Notices by Paco Hope (paco@infosec.exchange)

@RickiTarr in about 2014 I did a pen test on a Belgian bank’s ATMs. They were running Windows XP Service Pack 2. I was like “you know there was a third one, right?” SP3 was 2008. Of course, I had a long pile of other findings too. When I came back in 2015, all they had accomplished in a year was upgrading to SP3. Not one other thing.

I generally don’t use that bank’s ATMs if I’m in Belgium.

Me too. I wanted to reply “If Nazi Germany ran a social network in 1936, would you join it and post on it?”
@rdp @TCatInReality

Oh look: #discord outsourced their age verification to some vendor. You know, the #ageverification that countries like the UK want to make mandatory for basically every online service. And the vendor had a data breach exposing photos of government IDs for 70,000 people.

Do you feel safer? How many children did we protect by exposing the IDs of these 70,000 (presumably) adults? Thanks for taking one for the team, you 70,000 canaries in the #privacy coal mine.

https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service

@rspfau Don’t quibble over “phrase” versus “word”. It’s not useful.

The point of this post was “ha ha, imagine making a password with a word you couldn’t reliably spell.”

The point was not to debate what makes good passwords.
@avoca

Getting #Linux installed on my teenager’s desktop. Going to try to get him off of Windows. We have gotten as far as creating a password for his account and he is trying to think of one. He says out loud “hmm, how do you spell that word.”

Son, if you have to ask that question, it is a bad choice for a password

I like Casey's reporting on social media and I like the #forkiverse stuff. This latest issue of Platformer has a paragraph:

In the week since, amid a general craze for Claude Code, I have let my imagination run wild. In just a few days, I built a series of tools I expect to return to over and over again to help me in my work. As with my website, I don’t understand the underlying code at all. But for the moment, anyway, I’m not certain it matters.

The thing is, the likelihood that he wrote something that didn't exist before is super low. He might have built some tool that is super Casey-specific, where he'd have to learn how to work a more general-purpose tool. It is very unlikely that a non-programmer will encounter a problem where there are no existing solutions—especially on something as basic as a chore related to running a web page.

So this building of basic tools feels like reinventing the wheel instead of learning. It's burning the climate to make a personalized solution to a long-solved problem.

While hubris is one of the three attributes Larry Wall said great programmers have, LLMs have allowd hubris to go too far. Now people who know very little in a domain feel like they can skip learning that domain and just make a personal tool with an LLM that will meet their needs.

@Objective_Impermanence Yes. This is the genius of federation. You may also want to take a look at bridgy. It will let you follow, be followed, and (a little bit) interact with people on Bluesky.

https://brid.gy/

#fediverse #forkiverse

Just €6000 to go to get the queer gtld .meow. C’mon internet!

https://www.kickstarter.com/projects/dotmeow/meow-next-round-gtld-application
#kickstarter #dotmeow #dns #gtld

If you have seen this strange hashtag #forkiverse it’s a bunch of people joining a server run by some big podcasts. It seems to have gotten a lot of activity because they just featured it in a podcast episode. Here’s the link to the episode.

https://overcast.fm/+ABBVQRG2SL0

@blogdiva we (@steggy and I) lived in London for 10 years. We learned to cook in metric because you must. But now we are back in America and we cook metric still. Once you learn it, it’s ridiculous to have umpteen spoons and cups and things to measure by volume when you can just use mass.

When you cook metric you throw a bowl on top of your scale, tare to zero and start adding. 200ml of water? Add water until it says 200g. 800g of flour? Into the bowl on the scale. 10g of salt? Into the bowl. No spoons. No cups. Less dish washing. Faster and easier.

But yes, in the UK generally the only food measurements are metric. There’s a “pint” for beer (shhh. Don’t tell them it is 500ml). There’s miles and miles-per-hour for driving. Virtually everything else is metric.

A bunch of my American cookbooks have metric measures pencilled in.

Why she is doing cooking in colonial units (😜) is a mystery unless it’s deliberately made for the US audience.

Definitely a she-creature. She's got boobs.

#monsterdon

So... Attack of the Puppet People...

Did any puppet people attack anything?

#monsterdon

Well, @Mallow, Welcome to the #monsterdon ending. If you're suffering whiplash, that means it was pretty typical. 😃

@L1vY@mstdn.social

@maxleibman [totally unrelated recommendation to use Linux instead]

@augieray 50-year mortgages and 7-year car loans are a way to do a massive wealth transfer from poorer people's future to wealthy people's present. It isn't enough to steal from the present. They want to steal from the future, too.

Massive hikes in university tuition work similarly. Debt incurred today that you pay off far into the future.

We have only had 15 voters so far and I’ve already had to do 3 special #electionofficer things:

send a voter to the right precinctcheck in a voter who was marked “inactive”deal with a voter who just moved into this district. They get to vote, but they vote a provisional ballot and the forms they fill out today will update their voter registration.In past #elections I see maybe 1 or 2 of these in a day. So for me, seeing this many before 6:30am is unusual.

3/

I’m in a public library today. (I’m a reserve #electionofficer so I get random assignments each time. I never work the same precinct twice, it seems).

What makes this location unusual is that it is an #earlyvoting location before #electionday. If you vote early, you come in, tell them your name and address, and they figure out what district you’re in. Then they print the right ballot for you right there. Anyone from any precinct in Fairfax County can vote at any early voting site. This means that for the last 3 weeks or so, people have been coming to this #library and #voting early.

But if you #vote ON election day, you may only vote in the precinct where you are assigned. (Where you live) So we will get voters today who come in and say “But my wife/son/neighbour voted here just last Thursday!” And that’s absolutely true. And today we have to look them up and say “we are sorry, but you must vote at XYZ.”

So we turn away a LOT of voters here on election day because they expect to vote here when they don’t live here. I’m told by the regulars that it can be as high as 30% of people who walk up.

2/

Here is my root post for my #electionofficer thread. It’s #electionday for #Election2025. I’m serving as an officer in #fairfax county #virginia. While I work the polls I talk about what’s happening, what I’m seeing, and a little behind-the-scenes on working elections. It’s 06:20 now and I’ve been here since 05:00 and I haven’t had a chance to post yet. It’s busier than you’d expect. I’ll explain why when I get a chance.

Not surprisingly, I am the only #electionofficer wearing a mask. #voter number 50 was the first voter to come in wearing a mask.

Edit: if you look later in the thread, 2 of my fellow officers started masking! 3 out of 8 is more than usual.

#WearAMask #CovidIsNotOver
6/

Fun with #election maps. Because we turn people away, we sometimes have to refer them to the map to show them where to vote. We had someone show up who should vote in 935 Robinson Mill. The polling place is Bull Run Elementary. But we couldn’t find 935 on the map. It like this little Lichtenstein district in Virginia’s 9th Congressional District.

It took 4 of us squinting for a while to find it. Another confusing feature is that precinct 923 is “Bull Run” and ALSO votes at Bull Run Elementary. We call these “colocated precincts.” There are 2 #electionofficer teams, 2 distinct sets of voting equipment, etc. But it’s one location like a school, library or church. So that can get a little confusing for #voters (and us!). You come in and have to figure out which side of the room to go to.

5/