Paco Hope @paco@infosec.exchange

@igeljaeger @igeljaeger @Main_Tomato @quad Git off my lawn

@igeljaeger @igeljaeger @Main_Tomato @quad The whole point of the fediverse (in my opinion) is “my instance, my rules” (corollary: my app, my rules). The fediverse doesn’t mean everyone plays by the same rules. People who want to block gab preemptively are as legit on the fediverse as those who block nobody and those who only block for reasons X, Y, or Z. People should use instances whose rules they align with. Simple as that.

This is a beautiful and diabolical collection of dark patterns and broken user interface elements. It’s awe inspiring in its awfulness. https://userinyerface.com/index.html

Check my math (I wonder if I'm missing something). $480K after taxes, minus $117K restitution and $55K fine still leaves $308K net proceeds. Divide that by 4 (number of months in prison) and he's getting paid $77K per month of prison. Imagine he paid $100K to his lawyers. He's STILL getting off pretty damn good. I must be doing some of the math wrong.
https://www.grahamcluley.com/ex-equifax-cio-who-knew-about-huge-data-breach-jailed-for-insider-trading/

Colleague just stuck a meeting on my calendar right between 2 other important meetings. Then he messaged me to ask if it was ok. I said "it's fine as long as we are strict on time". His reply: "We are in Switzerland. We will have no trouble being on time." :) I'm sure he's right.

This just in from the VP of Solutions Hunting for Problems (https://www.salesforce.com/company/news-press/press-releases/2019/05/192915-i/)

I have a call in 5 minutes, I desperately need the loo, and my laptop seized up and needs rebooting. Ugh

@fedilab kinda depends on what you want: a definitive list or just a few unadvertised names. AXFR transfers have long existed, but the vast majority of DNS servers reject them. You can check certificate transparency logs to try to find subdomains where a certificate was registered. That geekflare site of tools looked promising.

This headline is kinda garbage. Let me try rewriting it: "Confirmed: 20 years of consistently cutting NASA funding left an agency that can't do all the thing we want it to do."
https://www.forbes.com/sites/daveywinder/2019/06/20/confirmed-nasa-has-been-hacked

@espectalll @FirstProgenitor It is nobody's job to tell them anything. Nobody owes anybody an explanation. I mean, we can be nice and spend a bit of time trying to work it out. But that's a gift. The whole point of mastodon (in my mind) is *different* rules on different instances and some will defederate or whatever because that's the rule on *that* instance.

@cwebber I wonder if someone has confronted weaponised mastodon. Docker container spins up, generates random users who follow lots of people, send them abuse, then shut the instance down. Dynamic IPs at cloud providers, faked profile data in users, ephemeral instances that come and go. Do it over Tor and you can’t tell privacy-focused users from abusers. Ugh.

I've just discovered a somewhat troubling statistic. In the last 17 years, which is like 6198 nights since I joined, I have 286 nights in just one hotel's programme. That is like 4.5% of my life. And while that's probably the single largest brand of hotel nights in my career, it's probably at most 50-60%. It makes me think I've spent like 10% or more of my life in hotels the last 17 years. Not sure how I feel about that.

@sudocat You're right. But there are trade-offs everywhere. When you use a 3rd party provider, they have a say (by means of their Ts & Cs) in what you can email or not email. I've run my own email server since 1999 or so. I'm comfortable with it. The whole ecosystem is a house of cards, though. It's not for the faint of heart.

I run iRedMail (iredmail.org) as my personal email server (it's really postfix+dovecot+etc) and Nextcloud (nextcloud.com) for file, calendar, and contact sharing. You can link the two so they share identities. Taken together, this combo is really solid replacement for the free and surveillance-capitalism-based ecosystem. https://forum.iredmail.org/post69001.html

Just had my 3rd or maybe 4th pull request accepted to a public project. On the one hand “yay”. On the other hand, most of my PRs are just like syntax fixes on a couple of lines.