Notices by Lee Holmes :donor: (lee_holmes@infosec.exchange)

@sj If you were to design a system to favor those who will generate profit, would you pick those metrics? I think I would add things like:

- Average length of debt holding ("Our research shows that people who hold debt for a long time and pay it off slowly can be depended on to do so for new loans and are therefore less risky"). Note that this would have to be different than the current metric of "Length of Credit History", since the current metric includes non-debt accounts like utility bills.
- Use of high-interest debt ("Consumers that demonstrate the skill to leverage high-interest debt when needed are more likely to be trustworthy with new debt")

I know somebody that had perfect credit (850) where their only debt-based accounts were a mortgage and a credit card that they paid off monthly, so 🤔

@sj Alternatively, having no debt could be a sign that you haven't proven you can manage a debt load and are therefore more risky.

As far as I understand, you get dinged from not having enough and also dinged for having too much.

Whether you believe what the lion says or not, this is what the lion says :) It does appear more biased toward risk than whether you carry balances: https://www.experian.com/blogs/ask-experian/credit-education/score-basics/what-affects-your-credit-scores/

@sj Credit scores don't account for income / assets though.

It makes me super uncomfortable that globbing in Bash can turn into code execution. The fact that the name of a file can change the behavior of ls is scary. This also works for other commands that you tend to glob with, such as rm.

I'm sure there's something here, but I don't have the patience to find it :)

@sj Congrats! Does Aurora also drive while under big doses of amphetamines to more closely mimic real-world drivers? How is its CB etiquette?

@sj FTFY

@inthehands @catsalad I envy your confidence to 100% trust anything on a computer :)

Accidentally unzipped an archive via Gnome into a directory called "~" in my home directory. I did not trust myself to delete it without renaming it first 😂

@sj Including the process leading up to that being an approved change.

Yay, Facebook stole so much of my stuff, The Atlantic needs a scroll bar to show it.

Also, TIL the PowerShell Cookbook has been translated to Polish :)

@paulasadoorian Looks like you've got the color wheel covered :) Glow in the dark filaments are fun. If you have a 3d printer that can swap colors, I'd also look into soluble support.

@sj I wonder if instead the study had asked: "What is the positive predictive value of this test?" or even "How accurately does this test predict the existence of the thing being tested?" - would the results have been more accurate?

LOL, just when you thought you've seen "bad security" just saw this password being used:

Summer2017

TIL how crazy the "BD+" BluRay copy protection mechanism is. BluRay discs ship actual executable programs written for a custom virtual machine that can execute arbitrary code??!!

Also LOL:
"The copy protection scheme was to take "10 years" to crack, according to Richard Doherty, an analyst with Envisioneering Group".

Oct 2007: The first discs with BD+ encryption are released
March 2008: AnyDVD HD released, allowing the full decryption of BD+, allowing not only the viewing of the film itself but also playing and copying disks with third-party software.

https://en.wikipedia.org/wiki/BD%2B

Pebble Watches are coming back! https://ericmigi.com/blog/why-were-bringing-pebble-back

Had an interesting situation where AI coding helped make something _more_ secure.

I was writing a tool to connect to Azure AI, which requires an auth key. Some example code had this coming from an environment variable, which is a super common practice. So I asked AI if there was a way to make this more secure.

I was using Cursor, so it recommended (and implemented) a version where it securely prompted for the string at first launch and then stored the secret via keyring (Credential Manager on Windows).

Storing in keyring is far more secure, but realistically most people wouldn't do it by hand because the environment variable approach is "good enough." But because AI made it so easy, it actually got done.

I know AI doomerism is fun and calling LLMs stupid autocomplete is fun. But damn, was this easier than typing it in all by hand.

@horse "I'm sorry, I'm not at my fax right now. Please try my secondary fax. Failing that, try one of those inter-office air delivery tubes."

This address book column chooser is like a graveyard of old tech.