@feld@bikeshed.party
@feld@bikeshed.party avatar

feld

@feld@bikeshed.party

Live, Laugh, Like and Subscribe

Fastmail referral link -- get 10% off your first year https://ref.fm/u12606493

This profile is from a federated server and may be incomplete. Browse more on the original instance.

feld, to random
@feld@bikeshed.party avatar
feld, to random
@feld@bikeshed.party avatar

lol DeSantis is fucked

Disney's lawyers keep piling on case law and this is gonna happen in a Federal court so DeSantis can't even rely on his Florida judges

Moon, to random
@Moon@shitposter.club avatar

taking applications for hot office lady

feld,
@feld@bikeshed.party avatar
feld,
@feld@bikeshed.party avatar

image/png
image/png
image/png

feld, to random
@feld@bikeshed.party avatar

Just learned that DNSSEC breaks the ability of NTP to sync, that's fun!

feld,
@feld@bikeshed.party avatar

The only way to use a "pool" of NTP servers is with DNS

If you have clock skew and you try to start NTP but the domain is using DNSSEC, you're fucked

feld,
@feld@bikeshed.party avatar

because if your clock isn't correct DNSSEC validation will fail

lain, to random
@lain@lain.com avatar

the only problem with xenoblade is that everyone's bri'ish

feld,
@feld@bikeshed.party avatar

:dukedog:

feld, to random
@feld@bikeshed.party avatar

Mistakes were made

gme, to random

I am concerned that the industry push away from passwords towards security keys and biometrics is a giant step backwards for civil liberties in the US.

A person in the US can’t be compelled to give up their password (usually, of course there are exceptions, but they are few and don’t affect the average person) as that would be considered a violation of several US Constitutional amendments (mainly the 4th and 5th).

In addition, there are few (if any) 4th amendment protections for any data that is stored “in the cloud”. Service providers can, and have been, compelled to disclose sensitive information in their custody that “belongs” to a person, organization, or other “entity”.

But more alarming is that an American citizen does not have any 4th or 5th amendment protections against being forced to look at phone or computer to unlock its contents, or to provide a finger to do the same.

There are even issues with Yubikeys. They are physical keys and anybody with access to them can unlock any system that is protected with them.

So forgive me for not jumping on the passkey, Windows Hello, and other security key bandwagon and avoiding those technologies when I can.

Sure, they’re convenient!

But at what cost?

feld,
@feld@bikeshed.party avatar

as long as you can protect the security key with a password it should be fine

feld,
@feld@bikeshed.party avatar

yes, but I don't know of a way to do it in practice except using the Apple PassKey implementation and turning off TouchID and FaceID so you have to put in a password to use it

feld,
@feld@bikeshed.party avatar

If I could somehow make a PassKey out of my GPG/smartcard on my yubikey it would be possible for me to require my passphrase before the PassKey could be used.

I wonder if someone is working on this or if it's even possible.

feld, to random
@feld@bikeshed.party avatar

Everything you need to know about the undisclosed Amazon security issue can be found here

https://dickmorrellsecurity.com

rgegriff, to random

I kinda want a phone with a square aspect ratio. Sharper corners, but with a rounded back like the earlier iPhones.

feld,
@feld@bikeshed.party avatar

we used it as our on-call phone @ work and it survived a washing machine

soatok, to random
@soatok@furry.engineer avatar

Hot take: Every time a corporation announces layoffs, they should be legally required to disclose how much money they've spent on stock buybacks in the past 6, 12, and 24 months.

Keep things in perspective.

cc @rbreich

feld,
@feld@bikeshed.party avatar

I wonder if it's actually possible to make stock buybacks illegal within the existing legal framework, but I'm pretty sure you could require the stock buyback to require some special process that flags those shares being transferred in such a way that it can't move the stock price

edit: I just don't see how it isn't blatant fraud for them to buy back to push the stock price higher which is generally what happens (as well as siphoning out the company's coffers to the shareholders, which while disgusting is perfectly legal even though it risks killing the company by significantly weakening its finances)

feld, (edited ) to random
@feld@bikeshed.party avatar

I've been in distinguished company before: Marshall Kirk McKusick, Robert Watson, Poul-Henning Kampf.

But the guy who wrote a web interface for an ipchains firewall/NAT setup that could dial a modem? lol

feld, to random
@feld@bikeshed.party avatar

I am the 2%

video/mp4

steeznson, to random

The new Evil Dead movie was sufficiently horrible. More fun than the 2013 reboot though.

feld,
@feld@bikeshed.party avatar

Is it like the Ash vs Evil Dead show? Because that's great

alex, to random
@alex@gleasonator.com avatar

There’s so much code to write bros… I work morning to night like Daddy Elon says, but I’m still chipping away at the precursors to the thing before I can do the thing.

feld,
@feld@bikeshed.party avatar

Classic yak shaving

lopta, to random
@lopta@mastodon.social avatar

Is everyone signing out of their Amazon devices, setting up 2FA and changing passwords?

feld,
@feld@bikeshed.party avatar

Based on the bizarre response he sent back I think the guy's full of shit because if those things aren't compromised there's no good reason to do a thorough reset of them

IdahoLark, to random
@IdahoLark@syringa.social avatar

I didn’t know such a thing existed, and was honestly surprised to see it for sale in a very redneck town in rural Missouri. Good on you, PepsiCo!

feld,
@feld@bikeshed.party avatar

No nuts?

KrauseFx, to random
@KrauseFx@mastodon.social avatar

This sums up @1Password and Big Tech so well

feld,
@feld@bikeshed.party avatar

You can always just tag them here, maybe they read THESE comments @1password

Cloudguy, to random

deleted_by_author

    •
    feld,
    @feld@bikeshed.party avatar

    Smells to me like a data dump was found, Amazon accounts with all the auth tokens, 2FA seeds, and MD5 or SHA1 passwords were found (for compatibility with an ancient LDAP or something, guessing), so regen all to avoid being popped in the future

    feld,
    @feld@bikeshed.party avatar

    Why else would you need to reset all of this if what I stated is not true? Your password, 2FA (except hardware tokens!), and all connected devices are compromised? Sure sounds like password hash, 2FA seeds, and tokens were stolen or leaked.

    feld,
    @feld@bikeshed.party avatar

    Yeah great I worked at Sourcefire/Talos for a while. I've been in charge of protecting databases of our 0days, processing embargoes, etc

    I get the whole "look at me, I am important security researcher" shtick but your ego is about 6 sizes too big to be calling yourself "distinguished company"

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • osvaldo12
  • mdbf
  • Youngstown
  • cisconetworking
  • slotface
  • rosin
  • thenastyranch
  • ngwrru68w68
  • khanakhh
  • megavids
  • ethstaker
  • tacticalgear
  • modclub
  • cubers
  • Leos
  • everett
  • GTA5RPClips
  • Durango
  • anitta
  • normalnudes
  • provamag3
  • tester
  • lostlight
  • All magazines
    •