Paco Hope #BLM @paco@infosec.exchange

If you're gonna be at #44con in #London on Friday, check out my workshop on #AWS #Security scanning:
https://44con2022.sched.com/event/1Ag2z/paco-hope-build-your-own-aws-security-scanner

#GDIT: We do #Cloud, we do #AI, we do #Cyber. But we do NOT do #carts!

Holy crap. Cloning a VM in 2 seconds with #AWS Firecracker!

https://codesandbox.io/post/how-we-clone-a-running-vm-in-2-seconds

Passwords are like underwear...

I know I’m a bit of a crank, but this kind of article is just so clueless. https://www.itsecurityguru.org/2022/09/01/does-blockchain-really-offer-better-digital-security/

Consider this stupid quote under “benefits”: “Any data stored on the Blockchain cannot be altered or deleted; “ Not exactly an unalloyed good. What if you irreversibly lock away $661K forever?

https://web3isgoinggreat.com/?id=optifi-developer-accidentally-closes-the-project-contract-irretrievably-locking-661000

I’m giving a 2-hour workshop in #London at #44con September 15-16. It’s called “Build Your Own #AWS #Security Scanner”. We will start from a basic bash or python script and build out ways to detect security misconfigurations in AWS.

https://44con.com/44con-2022-talks-and-workshops/#hope

My favourite #AI author is Janelle Shane. Her blog never disappoints. https://www.aiweirdness.com/ai-recreates-classic-cereals/ #machinelearning

This is why I use #ghostery as my browser on my #iPhone. 3 images of the same web site. First, safari with no ad blocking or anything. The ads are so big and thick I can’t see one word of content. Next, Safari with “Better” a paid content blocker from aral@mastodon.ar.al. Finally Ghostery, which is usable. Life is better without ads. It’s important to do both: Ghostery and Better, because Better blocks content in web browser contexts like embedded browsers in apps. Ghostery doesn’t.

I love #AWS, I really do. But this blog post (https://aws.amazon.com/blogs/aws/how-we-sent-an-aws-snowcone-into-orbit/) has a pretty embarrassing detail. They tested for "seven months" only they didn't notice that the files were written in upper case and the software was looking for lower case. Kinda makes you ask what testing they were doing for 7 months...

On my flight I have a middle seat.They’re doing the safety demonstration and, as instructed, the guy next to me reads the safety card from the seat back pocket. He is not wearing a mask. #risk management 🤦🏻

I’m off to #AWS #reinforce in #Boston if anyone wants to meet up and talk #cloud #security in meat space.

I just paid $149 to renew my onlyoffice home server license. Because it's a "lifetime" license, you only have to renew/pay again if you want to get a newer version. It's worth it to me because I actually use the features with my family. My son and I are collaborating on a book via onlyoffice docs, and I have long run Christmas via a shared spreadsheet. (yes, I'm a geek)

https://www.onlyoffice.com/docs-enterprise-prices.aspx

This article highlights how important it is to know your threat and not just bandy about some security words. Stardust, a period tracking app, said a bunch of bullshit about "end-to-end encryption".

The question was "could you turn over individuals' data to law enforcement if you were ordered to do so?" And they wrote a bunch of "crypto X, 256-bit Y, TLS Z, crypto crypto crypto". Which turned out (unsurprisingly) to be smokescreen and distraction. And the answer is "yes, we could turn your data over to law enforcement, and in our privacy policy we reserve the right to do so, even if we're doing it voluntarily instead of being compelled."

https://techcrunch.com/2022/06/27/stardust-period-tracker-phone-number/

This is such a garbage article from #wired who should know better. It represents eSIMs as an unalloyed good. Not one disadvantage is named. It’s practically a fucking advertisement for the industry. Makes me think it was paid for by a telco lobby it’s so lopsided. https://www.wired.com/story/what-are-esims/

Counting is hard.

The "What Are The 3 Types Of Business Writing?" lists 4 types.

Right below it, we have "What Are The 4 Categories Of Business Writing?" which contains the informative answer: "The four basic types of instructional writing are: informational, persuasive, and transactional."

They forgot the 4th type, which is "AI-generated bullshit for SEO".

4/ENDS

The more I read, the more amazing this gets: There are 6 steps to "Write A Business Class Paper"

1. Select a topic.
2. Gather critical information.
3. Create an outline
4. Begin writing.
5. In Step 5, you must submit your business research paper.
6. Check the proof thoroughly before proceeding with Step 6.

Step 6: YOU ARE STEP 6. How does step 6 tell you what to do before step 6? My brain is broken.

3/

Now, to start with, this has somehow confused "Business Writing" and "International Business" with "Business Class". But not "business class" like a class at a business school, but more like "business class" as a class of service on an airplane. The cover photo depicts a drink served in a fancy airplane.

Of course the broken grammar of the title is a fabulous irony. Supposedly this will tell you how to pass a business writing class, but they themselves can't even write.

2/