@tweedge@cybersecurity.theater
@tweedge@cybersecurity.theater avatar

tweedge

@tweedge@cybersecurity.theater

Security goon at an online-bookstore-slash-server-rental company, adjunct professor at RIT, janitor for r/cybersecurity, and sporadic FOSS contributor. Cat person. Generally cheerful ^_^

Always trying to learn new things, and I'd rather be corrected than be correct. I try to be correct the first time anyway though!

How can I help?

(posts searchable via tootfinder)

This profile is from a federated server and may be incomplete. Browse more on the original instance.

tweedge, to random
@tweedge@cybersecurity.theater avatar

forgot I had this on my phone, now you can have it on your phone too

tweedge, to random
@tweedge@cybersecurity.theater avatar

Progressive web apps implies the existence of conservative web a-- ah. oh boy.

tweedge, to random
@tweedge@cybersecurity.theater avatar

Now that my class is wrapping up, time to try out some Seagate MACH.2 (read: dual actuator!) HDDs. The performance from these has been crazy - over 500 MB/s sustained sequential reads per drive. Comes with more power consumption, heat, and I assume failure rate... But looking forward to seeing how these perform in the real world.

tweedge,
@tweedge@cybersecurity.theater avatar

@lucas If you're careful about how you're partitioning & know your access patterns, you "can" get 2x the IOPS. But I suspect that's easier said than done. I have the SATA version which presents as a single device, and you have to partition it into two halves (one for each actuator), then organize your data on each half. When each acutator is being accessed independently, you're golden! Anything requesting access from the same actuator is going to have the usual contention issues though.

tweedge, to random
@tweedge@cybersecurity.theater avatar

If your company or marketing team or whatever sends me spam emails, I'm "that guy" that jumps through all the spam report/abuse report/etc. hoops to get you booted off whatever email service you're using. Fuck spam and fuck you. ๐Ÿ˜˜

tweedge,
@tweedge@cybersecurity.theater avatar

@varx Nothing here I'm afraid, I'd love to take the revenge that far though!

tweedge, to random
@tweedge@cybersecurity.theater avatar

Deleted buckets are showing up in my IDrive E2 account, including the file tree of all objects at the time that the bucket was deleted. When you attempt to download something, it fails. The buckets cannot be deleted and appear to be contributing to my storage quota (?)

No, I have no concerns about their system integrity right now, what would possibly compel you to ask? ๐Ÿ™ƒ

Any folks using them for your object storage, be aware ...

tweedge, to random
@tweedge@cybersecurity.theater avatar

Cursed knowledge thanks to my students: Have you ever thought "This code boring ah hell ๐Ÿ’€" at work because if so my good software engineer TikTok-ers someone has made just the extension for you. Finally, we can watch Subway Surfers and Family Guy Funny Moments while we code: https://marketplace.visualstudio.com/items?itemName=jirkavrba.subway-surfers

tweedge, to random
@tweedge@cybersecurity.theater avatar

X is distributing their Grok LLM weights through Academic Torrents - though you get no points for figuring out when it went live :)

tweedge, to random
@tweedge@cybersecurity.theater avatar

In case any of yin see the "AI programmer Devyn!!!" hype, here's how I popped that hype balloon ...

The same marketing site that claims "Devyn can not just solve coding problems, but create entire applications on its own from prompts" lists its most impressive performance on SWE bench - the ability to solve code problems from a GitHub issue - at 13%.

And that's super impressive compared to other LLMs.

But if I couldn't solve 87% of documented bugs, I'd be out of a fucking job, y'all.

tweedge,
@tweedge@cybersecurity.theater avatar

Something something smartest guys in the room something something Enron something something

tweedge, to random
@tweedge@cybersecurity.theater avatar

Does anyone have tips & tricks for "poisoning the well" and making sure data brokers regurgitate a fake phone number when someone tries to buy my info?

I'm running the numbers on my fake phone number and it's not getting called/texted enough for me to continue spending money on it, especially now that I have to pay fees for some additional anti-spam compliance paperwork.

I've had the fake number on my website, LinkedIn, and Twitter for years - and it's caught some spam, but not much :/

tweedge, (edited ) to random
@tweedge@cybersecurity.theater avatar

Anti-advertising flywheel:

  • The less ads I see
  • The more I'm frustrated by the ads I do see
  • The more drastic action I will take to avoid ads
  • Repeat from top :)

I'm only a degree off "anti-advertising radical" at this point. Over the past two years, I've found that I enjoy being online much more.

tweedge, to random
@tweedge@cybersecurity.theater avatar

Couldn't find this when I really needed it for a presentation, so here's that one bugs bunny cyber espionage meme occupying my brain all the time, author unknown (to me)

tweedge, to random
@tweedge@cybersecurity.theater avatar

@jerry Howdy! I'm refreshing my media cache on cybersecurity.theater as I didn't realize lowering the media cache settings has no exception for favorites (ugh. aaand now I'm subscribed to https://github.com/mastodon/mastodon/discussions/19260) - during, I noticed that infosec.exchange links are 403ing when my server tries to re-cache them.

"Error processing 110231093662385392: https://media.infosec[.]exchange/infosecmedia/media_attachments/files/110/231/093/070/987/876/original/2d5fca99ebc73c20.jpeg returned code 403"

cont~

tweedge, (edited )
@tweedge@cybersecurity.theater avatar

@jerry When I go to infosec.exchange directly it seems like the new media storage URLs are "https://media.infosec[.]exchange/infosec.exchange/media_attachments/..." - I can go into my server's database and update 'em with ~relative confidence, but I wonder if it'd be useful for other federated servers if infosec.exchange had a rewrite rule that 302s to the correct directory for old posts?

tweedge, to random
@tweedge@cybersecurity.theater avatar

Internet of Dongs (gah I love them) also got their hands on the "Reddit said this vibrator has malware" vibrator this weekend, pulled it apart, and confirmed it doesn't have malware: https://internetofdon.gs/bad-vibes-or-why-you-shouldnt-trust-everything-you-read-on-reddit/

While my thread ~2 days ago was much less detailed I'm glad that I arrived at the same conclusion ^_^

tweedge, to random
@tweedge@cybersecurity.theater avatar

"Why is my RAM filling up ..."

--- five minutes later ---

"Ahhhh fuck I should have limited the size of that queue"

tweedge, to random
@tweedge@cybersecurity.theater avatar

About the vibrator that allegedly had malware on it 2wks ago... I found a seller and bought one. Say hi!

The people on the thread who pointed out that there wasn't any evidence tying the vibrator to the Redditor's malware download were - of course - downvoted.

And ... so far there are no signs of malware. It doesn't register as a HID or present any storage (therefore it has no autorun.inf). I'll be doing some more setup so I can plug it in and monitor it for an extended period of time.

tweedge, (edited )
@tweedge@cybersecurity.theater avatar

It's possible, though IMHO unlikely, that only some batches of this device had an implant. That'd be a manufacturing change, which gets expensive fast. Also I think you wouldn't do something so obvious if you're running an operation that's going to burn your factory/supplier/etc. reputation.

As funny as it would have been, it's another drop in the POC or GTFO bucket.

Archived thread: https://web.archive.org/web/20240219003151/https://old.reddit.com/r/Malware/comments/1asn02v/malware_from_a_vibrator/

tweedge, (edited )
@tweedge@cybersecurity.theater avatar

Probably not necessary to do anything further to test. I pulled the casing off and the data pins aren't even soldered (hard to get a good angle for this and all I have is my phone camera, sorry - but it is visible).

I'm not a hardware implant expert but from what I can tell, the PCB is not suspicious in any way either. Looks like exactly what kind of complexity and layout I'd expect from a button, battery, and vibration settings controls.

tweedge,
@tweedge@cybersecurity.theater avatar

If there's anything else I can do to test or look at please let me know! I won't toss it for a bit - unfortunately even if there's no malware on it, nobody in my house is going to use it as I am not trusting this to be body-safe, so if there's a destructive test you're interested in don't be shy!

tweedge, (edited )
@tweedge@cybersecurity.theater avatar

Even just did some undue diligence, connected the data pins, and tried again - no change.

tweedge, to random
@tweedge@cybersecurity.theater avatar

Reddit invited my moderation bot to buy shares in their company... fantastic work as always

tek, to random
@tek@freeradical.zone avatar

I just got an email from Reddit inviting me to get some IPO shares at institutional investor prices. It was legitimately from them. This is so weird.

tweedge,
@tweedge@cybersecurity.theater avatar

@tek I was invited, and separately, my moderation bot u/alara_zero was also invited. No idea what Reddit's criteria are.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • โ€ข
  • provamag3
  • kavyap
  • DreamBathrooms
  • ngwrru68w68
  • magazineikmin
  • thenastyranch
  • InstantRegret
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • GTA5RPClips
  • khanakhh
  • PowerRangers
  • Leos
  • Durango
  • modclub
  • ethstaker
  • cubers
  • vwfavf
  • everett
  • cisconetworking
  • tacticalgear
  • tester
  • normalnudes
  • osvaldo12
  • anitta
  • megavids
  • All magazines
    •