Every time I deal with WSUS/Windows Updates, I'm happier that yum/apt/whatever Linux package management exists.

Does anyone have a good link for how certificates work? I come across a lot of people who think they're black magic. I want to be able to give them some info to explain it.

Any suggestions on links/resources/presentations would be appreciated.

I found this one that seems ok as a start: blogs.msdn.microsoft.com/fredd

I saw a novel way to calculate the Nth *day of the month, I decided to make it a more generic function.

gist.github.com/jjbaumgartner/

I've decided I should do more writing/blogging. I think it would be good for my career in the long run.

Unfortunately, toddler + infant != free time.

Maybe one of these days...

Can we all agree to focus more on RCEs than local-only exploits? That's not to say that local-only things don't need fixing, but let's focus on the bigger issues.

I'm sick of hearing about Spectre/Meltdown (and variants) being the end of the world. Let's fix them, but let's stop pretending they're the most critical issue out there.

Sysadmins need a shirt reading: "I survived Patch Tuesday"

I've complained about systemd before, but this talk gives excellent perspective. Doesn't explain the security complaints, but still good perspective.

youtube.com/watch?v=6AeWu1fZ7b

This is old, but it brings up a question.

How much of "good security practice" is just not being completely stupid? 90%? 95%?

bleepingcomputer.com/news/secu

In honor of @jerry, here's the July MS patch truck. Again.

Metadata updates, re-issues...I'm a little sick of trying to keep up with this shit-show.

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.