#software used for auditing | Explore Tumblr posts and blogs

mariacallous · 4 months ago

Text

In the span of just weeks, the U.S. government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound.

First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had accessed the U.S. Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly $5.45 trillion in annual federal payments.

Then, we learned that uncleared DOGE personnel had gained access to classified data from the U.S. Agency for International Development, possibly copying it onto their own systems. Next, the Office of Personnel Management—which holds detailed personal data on millions of federal employees, including those with security clearances—was compromised. After that, Medicaid and Medicare records were compromised.

Meanwhile, only partially redacted names of CIA employees were sent over an unclassified email account. DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy.

This story is moving very fast. On Feb. 8, a federal judge blocked the DOGE team from accessing the Treasury Department systems any further. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

In any case, breaches of other critical government systems are likely to follow unless federal employees stand firm on the protocols protecting national security.

The systems that DOGE is accessing are not esoteric pieces of our nation’s infrastructure—they are the sinews of government.

For example, the Treasury Department systems contain the technical blueprints for how the federal government moves money, while the Office of Personnel Management (OPM) network contains information on who and what organizations the government employs and contracts with.

What makes this situation unprecedented isn’t just the scope, but also the method of attack. Foreign adversaries typically spend years attempting to penetrate government systems such as these, using stealth to avoid being seen and carefully hiding any tells or tracks. The Chinese government’s 2015 breach of OPM was a significant U.S. security failure, and it illustrated how personnel data could be used to identify intelligence officers and compromise national security.

In this case, external operators with limited experience and minimal oversight are doing their work in plain sight and under massive public scrutiny: gaining the highest levels of administrative access and making changes to the United States’ most sensitive networks, potentially introducing new security vulnerabilities in the process.

But the most alarming aspect isn’t just the access being granted. It’s the systematic dismantling of security measures that would detect and prevent misuse—including standard incident response protocols, auditing, and change-tracking mechanisms—by removing the career officials in charge of those security measures and replacing them with inexperienced operators.

The Treasury’s computer systems have such an impact on national security that they were designed with the same principle that guides nuclear launch protocols: No single person should have unlimited power. Just as launching a nuclear missile requires two separate officers turning their keys simultaneously, making changes to critical financial systems traditionally requires multiple authorized personnel working in concert.

This approach, known as “separation of duties,” isn’t just bureaucratic red tape; it’s a fundamental security principle as old as banking itself. When your local bank processes a large transfer, it requires two different employees to verify the transaction. When a company issues a major financial report, separate teams must review and approve it. These aren’t just formalities—they’re essential safeguards against corruption and error.

These measures have been bypassed or ignored. It’s as if someone found a way to rob Fort Knox by simply declaring that the new official policy is to fire all the guards and allow unescorted visits to the vault.

The implications for national security are staggering. Sen. Ron Wyden said his office had learned that the attackers gained privileges that allow them to modify core programs in Treasury Department computers that verify federal payments, access encrypted keys that secure financial transactions, and alter audit logs that record system changes. Over at OPM, reports indicate that individuals associated with DOGE connected an unauthorized server into the network. They are also reportedly training AI software on all of this sensitive data.

This is much more critical than the initial unauthorized access. These new servers have unknown capabilities and configurations, and there’s no evidence that this new code has gone through any rigorous security testing protocols. The AIs being trained are certainly not secure enough for this kind of data. All are ideal targets for any adversary, foreign or domestic, also seeking access to federal data.

There’s a reason why every modification—hardware or software—to these systems goes through a complex planning process and includes sophisticated access-control mechanisms. The national security crisis is that these systems are now much more vulnerable to dangerous attacks at the same time that the legitimate system administrators trained to protect them have been locked out.

By modifying core systems, the attackers have not only compromised current operations, but have also left behind vulnerabilities that could be exploited in future attacks—giving adversaries such as Russia and China an unprecedented opportunity. These countries have long targeted these systems. And they don’t just want to gather intelligence—they also want to understand how to disrupt these systems in a crisis.

Now, the technical details of how these systems operate, their security protocols, and their vulnerabilities are now potentially exposed to unknown parties without any of the usual safeguards. Instead of having to breach heavily fortified digital walls, these parties can simply walk through doors that are being propped open—and then erase evidence of their actions.

The security implications span three critical areas.

First, system manipulation: External operators can now modify operations while also altering audit trails that would track their changes. Second, data exposure: Beyond accessing personal information and transaction records, these operators can copy entire system architectures and security configurations—in one case, the technical blueprint of the country’s federal payment infrastructure. Third, and most critically, is the issue of system control: These operators can alter core systems and authentication mechanisms while disabling the very tools designed to detect such changes. This is more than modifying operations; it is modifying the infrastructure that those operations use.

To address these vulnerabilities, three immediate steps are essential. First, unauthorized access must be revoked and proper authentication protocols restored. Next, comprehensive system monitoring and change management must be reinstated—which, given the difficulty of cleaning a compromised system, will likely require a complete system reset. Finally, thorough audits must be conducted of all system changes made during this period.

This is beyond politics—this is a matter of national security. Foreign national intelligence organizations will be quick to take advantage of both the chaos and the new insecurities to steal U.S. data and install backdoors to allow for future access.

Each day of continued unrestricted access makes the eventual recovery more difficult and increases the risk of irreversible damage to these critical systems. While the full impact may take time to assess, these steps represent the minimum necessary actions to begin restoring system integrity and security protocols.

Assuming that anyone in the government still cares.

184 notes · View notes

mostlysignssomeportents · 1 year ago

Text

Demon-haunted computers are back, baby

Catch me in Miami! I'll be at Books and Books in Coral Gables on Jan 22 at 8PM.

As a science fiction writer, I am professionally irritated by a lot of sf movies. Not only do those writers get paid a lot more than I do, they insist on including things like "self-destruct" buttons on the bridges of their starships.

Look, I get it. When the evil empire is closing in on your flagship with its secret transdimensional technology, it's important that you keep those secrets out of the emperor's hand. An irrevocable self-destruct switch there on the bridge gets the job done! (It has to be irrevocable, otherwise the baddies'll just swarm the bridge and toggle it off).

But c'mon. If there's a facility built into your spaceship that causes it to explode no matter what the people on the bridge do, that is also a pretty big security risk! What if the bad guy figures out how to hijack the measure that – by design – the people who depend on the spaceship as a matter of life and death can't detect or override?

I mean, sure, you can try to simplify that self-destruct system to make it easier to audit and assure yourself that it doesn't have any bugs in it, but remember Schneier's Law: anyone can design a security system that works so well that they themselves can't think of a flaw in it. That doesn't mean you've made a security system that works – only that you've made a security system that works on people stupider than you.

I know it's weird to be worried about realism in movies that pretend we will ever find a practical means to visit other star systems and shuttle back and forth between them (which we are very, very unlikely to do):

https://pluralistic.net/2024/01/09/astrobezzle/#send-robots-instead

But this kind of foolishness galls me. It galls me even more when it happens in the real world of technology design, which is why I've spent the past quarter-century being very cross about Digital Rights Management in general, and trusted computing in particular.

It all starts in 2002, when a team from Microsoft visited our offices at EFF to tell us about this new thing they'd dreamed up called "trusted computing":

https://pluralistic.net/2020/12/05/trusting-trust/#thompsons-devil

The big idea was to stick a second computer inside your computer, a very secure little co-processor, that you couldn't access directly, let alone reprogram or interfere with. As far as this "trusted platform module" was concerned, you were the enemy. The "trust" in trusted computing was about other people being able to trust your computer, even if they didn't trust you.

So that little TPM would do all kinds of cute tricks. It could observe and produce a cryptographically signed manifest of the entire boot-chain of your computer, which was meant to be an unforgeable certificate attesting to which kind of computer you were running and what software you were running on it. That meant that programs on other computers could decide whether to talk to your computer based on whether they agreed with your choices about which code to run.

This process, called "remote attestation," is generally billed as a way to identify and block computers that have been compromised by malware, or to identify gamers who are running cheats and refuse to play with them. But inevitably it turns into a way to refuse service to computers that have privacy blockers turned on, or are running stream-ripping software, or whose owners are blocking ads:

https://pluralistic.net/2023/08/02/self-incrimination/#wei-bai-bai

After all, a system that treats the device's owner as an adversary is a natural ally for the owner's other, human adversaries. The rubric for treating the owner as an adversary focuses on the way that users can be fooled by bad people with bad programs. If your computer gets taken over by malicious software, that malware might intercept queries from your antivirus program and send it false data that lulls it into thinking your computer is fine, even as your private data is being plundered and your system is being used to launch malware attacks on others.

These separate, non-user-accessible, non-updateable secure systems serve a nubs of certainty, a remote fortress that observes and faithfully reports on the interior workings of your computer. This separate system can't be user-modifiable or field-updateable, because then malicious software could impersonate the user and disable the security chip.

It's true that compromised computers are a real and terrifying problem. Your computer is privy to your most intimate secrets and an attacker who can turn it against you can harm you in untold ways. But the widespread redesign of out computers to treat us as their enemies gives rise to a range of completely predictable and – I would argue – even worse harms. Building computers that treat their owners as untrusted parties is a system that works well, but fails badly.

First of all, there are the ways that trusted computing is designed to hurt you. The most reliable way to enshittify something is to supply it over a computer that runs programs you can't alter, and that rats you out to third parties if you run counter-programs that disenshittify the service you're using. That's how we get inkjet printers that refuse to use perfectly good third-party ink and cars that refuse to accept perfectly good engine repairs if they are performed by third-party mechanics:

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

It's how we get cursed devices and appliances, from the juicer that won't squeeze third-party juice to the insulin pump that won't connect to a third-party continuous glucose monitor:

https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/

But trusted computing doesn't just create an opaque veil between your computer and the programs you use to inspect and control it. Trusted computing creates a no-go zone where programs can change their behavior based on whether they think they're being observed.

The most prominent example of this is Dieselgate, where auto manufacturers murdered hundreds of people by gimmicking their cars to emit illegal amount of NOX. Key to Dieselgate was a program that sought to determine whether it was being observed by regulators (it checked for the telltale signs of the standard test-suite) and changed its behavior to color within the lines.

Software that is seeking to harm the owner of the device that's running it must be able to detect when it is being run inside a simulation, a test-suite, a virtual machine, or any other hallucinatory virtual world. Just as Descartes couldn't know whether anything was real until he assured himself that he could trust his senses, malware is always questing to discover whether it is running in the real universe, or in a simulation created by a wicked god:

https://pluralistic.net/2022/07/28/descartes-was-an-optimist/#uh-oh

That's why mobile malware uses clever gambits like periodically checking for readings from your device's accelerometer, on the theory that a virtual mobile phone running on a security researcher's test bench won't have the fidelity to generate plausible jiggles to match the real data that comes from a phone in your pocket:

https://arstechnica.com/information-technology/2019/01/google-play-malware-used-phones-motion-sensors-to-conceal-itself/

Sometimes this backfires in absolutely delightful ways. When the Wannacry ransomware was holding the world hostage, the security researcher Marcus Hutchins noticed that its code made reference to a very weird website: iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. Hutchins stood up a website at that address and every Wannacry-infection in the world went instantly dormant:

https://pluralistic.net/2020/07/10/flintstone-delano-roosevelt/#the-matrix

It turns out that Wannacry's authors were using that ferkakte URL the same way that mobile malware authors were using accelerometer readings – to fulfill Descartes' imperative to distinguish the Matrix from reality. The malware authors knew that security researchers often ran malicious code inside sandboxes that answered every network query with fake data in hopes of eliciting responses that could be analyzed for weaknesses. So the Wannacry worm would periodically poll this nonexistent website and, if it got an answer, it would assume that it was being monitored by a security researcher and it would retreat to an encrypted blob, ceasing to operate lest it give intelligence to the enemy. When Hutchins put a webserver up at iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, every Wannacry instance in the world was instantly convinced that it was running on an enemy's simulator and withdrew into sulky hibernation.

The arms race to distinguish simulation from reality is critical and the stakes only get higher by the day. Malware abounds, even as our devices grow more intimately woven through our lives. We put our bodies into computers – cars, buildings – and computers inside our bodies. We absolutely want our computers to be able to faithfully convey what's going on inside them.

But we keep running as hard as we can in the opposite direction, leaning harder into secure computing models built on subsystems in our computers that treat us as the threat. Take UEFI, the ubiquitous security system that observes your computer's boot process, halting it if it sees something it doesn't approve of. On the one hand, this has made installing GNU/Linux and other alternative OSes vastly harder across a wide variety of devices. This means that when a vendor end-of-lifes a gadget, no one can make an alternative OS for it, so off the landfill it goes.

It doesn't help that UEFI – and other trusted computing modules – are covered by Section 1201 of the Digital Millennium Copyright Act (DMCA), which makes it a felony to publish information that can bypass or weaken the system. The threat of a five-year prison sentence and a $500,000 fine means that UEFI and other trusted computing systems are understudied, leaving them festering with longstanding bugs:

https://pluralistic.net/2020/09/09/free-sample/#que-viva

Here's where it gets really bad. If an attacker can get inside UEFI, they can run malicious software that – by design – no program running on our computers can detect or block. That badware is running in "Ring -1" – a zone of privilege that overrides the operating system itself.

Here's the bad news: UEFI malware has already been detected in the wild:

https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/

And here's the worst news: researchers have just identified another exploitable UEFI bug, dubbed Pixiefail:

https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

Writing in Ars Technica, Dan Goodin breaks down Pixiefail, describing how anyone on the same LAN as a vulnerable computer can infect its firmware:

https://arstechnica.com/security/2024/01/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling/

That vulnerability extends to computers in a data-center where the attacker has a cloud computing instance. PXE – the system that Pixiefail attacks – isn't widely used in home or office environments, but it's very common in data-centers.

Again, once a computer is exploited with Pixiefail, software running on that computer can't detect or delete the Pixiefail code. When the compromised computer is queried by the operating system, Pixiefail undetectably lies to the OS. "Hey, OS, does this drive have a file called 'pixiefail?'" "Nope." "Hey, OS, are you running a process called 'pixiefail?'" "Nope."

This is a self-destruct switch that's been compromised by the enemy, and which no one on the bridge can de-activate – by design. It's not the first time this has happened, and it won't be the last.

There are models for helping your computer bust out of the Matrix. Back in 2016, Edward Snowden and bunnie Huang prototyped and published source code and schematics for an "introspection engine":

https://assets.pubpub.org/aacpjrja/AgainstTheLaw-CounteringLawfulAbusesofDigitalSurveillance.pdf

This is a single-board computer that lives in an ultraslim shim that you slide between your iPhone's mainboard and its case, leaving a ribbon cable poking out of the SIM slot. This connects to a case that has its own OLED display. The board has leads that physically contact each of the network interfaces on the phone, conveying any data they transit to the screen so that you can observe the data your phone is sending without having to trust your phone.

(I liked this gadget so much that I included it as a major plot point in my 2020 novel Attack Surface, the third book in the Little Brother series):

https://craphound.com/attacksurface/

We don't have to cede control over our devices in order to secure them. Indeed, we can't ever secure them unless we can control them. Self-destruct switches don't belong on the bridge of your spaceship, and trusted computing modules don't belong in your devices.

I'm Kickstarting the audiobook for The Bezzle, the sequel to Red Team Blues, narrated by @wilwheaton! You can pre-order the audiobook and ebook, DRM free, as well as the hardcover, signed or unsigned. There's also bundles with Red Team Blues in ebook, audio or paperback.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/01/17/descartes-delenda-est/#self-destruct-sequence-initiated

Image: Mike (modified) https://www.flickr.com/photos/stillwellmike/15676883261/

CC BY-SA 2.0 https://creativecommons.org/licenses/by-sa/2.0/

#pluralistic #uefi #owner override #user override #jailbreaking #dmca 1201 #schneiers law #descartes #nub of certainty #self-destruct button #trusted computing #secure enclaves #drm #ngscb #next generation secure computing base #palladium #pixiefail #infosec

576 notes · View notes

voltaspistol · 5 months ago

Text

So yeah, about Trump's "win"? It's starting to look like maaaaaaaybe that whole "voter suppression of persons of color" thing was the deciding factor, not Democrats who stayed home and didn't vote.

"Stay with me and I’ll give you the means, methods and, most important, the key calculations. But if you’re expecting a sexy story about Elon Musk messing with vote-counting software from outer space, sorry, you won’t get that here. As in Bush v. Gore in 2000 and in too many other miscarriages of Democracy, this election was determined by good old “vote suppression,” the polite term we use for shafting people of color out of their ballot. We used to call it Jim Crow. Here are key numbers: — 4,776,706 voters were wrongly purged from voter rolls according to US Elections Assistance Commission data. — By August of 2024, for the first time since 1946, self-proclaimed “vigilante” voter-fraud hunters challenged the rights of 317,886 voters. The NAACP of Georgia estimates that by Election Day, the challenges exceeded 200,000 in Georgia alone. — No fewer than 2,121,000 mail-in ballots were disqualified for minor clerical errors (e.g. postage due). — At least 585,000 ballots cast in-precinct were also disqualified. — 1,216,000 “provisional” ballots were rejected, not counted. — 3.24 million new registrations were rejected or not entered on the rolls in time to vote. If the purges, challenges and ballot rejections were random, it wouldn’t matter. It’s anything but random. For example, an audit by the State of Washington found that a Black voter was 400% more likely than a white voter to have their mail-in ballot rejected. Rejection of Black in-person votes, according to a US Civil Rights Commission study in Florida, ran 14.3% or one in seven ballots cast."

#us politics #Trump #voter suppression

89 notes · View notes

fluentmoviequoter · 1 year ago

Text

Accidental CI

Pairing: David "Deacon" Kay x fem!reader

Summary: When your employer's name comes up in a case, your best friend Deacon calls to ask for your help. He leads you into a dangerous situation, and you come out as more than friends.

Warnings: r works an unspecified corporate job, mentions weapon trafficking and guns, threats, mostly fluff!

Word Count: 3.1k+ words

Masterlist Directory | Deacon Masterlist | Request Info/Fandom List

“Hi, Deac,” you greet as you open the door.

“How was work?” he asks.

“It was fine. My boss forgot to start a software update last night so we didn’t have computer access until after lunch.”

“So, you got paid to sit there and do nothing?”

“Which isn’t that much different than most days,” you tease. “What about you? Any crazy calls?”

You lead Deacon into your kitchen, and his smile widens when he sees dinner waiting on your counter. He pulls you into a quick hug before telling you about his day at work.

“No injuries?” you ask softly.

“No injuries,” he assures. “What about you; any paper cuts that need tending to?”

“Just mental injuries for me. Our financial statements aren’t aligning like they should and if it’s not fixed by the next audit, someone’s getting in trouble.”

“What do you think caused it?”

“Oversight or adding the same bill twice, I’d guess. But I think we should talk about something more exciting than my future IRS investigation.”

“Then let’s talk about that amazing dinner over there and I’ll remind you that Luca wants to have a cooking competition with you.”

Deacon has been your best friend since he moved in next door. You also harbor an ever-growing crush on him. When you saw him climb out of the moving truck the first day, you knew you wanted to be close. He’s got a stressful job, so if you can give him a break and a friend, that’s what you’ll do.

Deacon watches the screen in the situation room as Hondo explains the corporate espionage turned weapon trafficking case. It's a strange move, going from stealing trade secrets to transporting illegal weapons across borders and into areas with strict gun control laws. Metro found a lot of evidence, but when they located the weapons supply in their prime suspect’s corporate office, they called in 20 Squad.

“Wait, go back. Who’s the suspect?” Deacon asks.

His eyes search the monitor as Hondo returns to a page of surveillance photos.

“Elwin Dupree. You know him?” Hondo responds.

“Not personally, but I know someone who works for him.”

“CI?” Chris guesses.

“No. She might be willing to help, though.”

“Call her,” Hondo says.

Hicks adds, “Otherwise, we’re going in blind. Metro has intel but it’s not enough to avoid an ambush.”

Deacon nods and walks out of the room. He presses a contact from his favorites list before raising his phone to his ear.

“Remind me why we work here?” your desk neighbor, whom you lovingly call Nola, says as she sits across from you.

“Because the pay is good… and we’re desperate,” you offer, smiling as you accept your favorite drink.

“May I remind you that Dupree is an idiot who can’t even remember what he asks us to do?”

“Just smile and go with it, Nola, it’s the easiest way to handle it.”

“The man called me into his office yesterday, and then didn’t know why I was there,” she whispers.

“That’s probably a good thing for you. Considering your nickname is based off of your reply of no; lazy.”

“I am lazy! So, I don’t like to do things. He can fire me whenever he wants.”

You roll your eyes and prepare to reply but are interrupted by your cell phone ringing. You apologize to Nola before you answer it.

“Hey, it’s me,” Deacon says on the other end of the line.

“Indeed, it is. What’s going on?” you reply.

“How do you know something is going on?”

“It’s mid-morning on a weekday. And you never call me.”

“I call you all the time!” Deacon argues.

You laugh before you say, “Not when you’re at work.”

“Okay, fine, you’re right. Listen, we’re working on something, and your boss’s name came up.”

“Dupree?” you inquire. “Why?”

“I can’t tell you exactly what we’re looking into, but Hondo and Hicks wanted to know if you’d be willing to help us.”

“Of course. Tell me what to do,” you agree.

“Can you come down here?”

“Uh, yeah,” you answer. You open the calendar on your computer and add, “I can spare an hour and a half, is that enough time?”

“Absolutely. Thank you,” Deacon says.

“Anything for you.”

You hang up and gather your things before standing.

“Where are you off to? Please tell me you’re leaving to go on a date with the hot neighbor you always talk about,” Nola whispers.

“Not today. There was a slight mishap for some of our paperwork. I have to run to another office and get everything sorted out,” you lie. “I’ll have my cell if you need anything.”

“Dodging bullets left and right, aren’t you? Go ahead, I’ll watch your phone and fill in Dupree if he notices you’re gone.”

“Thanks, Nola.”

When you park outside the station, your thoughts begin spiraling. You sit in your seat and wonder if you made the right decision. Will you be in Deacon’s way or be too distracted by him to even help? What if something happens to him while you’re with him? What if he-

A tap on your window draws you from your questions. You turn your head and see Deacon looking at you through the glass. You send him a small smile as he opens your door and bends to look at you. His head tilts to this side, and when he lowers to a squat, his brown eyes distract you as he looks up at you.

“You okay? You don’t have to do this if you don’t want to,” he says gently.

“No, I want to. Just- I was thinking too much, I guess,” you reply.

Deacon nods and stands before offering his hand to help you out of your seat. He closes the door and ensures it’s locked before moving his hand to your back to lead you inside.

“Nice to meet you. I’m Hondo,” Hondo says as you enter.

You shake Hondo’s hand and introduce yourself as you follow him further into the station. He doesn’t waste any time as he begins explaining as much as he can about how your boss is involved in the case they’re working.

“We’d like to send you in the get additional details on the office and any other information you can find,” Hondo says. “We’ve got basic floor plans, but we need insider info.”

“She can’t go in alone,” Deacon argues. “We don’t know what he has in that office. If she starts asking questions and he gets suspicious-“

You cut Deacon off by laying a hand on his shoulder and asking, “What if you go in with me? It wouldn’t be that hard for me to lie about who you are; Dupree doesn’t know most of the people who work in the building. Plus, you know what to look for better than I do.”

Hondo looks at Deacon and waits for his reply. You feel Deacon sigh against your hand before agreeing to go into the office with you.

“There’s an employee entrance without metal detectors, but you have to swipe a keycard,” you explain. “They’ll know if you piggyback with me.”

“Our techs can make him a keycard,” Hondo assures. “If you have yours, they can copy parts of it.”

You nod and pass your card to Hondo. He turns and gives it to a passing officer with a few short instructions. Deacon pats your arm as he leaves to change; his uniform isn’t business casual, but he said he'd find something more fitting.

“20 Squad is going to be close by,” Hondo begins. “Deacon can say a word and we’ll be inside, but if you need help and get separated from Deacon, try to get to a window. Signaling for help is easiest with this; just keep it in your pocket or your hand and press the button if you need us.”

You accept the small device and slide it into your pocket. It’s invisible, and you nod as Hondo reassures you everything will be okay.

“I know you can’t tell me what exactly Dupree is doing, but you’re going to catch him, right?” you ask softly.

“Absolutely. Nobody can run from S.W.A.T.”

You scan your keycard and wait for Deacon to do the same before opening the door. The employee entrance is on the side of the building, and you smooth your hands over your hips nervously. When you feel the device Hondo gave you, you relax slightly.

“We’ll walk to my desk, look at a few papers, and then go in?” you suggest as Deacon gestures for you to enter.

“Sounds good,” he agrees.

“The suit looks good,” you mumble as you walk toward the elevator.

Deacon chuckles as the elevator door opens, and you smile as he shakes his head at your flattery. The elevator is quiet, and as you wait to arrive on your floor, you take a few deep breaths. Deacon’s hand finds your lower back, and he rubs small, comforting circles before the door opens.

“Still working on the paperwork issue?” Nola asks when you reach your desk.

“Yeah, we are. This is Ryan from the Santa Monica branch,” you say.

Nola’s eyes narrow at you before she looks at Deacon’s hand. He’s close to you, like always, but you don’t understand her look. You raise your brows, but she only shrugs before looking back at her computer.

“Was it this one?” you ask Deacon.

He takes the blank form from your hand and nods. “Yes, this is the one.”

You return the paper to its rightful place on your desk before leading Deacon down another hallway. Nola’s reaction confused you at first, yet you’re not surprised when Deacon gently grabs your hip to stop you in the hallway.

“I’m sorry,” you whisper.

“It’s fine. Just stay calm and remember our covers. Like you said, Dupree won’t know any difference,” Deacon soothes. “And the team’s waiting for our signal if we need them.”

You nod, and Deacon’s hands raise to��your shoulders as he drops his chin to look into your eyes.

“You got this,” he promises.

“I need to discuss an urgent matter with Mr. Dupree,” you inform his secretary. “This is Mr. Ryan Davidson from the Santa Monica branch. There have been some discrepancies with paperwork submitted to their office, which needs Mr. Dupree’s immediate attention.”

His secretary raises the receiver of her desk phone and whispers into it. You turn to look at Deacon, and he tilts his head to the left to signal you to stay calm and wait.

“You can go on in,” the secretary says as she lowers the phone.

Deacon opens the door for you, and you step inside first.

“Hello,” Mr. Dupree greets. He doesn’t pretend to remember your name, you notice. “I heard there’s an issue with some paperwork?”

“Yes, sir,” Deacon says. “I’m Ryan Davidson with the Santa Monica office and we’ve been having issues; receiving incomplete or incorrect paperwork from this branch.”

“My sincerest apologies, Ryan. If you don’t mind, use that laptop there and sign into your account while I bring mine up. We’ll get this sorted.”

You stand back as Deacon walks to the table at the back of the office and opens the laptop. Mr. Dupree didn’t shake his hand, ask for identification, or take other proper steps before jumping to help. It’s suspicious, but probably not what Deacon and his team need.

“What kind of incorrect information have you seen?” Mr. Dupree asks. You open your mouth to answer, and he adds, “Ryan?”

“Financial statements that aren’t matching previous months, for one. Most likely an oversight or adding the same bill twice. Nothing too extreme, just something we need sorted before the end-of-year audits,” Deacon answers.

You raise your eyebrows in surprise at his response. He practically repeated a complaint you shared during your last dinner together.

“Very well. I don’t know why the system is moving so slowly,” Dupree responds. He moves his hand under his desk as Deacon types.

You watch Dupree because Deacon’s team is getting him the access he needs. When you see the handle of a gun gripped in Dupree’s hand, you call, “Gun!” and drop to the floor just before he shoots above your head.

Deacon pulls his own weapon and points it at Dupree as he demands, “Put the gun down. I’m Sergeant Kay, L.A.P.D. S.W.A.T.”

As Deacon speaks, you slowly press your back against the side of Dupree’s desk, where he can’t see you. Deacon’s eyes are on Dupree, but you watch Deacon because you trust him to keep you safe.

“I could put it down,” Dupree says. “But if I angle it like this and pull the trigger, wouldn’t it hit your little friend?”

Deacon glances at you quickly, and you lock eyes before you shift away from the oversized desk.

“One more time: drop the gun,” Deacon repeats.

You can’t see Dupree, but you clap your hands over your ears as you hear two shots. Everything goes quiet, and you lean forward slowly to look for Deacon. He kneels before you and gently pulls your hands away from your head. You let him move you before surging forward to hug him. He welcomes you into his arms as footsteps echo in the hallway outside.

“It’s okay. We got him,” Deacon promises.

You nod against Deacon and allow him to help you stand. Deacon keeps you angled away from Dupree’s desk, and you’re happy to avoid looking.

“Did you get everything you need?” you ask quietly as Street and Luca lead a paramedic inside.

“We did. Are you okay?”

Deacon lays a hand on your shoulder, and his thumb presses gently into your tense muscles as he looks into your eyes.

“Get her out of here. Hondo said you can take the rest of the day. Maybe she can practice for the competition,” Luca calls.

“I think you need the practice more than me,” you reply without turning.

Luca laughs as Deacon wraps an arm around your shoulders and leads you out of the office. He takes you back to your desk to get your things, and Nola rushes to hug you when you enter the open area.

“I heard the shots and was so worried!” she exclaims. “You’re okay?”

“I’m fine,” you promise.

“Then I need you to do something. Go home and ask your neighbor out. Don’t wait too long,” she says.

You nod and return to Deacon’s side. He heard everything from where he was standing, yet doesn’t comment as he helps you into the passenger seat of his car. Once you’re on the road, he fills the silence by asking you questions about what you will cook for your competition with Luca. You know he’s trying to distract you from what happened, and you appreciate it.

Back at the station, you sign some paperwork to receive CI benefits before walking to Deacon’s side. He offers to drive you home and keep you company, which you happily accept. You never like leaving Deacon and don’t want to be alone tonight.

“I waited too long,” Deacon murmurs while walking you out.

You stop and turn to face him as you ask, “For what?”

“What your friend said. I waited too long to ask you out.”

You smile and slide your hand into his. “Did you know that Nola looked at us like that because you were standing really close to me?" Deacon shrugs, and you explain, “I never shut up about you, Deac. I’m in love with you, so she was confused about why I was standing so close to another man.”

“Never?” Deacon repeats playfully.

“You didn’t wait too long, Deac,” you promise.

“I didn’t?”

“Not if you take your chance right now.”

Deacon looks around quickly before yelling, “Hicks! Did you file it yet?”

“No; I’m busy, Deacon,” Hicks answers.

“Can you make her Hondo’s CI?”

Hicks looks between the two of you and rolls his eyes. “Yes, I can.”

When Deacon turns back to you, he doesn’t give you time to speak before he asks, “Will you go out with me?”

“Nothing would make me happier,” you answer.

Your smile grows to match Deacon’s, but he makes it disappear when he pulls you in and kisses you. The sound of clapping makes you open your eyes as you pull back. Hondo leads 20 Squad in a round of applause, and you bury your face in Deacon’s chest to hide your grin and burning embarrassment.

“My CI’s never end up like this,” Hondo jokes.

“Pretty good timing, though, wasn’t it?” Deacon asks as he wraps his arms around you.

You stand wordlessly from the couch and walk past Deacon. He turns to watch you as you enter your bathroom and close the door. It only takes a moment for him to decide to follow you.

“Are you okay?” Deacon asks from outside the door. “And don’t just say you’re fine. We both know you’re not.”

You open the door and lean against the vanity as he walks in. “I feel bad that you had to shoot Dupree. I know he’s fine and he’ll recover, pay for him crimes, and everything. But you probably wouldn’t have done that if I wasn’t there.”

“Don’t think like that. If he had refused to drop the gun or fired again, I would have stopped him. Whether you were there or not. The only thing that was different was how fast I decided to do it; he was threatening you, but that didn’t affect my reaction itself.”

You nod, and Deacon places his hands on the vanity, caging you and keeping you close. “Don’t carry that guilt around,” he requests. “It gets heavy quickly.”

You slip your arms under Deacon’s to circle his waist. Because of your position, you look up at him and ask, “Could I have another kiss to help me overcome all of this guilt?”

Deacon laughs as his hand raises to rub your back. “Anything for my accidental CI.”

“I’m Hondo’s CI,” you remind him.

“But I’m the one that gets to kiss you, so who has the better timing?”

You let your kiss answer the question, and when Deacon pulls you against him to be even closer, you know that the wait was worth it. Though you probably won’t agree to go into the office of a weapon trafficker with him again, you will always be ready to help him when he asks and comfort him when he can’t. Despite how much you loved Deacon when you thought you could only be friends, you feel more love now that you know he feels the same.

#hanna writes✯#david deacon kay x reader #deacon kay x reader #david kay x reader #deacon kay fluff #david deacon kay #deacon kay #fem!reader

181 notes · View notes

askagamedev · 27 days ago

Note

Bungie is in hot water for the exposure of deep plagerism from a designer, with devs and directors following the artist for many years.

In cases like this, why didn't they hire or consult them instead of plagerising the work? It seems like such a simple solution, that i'm certain there must be something I don't understand.

Bungie has had this happen before, how does such trouble make it through the system?

Bungie's leadership says they didn't know that it happened, and I believe them. In a big studio like Bungie, there are literally hundreds of developers creating and modifying assets dozens of times on a daily basis. There is no way for any human to audit every single asset checked in to the depot against the sum total of the internet, especially when we're trying to keep things under wraps before the game is ready to be announced. Game devs don't have the kind of software tools that Youtube does to police for bad actors uploading copyrighted material.

When individual actors do this, they don't tell their bosses that they've stolen other peoples' work. They hide it and pass the work off as their own and hope nobody notices. This behavior is never condoned or encouraged by leadership because it causes nothing but a big mess for everyone involved if it gets found out. The bigger the team, the more likely somebody will notice this kind of thing. However, it isn't 100% for the same reason that players find bugs that QA missed - when a game goes public, there's often several orders of magnitude more eyes looking at it than internally. More eyeballs looking mean that it is more likely that stolen assets get found out.

After such things happen, the studio's legal representation invariably does reach out to the legally injured party (in this case Antireal) with a settlement offer. Such offers usually include a non-disclosure agreement and a non-disparagement clause in exchange for payment and either a license for the art or removal of all offending assets from the game. That is likely what is going on right now between Bungie and Antireal.

[Join us on Discord] and/or [Support us on Patreon]

Got a burning question you want answered?

Short questions: Ask a Game Dev on Twitter

Short questions: Ask a Game Dev on BlueSky

Long questions: Ask a Game Dev on Tumblr

Frequent Questions: The FAQ

#legal implications #how things work #current events #bungie #art theft

35 notes · View notes

vonbabbitt · 2 months ago

Note

What audio editing software did you use to create Tetro Pink?

everything is done in adobe audition!

#jayden-mattz #ask #von.txt

42 notes · View notes

syzygy-podfic-project · 10 months ago

Text

Syzygy Podfic Project Auditions - Second Round!

Are you interested in voice acting, but intimidated by the prospect of a large role? Did you consider auditioning for the Syzygy project before, but didn't because of time constraints? Are you just finding out about this project now and wishing you had discovered it sooner so you could be a part of it?

Well, you're in luck, because the Syzygy Podfic Project is in need of extra voices to fill out our cast! There are dozens of minor roles that are perfect for anyone hoping to dip their toes into voice acting in a large project!

Find the audition information here!

Make sure to only submit the form once you are confident in your recording! Only the first submission will be accepted, so take your time and get the best take you can before submitting!

Tips for recording your audition:

Record in a small space that's insulated - a closet can work very well, as the clothes can minimize the echo and avoid too many outside sounds.

Make sure you are the proper distance from your microphone - this can take some testing and trial and error!

Have your microphone resting on a flat surface, don't attempt to move it while recording.

Don't be afraid to do multiple takes and only pick your favorite ones!

Audacity is a free audio recording software that is very intuitive for a beginner to use, if you're looking for a recording program.

Feel free to send an ask if you have any questions!

@tsseventhub @sanders-sides-events

#syzygy podfic project #sanders sides #thomas sanders #logan sanders #patton sanders #remus sanders #roman sanders #virgil sanders #audition info

60 notes · View notes

captain-acab · 2 years ago

Note

Do you have a more up to date link for a hacked spotify for android? I found your post from 2022 but the link doesn't have a version that's up to date with the version of spotify I have.

Thanks 💚

Not exactly. I actually don't use the hacked Spotify app anymore. I prefer Spotube, a free open-source app that interfaces directly with the Spotify web API. It also let's you download songs and albums directly, which the hacked app didn't do!

Overall Spotube is more stable, trustworthy (because the code source is open and community-audited), and will never be at risk Spotify patching the hack or disabling your account for violating terms of service, because it uses 100% legal software.

(P.S. the first link leads to F-Droid, an alternative app store for free, community-driven, open-source apps. That's where you can also download NewPipe, my favorite ad-free youtube app.)

#Spotify #Foss #Fossware #Libre #open source #Open-source #FLOSS #Spotube #Ad free #Adblocking #Adblocker #Ad free Spotify #Spotify Premium #Spotify ads

183 notes · View notes

1auditmanagementsoftware · 2 months ago

Text

Audit Management System Software

The "Audit Management System Software" in 1Audit is designed to support and simplify the audit process. It allows for seamless management and monitoring of audit files anytime and anywhere. With features like document control, collaboration, professional compliance, and cloud-based access, it ensures efficient task management and secure document storage. The software helps streamline audit workflows by automating essential processes, managing user permissions, and supporting communication among audit teams, ultimately improving the audit's accuracy and effectiveness.

0 notes

machine-saint · 2 years ago

Text

i think one of the fundamental problems with the word "techbro" is that it has multiple meanings, some of which contradict each other.

the original term brogrammer referred to programmers who act in a very stereotypical masculine way, as a pejorative. the word "techbro" was sometimes used as a synonym for this. this is why the word "bro" is there, because it's a comparison to frat bros. this is also the only sense mentioned on the wikipedia page. this is also the sense i see the least usage of on tumblr; it was really more of a thing back in 2012-2013 or so.

people also use it to refer to people who are pushing the latest fad; web 3.0, blockchain shit, NFTs, LLMs, whatever. this usage does not require that the person actually knows anything about programming. some of these people genuinely believe in what they're advocating for, some of them are just hopping onto the latest money-making thing. this is the y combinator set.

a third usage is to refer to people who are very into self-hosting, and "own your hardware" type stuff and don't understand that computing is a compromise and not everyone wants to spend all their effort getting stuff to work. this is the rms type. unlike the second definition, this one requires the person to have fairly deep technical knowledge. theoretically you could have someone who doesn't know a lot about computers but is real big into this kind of stuff, but in practice that never happens.

(i'm broadly sympathetic to this type; i avoid music streaming and sync all my music using open-source software, that sort of thing. the "techbro" part, in theory, comes when they look down on others for not making the same choices. of course, the line between "you're looking down on me" and "you're arrogant for simply believing that you're right" is thin.)

in particular, sense-2 and sense-3 "techbros" have very opposite beliefs! one wants to run everything "in the cloud", the other wants to run everything locally. one wants to let chatgpt run your life, the other hates the idea of something they can't audit be that important. both tend to be very "technology will save us" types, but the way they go about that is very different. one makes very sleek-looking but extremely limited UI, the other will make ultra-customizable, ultra-functional UI that's the most hideous and hard-to-use thing you've seen in your life.

and so you can see here the problem: what can we actually say about "techbros" that's meaningful, other than "techbro is when i don't like someone who likes technology"? if a word isn't used as a self-descriptor, but only as an insult, what stops it from becoming broader and broader until it loses all usefulness?

#discourse #techbro

213 notes · View notes

mariacallous · 5 months ago

Text

Elon Musk’s minions—from trusted sidekicks to random college students and former Musk company interns—have taken over the General Services Administration, a critical government agency that manages federal offices and technology. Already, the team is attempting to use White House security credentials to gain unusual access to GSA tech, deploying a suite of new AI software, and recreating the office in X’s image, according to leaked documents obtained by WIRED.

Some of the same people who helped Musk take over Twitter more than two years ago are now registered as official GSA employees. Nicole Hollander, who slept in Twitter HQ as an unofficial member of Musk’s transition team, has high-level agency access and an official government email address, according to documents viewed by WIRED. Hollander’s husband, Steve Davis, also slept in the office. He has now taken on a leading role in Musk’s Department of Government Efficiency (DOGE). Thomas Shedd, the recently installed director of the Technology Transformation Services within GSA, worked as a software engineer at Tesla for eight years. Edward Coristine, who previously interned at Neuralink, has been onboarded along with Ethan Shaotran, a Harvard senior who is developing his own OpenAI-backed scheduling assistant and participated in an xAI hackathon.

“I believe these people do not want to help the federal government provide services to the American people,” says a current GSA employee who asked not to be named, citing fears of retaliation. “They are acting like this is a takeover of a tech company.”

The team appears to be carrying out Musk’s agenda: slashing the federal government as quickly as possible. They’re currently targeting a 50 percent reduction in spending for every office managed by the GSA, according to documents obtained by WIRED.

There also appears to be an effort to use IT credentials from the Executive Office of the President to access GSA laptops and internal GSA infrastructure. Typically, access to agency systems requires workers to be employed at such agencies, sources say. While Musk's team could be trying to obtain better laptops and equipment from GSA, sources fear that the mandate laid out in the DOGE executive order would grant the body broad access to GSA systems and data. That includes sensitive procurement data, data internal to all the systems and services GSA offers, and internal monitoring software to surveil GSA employees as part of normal auditing and security processes.

The access could give Musk’s proxies the ability to remote into laptops, listen in on meetings, read emails, among many other things, a former Biden official told WIRED on Friday.

“Granting DOGE staff, many of whom aren't government employees, unfettered access to internal government systems and sensitive data poses a huge security risk to the federal government and to the American public,” the Biden official said. “Not only will DOGE be able to review procurement-sensitive information about major government contracts, it'll also be able to actively surveil government employees.”

The new GSA leadership team has prioritized downsizing the GSA’s real estate portfolio, canceling convenience contracts, and rolling out AI tools for use by the federal government, according to internal documents and interviews with sources familiar with the situation. At a GSA office in Washington, DC, earlier this week, there were three items written on a white board sitting in a large, vacant room. “Spending Cuts $585 m, Regulations Removed, 15, Square feet sold/terminated 203,000 sf,” it read, according to a photo viewed by WIRED. There’s no note of who wrote the message, but it appears to be a tracker of cuts made or proposed by the team.

“We notified the commercial real estate market that two GSA properties would soon be listed for sale, and we terminated three leases,” Stephen Ehikian, the newly appointed GSA acting administrator, said in an email to GSA staff on Tuesday, confirming the agency’s focus on lowering real estate costs. “This is our first step in right-sizing the real estate portfolio.”

The proposed changes extend even inside the physical spaces at the GSA offices. Hollander has requested multiple “resting rooms,” for use by the A-suite, a team of employees affiliated with the GSA administrator’s office.

On January 29, a working group of high-ranking GSA employees, including the deputy general counsel and the chief administrative services officer, met to discuss building a resting room prototype. The team mapped out how to get the necessary funding and waivers to build resting rooms in the office, according to an agenda viewed by WIRED.

After Musk bought Twitter, Hollander and Davis moved into the office with their newborn baby. Hollander helped oversee real estate and office design—including the installation of hotel rooms at Twitter HQ, according to a lawsuit later filed by Twitter executives. During the installation process, one of the executives emailed to say that the plans for the rooms were likely not code compliant. Hollander “visited him in person and emphatically instructed him to never put anything about the project in writing again,” the lawsuit alleged. Employees were allegedly instructed to call the hotel rooms “sleeping rooms” and to say they were just for taking naps.

Hollander has also requested access to Public Buildings Service applications; PBS owns and leases office space to government agencies. The timing of the access request lines up with Ehikian’s announcement about shrinking GSA’s real estate cost.

Musk’s lieutenants are also working to authorize the use of AI tools, including Google Gemini and Cursor (an AI coding assistant), for federal workers. On January 30, the group met with Google to discuss Telemetry, a software used to monitor the health and performance of applications, according to a document obtained by WIRED.

A-suite engineers, including Coristine and Shaotran, have requested access to a variety of GSA records, including nearly 10 years of accounting data, as well as detailed records on vendor payments, purchase orders, and revenue.

The GSA takeover mimics Musk’s strategy at other federal agencies like the Office of Personnel Management (OPM). Earlier this month, Amanda Scales, who worked in talent at Musk’s xAI, was appointed as OPM chief of staff. Riccardo Biasini, former Tesla engineer and director of operations at the Boring company, is now a senior adviser to the director. Earlier this week, Musk cohorts at the US Office of Personnel Management emailed more than 2 million federal workers offering “deferred resignations,” allegedly promising employees their regular pay and benefits through September 30.

The email closely mirrored the “extremely hardcore” note Musk sent to Twitter staff in November 2022, shortly after buying the company.

Many federal workers thought the email was fake—as with Twitter, it seemed designed to force people to leave, slashing headcount costs without the headache of an official layoff.

Ehikian followed up with a note to staff stressing that the email was legitimate. “Yes, the OPM email is real and should be taken very seriously,” he said in an email obtained by WIRED. He added that employees should expect a “further consolidation of offices and centralization of functions.”

On Thursday night, GSA workers received a third email related to the resignation request called “Fork in the Road FAQs.” The email explained that employees who resign from their positions would not be required to work and could get a second job. “We encourage you to find a job in the private sector as soon as you would like to do so,” it read. “The way to greater American prosperity is encouraging people to move from lower productivity jobs in the public sector to higher productivity jobs in the private sector.”

The third question posed in the FAQ asked, “Will I really get my full pay and benefits during the entire period through September 30, even if I get a second job?”

“Yes,” the answer read. “You will also accrue further personal leave days, vacation days, etc. and be paid out for unused leave at your final resignation date.”

However, multiple GSA employees have told WIRED that they are refusing to resign, especially after the American Federation of Government Employees (AFGE) told its members on Tuesday that the offer could be void.

“There is not yet any evidence the administration can or will uphold its end of the bargain, that Congress will go along with this unilateral massive restructuring, or that appropriated funds can be used this way, among other issues that have been raised,” the union said in a notice.

There is also concern that, under Musk’s influence, the federal government might not pay for the duration of the deferred resignation period. Thousands of Twitter employees have sued Musk alleging that he failed to pay their agreed upon severance. Last year, one class action suit was dismissed in Musk’s favor.

In an internal video viewed by WIRED, Ehikian reiterated that GSA employees had the “opportunity to participate in a deferred resignation program,” per the email sent by OPM on January 28. Pressing his hands into the namaste gesture, Ehikian added, “If you choose to participate, I offer you my heartfelt gratitude for your service to this nation. If you choose to stay at the GSA, we’ll work together to implement the four pillars from the OPM memo.” He ended the video by saying thank you and pressing his hands into namaste again.

52 notes · View notes