gender is the use of the object form in languages that distinguish it from the subject form, hence he/him, she/her, but it/it.
I sympathize with questioning but this is pretty harsh. The explanation is fairly simple. “It” is how we refer to most inanimate objects and “subhuman” creatures in the English language. Debates on how appropriate it is to be addressed in this way or desire to be addressed in this way aside, it’s certainly not random or a stretch to imagine why some might be uneasy with the idea if they feel it somehow associates the person with the aforementioned categories.
No, 'it' is not the same as 'they' here. To refer to a person of unknown pronouns, they/them/their/theirs/themself should be used. However, if one's pronouns are specified to be either they/them/their/theirs/themself or it/it/its/its/itself, use those preferred.
You are way out of line here, you don't get to decide how other people present themselves online and tying their persona to their gender or sexual identity is an outright stereotype/slur.
Corresponding news story: https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotecte...