This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
This is such a non-issue in my opinion. The correct analogy would be that you receive a phone call directly from the CEO's deputy, where he verifies his identity, and tells you "you're about to receive an email saying...". In such a situation, I imagine the calculus would be different. Reporting it as a phishing attack would be malicious compliance or outright disruptive and you should expect to be on the CEO/deputy's shit list.
I'm sure there are a lots of things DOGE intends to do with this special project. Identifying the most disruptive federal employees is hopefully at the top of this list. The best strategy for any fed employee is to keep their head down and get lost in the hundreds of thousands of other low level fed workers. The email is brilliant because this stuff is like catnip to the most ideological of trump's enemies. They literally cant resist fighting back and "Resisting". It's truly a brilliant move.
If that email didn't copy at least 1 person direct management chain, it would be extremely irregular.
The main reason, of course, is that if the CEO or his deputy wanted me to do something, he would want to direct my management chain to make that happen and to supervise it and to remove any roadblocks.
My guess is that part of the idea is to route around management. Presumably do-nothing employees are already known to their managers, but have been receiving some sort of protection for years.
Which is a recipe for failure.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
Depends on if the CEOs deputy is in my management chain. If the CEO asks me for a status report it's weird, but sure, he gets it. But if e.g. the VP of a division not my own sends it, that's a different question.
More options
Context Copy link
Eeeeeeh. I'm generally pro-DOGE, but I don't think you appreciate the justified paranoia of the average federal employee or contractor. Because the relentless phishing attempts are truly out of this world. And it's not beyond the capabilities of our adversaries to take whatever email DOGE is sending out, and then create a phishing template out of it. The fact that Elon tweets so damned much about everything he's doing just makes this all the easier.
Add to that the fact that they get training monthly about cyber security best practices, usually with an emphasis on phishing. Add to that the typical level of incompetence in the government.
Thankfully this had nothing to do with national secrets, but I was at a federally museum in DC once. I had to scan a QR code to pull up the webpage to pay for tickets to a specific exhibit. I had a shitty old phone with a 3rd party QR scanner. Unknown to me, since I used it so rarely, the QR scanner had been turned into malware. I scanned the code, and instead of giving me the URL it represented, an ad appeared pretending to be the link I scanned. I only know this in retrospect. It took me to a suspicious looking website asking me to sign up for something with my credit card. Doubtful, I showed the person at the desk with the QR code directing people how to buy tickets. They squinted at it for a moment, and then confidently told me it was the correct website. It wasn't, it stole my credit card, I didn't get tickets, and they just shrugged. I had even showed them the website twice thinking that it really didn't look right. I should have trusted my gut, but my wife was riding my ass to stop being paranoid and just get the tickets already before they sell out, and our kid was hungry and bored. It was a frustrating lesson in trusting my gut and ignoring everything else.
I get phishing emails as a contractor literally every day. I work at a small company. I know literally everybody in the company. I know the people in these emails are fictitious. Sometimes I get emails "from" people who actually work at the company asking for shit it's nonsensical for them to ever ask for, with a replyto that's bullshit, or some url shortening link that they'd never actually use. Or other shenanigans. It never ends. I'd say I'd seen it all, but once or twice a year they come up with something new that really gives me pause.
Eventually you just get worn down, and you start to ignore everything that isn't from a known point of contact, preferably not even over email. Slack is preferred in my organization.
Ideally this is the sort of thing cryptographic signatures are supposed to be good for. "Email from the CEO asking us to buy gift cards? Did he sign it with a valid RSA key that is signed by our CA? No? Then I'll just wait for clarification."
Even though much of the infrastructure for this exists in the large organization I work in, it doesn't get used for the broadcast emails that go to everyone (actually, a small subset are, but only one department seems to care), even though it would seemingly be useful. But I suppose the crypto dream of the '90s will always be "the future" because
normiesnon-nerds don't understand or appreciate it.More options
Context Copy link
More options
Context Copy link
More options
Context Copy link