The political issues are all somewhat valid, but like most political issues rather more complicated (and also more debated) than described.
I’m not sure whether the commenter speaks Swedish or not, their username seems to suggest they do (sv_SE is the language code for the Swedish [country] dialect of Swedish [lang]) but their comment reflects a phenomenon I’ve both experienced and witnessed:
Swedes are more likely to discuss policy issues in Swedish (and all of these issues are debated back and forth with varying degrees of success). Our grasp of English is mostly contextual since it’s a secondary and utilitarian language for us. I think it’s easy and natural for an English-speaker to mistake hitting language barriers as ignorance. That can extend into the ESL-speaker [English as a Secondary Language] feeling belittled, and eventually you get this effect of people just avoiding English because you associate it with feeling stupid. We get the French-waiter-that-clearly-speaks-English-but-refuses-to trope.
On the other side of that fence we have ESLs butting in on domestic affairs in English-speaking countries because we happen to speak the language. That makes us appear elitist and judgmental, too.
Apologies for deviating further from the topic.
Going back to the legality of the car: It’s complicated. The police claims it’s illegal to use autopilot on their website, but there’s a blurry line between adaptive cruise control/lane assist and autopilot. The competition requires cars to be insured, hopefully that insurance company is aware of the modifications and can advise the owners on what they can and cannot do.
https://polisen.se/aktuellt/nyheter/ost/2024/mars/autopilot/ [swedish]
More practically, if they use country roads and drive somewhat near the speed limits, they’re not likely to run afoul of the law unless they’re in an accident.
If the author is here, I’d urge them to remember that a moose is practically designed to bypass a car’s safety features and kill you. There are a quarter of a million of them in Sweden. Invest in good tires and headlights, drive carefully, and avoid hitting wildlife or reindeer.
Car regulation is relevant to the topic, and so is car regulation of modified cars in Sweden which they are planning to drive through and a statement was made on. I have thought about this. It is something that is discussed a lot in Sweden. But not available outside it as those discussions are in Swedish, and also not held by everyone.
I'm interested in quality of life because I spend a lot of time working, organizing thing and doing projects. This is also on topic. But as such I don't have that much time. Or at least not enough to end up getting stuck here instead of doing something more important. I've found that the best to manage that is not to hold a regular account. My first account is however many years older than yours.
Sometimes I do have some time or find the motivation to post, because sharing information about something you know about to others who might not know about it but have thought about something I haven't is something that is harder to do anywhere else than on the Internet. In this case how the freedom to tinker with a car can affect the long time viability of creating bigger things.
Unfortunately your comment doesn't seems out of place. It's very much part of why I'm not around a lot. It simply isn't worth posting anything when I have something better to do. (Which isn't really now since I'm on a train to Stockholm with little else to do considering the holidays).
Personally I disagree, I think `--` is very intuitive.
Maybe it isn't super common knowledge, but `--` is in line with the POSIX argument parsing convention[0] and is used by many (most?) GNU/BSD tools and many other tools such as `kubectl`. This StackOverflow thread[1] also has some information about it.
I think some of the information here is misleading and a bit unfair.
> being too intrusive and affecting their workflow
Kolide is a reporting tool, it doesn't for example remove files or put them in quarantine. You also cannot execute commands remotely like in Crowdstrike. As you mentioned, it's based on osquery which makes it possible to query machine information using SQL. Usually, Kolide is configured to send a Slack message or email if there is a finding, which I guess can be seen as intrusive but IMO not very.
> reading and reporting all files
It does not read and report all files as far as I know, but I think it's possible to make SQL queries to read specific files. But all files or file names aren't stored in Kolide or anything like that. And that live query feature is audited (ens users can see all queries run against their machines) and can be disabled by administrators.
> web browsing history
This is not directly possible as far as I know, but maybe via a file read query but it's not something built-in out of the box/default. And again, custom queries are transparent to users and can be disabled.
> Kolide's whole spiel about "honest security"[1] reeks of PR mumbo jumbo whose only purpose is to distance themselves from other "bad" solutions in the same space
While it's definitely a PR thing, they might still believe in it and practice what they preach. To me it sounds like a good thing to differentiate oneself from bad actors.
Kolide gives users full transparency of what data is collected via their Privacy Center, and they allow end users to make decisions about what to do about findings (if anything) rather than enforcing them.
> It's built by Facebook alumni, after all, and relies on FB software (osquery).
For example React and Semgrep is also built by Facebook/Facebook alumni, but I don't really see the relevance other than some ad-hominem.
Full disclosure: No association with Kolide, just a happy user.
I concede that I may be unreasonably biased against Kolide because of the type of software it is, but I think you're minimizing some of these issues. My memory may be vague on the specifics, but there were certainly many complaints in the areas I mentioned in the company I worked at.
That said, since Kolide/osquery is a very flexible product, the complaints might not have been directed at the product itself, but at how it was configured by the security department as well. There are definitely some growing pains until the company finds the right balance of features that everyone finds acceptable.
Re: intrusiveness, it doesn't matter that Kolide is a report-only tool. Although, it's also possible to install extensions[1,2] that give it a deeper control over the system.
The problem is that the policies it enforces can negatively affect people's workflow. For example, forcing screen locking after a short period of inactivity has dubious security benefits if I'm working from a trusted environment like my home, yet it's highly disruptive. (No, the solution is not to track my location, or give me a setting I have to manage...) Forcing automatic system updates is also disruptive, since I want to update and reboot at my own schedule. Things like this add up, and the combination of all of them is equivalent to working in a babyproofed environment where I'm constantly monitored and nagged about issues that don't take any nuance into account, and at the end of the day do not improve security in the slightest.
Re: web browsing history, I do remember one engineer looking into this and noticing that Kolide read their browser's profile files, and coming up with a way to read the contents of the history data in SQLite files. But I am very vague on the details, so I won't claim that this is something that Kolide enables by default. osquery developers are clearly against this kind of use case[3]. It is concerning that the product can, in theory, be exploited to do this. It's also technically possible to pull any file from endpoints[4], so even if this is not directly possible, it could easily be done outside of Kolide/osquery itself.
> Kolide gives users full transparency of what data is collected via their Privacy Center
Honestly, why should I trust what that says? Facebook and Google also have privacy policies, yet have been caught violating their users' privacy numerous times. Trust is earned, not assumed based on "trust me, bro" statements.
> For example React and Semgrep is also built by Facebook/Facebook alumni, but I don't really see the relevance other than some ad-hominem.
Facebook has historically abused their users' privacy, and even has a Wikipedia article about it.[5] In the context of an EDR system, ensuring trust from users and handling their data with the utmost care w.r.t. their privacy are two of the most paramount features. Actually, it's a bit silly that Kolide/osquery is so vocal in favor of preserving user privacy, when this goes against working with employer-owned devices where employee privacy is definitely not expected. In any case, the fact this product is made by people who worked at a company built by exploiting its users is very relevant considering the type of software it is. React and Semgrep have an entirely different purpose.
> For example, forcing screen locking after a short period of inactivity has dubious security benefits if I'm working from a trusted environment like my home, yet it's highly disruptive.
There is a better alternative too. Make it a fair game for coworkers to send an invitation to a beer from the forgetful worker's machine to the whole company / department. It works wonders.
It's news _from_ 2023, not news about things that happened only in 2023. Things might have improved starting years ago but the research to show it wasn't finished until this year, so it's also about celebrating seeing progress and improvements.
Limiting the list to things improving only since 2022 seems unnecessarily restrictive and we'd miss a lot of positive and interesting news.
Great to see your commitment but I'm also curious why you, unlike some other companies, have chosen not to support with any full time employees? It seems your business is largely based on Terraform and saying pretty much "we'll contribute code" doesn't signal too much commitment.
I realize my comment might sound like an accusation but that's not my intention, I want to hear your reasoning about it!