GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Martin Seeger (masek@infosec.exchange)

  1. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Wednesday, 08-Jul-2026 05:15:38 JST Martin Seeger Martin Seeger

    The biggest beef I have with Mastodon is that the search is completely useless (and that it is the friendly version).

    I have made 19.000 posts here on Infosec and I have no chance of finding an old post from me.

    I know exactly which words are in it, but searching "from:me " comes up only with the newer posts on that topic.

    In conversation about 6 days ago from infosec.exchange permalink
  2. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Thursday, 02-Jul-2026 17:11:37 JST Martin Seeger Martin Seeger
    in reply to
    • Ryan Castellucci (they/them) :nonbinary_flag:

    @ryanc I am still writing about my "How fucked are we?" article. And every time I work at it, it looks much, much worse.

    It may be that we live to see the end of on-prem IT even for companies.

    What the AI bros did not fuck up, the big cheeto just trumpled upon.

    In conversation about 12 days ago from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      http://worse.It/
  3. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Thursday, 02-Jul-2026 17:03:39 JST Martin Seeger Martin Seeger

    Good news: RAM will be a non-issue soon

    Bad news: This is because we will not get new boards

    I got the following news from the supply chain:

    All (and I mean ALL) of our PCB subcontractors have turned around and told us minimum 1 year lead time on boards now. Apparently there's no Helium or Neon so they cant make FR4

    FR4 is what all boards is made from.

    So who cares if you cant get RAM - there's no PCBs to put it on ...

    UPDATE: I don't think helium is the problem but PE Resind (polyphenylene ether). Neon may be a problem because it is required for the UV lasers.

    In conversation about 12 days ago from infosec.exchange permalink

    Attachments

    1. Spot Research Group
  4. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Friday, 19-Jun-2026 22:25:14 JST Martin Seeger Martin Seeger

    RE: https://ohai.social/@sushee/116770397685032273

    This effectively means:

    The LLM industry must keep the RAM prices at absurd levels. Otherwise Local LLM will ruin their business models.

    There will be a lot of pressure on system makers to offer only "small" systems (below 128GB RAM).

    You have to read Apples statements in light of that context. They removed the systems that were perfect for local LLMs from their lineup.

    I imagine talks like "Nice product line you have there. It would be a shame if you were to be totally cut off from the the RAM market."

    And let us be clear: compared to the money at stake, Apple is no longer a big fish.

    In conversation about a month ago from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Su-Shee (@sushee@ohai.social)
      from Su-Shee
      Here are two articles I think are reading-worthy if you are interested in some ideas where LLM things might be going: https://vickiboykis.com/2026/06/15/running-local-models-is-good-now/ https://blog.alexellis.io/local-ai-is-not-opus/ This somewhat aligns with the general vibe I'm getting from reading HN threads which are sounding distinctively "sobering up". Haven't seen a hype thread in weeks.
  5. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Friday, 19-Jun-2026 22:25:12 JST Martin Seeger Martin Seeger
    in reply to
    • Mudlark :verified_trans:

    @Mudlark This is not the topic of this thread.

    The statement I quoted is: "If someone uses a LLM service (s)he can most likely use a local LLM at the same quality".

    This is not a statement on that quality. I discuss this in other threads.

    The core of my post is: This statement has a major impact of this on the supply chain for OnPrem users.

    This impact will be felt by everyone independent of the personal stance on LLMs.

    In conversation about a month ago from infosec.exchange permalink
  6. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Wednesday, 03-Jun-2026 07:33:50 JST Martin Seeger Martin Seeger

    I use one dedicated email address per service.

    This is a golden rule I started about 20 years ago. Today I have about 700 email addresses in use. The Password Manager keeps track, which Email address is used for which service.

    This has several advantages:

    • An attacker has no idea which email address I use for a certain service: this makes attacking my accounts a lot more painful
    • I can very easily sort incoming email associated with those services
    • It becomes more difficult to track me

    Lately more and more services do no longer allow me to create an account with an email address I designate.

    Instead authentication is delegated to a third party (e.g. Discord, Paypal) and the email address associated with that service is used.

    Such a service will never receive any money from me.

    In conversation about a month ago from infosec.exchange permalink
  7. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Friday, 29-May-2026 17:35:47 JST Martin Seeger Martin Seeger

    What a lot of people do not understand is the fragility of supply chains.

    Setup

    Let us assume there is a part X that is used by a large number of other companies. It is not glamorous, it is not expensive, and nobody outside a small circle of specialists ever thinks about it. But it is needed. Without it, other products cannot be finished.

    Everything is fine

    Part X is made by a small company with a few dozen employees and a machine that is several decades old.

    Everything runs smoothly. The company knows how to maintain the machine. They know how to operate it. They know its strange noises, its moods, its undocumented rituals. They know which lever needs a bit of persuasion on cold mornings and which replacement part must be machined by hand because nobody has made the original since 1987. They also know how to train new employees, because the knowledge still exists inside the company.

    Crisis

    Then, suddenly, a few large customers run into a crisis.

    Orders slow down. The warehouses fill up with part X. Prices fall.

    The company downsizes. Then it downsizes again. But nobody really notices, because stocks are still full. Customers are not yet affected. Purchasing departments can still get part X from inventory. Balance sheets still look fine. The problem has not yet reached the spreadsheet.

    If this goes on for long enough, the company goes broke.

    Again, nobody really notices. Stocks are still full. Some people may worry, but as long as no current production line is stopping and no quarterly number is visibly bleeding, nothing urgent is done.

    The employees move on. They retire, change industries, start new careers. The old machine is sold for scrap. The building is repurposed. The knowledge evaporates.

    Recovery

    A few years later, demand picks up again.

    The warehouses slowly empty. Stocks run low. People start ordering part X again, only to discover that nobody is offering it anymore.

    Now someone decides to restart production.

    The first thing they discover is that there is no machine. Building a new one would be prohibitively expensive, assuming anyone still knows how to build it properly. So they desperately search for an old one.

    They get lucky. In a scrapyard, they find a machine that used to produce part X. It is rusted, incomplete, and dysfunctional. Naturally, they buy it.

    Now they try to get it working again.

    But there is another problem. There are no people left who know how to maintain it. So they hire someone who understands industrial maintenance in general, but has never worked on this specific machine. That person does their best. They improvise. They read old manuals. They reverse-engineer undocumented fixes. They keep the machine alive with skill, patience, and increasing amounts of despair.

    But it breaks down every few hours. Output is abysmal.

    Bottlenecks

    And now that one poor maintenance person is overworked. They need help. But training help requires time, and the only person who can train others is the same person needed to keep the machine barely running. Every hour spent teaching is an hour not spent preventing the next failure.

    Very few businesses survive this phase.

    There is no institutional knowledge anymore. New people are hired, begin training, look at the state of the machine, the chaos of the process, and the constant emergency mode, and conclude that the business is doomed anyway. Then they quit.

    Churn becomes terrible. Even if the company survives financially, it remains fragile. It is always just one or two people quitting away from disaster.

    At the end the world decides it needs to get rid of part X as the supply is too fragile.

    Summary

    This is still very much simplified. The reality is more complex, more ugly.

    And that is the part many people miss: a supply chain is not just warehouses, contracts, prices, and transport routes. It is also people, habits, obsolete machines, informal knowledge, and boring little skills that nobody values until they are gone.

    In conversation about a month ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: nameshift.com
      https://buy.nameshift.com/disaster.At/en-gb
  8. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Saturday, 16-May-2026 04:47:34 JST Martin Seeger Martin Seeger

    Oh no....

    https://www.fastcompany.com/91542655/bitwarden-scrubs-always-free-and-inclusion-values-from-its-website-as-longtime-execs-step-down

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/579/262/551/976/846/original/642e16d13c4cafe6.png
  9. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Sunday, 10-May-2026 21:20:09 JST Martin Seeger Martin Seeger

    Q: How old are you?
    A: That old…

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/549/328/224/268/949/original/ab5fab120a2f0550.jpeg
  10. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Saturday, 09-May-2026 22:21:13 JST Martin Seeger Martin Seeger

    Both attempts are IMHO malicious.

    The difference is only in the size of evil.

    I recently got my first request to go through the reCaptcha app.

    I killed the tab and deleted the bookmark to the page I was attempting to load.

    Please be aware: the reCaptcha app lists that they will give away your location.

    https://gotosocial.sny.sh/@sunny/statuses/01KR5S15XJ893HAX78JVXM99R7

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: gotosocial.sny.sh
      Sunny (@sunny@gotosocial.sny.sh)
      from https://gotosocial.sny.sh/@sunny
      [2 media attachments] one of these is real, the other will get you hacked. can you tell them apart?
  11. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Tuesday, 21-Apr-2026 20:52:19 JST Martin Seeger Martin Seeger

    This article (https://www.theverge.com/tldr/915176/nft-metaverse-ai-weirdos) makes a very correct and important point:

    Within recent memory, people who made software and hardware understood their job was to serve their customer. [...] But at some point following the financial crisis, would-be entrepreneurs got it into their heads that their job was to invent the future, and consumers’ job was to go along with that invented future.

    The discussion around AI is not the first instance of this pattern, but it is where this mindset is taken to its most extreme form.

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: platform.theverge.com
      Silicon Valley has forgotten what normal people want
      from Elizabeth Lopatto
      Did the tech industry get high on its own supply?
  12. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Wednesday, 08-Apr-2026 21:28:24 JST Martin Seeger Martin Seeger

    The NASA has shown, it can still shoot people to the moon.

    The world asks: For which time did you schedule the flight out for Trump?

    #artemis

    In conversation about 3 months ago from infosec.exchange permalink
  13. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Friday, 13-Mar-2026 22:27:09 JST Martin Seeger Martin Seeger

    Domain-Änderungen wegen NIS2

    Nur als Info: wenn Ihr Domains haltet, werdet Ihr Euch in Zukunft wohl deutlich nackiger machen müssen.

    Die ersten Registrare (derzeit nur im Ausland) verlangen eine Farbkopie des Ausweises (bei Firmen muss die Person auch im Handelsregister stehen).

    Das DE-NIC ist gerade dabei nachzuziehen ...

    Details sind derzeit noch unklar, wie es genau für .de-Domains gehandhabt wird. Aber die Ankündigungen, die ich sehe, klingen nicht gut.

    In conversation about 4 months ago from infosec.exchange permalink
  14. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Monday, 09-Mar-2026 06:42:58 JST Martin Seeger Martin Seeger

    Firma so: Der blöde Kunde will unser schönes Portal nicht nutzen, mit dem wir das alles für ihn digital gemacht haben. Warum ist das so?

    Der Kunde seufzt leise und legt los:

    Das Portal ist darauf optimiert worden, es für die Firma so einfach wie möglich zu machen. Die Interessen des Kunden wurden überhaupt nicht berücksichtigt.

    • Beispiel 1: Die Authentisierung erfolgt nach veralteten, unsicheren Verfahren. Am besten soll man sich pro abgerufenem Dokument (auch mehrere am Stück) jedes Mal mit einer SMS authentisieren. SMS ist ja so modern und sicher ...
    • Beispiel 2: Bei der Authentisierung gibt es keine Kunden-Autonomie. Das Verfahren wird von der Firma vorgegeben. Passkeys oder Authenticator werden nicht unterstützt. Das ich im Keller kein SMS-Empfang habe, ist denen egal.
    • Beispiel 3: Ich bekomme eine Email: ein Dokument wurde für Sie hochgeladen. Das Dokument wird nicht gesendet. Optionen einen Zertifikat oder PGP-Key hochzuladen, sucht man vergebens.
    • Beispiel 4: Alles ist automatisch für die Firma, nichts ist automatisierbar für den Kunden. Es gibt keine API, alles muss von Hand geclickt werden. Ich mache alles digital in Paperless. Eure Systeme sollen soweit automatisierbar sein, dass ich die dort erscheinen lassen kann. Die blöde Email könnt Ihr zur Sicherheit dennoch schicken.
    • Beispiel 5: Das UI-Design beruht auf einem Interface-Guide den man 1974 bei IBM in einer Altpapier-Tonne gefunden hat. Der war das Ergebnis eines internen Wettbewerbes "Wie kann man möglichst viele Clicks erzeugen".
    • Beispiel 6: Meldet man sich mit seinen Anliegen, dann heisst es "Der Datenschutz will das so." Ich weiß genau, dass das gelogen ist.
    • Beispiel 7: Liest man sich Bedingungen durch, dann entdeckt man, dass alles zum Nachteil des Kunden formuliert ist. So wird das gesamte Zustell-Risiko an ihn übertragen.
    • Beispiel 8: Jeder Login wird benutzt um dem Kunden weitere Leistungen aufschwatzen zu wollen. Das der Kunde ein Dokument abrufen will, ist der Firma egal.

    Ich habe in Deutschland noch kein Kundenportal gesehen, dass man nicht als Strafe für meine zahlreichen Sünden betrachten kann.

    Ich bin sicher, ich habe noch Dutzende Punkte vergessen.

    P.S. Mache gerade wieder Papierkram und meine Krankenversicherung bittet darum deren Portal zu nutzen. Ich habe es probiert. Die hatte mehr als 3/4 der obigen Punkte getroffen.

    In conversation about 4 months ago from infosec.exchange permalink
  15. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Saturday, 28-Feb-2026 21:22:42 JST Martin Seeger Martin Seeger

    Who gets punished for the Epstein scandal?

    Right now: Iran

    I will not shed a single tear for the brutal regime or the mass murders in the IRGC.

    But if you believe the attack is to help the suppressed populace, than I have a new cryptocurrency to sell to you.

    In conversation about 5 months ago from infosec.exchange permalink
  16. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Sunday, 22-Feb-2026 19:30:58 JST Martin Seeger Martin Seeger

    Ich wäre ja dafür, dass man die Scheibe runterkurbeln und dann “Brumm, Brumm” rufen darf. Das würde jedem die Absurdität besser klar machen.

    https://www.golem.de/news/lautsprecher-e-autos-duerfen-kuenftig-motorensound-nach-aussen-spielen-2602-205695.html

    In conversation about 5 months ago from infosec.exchange permalink
  17. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Tuesday, 17-Feb-2026 20:34:11 JST Martin Seeger Martin Seeger

    If you still believe us Germans to be cultured: let me introduce you to the "Hupsi"-cycle.

    Hupsi is a new product: a liver loaf in a jar that you bake at home and which will leave the jar by itself.

    They have really cringe-worthy advertisement and this sure isn't the healthiest food, but I am fan nonetheless.

    #hupsi

    In conversation about 5 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/084/862/925/126/255/original/6f56100e07d731af.png

    2. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/084/865/464/983/560/original/4531ad9528d612eb.png

    3. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/084/867/458/828/426/original/26688d398f78c273.png

    4. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/084/869/396/718/104/original/b0f163a30c4f3eb9.png
  18. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Saturday, 14-Feb-2026 22:26:05 JST Martin Seeger Martin Seeger

    Oh, you thought being dead would finally free you from Meta's monetization machine? Think again!

    Meta got a patent for an AI that trains on your entire social media history (your likes, comments, posts, everything) and then keeps your account humming along after you've shuffled off this mortal coil.

    Your digital ghost will dutifully like posts, drop comments and reply to DMs. Because apparently, death is no excuse for low engagement metrics.

    Meta's CTO Andrew Bosworth is listed as the primary author, and the patent was originally filed back in 2023. A Meta spokesperson assured everyone they have "no plans to move forward" with this.

    Which, as we all know, is corporate speak for "not until the quarterly numbers dip."

    https://tech.slashdot.org/story/26/02/13/1929209/

    In conversation about 5 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: a.fsdn.com
      Meta's New Patent: an AI That Likes, Comments and Messages For You When You're Dead - Slashdot
      Meta was granted a patent in late December that describes how a large language model could be trained on a deceased user's historical activity -- their comments, likes, and posted content -- to keep their social media accounts active after they're gone. Andrew Bosworth, Meta's CTO, is listed as th...
  19. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Saturday, 14-Feb-2026 01:41:08 JST Martin Seeger Martin Seeger

    You may ask, how age verifier may determine your age?

    Quite simple: via browser they determine your preferred font size and the they use the following table:

    • 16 years: 6pt
    • 20 years: 10pt
    • 30 years: 12pt
    • 40 years: 14pt
    • 50 years: 16pt
    • 60+ years: 72pt

    😜

    In conversation about 5 months ago from infosec.exchange permalink
  20. Embed this notice
    Martin Seeger (masek@infosec.exchange)'s status on Sunday, 08-Feb-2026 01:43:15 JST Martin Seeger Martin Seeger

    Die Stadt #Kiel muss sich entschuldigen.

    Aus Versehen haben sie tatsächlich einen Vorgang erfolgreich digitalisiert: https://archive.ph/GM5to

    In conversation about 5 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/030/122/819/338/117/original/5409fb717db14b54.png

  • Before

User actions

    Martin Seeger

    Martin Seeger

    Working at front lines of the IT and having fun there. Been around the Internet since 1992 and still in awe what has become of that little baby. Currently wanted for repeated "Nerd Sniping" on all continents.Personal interests:- IT Security- Computer Games & TTRPGs- Cycling- Cooking & Baking- Books, Movies, TV-Series (mostly F&SF)- 3D printing (new!)- Everything that blinks, has buttons to press and looks remotely gadgetoidEverything i write, post, tweet, blog or blurp is just my personal opinion and is not the opinion or policy of my employer, my cat or my goldfish.I post in English and German. Will try to mark each post correctly, but errors happen. Sorry for that.I apologize if I am not following you back. This happens as my stream is already getting more posts than I can read.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          57528
          Member since
          7 Dec 2022
          Notices
          161
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.