Notices by Lee Holmes :donor: (lee_holmes@infosec.exchange)

It makes me super uncomfortable that globbing in Bash can turn into code execution. The fact that the name of a file can change the behavior of ls is scary. This also works for other commands that you tend to glob with, such as rm.

I'm sure there's something here, but I don't have the patience to find it :)

@sj Congrats! Does Aurora also drive while under big doses of amphetamines to more closely mimic real-world drivers? How is its CB etiquette?

@sj FTFY

@inthehands @catsalad I envy your confidence to 100% trust anything on a computer :)

Accidentally unzipped an archive via Gnome into a directory called "~" in my home directory. I did not trust myself to delete it without renaming it first 😂

@sj Including the process leading up to that being an approved change.

Yay, Facebook stole so much of my stuff, The Atlantic needs a scroll bar to show it.

Also, TIL the PowerShell Cookbook has been translated to Polish :)

@paulasadoorian Looks like you've got the color wheel covered :) Glow in the dark filaments are fun. If you have a 3d printer that can swap colors, I'd also look into soluble support.

@sj I wonder if instead the study had asked: "What is the positive predictive value of this test?" or even "How accurately does this test predict the existence of the thing being tested?" - would the results have been more accurate?

LOL, just when you thought you've seen "bad security" just saw this password being used:

Summer2017

TIL how crazy the "BD+" BluRay copy protection mechanism is. BluRay discs ship actual executable programs written for a custom virtual machine that can execute arbitrary code??!!

Also LOL:
"The copy protection scheme was to take "10 years" to crack, according to Richard Doherty, an analyst with Envisioneering Group".

Oct 2007: The first discs with BD+ encryption are released
March 2008: AnyDVD HD released, allowing the full decryption of BD+, allowing not only the viewing of the film itself but also playing and copying disks with third-party software.

https://en.wikipedia.org/wiki/BD%2B

Pebble Watches are coming back! https://ericmigi.com/blog/why-were-bringing-pebble-back

Had an interesting situation where AI coding helped make something _more_ secure.

I was writing a tool to connect to Azure AI, which requires an auth key. Some example code had this coming from an environment variable, which is a super common practice. So I asked AI if there was a way to make this more secure.

I was using Cursor, so it recommended (and implemented) a version where it securely prompted for the string at first launch and then stored the secret via keyring (Credential Manager on Windows).

Storing in keyring is far more secure, but realistically most people wouldn't do it by hand because the environment variable approach is "good enough." But because AI made it so easy, it actually got done.

I know AI doomerism is fun and calling LLMs stupid autocomplete is fun. But damn, was this easier than typing it in all by hand.

@horse "I'm sorry, I'm not at my fax right now. Please try my secondary fax. Failing that, try one of those inter-office air delivery tubes."

This address book column chooser is like a graveyard of old tech.

@SwiftOnSecurity @SwiftOnSecurity Watching that is definitely on my to do list. Did you see his one about the SAT? https://infosec.exchange/@Lee_Holmes/111506430074413132

@horse Get-Verb :)

@horse @Viss Yup, and 'echo' in PowerShell also does the right thing :)

¯\_(ツ)_/¯