GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Royce Williams (tychotithonus@infosec.exchange), page 5

  1. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 17-Feb-2024 00:23:20 JST Royce Williams Royce Williams
    in reply to
    • Ryan Castellucci :nonbinary_flag:

    @ryanc Fortunately, no (not in this case, anyway - knock on wood). Just random synapse firing at bedtime 😅

    In conversation Saturday, 17-Feb-2024 00:23:20 JST from gnusocial.jp permalink
  2. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Tuesday, 06-Feb-2024 09:08:57 JST Royce Williams Royce Williams
    in reply to
    • Patrick C Miller :donor:

    @patrickcmiller

    To clarify, Google cached pages aren't "dead".

    They're just no longer available to us.

    In conversation Tuesday, 06-Feb-2024 09:08:57 JST from infosec.exchange permalink
  3. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 01-Feb-2024 12:28:21 JST Royce Williams Royce Williams

    Tell me you've never helped seniors with tech, without telling me you've never helped seniors with tech.

    And I don't just mean the person answering this question. I also mean whoever decided to remove this option.

    In conversation Thursday, 01-Feb-2024 12:28:21 JST from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/111/853/289/420/226/778/original/db887362efa5519d.png
  4. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 01-Feb-2024 04:11:01 JST Royce Williams Royce Williams

    TIL Gmail assumes any "From" email name of the form "String1, String2" means "Last, First".

    So when it shows the "first names only" collapsed list of recipients, any "First M. Last, Title/Honorific" - such as "Trapper John, MD" - shows up as just "MD".

    In conversation Thursday, 01-Feb-2024 04:11:01 JST from infosec.exchange permalink
  5. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Tuesday, 16-Jan-2024 12:40:39 JST Royce Williams Royce Williams
    in reply to
    • ✧✦Catherine✦✧
    • Ryan Castellucci :nonbinary_flag:

    @ryanc
    Yeah, I should have included that use case :D

    Looks like there's a canned one, now?

    https://www.rsync.net/resources/howto/duplicity.html

    Though I'm inclined to expect Colin Percival's crypto to be pretty robust and fit to purpose.

    @whitequark

    In conversation Tuesday, 16-Jan-2024 12:40:39 JST from infosec.exchange permalink
  6. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Tuesday, 16-Jan-2024 12:38:08 JST Royce Williams Royce Williams
    in reply to
    • ✧✦Catherine✦✧

    @whitequark Doesn't tarsnap provide the entire encryption layer out of the box, in such a way that not even the provider has access to your encryption keys?

    (So if you're someone who can't roll their own encrypt-before-sync layer, tarsnap takes care of that for you)

    In conversation Tuesday, 16-Jan-2024 12:38:08 JST from infosec.exchange permalink
  7. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 04-Jan-2024 04:05:46 JST Royce Williams Royce Williams
    • Robert Gibbons

    @robertatcara As someone who personally discovered and fixed Y2K bugs that would have had significant real world impact, it is disturbing to hear someone propagate this myth [that it was a "big fuss about nothing"]. And it is a myth.

    This is what really happened:
    https://time.com/5752129/y2k-bug-history/

    The testing methodology insured that these impacts were not hypothetical. At my company, the testing was performed by actually rolling the clock forward to test systems to see what would happen. For example, I discovered that every ATM in the state of Alaska operated by my company would have locked up until a PROM chip was swapped. Someone had to fly all over the state to proactively swap the chip beforehand, to avoid significant customer impact.

    And that was just one story. I personally oversaw investigation and fixes for other hardware and software at that company that would have failed.

    And that was just my company. I spoke with others in IT at that time with similar stories. And that was just the people I knew.

    So no, it wasn't "a big fuss about nothing" - and saying so is both dangerously revisionist, and disrespectful of the work it took to prevent real impacts.

    #Y2K

    In conversation Thursday, 04-Jan-2024 04:05:46 JST from infosec.exchange permalink

    Attachments



  8. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 04-Jan-2024 00:55:49 JST Royce Williams Royce Williams

    The hardest part about refuting Y2K disinfo is how many problems were fixed quietly, in part to mitigate risk of ligitation (negligence, etc.). People have stories they can't tell.

    At this point, I think enough years have passed that a formal amnesty - to encourage companies to disclose just how bad some of the problems were - would be in our historical best interest.

    In conversation Thursday, 04-Jan-2024 00:55:49 JST from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: cdn2.dan.com
      tell.at - Domain Name For Sale | Dan.com
      from @undeveloped
      I found a great domain name for sale on Dan.com. Check it out!
  9. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Monday, 01-Jan-2024 06:42:57 JST Royce Williams Royce Williams
    in reply to
    • Ryan Castellucci :nonbinary_flag:

    @ryanc That makes a lot of sense - nice! Are you considering upstreaming it?

    In conversation Monday, 01-Jan-2024 06:42:57 JST from infosec.exchange permalink
  10. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Monday, 01-Jan-2024 06:32:03 JST Royce Williams Royce Williams
    in reply to
    • Ryan Castellucci :nonbinary_flag:

    @ryanc Heh, you know me well -I'd already cloned it by the time you pinged me! :D

    What's the real-world benefit for ordinary users?

    In conversation Monday, 01-Jan-2024 06:32:03 JST from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/111/677/165/336/836/607/original/9e6af7d45a4ac755.png
  11. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Monday, 01-Jan-2024 06:19:35 JST Royce Williams Royce Williams
    in reply to
    • Ryan Castellucci :nonbinary_flag:

    @ryanc https://infosec.exchange/@tychotithonus/111677092048834685

    In conversation Monday, 01-Jan-2024 06:19:35 JST from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Royce Williams (@tychotithonus@infosec.exchange)
      from Royce Williams
      Context for the uninitiated / people worried I may have just had an episode: https://knowyourmeme.com/memes/eat-hot-chip-and-lie Once I thought of "READ HOT CACHE" I had to see it through.
  12. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Monday, 01-Jan-2024 06:18:19 JST Royce Williams Royce Williams

    SREs BORN IN THA 90'S THATS UNDER 25 CAN'T SCRIPT CAN'T DD THEY DON'T WANT TO ADMIN NOTHING. ADMINS THAT'S 31 & OVER GET IN RELATIONSHIPS WITH THEM & WONDER WHY PLATFORMS AIN'T WORKING THAT'S BECAUSE ALL YOUNG SREs WANT TO DO IS REDUCE TOIL, SMOKE WEED, EMBRACE RISK, MANAGE CHANGE, MERGE TO PROD, READ HOT CACHE, CHARGE THEY PCARDS, GET BLUEBLOCKER GLASSES TWERK, BE MULTI CLOUD, EAT BUDDHA BOWL'S, WASH THEY LANYARD IN THA SINK, CRY TAKE SELFIES AND POST S--T ON MASTO CUZ THEY TWITTER NEVER ON

    In conversation Monday, 01-Jan-2024 06:18:19 JST from infosec.exchange permalink
  13. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Wednesday, 20-Dec-2023 01:34:09 JST Royce Williams Royce Williams
    in reply to
    • Ryan Castellucci :nonbinary_flag:

    @ryanc Being a monarch (in the "YASSSSS MONARCH" sense)

    In conversation Wednesday, 20-Dec-2023 01:34:09 JST from infosec.exchange permalink
  14. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Sunday, 26-Nov-2023 22:57:10 JST Royce Williams Royce Williams
    • sethsec

    Missed this a couple of weeks ago from Consumer Reports -

    "How to Turn Off Smart TV Snooping Features"

    All smart TVs—from Samsung, LG, you name it—collect personal data. These TV privacy settings limit what manufacturers learn.

    https://www.consumerreports.org/electronics/privacy/how-to-turn-off-smart-tv-snooping-features-a4840102036/

    Another approach is to use nothing on the TV itself, and feed video in from another source entirely.

    Edit: updated to include the pixel fingerprinting aspects, where the TV will report a fingerprint of what you're watching regardless of source. Not connecting the TV to the Internet at all looks to be necessary (h/t: @sethsec)

    https://www.theverge.com/2017/2/7/14527360/vizio-smart-tv-tracking-settlement-disable-settings

    In conversation Sunday, 26-Nov-2023 22:57:10 JST from infosec.exchange permalink

    Attachments

    1. Most smart TVs are tracking you — Vizio just got caught
      from Jacob Kastrenakes
      The Verge is about technology and how it makes us feel. Founded in 2011, we offer our audience everything from breaking news to reviews to award-winning features and investigations, on our site, in video, and in podcasts.
  15. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Sunday, 26-Nov-2023 15:10:33 JST Royce Williams Royce Williams
    in reply to
    • Patrick C Miller :donor:

    @patrickcmiller

    "If you want to build a ship, don't drum up people to collect wood and don't assign them tasks and work, but rather teach them to long for the endless immensity of the sea."
    -- Antoine de Saint Exupéry

    In conversation Sunday, 26-Nov-2023 15:10:33 JST from infosec.exchange permalink
  16. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Wednesday, 15-Nov-2023 08:16:33 JST Royce Williams Royce Williams

    As one of the moderators of the hashcat forums, I recently got a good question - why are LLM-generated answers forbidden?

    The answer I gave:

    ChatGPT output is often incorrect - sometimes subtly so - for specialized knowledge like technical hashcat work. And the hashcat forum is public, so is used by both humans and by AI. So any posts that are from ChatGPT have to be scrutinized for errors to minimize errors in the ecosystem. And even if someone uses ChatGPT and then reviews and corrects its output, the moderators can't trust that and must duplicate that review and analysis. So it is less effort, and better for the ecosystem, to disallow them entirely.

    In conversation Wednesday, 15-Nov-2023 08:16:33 JST from infosec.exchange permalink
  17. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Monday, 13-Nov-2023 13:31:12 JST Royce Williams Royce Williams
    in reply to
    • John-Mark Gurney

    @encthenet Bonus tip: if [filename] [command] makes more mental sense to you, you can order the second one as:

    < filename cmd

    In conversation Monday, 13-Nov-2023 13:31:12 JST from infosec.exchange permalink
  18. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 12-Oct-2023 03:17:35 JST Royce Williams Royce Williams
    in reply to
    • John-Mark Gurney

    @encthenet
    Or the attacker can cajole your curl/libcurl into using a proxy.

    In conversation Thursday, 12-Oct-2023 03:17:35 JST from infosec.exchange permalink
  19. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Sunday, 01-Oct-2023 22:57:39 JST Royce Williams Royce Williams
    in reply to
    • Patrick C Miller :donor:

    @patrickcmiller This one is a sponsored post. (Let me know if replying this way isn't useful - for me, it's like noting a paywall or other information that is hard to discern until you follow the link, so replying this way is caching and distributing the effort of someone having linked through)

    In conversation Sunday, 01-Oct-2023 22:57:39 JST from infosec.exchange permalink
  20. Embed this notice
    Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 14-Sep-2023 05:51:31 JST Royce Williams Royce Williams

    TIL there are single-grapheme UTF-8 for degrees Celsius and Fahrenheit!

    ℃ (vs °C) - U+2103

    ℉ (vs °F) - U+2109

    This revelation brought to you by an associated Mastodon filter failure. Couldn't figure out at first why I was seeing a post. 😅

    In conversation Thursday, 14-Sep-2023 05:51:31 JST from infosec.exchange permalink
  • After
  • Before

User actions

    Royce Williams

    Royce Williams

    Just doing my undue diligence.ISP vet, password cracker (Team Hashcat), security demi-boffin, YubiKey stan, public-interest technologist, AK license plate geek. Husband to a philosopher, father to a llama fanatic. Views his.Day job: Enterprise Security Architect for an Alaskan ISP.Obsessed with security keys:techsolvency.com/mfa/security-keysMy 2017 #BSidesLV talk "Password Cracking 201: Beyond the Basics":youtube.com/watch?v=-uiMQGICeQY&t=20260sFollowed you out of the blue = probably stole you from follows of someone I respect.Blocked inadvertently? Ask!Am I following a dirtbag? Tell me!Photo: White 50-ish man w/big forehead, short beard, & glasses, grinning in front of a display of Alaskan license plates.Boosts not about security ... usually are.Banner: 5 rows of security keys in a wall case.#NonAIContent#hashcat #Alaska #YubiKeys #LicensePlatesP.S. I hate advance-fee scammers with the heat of 400B suns❤️:⚛👨👩👧🛡🙊🌻🗽💻✏🎥🍦🌶?

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          92920
          Member since
          29 Jan 2023
          Notices
          106
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.