Notices by abadidea (0xabad1dea@infosec.exchange), page 2

@munin to my understanding, the backdoor cannot work if you have a password on bitlocker itself (most people don’t, but if evil maids are a nonhypothetical concern for you, you really should)

RE: https://hachyderm.io/@ekuber/116585853572401757

One of the virtues of big open source projects is that little happens behind closed doors. However, since 99% of what they discuss just isn’t interesting to downstream end users, they forget that downstream end users *can* read this stuff and *can* post very angry comments on a discussion that they feel invited and entitled to, *as users* who are perceiving their role here as *delivering accountability.*

Github PRs are a nightmare edge case for attracting unplanned attention, because even most people who got past the first paragraph of the post about policy everyone was mad about never actually saw *the policy itself* due to github’s unhinged UI. Mastodon’s overall success rate for walking away with good, clear information about the policy itself was… low. Very low.

On the one hand, I think that anticipating the nature of the issue would attract public attention, and putting effort into framing it in a way more ready for public non-contributor consumption, would have reduced the misunderstandings and blowup once it escaped containment. On the other… nothing can fix the fact that a rando who’s been linked to a comment on a github PR in an active project is going to be lost and confused.

So, contributors: “How does this come across to someone who’s not intimately familiar with our process and involved in our ongoing discussions?” Might save you a lot of notifications one day.

And, non-contributors: that big project that definitely existed more than five seconds before you found a hot link to a hot post? Spend more than five seconds figuring out what’s going on before you deliver accountability. And if you don’t have the time or energy, that’s fine! But then don’t push the angry comment missile strike button for something you’re not willing to follow up on.

a boy and his dolphin

Just occurred to me that I’ve been very active on social media for more than thirteen years, so there are users I can legitimately tell “kid, I’ve been doing severals since before you were born”

RE: https://mastodon.nl/@at5RSSbot/116583275072303781

The grown man who was (allegedly) directing angry teens to set off bombs in my neighborhood has been arrested very far away

I make a point of specifically inviting punks, goths and rainbow-brite queer kids to come pet Odin, and I always get such a big smile

The train status boards warn that “Adam Z” is closed today, which makes our local station (Amsterdam Zuid) sound like a power ranger

(So yes, our journey today has been a little more involved than usual)

We don’t think about how Odin-proofed our house is until we bring him into another and a dozen glasses, candles, ashtrays etc have to be hastily evacuated to high ground

RE: https://cyberplace.social/@GossiTheDog/116565662607962457

The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…

The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant

My baby cousin called me in tears because all her accounts have been compromised. We went over possible infection vectors (the “try my game” DM scam etc) and nothing stood out. But then she wondered if they’d gotten a foothold through the Canvas ransom somehow.

Has anyone else heard of students getting their personal accounts popped very recently in a way that might be tied to the Canvas incident?

Odin is over here begging me for my vegetarian salad like it’s made of bacon. I’m pretty sure he likes sour fruits and vegetables as much as he likes bacon

RE: https://mastodon.social/@bagder/116554421875449945

called it 😌 one (1) low-severity CVE found when applying mythos to a mature and well-maintained C code base

Just had a panic attack when I realized I'd put a sandwich in the toaster iron 15 minutes ago and then forgotten about it

Good news! I forgot to ever plug in the toaster iron in the first place! Multidimensional chess.

RE: https://mathstodon.xyz/@dpiponi/116528430767155152

I will never forget the time I booted up nethack on Friday the 13th, curious to see just how bad the luck penalty could be, and the very first step I took produced the message “your kitten has been crushed by a boulder”

I just learned there's a speedrunner named "first_try_I_swear" who has records in like a few dozen different games but at the beginning of all his runs he does a fake spiel about just installing the game and being excited to try it out

Odin met a true fluffernutter today in the park. His name was Pedro

You: my cat always jumps on the bed while I’m changing the sheets, it’s a real pain

Me: yeah,,,

@kouhai yes but that’s not quite what I mean.

(I wake up and blearily check my notifications) whoa, how did — CATSALAD

did you hear I am halfway finished with my extremely queer and neurospicy visual novel. did I mention this

#gloryinthethunder #visualnovel #lgbt #yuri #lego