Notices by Royce Williams (tychotithonus@infosec.exchange), page 5

@ryanc Fortunately, no (not in this case, anyway - knock on wood). Just random synapse firing at bedtime 😅

@patrickcmiller

To clarify, Google cached pages aren't "dead".

They're just no longer available to us.

Tell me you've never helped seniors with tech, without telling me you've never helped seniors with tech.

And I don't just mean the person answering this question. I also mean whoever decided to remove this option.

TIL Gmail assumes any "From" email name of the form "String1, String2" means "Last, First".

So when it shows the "first names only" collapsed list of recipients, any "First M. Last, Title/Honorific" - such as "Trapper John, MD" - shows up as just "MD".

@ryanc
Yeah, I should have included that use case :D

Looks like there's a canned one, now?

https://www.rsync.net/resources/howto/duplicity.html

Though I'm inclined to expect Colin Percival's crypto to be pretty robust and fit to purpose.

@whitequark

@whitequark Doesn't tarsnap provide the entire encryption layer out of the box, in such a way that not even the provider has access to your encryption keys?

(So if you're someone who can't roll their own encrypt-before-sync layer, tarsnap takes care of that for you)

@robertatcara As someone who personally discovered and fixed Y2K bugs that would have had significant real world impact, it is disturbing to hear someone propagate this myth [that it was a "big fuss about nothing"]. And it is a myth.

This is what really happened:
https://time.com/5752129/y2k-bug-history/

The testing methodology insured that these impacts were not hypothetical. At my company, the testing was performed by actually rolling the clock forward to test systems to see what would happen. For example, I discovered that every ATM in the state of Alaska operated by my company would have locked up until a PROM chip was swapped. Someone had to fly all over the state to proactively swap the chip beforehand, to avoid significant customer impact.

And that was just one story. I personally oversaw investigation and fixes for other hardware and software at that company that would have failed.

And that was just my company. I spoke with others in IT at that time with similar stories. And that was just the people I knew.

So no, it wasn't "a big fuss about nothing" - and saying so is both dangerously revisionist, and disrespectful of the work it took to prevent real impacts.

#Y2K

The hardest part about refuting Y2K disinfo is how many problems were fixed quietly, in part to mitigate risk of ligitation (negligence, etc.). People have stories they can't tell.

At this point, I think enough years have passed that a formal amnesty - to encourage companies to disclose just how bad some of the problems were - would be in our historical best interest.

@ryanc That makes a lot of sense - nice! Are you considering upstreaming it?

@ryanc Heh, you know me well -I'd already cloned it by the time you pinged me! :D

What's the real-world benefit for ordinary users?

@ryanc https://infosec.exchange/@tychotithonus/111677092048834685

SREs BORN IN THA 90'S THATS UNDER 25 CAN'T SCRIPT CAN'T DD THEY DON'T WANT TO ADMIN NOTHING. ADMINS THAT'S 31 & OVER GET IN RELATIONSHIPS WITH THEM & WONDER WHY PLATFORMS AIN'T WORKING THAT'S BECAUSE ALL YOUNG SREs WANT TO DO IS REDUCE TOIL, SMOKE WEED, EMBRACE RISK, MANAGE CHANGE, MERGE TO PROD, READ HOT CACHE, CHARGE THEY PCARDS, GET BLUEBLOCKER GLASSES TWERK, BE MULTI CLOUD, EAT BUDDHA BOWL'S, WASH THEY LANYARD IN THA SINK, CRY TAKE SELFIES AND POST S--T ON MASTO CUZ THEY TWITTER NEVER ON

@ryanc Being a monarch (in the "YASSSSS MONARCH" sense)

Missed this a couple of weeks ago from Consumer Reports -

"How to Turn Off Smart TV Snooping Features"

All smart TVs—from Samsung, LG, you name it—collect personal data. These TV privacy settings limit what manufacturers learn.

https://www.consumerreports.org/electronics/privacy/how-to-turn-off-smart-tv-snooping-features-a4840102036/

Another approach is to use nothing on the TV itself, and feed video in from another source entirely.

Edit: updated to include the pixel fingerprinting aspects, where the TV will report a fingerprint of what you're watching regardless of source. Not connecting the TV to the Internet at all looks to be necessary (h/t: @sethsec)

https://www.theverge.com/2017/2/7/14527360/vizio-smart-tv-tracking-settlement-disable-settings

@patrickcmiller

"If you want to build a ship, don't drum up people to collect wood and don't assign them tasks and work, but rather teach them to long for the endless immensity of the sea."
-- Antoine de Saint Exupéry

As one of the moderators of the hashcat forums, I recently got a good question - why are LLM-generated answers forbidden?

The answer I gave:

ChatGPT output is often incorrect - sometimes subtly so - for specialized knowledge like technical hashcat work. And the hashcat forum is public, so is used by both humans and by AI. So any posts that are from ChatGPT have to be scrutinized for errors to minimize errors in the ecosystem. And even if someone uses ChatGPT and then reviews and corrects its output, the moderators can't trust that and must duplicate that review and analysis. So it is less effort, and better for the ecosystem, to disallow them entirely.

@encthenet Bonus tip: if [filename] [command] makes more mental sense to you, you can order the second one as:

< filename cmd

@encthenet
Or the attacker can cajole your curl/libcurl into using a proxy.

@patrickcmiller This one is a sponsored post. (Let me know if replying this way isn't useful - for me, it's like noting a paywall or other information that is hard to discern until you follow the link, so replying this way is caching and distributing the effort of someone having linked through)

TIL there are single-grapheme UTF-8 for degrees Celsius and Fahrenheit!

℃ (vs °C) - U+2103

℉ (vs °F) - U+2109

This revelation brought to you by an associated Mastodon filter failure. Couldn't figure out at first why I was seeing a post. 😅