Show more
Paco Hope boosted

Presentation of this toot was made possible by the Corporation for Public Tootcasting and by boosts from
T o o t e r s
L i k e
Y o u

Paco Hope boosted

I have this idea that tooling that turns specs into documentation (like Swagger or JavaDoc or whatever) should keep a giant list of apologetic modifiers and prepend them to the front of every paragraph or section or something.

"Unfortunately, this function takes and string and…" "Deplorably, a Segment object is used to model…" "Tragically, a responds code of 304 indicates…"

Not learning a thing from 3D printing of TSA keys or all the data breaches that have happened in the last decade, a firm has created photos-of-keys-as-a-service. It is a bad idea beyond bad ideas.
This year's announcement.
Why that's bad.

Looks like is a manager to watch. It's multi-platform, open source, and free. Reading the github issues, it sounds a little rough around the edges. Ready for early adopters, but not ready for the masses.

Paco Hope boosted

Interesting: you can fingerprint people based on their browser extensions, and LinkedIn has been doing so for years #privacy

This is not a joke. This was an actual progress bar on a web site I use. Microsoft has nothing on these folks. :)

I just disabled on my email server. I'm not sure that it detects anything of value, but it uses half the instance's RAM trying. I suspect the RAM-to-value ratio is not good enough.

If you're in and you're in Europe, the Middle East, or Africa, there's a great award to recognise an outstanding contributor: the ISLA (Information Security Leadership Award). Nominations close in 2 weeks:

Paco Hope boosted

It's 2019.

We're now exactly halfway between y2k and the 32-bit Unix time overflow.

OMFG! I suck. I just did a classic rookie move. Terminated an EC2 instance that was precious. Checked Lifecycle Manager and it wasn't making backups. I feel like such a fool. Embarassing.

I have a love/hate relationship with Firefox's new TRR (trusted resolver) feature that does it's own DNS. (Link here:

At home, on my WiFi, I've got awesome control and I really DON'T want Firefox to subvert it. Everywhere else, I love the TRR feature.

Sadly, the folks at Nextcloud don’t understand that owning your data and owning your infrastructure are not the same thing. I love the software and have done for a long time. But they consistently contend (needlessly) that you don’t own your data unless you own the hardware storing it. That’s patently absurd and silly.

Paco Hope boosted

I recommend iRedMail to people who want to self-host their email. It handles lots and lots of stuff. DKIM, mailing lists, database-backed addresses and domains, etc. But don’t kid yourself. It’s hard. So many things to manage:
• spam filtering
• email scanning/virus scanning
• a database server
• inbox protocols (e.g. imap and exchange)
• web mail (with a web server)
• TLS (maintaining the certificate and integrating it with all the various services)
• OS-level maintenance/backup, etc.


Rick Factor Authentication
Something that will never give you up
Something that will never let you down
Something that will never run around & desert you
Something that will never make you cry
Something that will never say goodbye
Something that will never tell a lie and hurt you


Paco Hope boosted


We might help these refugees feel more welcome by leveraging the psychology. Comment, boost their stuff for a few weeks, so that the dopamine levels don't drop as low. After a while, ease off and condition them to the calmer way of Mastodon/Pleroma.

This way, their brain might tell them "This is more fun than XYZ" and start recommending!

I disable location services most of the time and disable background app execution all the time. Is it any wonder why?

Someone actually modified our internal ticketing system to offer the option of seeing random cats or dogs instead of staff members' employee photos. It's awesome.

Oh, man. The 2000s called and they want their integer overflow bugs back.

"unprivileged users with UID > INT_MAX can successfully execute any systemctl command"

When—in 2018—I find a CV written in , I think "here's a geek." Only a PhD considers doing a commercial CV in LaTeX.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.