Pinned toot

I post about technical topics here, especially , , . My other account is for German-language non-technical stuff.

Or that ad which apparently appeared in the "who to follow" sidebar, targeted at people with an interest in chemistry with the targeting type "Retargeting campaign engager." So this ad was delivered to me because I supposedly engaged with the campaign in the the past?

The ad impressions, targeted to my supposed interests, are an interesting read - particularly given that I've never actually seen the ads appearing in the home timeline, not using it. Twitter is selling advertisers something there but not delivering.

For reference, I know neither French, nor Portuguese nor Japanese. But at least I have a theory how that Japanese one came to be. Apparently, it translates as "Thunderbird" into English. And in fact, I wrote about Thunderbird on a few occasions. Mozilla Thunderbird that is...

I now downloaded my Twitter data which contains more interesting stuff. Apparently, the shows I am interested in are:

Bundesliga Soccer
Doctor Who
Jogada Certa
La reine des neiges
Milan Fashion Week: Men's Winter 2017
Sessão da tarde
The Blacklist

It always amazes me just how little care companies offering a security product put into the security of their services. Look through the whole thread:

Playing more with Twitter Analytics and comparing various audiences, I am becoming more and more convinced that the love for dogs is the uniting factor of all humanity. I've yet to find a group where it would be shared by less than 97% of its members.

Found "my" interests under And apparently I'm also interested in dogs. Who would have guessed? Also interested in "Brian Krebs" - listed twice even, probably because I actually follow him.

Now I really want to learn what kind of interests and audience groups Twitter deduced for me. I guess a request should do?

I discovered Twitter Analytics today and now I have the remarkable insight that my followers are very typical Twitter users. An in: 97% of them are interested in dogs which is pretty much the average for all Twitter users. Good to know!

I updated my answer on security that I originally posted to Security Stack Exchange back in 2016. The new version is well-structured and includes info on all the recent developments here. Got way too long however.

Sean is telling some uncomfortable truth about the bug bounty programs: how companies don't treat everybody the same and won't pay newbies anything if they can get away with it.

Welcome to the front lines of the license wars where using the ideologically correct license is more important than providing a good user experience.

No, ZFS project isn't going to switch licenses of course. Instead, they switch to slower fallback code.

The response is quite remarkable:

"My tolerance for ZFS is pretty non-existant. Sun explicitly did not want their code to work on Linux, so why would we do extra work to get their code to work properly?"

Present day: ZFS developers (providing an open source kernel module!) request that kernel_fpu_begin() function is made available to all kernel modules, being merely a new name for the previously available __kernel_fpu_begin(). And the community built by Linus Torvalds responds.

There is no meaningful agreement on what APIs are "internal" enough that accessing them should require you to adopt GPL license. There is however considerable doubt that this bullying actually made anybody adopt GPL.

Apparently, common sense prevailed and non-GPL modules are tolerated as a necessary evil. Instead, technical means have been implemented to prevent non-GPL modules from accessing certain kernel APIs that are considered "internal."

However, that they consider kernel modules derivatives of the Linux kernel, so that proprietary modules and incompatible open source licenses are GPL violations - that was new to me. So how come non-GPL kernel modules still exist?

Until today, I've been completely unaware of the drama around the kernel and non-GPL modules. I knew of course that Linux developers dislike proprietary kernel modules and would prefer everything GPL-licensed and in their tree.

For reference, that's Universal XSS caused by an antivirus application. But probably not exploitable because browsers (even MSIE) won't execute contents of unclosed <script> tags and attribute values cannot be set without the equals sign.

Didn't expect that exploiting an vulnerability would be so hard if all you have is <, > and ". The payload is injected both inside a double-quoted attribute value (sadly, no javascript: URLs) and outside of tags but whitespace, =, &, ', / will all be URL encoded.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.