Note how the definition there doesn't match any of the three definitions people gave me here, and none of the three here seem to match each other. Also, as your link says, the definition seems to have changed drastically in the past few years, so I can't even be sure that the link has the most up-to-date definition.

So, I was asking someone who seemed to be very passionate about being "against woke culture", to hear it directly from them. This is a conversational site, I figured it'd be fine, but seeing that my question is now downvoted I guess I need to better learn what conversations and questions are appropriate here.

I'm still new around these parts. Forgive me.

Usually when I try to ask this question, I just have angry people being angry with me, and I end up more confused. So it's nice to have some legitimate explanations come my way.

Thanks! This helps me understand it a bit more. Sort of a synonym for "virtue signalling" it seems?

Of course, but since you said you were vehemently against it, I thought you'd be the better person to give me some perspective and help me learn.

>I did want to avoid the labels as there's always someone who comes up and ask you to define the label instead of talking about the issue itself. In this case, censorship.

I would have found it much clearer if your comment said "I am against censorship at it's core, vehemently", and as an added bonus you wouldn't be annoyed by me asking about it.

But, to be clear, the reason I asked about the label instead of the issue is because I don't understand what issue(s) woke culture represents to you. So trying to talk about those issues would be difficult.

My impression so far is that woke culture is more than just censorship. I'm very anti-censorship, but I've also been called "woke" in passing as an insult, so unfortunately I'm still left a bit confused. Thanks anyways, though!

I'm curious what/how you define "woke culture", because the only definitions of "woke" I've ever heard are basically "thing I don't like" or "the left". Neither of those definitions have helped me understand what you are so vehemently against.

Can you help me understand what woke culture is to you?

This is a genuine question.

From the article, you do not need to have the data nor learn the hash from someone who had the data.

>Commit hashes can be brute forced through GitHub’s UI, particularly because the git protocol permits the use of short SHA-1 values when referencing a commit. A short SHA-1 value is the minimum number of characters required to avoid a collision with another commit hash, with an absolute minimum of 4. The keyspace of all 4 character SHA-1 values is 65,536

Very cool that it is not surprising to you.

But to others (some are even in this thread!) it is both new and surprising. They unfortunately missed your 4 year old comment, but at least they get to learn it now.

Some other thoughts:

>You let the manufacturer know, and you let them decide for the next steps.

Which, as history has proven, the "next steps" is generally to sweep it under the rug and to be forgotten about until it's exploited by a bad actor.

>it's not your business

But, what about when it is? On-topic: I drive a car, so I care about vulnerabilities in traffic lights and they may directly affect me. It's also my business if my personal data is stolen, or my identity, or corporate data, etc.

>You helped: no lawyers, no problems.

No problems... Until the vulnerability is exploited and it causes me a problem.

To me, it seems like you're suggesting that vulnerabilities are just left in play until someone malicious comes along and decides to do some real damage. But that seems so silly that I must be missing some alternative that you're thinking about.

I've read through these comment chains a few times, but I'm having a really hard time finding the "outrage", disingenuous or otherwise. Can you quote the part of the comment that displayed outrage?

>Do you and their security engineers even live in the same time zone?

Reading through this thread, you can find where the OP says that the time zones were accounted for.

I am very explicitly saying cryptographic erasure is not required if you are following physical destruction standards (in ISO 27001 and NIST 800-88, at least).

But if your threat model is that relaxed, you can just encrypt the whole drive, toss the key, and then format the device. This would likely be quicker than doing 10x write passes.

As a note, write passes are really only good for HDDs due to wear-leveling algorithms in every SSD.

But, I mainly made my comment in reply to this part of your comment:

>I’d assume this device targets that market.

Because I don't think there is any market where this SSD punching device would be compliant and cryptographic erasure wouldn't be compliant. At least, in my career, I have not seen any environment or standard where this would be considered compliant but cryptographic erasure wouldn't be.

If they are strict enough to not allow for cryptographic erasure (or the data is above a specific sensitivity), this device would likely not be in compliance either -- physical destruction generally requires shredding/grinding to a specific particulate size, or incineration, and this device does not appear to do either.

I'm not sure if I wasn't clear or if you didn't read my comment correctly.

Encrypting is not enough to prevent data recovery if data was written to disk prior to encrypting it.

In other words, if you want to be 100% sure about your data being safe, you must encrypt first (when the drive is brand new), or you must physically destroy the drive.

Of course, this clarification only matters if your threat model involves dealing with top-secret data and/or nation-state enemies.

EPPs will consist of threat detection and response (EDR), as well as proactive prevention, vulnerability management, threat intelligence, data-loss prevention, encryption management, etc.

I definitely do not know enough about the topic to approach answering your questions, but I'd certainly be interested in knowing the answers. I really hadn't thought about it in that context.

I think you've hit the crux the question. If there are only a few civilizations, I agree, that'd be an awe-inspiring deterrent.

However, if you don't know how many civilizations there are that are similarly advanced to your own, sending out a big "we're here!" message may be quite risky.

In terms of game theory, it's a sequential and incomplete information game. I think the smartest decision is to remain quiet.