Notices by Royce Williams (tychotithonus@infosec.exchange), page 3

@ryanc Honestly not sure - I use the multiciloumn format exclusively on desktop so I've never tried to solve that one!

@ryanc +5, Isnightful

@patrickcmiller I have multiple issues with that article, and with Hive's coverage of password best practices generally:

https://infosec.exchange/@tychotithonus/112329332902658519

@ryanc Sure! Adjust visibility to taste (if needed), and lemme know as much context as you've got

@ryanc I was getting this for ListUtil.c recently. I don't think I fixed it yet.

@ryanc @sophieschmieg

Yeah, that's funky - if the last byte is always ends in 03, that sounds non-standard / artificial - static salt? Or is the obvious salting separate from that? Could be someone playing with truncation. Are you at liberty to share a few samples (under separate cover if needed)?

@krypt3ia @patrickcmiller Have you seen anything on how these attacks are different from previous? This sounds like something spammers have been doing for decades.

@ryanc Fortunately, no (not in this case, anyway - knock on wood). Just random synapse firing at bedtime 😅

@patrickcmiller

To clarify, Google cached pages aren't "dead".

They're just no longer available to us.

Tell me you've never helped seniors with tech, without telling me you've never helped seniors with tech.

And I don't just mean the person answering this question. I also mean whoever decided to remove this option.

TIL Gmail assumes any "From" email name of the form "String1, String2" means "Last, First".

So when it shows the "first names only" collapsed list of recipients, any "First M. Last, Title/Honorific" - such as "Trapper John, MD" - shows up as just "MD".

@ryanc
Yeah, I should have included that use case :D

Looks like there's a canned one, now?

https://www.rsync.net/resources/howto/duplicity.html

Though I'm inclined to expect Colin Percival's crypto to be pretty robust and fit to purpose.

@whitequark

@whitequark Doesn't tarsnap provide the entire encryption layer out of the box, in such a way that not even the provider has access to your encryption keys?

(So if you're someone who can't roll their own encrypt-before-sync layer, tarsnap takes care of that for you)

@robertatcara As someone who personally discovered and fixed Y2K bugs that would have had significant real world impact, it is disturbing to hear someone propagate this myth [that it was a "big fuss about nothing"]. And it is a myth.

This is what really happened:
https://time.com/5752129/y2k-bug-history/

The testing methodology insured that these impacts were not hypothetical. At my company, the testing was performed by actually rolling the clock forward to test systems to see what would happen. For example, I discovered that every ATM in the state of Alaska operated by my company would have locked up until a PROM chip was swapped. Someone had to fly all over the state to proactively swap the chip beforehand, to avoid significant customer impact.

And that was just one story. I personally oversaw investigation and fixes for other hardware and software at that company that would have failed.

And that was just my company. I spoke with others in IT at that time with similar stories. And that was just the people I knew.

So no, it wasn't "a big fuss about nothing" - and saying so is both dangerously revisionist, and disrespectful of the work it took to prevent real impacts.

#Y2K

The hardest part about refuting Y2K disinfo is how many problems were fixed quietly, in part to mitigate risk of ligitation (negligence, etc.). People have stories they can't tell.

At this point, I think enough years have passed that a formal amnesty - to encourage companies to disclose just how bad some of the problems were - would be in our historical best interest.

@ryanc That makes a lot of sense - nice! Are you considering upstreaming it?

@ryanc Heh, you know me well -I'd already cloned it by the time you pinged me! :D

What's the real-world benefit for ordinary users?

@ryanc https://infosec.exchange/@tychotithonus/111677092048834685

SREs BORN IN THA 90'S THATS UNDER 25 CAN'T SCRIPT CAN'T DD THEY DON'T WANT TO ADMIN NOTHING. ADMINS THAT'S 31 & OVER GET IN RELATIONSHIPS WITH THEM & WONDER WHY PLATFORMS AIN'T WORKING THAT'S BECAUSE ALL YOUNG SREs WANT TO DO IS REDUCE TOIL, SMOKE WEED, EMBRACE RISK, MANAGE CHANGE, MERGE TO PROD, READ HOT CACHE, CHARGE THEY PCARDS, GET BLUEBLOCKER GLASSES TWERK, BE MULTI CLOUD, EAT BUDDHA BOWL'S, WASH THEY LANYARD IN THA SINK, CRY TAKE SELFIES AND POST S--T ON MASTO CUZ THEY TWITTER NEVER ON

@ryanc Being a monarch (in the "YASSSSS MONARCH" sense)