mjg59

mjg59, 7 months ago to random

PLEASE check your kids' Halloween candy. Just found an Okta admin access token in a Snickers bar.

mjg59, 11 months ago to random

I know there are people reading this who work for major companies still advertising on Twitter (Apple, Google, and Amazon at least), so: two days before the SF Trans March, Elon is making it even more explicit that Twitter is a transphobic platform. You have the ability to influence the behaviour of your employers. Maybe do that?

mjg59, 1 month ago to random

Twitter just doing a "redirect links in tweets that go to x.com to twitter.com instead but accidentally do so for all domains that end x.com like eg spacex.com going to spacetwitter.com" is not absolutely the funniest thing I could imagine but it's high up there

mjg59, 4 months ago to random

A common assertion is that conferences shouldn't remove anyone who hasn't been convicted in court. This means that conferences can't remove people who scream over speakers, who drunkenly harass other attendees, who shit in the catering, and so on - this may be disruptive, may even be criminal, but even if you saw it happen they haven't been found guilty and so should be allowed to continue attending.

I don't think people want to attend conferences run by people who sincerely believe this.

mjg59, 4 months ago to random

Set of people who are all "We reverse engineered this CPU with an undocumented ISA and found a vulnerability that allowed us to flip a single bit in an HSE to obtain a key that allowed us to encrypt a payload that gave us arbitrary code execution on the ISS" and simultaneously also "It's literally impossible to prevent this single fucking guy from showing up at the event we run"

mjg59, 5 months ago to random

https://mm.icann.org/pipermail/tz/2023-December/033317.html really feels like Old Internet (read the entire thread, it's amazing)

mjg59, 8 months ago to random

Code for America just fired a bunch of people engaged in union activity so always remember that organisations nominally supporting the public good are not necessarily good

mjg59, 9 months ago to random

Remember that free software licenses are irrevocable - even if a vendor changes a project to a non-free license, the older versions continue to exist as free software. So while we should absolutely criticise vendors who take the work of others and make it non-free, we should also bear in mind that they gifted us the earlier versions in the first place, and cannot take that away again.

mjg59, 7 months ago to random

Thoughts on the Eben Moglen situation and how it reflects a wider problem in free software: https://mjg59.dreamwidth.org/68004.html

mjg59, 10 months ago to random

Let's not cheer for a company that attempted to assert that APIs were independently copyrightable

mjg59, 1 month ago to random

Just finished writing my lengthy paper on how "Many eyes make all bugs shallow", time to check what's happening on the internet today

mjg59, 10 months ago to random

Welcome to all the new users fleeing twitter! It's important to remember that the Fediverse (the correct term to describe what people frequently call "Mastodon") isn't Twitter and there are different social rules here. In order to avoid upsetting people who've been here for a while already, here's some guidance:

1. Become ungovernable
2. No snitching
3. Otherwise, do whatever the fuck you want

Hope that helps!

mjg59, 2 months ago to random

Yo I've got a PhD in genetics from Cambridge and on the off-chance you need it I give you permission to say that Dawkins is a hack

mjg59, 6 months ago to random

Today I got to tell my students that in the bad old days we used to write scripts that just SSHed into every machine and ran sed on config files but today we had puppet and I regret to inform you that based on their facial expressions we apparently still write scripts that just SSH into every machine and run sed on config files

mjg59, 22 days ago (edited 22 days ago) to random

I'm sure this is general knowledge but anyway: never enable SSH agent forwarding by default if you log into any systems that you don't trust 100%. It gives whoever has root on that system the ability to log into anything else your SSH agent can connect to. Either explicitly pass -A or add host entries to ~/.ssh/ssh_config to enable it for the scenarios you need it.

mjg59, 9 months ago to random

STOP DOING SPECULATIVE EXECUTION

INSTRUCTIONS WERE NOT MEANT TO HAVE REVERSIBLE SIDE EFFECTS

mjg59, 6 months ago to random

Extremely confused by people who see WSL as an attempt to compete with Linux and not an attempt to prevent developers moving to macos

mjg59, 4 months ago to random

Some years back I dated someone whose ex was still using her HBO account and she waited until 5 minutes before the Game of Thrones finale to change it and that is one of the most powerful flexes I have ever seen

mjg59, 10 months ago to random

STOP DOING PKCS#11

• SECURITY SENSITIVE APPS WERE NOT SUPPOSED TO LOAD ARBITRARY CODE
• YEARS OF DEVELOPMENT but NO REAL-WORLD USE CASE FOUND for PROPRIETARY CODE
• Wanted to drive your HSM anyway for a laugh? We had a tool for that: it was called "GHIDRA"
• "Yes, please dlopen() /usr/lib/systemd/boot/efi/linuxx64.elf.stub. Please dlclose() libsegfault.so" - Statements dreamed up by the utterly Deranged

They have played us for absolute fools

mjg59, 4 months ago to random

You're running a conference and you receive reports of an attendee having sexually assaulted people. You have 3 choices:
(1) you behave as if you believe the accusation. You make it clear that the alleged assailant is permanently banned.
(2) you behave as if you don't believe the accusation. You make it clear that the alleged assailant is still welcome.
(3) you choose neither, and imply that the alleged assailant is not welcome but do nothing to enforce that

(3) is the worst choice here

mjg59, 8 months ago to random

STOP ROUTING PACKETS TO KIWIFARMS
FUCKHEADS WERE NOT SUPPOSED TO BE GIVEN TRAFFIC
YEARS OF TESTING but no REAL-WORLD USE FOUND for giving transphobes ATTENTION
Wanted to host anonymously anyway for a laugh? We had a tool for that. It was called "TOR".
"Yes please give me HATRED. Please make me pay for INFINITY of it" - statements made up by the utterly Deranged

mjg59, 3 months ago to random

Piping a script downloaded over plaintext http into bash as root on safety critical systems is totally fine, say Florida health officials

mjg59, 4 months ago to random

Complaints about CEO salaries at non-profits are disproportionately targeted at people who aren't men and you should take that into account before amplifying them

mjg59, 3 months ago to random

Remembering back in the day when we'd put little dust covers over our computers after we turned them off and it's not really the dust covers that seem archaic but the idea that we'd turn the computers off

mjg59, 1 month ago to random

I love that Debian discovered both the failure of crowdsourcing a web of trust via keysigning parties (someone used ID in their name but issued by a fake country) and the failure of assuming upstream is trustworthy (an upstream buried code that wouldn't trigger on the Debian maintainer's system but would everywhere else) back in the 2000s but the free software ecosystem is still trying to come up with social solutions to a technical problem