Notices by Waldo Jaquith (waldoj@mastodon.social)

Periodic reminder that traceroute is a pile of impressive and hilarious hacks, and if you get weird results from it, that’s because it is absurd.

RE: https://infosec.exchange/@isotopp/116606041466845720

I thought this was a joke but it legitimately works.

RE: https://mastodon.social/@kottke/116568851909615234

Ah-ha, this explains the weird emails I’ve been getting for the last six weeks. Once a week, a total stranger sends me an email, seemingly familiar with my work, asking me to help with their thing. I’ve been too busy, plus they rubbed me the wrong way, so I’ve ignored them. Now I feel free to ignore them more aggressively.

A weird thing about running a bunch of bots is that there are a lot of people who like to reply to bots. At first I was confused (it’s a bot, there's not a person there!) but then I realized a) there is a person there—me and b) each bot-post is a conversation prompt, that people might choose to pursue in their replies.

Today I think it's nice. Each bot-post is like a small sunken object in a shallow sea that a little reef might form around, supporting some life, if only for a while.

RE: https://mastodon.social/@botgov/116250846306257159

🙄

RE: https://mastodon.social/@rejectedplates/116206770776415678

Whomst amongst us hasn’t gotten far enough into the SVG spec to have this reaction?

Yesterday somebody set up a fake profile in my name, following people who follow me here / who I follow. No good will come of that. Oddly, Mastodon.social has no apparent mechanism of reporting this, specifically, so I've reported it as a general offense. Anyway, let it be known, I'm the only me.

Has anybody put together a list of best practices for openness in government software beyond open licensing? Like public uptime tracking, a public backlog, a public release history, and public security contact information? I have a loose collection of these things in my head, but I bet somebody's done better work on this.

Bold claim from this local restaurant.

@anildash I'm delighted to see that Karien and Esra’a will be taking on stronger governance role!

Sycamore leaf.

My chickens have discovered they can follow around the lawnmower and eat the fleeing, exposed insects.

@futurebird This Mastodon scam was particularly ham-fisted, but the phone call you got is a good reminder that absolutely none of us are un-scammable. The U.S. is a scam culture—we are subjected to constant scams. We can't dodge them all. Eventually I'm gonna get got, and I hope I'll have the nerve to call it up publicly.

Well here’s an interesting new scam.

I'm looking for security consultant recommendations! I support a non-profit that’s building PII-storing open source software that integrates with government data storage systems, and they would like a third-party security assessment. This is *not* about compliance, this is straight-up wanting somebody to review their code and practices, try to break in, etc. If you've worked a small or single-person (read as: not really expensive) consultant you'd recommend for this, I'd love to hear about them.

Somebody posted the source code to the IRS’s Direct File to GitHub. https://github.com/IRS-Public/direct-file

Ah, the world’s major cultures.

trumpcard.gov
https://mastodon.social/@botgov/114223739229794922

The last non-evil printer company has turned evil. Brother has rolled out firmware update that prevent third-party toner cartridges from working. https://www.tomshardware.com/peripherals/printers/brother-accused-of-locking-down-third-party-printer-ink-cartridges-via-firmware-updates-removing-older-firmware-versions-from-support-portals

Blog entry: Once upon a time, government had an exception for onerous procurement rules for software you could walk into a store and buy. If you wanted copies of Windows, fine, just buy copies of windows. They called it “COTS”: Commercial Off-The-Shelf software. And that became a big loophole.

It’s only COTS if you can use it the next day and configure it yourself, otherwise it’s just sparkling custom software. https://waldo.jaquith.org/blog/2025/01/customized-cots-when-government-demands-to-be-lied-to/