:(){ :|: };: is a user on infosec.exchange. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

:(){ :|: };: @jgoguen@infosec.exchange

:(){ :|: };: boosted

stolen equifax joke Show more

:(){ :|: };: boosted

I'm old enough to remember when the Internet was going to decentralise the world economy and make small cities viable and attractive to work in because of telecommuting

Clearly avocados are the reason why millennials can’t afford home ownership. infosec.exchange/media/Qe7E4Ay

Facebook CSO Alex Stamos delivered the Blackhat keynote today. In his keynote, he calls out one of the, if not the single, biggest problem we have in the Information Security world: we build systems for people who have deep technical knowledge of everything they're going to encounter. Which is no one.

Security is about people. If we expect to succeed in infosec, we have to build for people.

facebook.com/security/videos/1

Adobe is killing Flash at the end of 2020! Finally, it's about time this thing gets gone! The end of 2020 can't come soon enough!

blogs.adobe.com/conversations/

:(){ :|: };: boosted

@bob @maiyannah @rysiek this is totally a failure of the W3C.

And as a result, it's now up to all of us that understand what a catastrophe this is to explain it to everyone that doesn't.

We gotta make them understand, and care.

:(){ :|: };: boosted
"really, seriously, what the fuck, Tim? Are you being massively, grossly and unfairly misrepresented? Are you in fact still trying to fight for the freedoms and the openness that you always seemed to be fighting for? Or have you, like all the rest, just gone 'fuck it' and toed the big-corp line? What does that even consist of? Did you actually just take a big check? Is that how it works? Or am I really, seriously, just completely missing the deal here?"

https://lobste.rs/s/vbh2ws/timbernersleeapproveswebdrmw3c

In which Linus expresses his opinion on systemd in a surprisingly calm and polite manner.

"…it's also not clear that init is the right source of limits, or even which limits we'd want to copy."

"And yes, a large part of this may be that I no longer feel like I can trust "init" to do the sane thing. You all presumably know why."

lkml.org/lkml/2017/7/6/577

Remember how systemd starting as root if the username starts with a digit isn't a bug? Turns out they're technically right. It's not a bug.

It's a bug worthy of a CVE. CVE-2017-1000082, which had to be requested by third parties. Like, I suspect, every systemd CVE ever.

nvd.nist.gov/vuln/detail/CVE-2

:(){ :|: };: boosted

@maiyannah @bob hot take: EME/DRM will be just as huge, glaring, festering security problem, as Flash was.

We just got rid of Flash, why are we now opening the web up for NSA via DRM/EME?

I mean, *obviously* users' security will not be a priority for EME/DRM blobs creators.

:(){ :|: };: boosted
:(){ :|: };: boosted
:(){ :|: };: boosted
Any organization that would attempt to place digital handcuffs on the world-wide web has no place in a modern society.
:(){ :|: };: boosted

@munin Watch out, systemd is coming to BSD if someone takes this patch seriously ;-)

marc.info/?l=openbsd-tech&m=14

Systemd has a bug where user names starting with a digit cause the user daemon to run with root privileges. According to the creator of systemd, this is not a bug and everything is fine. The reason everything is fine is because names like this, which are explicitly permitted by the base standards, are forbidden and tools shouldn't allow creating these names, so it's a bug in the tools for permitting names permitted by the standard.

Fsck systemd.

github.com/systemd/systemd/iss

It's like PulseAudio all over again, except most packages in systemd distros depend on systemd being the init system and may depend on other systemd components. If your audio doesn't work while you swap it out for something sane that's fine. If your init/DNS/logging/cron/boot (I shit you not, systemd-boot)/user login (again, no shit, systemd-logind) doesn't work you're in for a world of hurt.

The question was raised on birdsite what is the opposite of the KISS principal.

It's systemd. Systemd is the opposite of KISS, and of sanity, and of basic security, and in many cases of even common sense.

:(){ :|: };: boosted

"Decentralized social network" is actually the collective noun for nerds

:(){ :|: };: boosted
Really starting to appreciate my old boss at IBM's motto of "dogfood your shit or gtfo"  If you aren't going to use your own stuff, how can you expect anyone else to?