Show newer

I have to do a thread on this amazingly terrible web page that is awesome in its terribleness. Let's just start with the title:
"How International Student Pass Business Writing Class."

https://www•eclipseaviation•com/how-international-student-pass-business-writing-class/

(URL neutered to avoid giving them clicks).

So it's not clear that the author really WOULD pass a business writing class, with that title. But a quick read gives so much more fun details.

1/

PC Gamers: we demand diablo immortal on PC!

Me: Why? it's going to be a fucking garbage mobile game.

PC Gamers: You don't know that!

Me: *Shrug*

*Time passes*

PC Gamers: diablo immortal fucking garbage mobile game!!

Me: HA!

Laughing out loud at my 16yo who already thinks like a code: I’m mentioning that I am going to get a 3D printer and we could print our own dice.
19yo: you could print a 7-sided die
Me: I don’t know a good 7-sided polyhedron
16yo: it’s just an 8-sided die with one side labeled “roll again”

I feel bad that I can’t give credit. This is a screenshot that was sent by a friend of a friend. But it is so apt about and .

Funny problem. How do you deploy an role across all your AWS accounts?
Step 1: deploy an IAM role to all your AWS accounts.
Step 2: run this script to use the first IAM role to deploy the second IAM all your accounts...

And so now I can just go over to Safari, copy/paste the text, and be on my merry way!

I don't have a lot of encrypted PDFs whose content I can happy paste into a search engine (not much overlap in that Venn diagram!) so I don't know how MUCH text I can copy/paste this way. But it beat the heck out of typing! 3/FIN

Show thread

If I try to copy from the PDF, I get this warning that says I need to supply the password to Preview. Now, if I right click on the text, I see a few options. Including "Search with DuckDuckGo". That's interesting. (DuckDuckGo is my default search in Safari) I select that option and what do you know? Safari opens. It has copied the text I highlighted and sent it to DuckDuckGo as a search string! 2/

Show thread

I've just discovered how to use Preview on to bypass some protections. Here's a small thread. It's trivial stuff.

On our legal documents, our legal team apparently encrypts PDF contracts. Good for them. If I open one in Preview (Version 11.0 (1018.6.2), Big Sur 11.6.5) and I look at the document info, I see password protection is enabled. It says it's "encrypted" but there are a few standards of PDF . I don't know what this means. 1/

When IoT product vendors offer "lifetime technical support", they're serious. They just don't mention WHOSE lifetime they're talking about. It's their life span that will the limiting factor, not yours.

In 2019, we observed AdColony receiving GPS location data from Grindr and filed a GDPR complaint:
forbrukerradet.no/side/complai

German watchdog @mobilsicher@twitter.com just observed Inneractive/Fyber receiving GPS location data from a clock/weather app with >50m installs:
mobilsicher.de/apptest/frisch-

Show thread

Nice story about how you can end up with cool stuff if you keep old warez about 

Lotus 1-2-3 enthusiast runs into old pirated copy of lotus 1-2-3 for unix and ports it to linux. Great story, which wouldn't have been possible if it wasn't for pirates.

lock.cmpxchg8b.com/linux123.ht

#piracy #software #hacks

My battle against the SecurityHub "best practices" continues. This time it's "[EC2.21] Network ACLs should not allow ingress from 0.0.0.0/0". I don't USE NACLs. NACLs are stupid. They're a total waste of time and not the right way to do network security. If NACLs are an important part of your , you're doing it wrong.

docs.aws.amazon.com/securityhu

Got my new #cat yesterday. Forgot to post a photo. He has a raccoon tail, so I named him Arty (“RT”). He’s settling in really well. #mastocats

Today's hot take, from someone who works at (but this is just my personal opinion). CIS Benchmarks for AWS are total crap. Mostly a waste of time. Like, you can spend hours and hours making them shut up and stop nagging. But it's so superficial and so basic. You have a LONG way to go after you get the CIS benchmarks to shut up.

Dear open source users,

If the author of your favorite open source app has announced they stopped developing and supporting the app (because they're frustrated and possibly burned out), please don't suggest they do more free work so that you can continue using the app.
Instead, consider thanking them for their past work and let them know that you enjoyed their app.

Regards,
another open source developer

I wonder how view this announcement 6 months or so later…. Might have been premature to abandon the . Especially given their clientele.

mastodon.social/@protonmail/10

do it, boost my status. load test my instance. take it down. i dare you

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.