InfoSec: If you use the wrong crypto, and have SSL broken, you could, maybe, get the email of the user. 10/10 CVE, Information Disclosure
Also Infosec: This Is Good And Normal
This battle was lost a long time ago. There is no going back to sane defaults. Data collection is now the primary goal of paid and free products. You don’t own anything, and you will be happy. Of course, you can still use privacy-enabled products at home, but those options are limited, and not all your apps will be available. https://bsky.app/profile/ahhmandah.bsky.social/post/3kzambh5yhk2z
've seen so many hearing aids on kids this week, often low profile, some very large, all taking wild abuse, like a child spraying his repeatedly with a water jet in a splash park
and - I feel so good about this - this is the core of accessibility - you didn't see a lot of deaf kids before because they were isolated! and now they're not!
knightly reshared this.
Phillips Hue keeps threatening me they're going to shut down everything. I put their app on a side device that wont download things and I don't update it, and I put their bridge on a no-internet-access VLAN - but I'd like to just not deal with their shit.
Is there a bulb that doesn't deal with their shit?
Bee O'Problem :godot: reshared this.
@Mischa 🐡😎 Wait - you can connect them directly through zigbee?!
Hmmmmm
Bhyve USB passthrough reseach commences.
Hypolite Petovan likes this.
Security is Threat Modelling
Security Advice or guidance without a threat model is not correct. Full stop.
The company I work for is really great, but the CEO is toxic as hell
Just completely and impossibly.
We had an outage and he joined the technical call, and started throwing out ideas and forced the response team to *stop* discussing the issue and *instead* explain why he was wrong.
like this
Last night I had a dream that I was (kinda accidentally) elected UK Prime Minister, and I was confused as hell because I was a tourist and didn't know any of the ritual.
And I think that it's telling about the UK that my brain can find no holes in the theory that this is plausible
Hypolite Petovan likes this.
Security vendor demanding I install servers in my network running out of date FreeBSD which can't be updated and RCEs in SSH
I really wish there was a compliance framework these types needed to follow
@The Psychotic Network Ferret I think it's so they don't need to tell me it's FreeBSD.
They also tell me to use the IP address on eth1 and the server *is FreeBSD*.
It's 11.4 so it's not dire - but it looks like they haven't updated it ever. I tried a poke at pkg and they don't have their own repo so the repo is just gone. And yes, the SSH is 8.4 from 2022.
Hypolite Petovan likes this.
The problem with my current employer isn't the lack of technical sophistication, it's that everyone outside of the dev org thinks my skillset is fungible with every other person inside the dev org.
Despite me being hired explicitly outside the dev org's purview because it *isn't*
1) tell the dev lead about like, DNS changes or whatever, and then they don't tell me "but it's all engineering"
2) asking me to deal with frontend JS or python code that just... I don't know
Hypolite Petovan likes this.
sl1200 likes this.
Remember
This is the fault of Crowdstike's C level execs
This is not the fault of the scapegoats they will blame this on
This is a failure of time, budget, expertise, and process.
They cut costs by cutting quality
like this
reshared this
Honestly, looks like CrowdStrike said some shit would go down because they were contracting. Which uh - good call.
the booze is on strike
what a fuckin' weekend for the booze to be on strike
Hypolite Petovan likes this.
Banks are screwing my wife around. Her mom put some money in an account years ago for her, and she's pulling it out to put it somewhere more reliable, but the cheque was listed in both names, and so banks are refusing to deposit it because it's in the name of two people. So she tried to go into the bank with both of them and endorse the cheque in front of bank employees, which even then they are being a pain in the ass about. This is stupid.
But she went in this morning.
CROWDSTRUCK
серафими многоꙮчитїи reshared this.
@silverwizard *sick electric guitar riff*
I was caught in the middle of an OS update (Windows)
I looked 'round and I knew there was no turning back (Windows)
My mind raced and I thought, what could I do? (Windows)
And I knew there was no help, no help from you (Windows)
Sound of the drums beating in my heart
The thunder of BSOD tore me apart
You've been - crowdstruck
silverwizard likes this.
silverwizard reshared this.
@Hypolite Petovan crowdstruck is the verb form of "ruined by a vendor"
"CrowdStrike was worse, but SolarWinds was another vendor that crowdstruck everyone"
Hypolite Petovan likes this.
using the Serverless Framework to update some lambdas
And all I can think of "Didn't I use a framework so I didn't have to type the same thing a billion times?"
Hypolite Petovan likes this.
Google fucking hates file folder and file organization.
And holy fuck I hate it, and I worry it's bad for people exploring systems.
like this
Hypolite Petovan likes this.
I hate when people talk about hobby tools as like "if you value your time"
1) fixing is a skill you should hone
2) fixing can be fun
3) hobbies are not something to optimize
Discussing valuing someone's time spent on hobbies in dollars is the worst grindset babble imaginable
like this
reshared this
I sell products ready-assembled, and do-it-yourself kits for building the same products. Some of my customers buy the kits because they really like building kits, and that's great.
But others buy the kits because they think they're entitled to the finished product at a lower price, and they begrudge every second of effort they must put into building the kit. Those people really exist and they are the market for tools that purport to save "the value of your time."
silverwizard likes this.
@Matthew Skala Yeah, that's valid. If you're doing it to save money - that's fine.
But this is a criticism of the *argument*, not the sale. People can and should sell preassembled things, kits, and more! Not everyone wants to build! But if someone is building on purpose, don't tell them to value their time.
Any #FreeBSD wifi people have some time? I'm using an ancient bwn card and this threahd (last post) is making me think there's a reversion to something because it's the only mention I can find using 14.0 https://forums.ghostbsd.org/viewtopic.php?t=2469
I've already built a kernel accepting the GPL so I'm not super afraid of getting my hands dirty
(I can provide better info in a bit, but the linked forum thread is my exact steps, which, once it was crashing the same way, lead me to that thread)
reshared this
Ok - so it looks like 2012 MacBook Airs hard crash when you put network on their Broadcom chip....
It's fine - but damn that sucks
I've got it working with OpenBSD and a wifi dongle
My wife is excited about a Fantasy Ball and now I'm looking for resources for customizing N95/p100 masks? Any good cosplay tips?
reshared this
I can highly recommend magnets and lacey fabrics as good ways to decorate or customize respirators, specifically the disposables.
The Dräger 1950 N95 is arguably the best on the US market right now, and it has the most robust structure to handle added decoration without collapsing. The plastic anchors for the headband on each side also allow for hanging/mounting decorations.
For magnets, there are lapel pins and needle minders, but to customize/add on to, look at hijab magnets.
silverwizard likes this.
PS: the Dräger 1950 is what I'm wearing in my profile photo - along with a magnetic lapel pin.
Also, the small size of the 1950 fits the most people
silverwizard likes this.
We paid a vendor for implementation
Now I'm considering blocking their emails
Hypolite Petovan likes this.
GNU Too reshared this.
@Hypolite Petovan It's just fucking weird.
Why are they doing this?! my rep wont tell me!
Hypolite Petovan likes this.
once, years ago. I think they sent an email out a few days later saying sorry it was a bug. That obviously doesn't stop the panic.
Can it be translated and tied to a legitimate communication that got hit by a similar bug?
@j_angliss So they've done three in simplified Chinese so far, all with an English translation. They're about changes to Lambda in various APAC regions.
I don't know why as we have those regions disabled and nothing in use in them - but I definitely freaked the hell out.
silverwizard likes this.
@Hypolite Petovan The normalization is mostly a matter of fighting the process of seeing security as a cost center and underfunding it.
So - the core thing is complexities around risk and access. Part of corporate culture is risk appetite. Corporate culture loves accepting risk, and so security teams kinda don't have a lot of leverage. And that's where the problem is, ya know. I don't know how to fix that.
Hypolite Petovan likes this.
Google Docs has been randomly deciding to not let me copy/paste. I use Ctrl+C/Ctrl+V and it pops up the popup that tells me I have to use Ctrl+C and Ctrl+V to copy and paste.
This feels like another anti-competitive thing against firefox.
knightly reshared this.
> Google Docs has been [...] not letting me copy/paste. I use Ctrl+C/Ctrl+V and it [...] tells me I have to use Ctrl+C and Ctrl+V
I've been getting that for months. My solution is to switch to @nextcloud with @collabora as soon as this organization acquires another #SelfHosted server.
silverwizard likes this.
Google docs spreadsheet used as a database
Hypolite Petovan likes this.
Bob Jonkman reshared this.
Been there. But #SpreadsheetAsDatabase isn't Google's fault, and won't get fixed with @nextcloud
Ctrl+C/Ctrl+V ≠ Ctrl+C/Ctrl+V *is* Google's fault, and can be fixed by eliminating Google.
You can't scale a single-threaded process by adding more logical CPUs.
Why is this something that confuses people?
meek cynics likes this.
out of order operation isn't just about changing the order of the operations. It lets you (sometimes) pre-compute the result of future instructions as long as they're not based on the output of the previous ones enabling you to parallelize what would otherwise be a single execution thread. I imagine there's a point of diminishing returns though.
https://www.youtube.com/watch?v=jNC9LPc3BI0
Perhaps I'm misunderstanding what you're saying?
- YouTube
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.www.youtube.com
all the out-of-order execution occurs inside a single CPU
adding more CPUs won't help speed up a single-threaded program
picture a call center
an attendant is like a CPU
the attendant can pay attention to one customer at a time. the customer may issue multiple requests/instructions, and an attendant with out-of-order operation may be able to look into and satisfy some of the requests before other earlier ones
however, adding more attendants wouldn't help this one customer get faster service, unless the customer started multiple calls (threads or processes), or the attendants could pass customer requests and context on to each other (that's not permitted by the call center design; they can only transfer entire calls)
The problem with the Eulogy for DevOps is that the last 20 years has been a series of ways of defining sysadmins away and then having them re-emerge from the muck.
We'll never have DevOps disappear because it'll just be yet another beast.
Sysadmin, DevOps, SRE, Infrastructure Engineer, it's all the same thing, it's just that people need to try to put us in new boxes to try to get around the fact that *making your systems reliable* is a hard and different job.
sungo likes this.
reshared this
I've been at the same place for the past 4 years. My title has changed 3x. I'm still doing essentially the same thing, just on a different level of abstraction.
What makes it even funnier is that you haven't even listed my current job title: Platform Engineer. What will it be in two years? Who knows, it's all based on vibes.
silverwizard likes this.
reshared this
my friend wrote a really good article about this
https://grimoire.ca/code/incident-response/
Incident Response
Shut down your PagerDuty account, unless someone will die if you don’t answer it.grimoire.ca
silverwizard likes this.
@Alex P. 👹 Ooooof I felt that blogpost hard.
Today it was literally "the entire devteam is down, but the CEO doesn't like how a document that's gone through three approvals and been in use for two years looks, so that's higher priority".
So kinda the opposite
Hypolite Petovan likes this.
Forever Knight (1992) was a better show than Moonlight (2008)
But seriously, they are very similar.
I think I like Moonlight better, but I want a LaCroix show rather than a Nick Knight show.
silverwizard
Hypolite Petovan likes this.
j_angliss
•silverwizard
@j_angliss lol
definiely could be, but they didn't seem easy to remove