:(){ :|: };: @jgoguen@infosec.exchange
Dad, feminist, infosec, probably a dormant cyber pathogen, introvert. Chaotic Good. Toots are mine, don't blame my employer. Encrypt then MAC. RT != endorsement
stolen equifax joke Show more
I'm old enough to remember when the Internet was going to decentralise the world economy and make small cities viable and attractive to work in because of telecommuting
Clearly avocados are the reason why millennials can’t afford home ownership. https://infosec.exchange/media/Qe7E4AylAJJeMNlRx5g
Facebook CSO Alex Stamos delivered the Blackhat keynote today. In his keynote, he calls out one of the, if not the single, biggest problem we have in the Information Security world: we build systems for people who have deep technical knowledge of everything they're going to encounter. Which is no one.
Security is about people. If we expect to succeed in infosec, we have to build for people.
Adobe is killing Flash at the end of 2020! Finally, it's about time this thing gets gone! The end of 2020 can't come soon enough!
https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html
@bob @maiyannah @rysiek this is totally a failure of the W3C.
And as a result, it's now up to all of us that understand what a catastrophe this is to explain it to everyone that doesn't.
We gotta make them understand, and care.
https://lobste.rs/s/vbh2ws/timbernersleeapproveswebdrmw3c
In which Linus expresses his opinion on systemd in a surprisingly calm and polite manner.
"…it's also not clear that init is the right source of limits, or even which limits we'd want to copy."
"And yes, a large part of this may be that I no longer feel like I can trust "init" to do the sane thing. You all presumably know why."
Remember how systemd starting as root if the username starts with a digit isn't a bug? Turns out they're technically right. It's not a bug.
It's a bug worthy of a CVE. CVE-2017-1000082, which had to be requested by third parties. Like, I suspect, every systemd CVE ever.
@maiyannah @bob hot take: EME/DRM will be just as huge, glaring, festering security problem, as Flash was.
We just got rid of Flash, why are we now opening the web up for NSA via DRM/EME?
I mean, *obviously* users' security will not be a priority for EME/DRM blobs creators.
@munin Watch out, systemd is coming to BSD if someone takes this patch seriously ;-)
Systemd has a bug where user names starting with a digit cause the user daemon to run with root privileges. According to the creator of systemd, this is not a bug and everything is fine. The reason everything is fine is because names like this, which are explicitly permitted by the base standards, are forbidden and tools shouldn't allow creating these names, so it's a bug in the tools for permitting names permitted by the standard.
Fsck systemd.
It's like PulseAudio all over again, except most packages in systemd distros depend on systemd being the init system and may depend on other systemd components. If your audio doesn't work while you swap it out for something sane that's fine. If your init/DNS/logging/cron/boot (I shit you not, systemd-boot)/user login (again, no shit, systemd-logind) doesn't work you're in for a world of hurt.
The question was raised on birdsite what is the opposite of the KISS principal.
It's systemd. Systemd is the opposite of KISS, and of sanity, and of basic security, and in many cases of even common sense.
"Decentralized social network" is actually the collective noun for nerds
