Show newer

This my buddy in the tank this morning doing physical therapy.

Just saw a post about potato cannons. I once drove from Detroit to Atlanta along I-75. Somewhere in North Georgia, I guess, was a few people in an open top Jeep. The passenger had a potato gun and was firing it from the car into the median.

It’s really quite memorable because that was the morning of September 11th, 2001. An hour or so before the world went to hell.

Jerry Bell boosted

In case it’s not obvious, the building appears to be a large EarthLink office. I thought they had been out of business for years.

Show thread

By the way, the $1200 aeron chair is totally worth it, in my experience so far. Really happy with it.

Show thread

Apparently because I bought their $1200 chair, I now need their $4000 desk

Jerry Bell boosted
Jerry Bell boosted

@jerry oh absolutely agreed on the pandemic levels.

In a way it's just another facet of run-away computational capacity. It's *easier* to include more tools (or make a protocol/format/tool more computationally complex) than it is to minimize that capacity/power/complexity.

I said it before and I'll say it again, I want more people to start paying attention to #LANGSEC.

Jerry Bell boosted

@jerry I had a quite elaborated debate about minimal images a while ago:

I'm still looking for any quantitative research regarding the impact of minimal images, but not much success in this space.

In other news, I get to take my dog to physical therapy today where she will be placed in a water treadmill.

My dog hates water. This is going to be entertaining.

I have noticed a concerning trend with software that increasingly distributed as a virtual appliance, or more often a container image. Those images are usually Linux distros with some extra software and configuration installed. But the Linux OS isn’t stripped down, and so the image is subject to all manner of vulnerabilities in components that the application doesn’t use. Then, because it’s a software product, end users have to wait until the vendor releases a fix. But the vendors declare “yes, it has that vulnerability, but we’re not fixing it because it doesn’t impact our product”.

I think that’s the wrong way to look at things. If a baddie is able to find some way in, why are we leaving helpful tools for them all over the place? Yes, they may still be able to install their own, but that’s like saying “I’m not going to lock my door because someone can just break a window if they wanted to get in”.

I think we need to get better and minimizing the attack surface by removing stuff we don’t need AND fixing (or removing) vulnerabilities we don’t think impacts us, but are still there.

The latest update excluded my location. Sigh. I was looking forward to some space junk.

Show thread

Looks like I’m in the path for the rocket crash landing tomorrow. Hopefully my insurance will cover this:

Jerry Bell boosted

...He’d shut down Reality Labs and admit the Meta thing was a huge, stupid mistake, perhaps spinning out Oculus again. Whatever nebulous growth metrics suggest this company is a suggest fail to evaluate exactly how lifeless it is and how far it has strayed from making products that people actually enjoy.”

Source: Ed Zitron -

Show thread

Had a dentist appointment today. Routine cleaning. Turned out to be not so routine. I won a return trip next week for a crown and some laser surgery on the roof of my mouth 💩​

Jerry Bell boosted

We're hiring for a vulnerability analyst! Full time remote (US only), you'll be responsible for our PCI/ASV clients and other compliance frameworks.

You'll be on the same team as me (yay!) and work on verification of pentest findings too.

I know most people hate Scott Adams now, and for good reason, but when I entered the corp world about 30 years ago, I found the Dilbert books and really loved them. One of the cartoons that sticks with me to this day is a strip where the office team has to compliment each other. I think it was Wally who said to Dilbert “I admire your ability to get paid for that kind of work”. Still makes me giggle.

That at the idea of turning unused cubicles into overflow prison cells.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.