GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Lee Holmes :donor: (lee_holmes@infosec.exchange)

  1. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Saturday, 10-May-2025 16:58:20 JST Lee Holmes :donor: Lee Holmes :donor:

    It makes me super uncomfortable that globbing in Bash can turn into code execution. The fact that the name of a file can change the behavior of ls is scary. This also works for other commands that you tend to glob with, such as rm.

    In conversation about 18 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/473/365/560/779/121/original/e99ebbf9bf333d0f.png
  2. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Saturday, 10-May-2025 16:58:19 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to

    I'm sure there's something here, but I don't have the patience to find it :)

    In conversation about 18 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/473/501/074/152/027/original/68ca177c0aeea792.png
  3. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Friday, 02-May-2025 03:36:27 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to
    • scriptjunkie

    @sj Congrats! Does Aurora also drive while under big doses of amphetamines to more closely mimic real-world drivers? How is its CB etiquette?

    In conversation about a month ago from infosec.exchange permalink
  4. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Wednesday, 30-Apr-2025 02:15:28 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to
    • scriptjunkie

    @sj FTFY

    In conversation about a month ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/422/286/213/820/289/original/0d54deb34dc89a29.png
  5. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Tuesday, 22-Apr-2025 07:07:47 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to
    • CatSalad🐈🥗 (D.Burch) :blobcatrainbow:
    • Paul Cantrell

    @inthehands @catsalad I envy your confidence to 100% trust anything on a computer :)

    In conversation about a month ago from infosec.exchange permalink
  6. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Monday, 21-Apr-2025 11:00:37 JST Lee Holmes :donor: Lee Holmes :donor:

    Accidentally unzipped an archive via Gnome into a directory called "~" in my home directory. I did not trust myself to delete it without renaming it first 😂

    In conversation about a month ago from infosec.exchange permalink
  7. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Friday, 11-Apr-2025 10:18:02 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to
    • scriptjunkie

    @sj Including the process leading up to that being an approved change.

    In conversation about 2 months ago from infosec.exchange permalink
  8. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Saturday, 22-Mar-2025 03:34:40 JST Lee Holmes :donor: Lee Holmes :donor:

    Yay, Facebook stole so much of my stuff, The Atlantic needs a scroll bar to show it.

    Also, TIL the PowerShell Cookbook has been translated to Polish :)

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/201/801/127/552/835/original/ab2bc88af344edb6.png
  9. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Tuesday, 11-Mar-2025 21:07:42 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to
    • Paul Asadoorian

    @paulasadoorian Looks like you've got the color wheel covered :) Glow in the dark filaments are fun. If you have a 3d printer that can swap colors, I'd also look into soluble support.

    In conversation about 3 months ago from infosec.exchange permalink
  10. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Saturday, 08-Mar-2025 03:49:12 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to
    • scriptjunkie

    @sj I wonder if instead the study had asked: "What is the positive predictive value of this test?" or even "How accurately does this test predict the existence of the thing being tested?" - would the results have been more accurate?

    In conversation about 3 months ago from infosec.exchange permalink
  11. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Friday, 07-Mar-2025 10:04:56 JST Lee Holmes :donor: Lee Holmes :donor:

    LOL, just when you thought you've seen "bad security" just saw this password being used:

    Summer2017

    In conversation about 3 months ago from infosec.exchange permalink
  12. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Wednesday, 26-Feb-2025 10:37:47 JST Lee Holmes :donor: Lee Holmes :donor:

    TIL how crazy the "BD+" BluRay copy protection mechanism is. BluRay discs ship actual executable programs written for a custom virtual machine that can execute arbitrary code??!!

    Also LOL:
    "The copy protection scheme was to take "10 years" to crack, according to Richard Doherty, an analyst with Envisioneering Group".

    Oct 2007: The first discs with BD+ encryption are released
    March 2008: AnyDVD HD released, allowing the full decryption of BD+, allowing not only the viewing of the film itself but also playing and copying disks with third-party software.

    https://en.wikipedia.org/wiki/BD%2B

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/067/560/467/190/833/original/01a36623c08d0a3e.png
  13. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Tuesday, 28-Jan-2025 12:02:21 JST Lee Holmes :donor: Lee Holmes :donor:

    Pebble Watches are coming back! https://ericmigi.com/blog/why-were-bringing-pebble-back

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments


  14. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Saturday, 25-Jan-2025 09:51:16 JST Lee Holmes :donor: Lee Holmes :donor:

    Had an interesting situation where AI coding helped make something _more_ secure.

    I was writing a tool to connect to Azure AI, which requires an auth key. Some example code had this coming from an environment variable, which is a super common practice. So I asked AI if there was a way to make this more secure.

    I was using Cursor, so it recommended (and implemented) a version where it securely prompted for the string at first launch and then stored the secret via keyring (Credential Manager on Windows).

    Storing in keyring is far more secure, but realistically most people wouldn't do it by hand because the environment variable approach is "good enough." But because AI made it so easy, it actually got done.

    In conversation about 4 months ago from infosec.exchange permalink
  15. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Saturday, 11-Jan-2025 07:24:26 JST Lee Holmes :donor: Lee Holmes :donor:

    I know AI doomerism is fun and calling LLMs stupid autocomplete is fun. But damn, was this easier than typing it in all by hand.

    In conversation about 5 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/806/388/227/300/830/original/ba9a3ce4ad59bd76.png
  16. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Sunday, 01-Sep-2024 07:19:08 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to
    • Jake Hildreth (acorn) :blacker_heart_outline:

    @horse "I'm sorry, I'm not at my fax right now. Please try my secondary fax. Failing that, try one of those inter-office air delivery tubes."

    In conversation about 9 months ago from infosec.exchange permalink
  17. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Saturday, 31-Aug-2024 23:39:29 JST Lee Holmes :donor: Lee Holmes :donor:

    This address book column chooser is like a graveyard of old tech.

    In conversation about 9 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/052/830/584/409/651/original/1532914090753a56.png
  18. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Friday, 09-Feb-2024 19:50:14 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to
    • SwiftOnSecurity

    @SwiftOnSecurity @SwiftOnSecurity Watching that is definitely on my to do list. Did you see his one about the SAT? https://infosec.exchange/@Lee_Holmes/111506430074413132

    In conversation about a year ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: media.infosec.exchange
      Lee Holmes :donor: (@Lee_Holmes@infosec.exchange)
      from Lee Holmes :donor:
      Attached: 1 image I totally got this wrong, and you will too. https://www.youtube.com/watch?v=FUHkTs-Ipfg
  19. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Wednesday, 09-Aug-2023 02:56:04 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to
    • Jake Hildreth (acorn) :blacker_heart_outline:

    @horse Get-Verb :)

    In conversation Wednesday, 09-Aug-2023 02:56:04 JST from infosec.exchange permalink
  20. Embed this notice
    Lee Holmes :donor: (lee_holmes@infosec.exchange)'s status on Wednesday, 19-Jul-2023 09:27:00 JST Lee Holmes :donor: Lee Holmes :donor:
    in reply to
    • Viss
    • Jake Hildreth (acorn) :blacker_heart_outline:

    @horse @Viss Yup, and 'echo' in PowerShell also does the right thing :)

    ¯\_(ツ)_/¯

    In conversation Wednesday, 19-Jul-2023 09:27:00 JST from infosec.exchange permalink
  • Before

User actions

    Lee Holmes :donor:

    Lee Holmes :donor:

    Partner Security Architect, Azure Security. PowerShell developer, fanatical hobbyist, and author of the PowerShell Cookbook.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          96673
          Member since
          9 Feb 2023
          Notices
          23
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.