Notices by Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange), page 2

@libreoffice Where is that “board report”? Where can we find release histories?

@libreoffice Also: citation needed please?

@ryanc Surely…

@ryanc Well that’ll teach me to take you seriously! 😂

@ryanc I don't mean to be snarky, but, really? Is this a studied thing?

Is there any meaningful security benefit to one time codes being more than 4-6 digits?

(For any of TOTP, email, or sms delivery.)

@joshbressers Even in 14 the macl and quarantine bits were over the tip

@GossiTheDog We used to get data like that from the malicious software removal tool and Defender... it wouldn't surprise me if there was a ~50% drop from version to version.. we saw that order of improvement from XP to Vista to 7. Some of it's better code and architecture. some of it is the folks who upgrade are more likely to be on top of other parts of managing their systems.

@ryanc Hey look I’m not the one who under specified the requirements! 😂

@ryanc a trapdoor?

I find myself really irked by the headline here. The problem is not a "simple website bug", the problem is that they wrote thousands of lines of code without ever thinking about what the trust boundaries are, or should be.

This is a massive design flaw. The idea that cars should be controllable from some mothership is bizarre (and not needed for app control - have a digital signature from the mobile device). The idea that cars are enrolled even if the user didn't set up an account is similarly broken. This isn't a "simple website bug" but a massive failure to consider the security implications of features.

@luckytran @inthehands In reading about this, I learned there are already nasal vaccines, which no one had ever mentioned to me. They require administering by a professional, what’s new is the “at home?”

@noondlyt @inthehands Why is that, Leon?

@ryanc I don't do this because the 30-60 second lag to get the email, plus all the shiny distractions in my email, but, yeah, it's not stupid.

@patrickcmiller "Sinister Sysadmin" is my new threat actor/prog rock band name.

Hmmm, no thank you I think I don't want to run this code

sudo rm -rf "${studio_path}/" -mindepth 1 -maxdepth 1 ! -name "ldraw" -exec rm -rf {} +

(Bricklink studio /scripts/preinstall)

@inthehands @paul_ipv6 Did you try youtube or tiktok (or something else?) I've found that fix it videos are MUCH better on tt because they impose time limits rather than using minutes watched as a signal of quality.

I don't know if that applies to explainers like you're looking for, but I watched 5 minutes of a YT video on Alcatraz doors and learned exactly nothing.

@ryanc Thank you.

@ryanc @tess @sophieschmieg @david_chisnall @Vrimj I'm fond of asking "are you asking that because you don't know how to fix it, or because you really think it'll never happen?" (1/3)

@patrickcmiller

"They are requesting $22 million this year, up from $5 million last year, to test autonomous weapons software against complex scenarios involving ethical decisions. "

I can guess the answer for only $50,000. Why so much? Editing my "You idiots" into acceptable text is going to be expensive.