GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Royce Williams (tychotithonus@infosec.exchange)

  1. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 08-May-2025 07:47:19 JST Royce Williams Royce Williams
    in reply to
    • Ryan Castellucci :nonbinary_flag:

    @ryanc Feature request: at the other end of the status line (right-justified), an indicator of how many simultaneous streams are currently being served 😉

    In conversation about 20 days ago from infosec.exchange permalink
  2. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Sunday, 04-May-2025 03:58:02 JST Royce Williams Royce Williams
    in reply to
    • Ryan Castellucci :nonbinary_flag:

    @ryanc Hey, sweet! What are you using to do the conversion?

    In conversation about a month ago from infosec.exchange permalink
  3. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Sunday, 20-Apr-2025 16:30:18 JST Royce Williams Royce Williams

    Petition to make it illegal for streaming services to use thumbnails that contain spoiler content.

    In conversation about a month ago from infosec.exchange permalink
  4. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 17-Apr-2025 07:29:23 JST Royce Williams Royce Williams

    The voice inside my head when I read AI answers is now Cliff Claven's "bar trivia answer, said in a highly confident tone, that sounds kinda plausible, but is actually quite wrong" voice.

    https://youtu.be/-PQS2q1328M?t=28
    https://youtu.be/-PQS2q1328M?t=111

    In conversation about a month ago from infosec.exchange permalink

    Attachments

    1. Cheers - Cliff Clavin funny moments Part 1 HD
      from Roxy Cakes
      Clips of John Ratzenberger playing Cliff Clavin in Cheers.It takes alot of effort to create these videos and I can't monetize any of them - if you want to su...
  5. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Monday, 14-Apr-2025 10:32:48 JST Royce Williams Royce Williams

    Good evening to everyone except Intuit, who have bizarrely concluded that there's no need to differentiate passkeys by, you know, giving them user-configurable, useful names or anything. (The only option is "delete".)

    And extra style points for the "Unkown" typo that made it to production.

    In conversation about a month ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/333/585/143/357/270/original/eab002ba678d9766.png
  6. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Friday, 28-Mar-2025 10:11:30 JST Royce Williams Royce Williams
    in reply to
    • Ryan Castellucci :nonbinary_flag:

    @ryanc Framework are pretty great also. Bit pricey, but solid.

    In conversation about 2 months ago from infosec.exchange permalink
  7. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Friday, 28-Mar-2025 01:37:17 JST Royce Williams Royce Williams

    Just saw a job posting that said (emphasis mine):

    • B.S or higher in either Electrical Engineering, Network Engineering, Software Engineering or Computer Sciences earned within the last 20 years

    Thinly disguised ageism -- surprised they can get away with this.

    In conversation about 2 months ago from infosec.exchange permalink
  8. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Wednesday, 19-Mar-2025 15:39:56 JST Royce Williams Royce Williams

    Whew! Good thing users will be blocked from using these compromised "passwords"! /s

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/187/706/269/173/111/original/f961a20fc04cc448.png
  9. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Wednesday, 12-Mar-2025 21:20:25 JST Royce Williams Royce Williams

    How long before DOGE has access to the emails sent to Congress by constituents (to feed into an AI correlation machine, to ID individual political opposition)?

    Do they already?

    #uspol

    In conversation about 3 months ago from infosec.exchange permalink
  10. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Sunday, 09-Mar-2025 13:33:10 JST Royce Williams Royce Williams

    Dear everyone,

    Stop putting click tracking on your password-reset links.

    You need ZERO third-party metrics to record that I followed a link that is the only way to get what I explicitly requested.

    And I need ZERO interference / dependencies (from ad blocking, web filtering, etc.) for such a critical function.

    In conversation about 3 months ago from infosec.exchange permalink
  11. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Wednesday, 19-Feb-2025 09:24:20 JST Royce Williams Royce Williams
    • Erin Kissane

    @kissane This section is particularly chilling:

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/027/302/020/347/182/original/93cf97fa84915675.png
  12. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Tuesday, 18-Feb-2025 03:55:22 JST Royce Williams Royce Williams

    Delta Airlines recently announced that they added MFA, to both their site and their app.
    👍

    But the only options are ones that require connectivity (SMS, email, push).
    👎

    I have zero interest in making managing my travel ... dependent on whether various networks are up.

    If security people can immediately think of common threat models that make them want to avoid your MFA entirely, due to core aspects of your business offering ... some stakeholders were missing (or overridden) in those meetings.

    #MFA

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/020/440/347/855/357/original/6bfcc133db389be9.png
  13. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 13-Feb-2025 02:05:24 JST Royce Williams Royce Williams
    in reply to
    • Ryan Castellucci :nonbinary_flag:
    • Chick3nman

    @ryanc

    Hmm! I haven't spent much time attacking yescrypt yet, but since it's based on scrypt, it has other parameters to tweak.

    It looks like the spec minimum of 5 for n is implemented for common OS-level implementations?

    https://www.reddit.com/r/Passwords/comments/1cd58c3/

    I do not know if the r parameter can be reduced in the defaults (login.defs or whatever the equivalent is on your OS). If you can reduce r, you can drop speed further. In theory, you might be able to use mkpasswd to drop r manually and then paste that hash in?

    How many milliseconds is it taking for you on that platform?

    @chick3nman

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      tweak.it
  14. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Wednesday, 29-Jan-2025 09:26:18 JST Royce Williams Royce Williams

    Did you know that you can write an email to all of your Congresspeople simultaneously?

    https://democracy.io

    In conversation about 4 months ago from infosec.exchange permalink
  15. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 25-Jan-2025 09:44:11 JST Royce Williams Royce Williams

    The Brutalist is 3 hours and 35 minutes?!
    🤯

    In conversation about 4 months ago from infosec.exchange permalink
  16. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Wednesday, 22-Jan-2025 07:08:12 JST Royce Williams Royce Williams
    in reply to
    • Ryan Castellucci :nonbinary_flag:

    @ryanc Can't the IRS also require you to pay estimated tax (or at least, penalize you if you don't)?

    https://www.irs.gov/businesses/small-businesses-self-employed/estimated-taxes

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/868/621/714/553/451/original/d6ee9a8a4b24c092.png
  17. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 18-Jan-2025 18:20:52 JST Royce Williams Royce Williams
    in reply to
    • Bill
    • cR0w :cascadia:
    • Ryan Castellucci :nonbinary_flag:

    @Sempf @cR0w @ryanc @drscriptt

    I mean, my experience is outdated, but at its height I was the sole sysadmin and abuse admin for a platform that served about 60,000 users, accepting or rejecting about a million SMTP delivery attempts a day. I was a very early implementer of things like graylisting and SpamAssassin, before you could even buy an appliance to do them, let alone a cloud service. But the landscape was very different then -- spammers were smaller scale and not big business then. The scars are old, but deep. Count yourself lucky. 😅

    In conversation about 4 months ago from infosec.exchange permalink
  18. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 18-Jan-2025 12:19:23 JST Royce Williams Royce Williams
    in reply to
    • Bill
    • Ryan Castellucci :nonbinary_flag:

    @ryanc
    I think we agree more than we disagree! Especially when it it is probably better, but the ecosystem for the systems causing harm to be the explicit source of that harm, so that the ecosystem will start to respond to it appropriately. So I'm basically arguing myself out of silent discard even in my idealistic case!
    @drscriptt @Sempf

    In conversation about 4 months ago from infosec.exchange permalink
  19. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 18-Jan-2025 11:24:20 JST Royce Williams Royce Williams
    • Bill
    • Ryan Castellucci :nonbinary_flag:

    @drscriptt

    I'm interested in minimizing ecosystem harm / impact, even if I'm not the direct / attributable source. In the worst case, if I know that an upstream hop is going to generate backscatter if I reject in my DATA phase, and I know with high confidence that the content is spam, and I know that that upstream hop is not likely to change their ways any time soon ... it's a net lessening of ecosystem harm if I silently discard, rather than indirectly "trigger" predictable backscatter.

    Yes, I know this is idealistic. :D

    @ryanc @Sempf

    In conversation about 4 months ago from infosec.exchange permalink
  20. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 18-Jan-2025 02:08:15 JST Royce Williams Royce Williams
    in reply to
    • Bill
    • Ryan Castellucci :nonbinary_flag:

    @ryanc @Sempf Yeah, that's definitely an angle that wasn't as available to me back then. If past me it was working this, I would 100% be looking for a milter that did that!

    In conversation about 4 months ago from gnusocial.jp permalink
  • Before

User actions

    Royce Williams

    Royce Williams

    Just doing my undue diligence.ISP vet, password cracker (Team Hashcat), security demi-boffin, YubiKey stan, public-interest technologist, AK license plate geek. Husband to a philosopher, father to a llama fanatic. Views his.Day job: Enterprise Security Architect for an Alaskan ISP.Obsessed with security keys:techsolvency.com/mfa/security-keysMy 2017 #BSidesLV talk "Password Cracking 201: Beyond the Basics":youtube.com/watch?v=-uiMQGICeQY&t=20260sFollowed you out of the blue = probably stole you from follows of someone I respect.Blocked inadvertently? Ask!Am I following a dirtbag? Tell me!Photo: White 50-ish man w/big forehead, short beard, & glasses, grinning in front of a display of Alaskan license plates.Boosts not about security ... usually are.Banner: 5 rows of security keys in a wall case.#NonAIContent#hashcat #Alaska #YubiKeys #LicensePlatesP.S. I hate advance-fee scammers with the heat of 400B suns❤️:⚛👨👩👧🛡🙊🌻🗽💻✏🎥🍦🌶?

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          92920
          Member since
          29 Jan 2023
          Notices
          106
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.