Notices by Josh Bressers (joshbressers@infosec.exchange), page 3

@mttaggart @Viss all the 2024 CVE growth has been Wordpress plugin bug bounty sites (like wordfence) and the Linux kernel

@grimmy hah, the ui is terrible

But this is a great public conversation :)

@grimmy that’s awesome. Let’s try to set something up soon. I’ll see about figuring it a schedule after Thanksgiving

"I'm afraid you're going to have to accept it. This torment nexus has got to be built and it's going to be built!"

"First I've heard of it," said Arthur, "why's it got to be built?"

"What do you mean, why's it got to be built?" he said. "It's a torment nexus. You've got to build torment nexus.

@pvn Basically, yes

@simplenomad @kurtseifried Thanks!

The #NVD API has been broken for a few days now

At least they updated their status page
https://www.nist.gov/itl/nvd

@BrideOfLinux @sjvn

@allanfriedman this seems related to your question about support the other day

@osmodia I'll try to write this down nicely at some point in the future

I have GND, 5v, and tx/rx connected between the pi and Heltec

Then you have to configure the pi to enable the serial port (I used raspi-config)

Then you can tell meshtastic or the bbs to use /dev/ttyS0 as the serial port (this port isn't tried by default for anything it seems)

Tonight’s project was connecting a #Meshtastic node to a raspberry pi zero using GPIO

The 4 pins I needed almost lined up exactly, which was nice

Now it’ll run the BBS I’m working on
https://github.com/joshbressers/meshbbs

@darakian

In the case of any list, if you're actually doing it right, things should be dropping off the list

I'm not sure anything has ever really come off any security list because an effort was made to get rid of it

Maybe if CISAs push to stop using memory unsafe languages, in 200 years, we can remove buffer overflows :P

@darakian

The two obvious lists that get the most attention are the OWASP Top Ten and this new list from MITRE

Then when I realized they probably ARE the most effective lists around, it made me sad

The most effective security efforts are lists of vulnerabilities that minimally change every time they are updated

This was meant to be a joke, but then I realized it's also true

@allanfriedman @kurtseifried @mkolsek

In the analog world, I would probably bucket this into the "aftermarket" category, but it still a bit different

@allanfriedman @kurtseifried I have minimal experience with the closed source universe, but this is sort of the commercial Linux distribution model

Folks like Red Hat, Suse, and Canoncial support open source they didn't write, sometimes for a decade

Long after the upstream has given up on those versions

@allanfriedman I don't understand what you mean by "3rd party software support"

@kurtseifried probably decades :)

You can buy a jug of McRib sauce, just in time for Christmas!!!

https://corporate.mcdonalds.com/corpmcd/our-stories/article/mcdonalds-gets-saucy-this-holidayseason-to-celebrate-thereturn-ofthe-mcrib-sandwich.html

@foo this caused me to spend more time than I want to admit fiddling with my monitor today

@JoshCGrossman I know a place you can tell such stories :)

https://hackerhistory.com/

Shoot me a DM if you ever want to be a guest (no rush, the invite doesn't expire)