SteveSyfuhs

SteveSyfuhs, 8 days ago to random

Wheeeeeeeeeeeeeeee. Bye bye NTLM.

pb, 15 days ago to random

When your computer crashes the blue screen still works. Why not make the whole computer out of blue screen?

gsuberland, 20 days ago to random

> SMT02473654242424-12346969A completed production, ready to send to shipping center. Estimated arrival time: 2024-05-21 20:00:00

hyyyyyype

GossiTheDog, 20 days ago to random

deleted_by_author

gsuberland, 22 days ago to random

you ever do that thing where there's some property or behaviour you're generally aware of but generally just ignore as not being particularly consequential, and then you design something where that property is a limiting factor, so you study it in a lot of detail and then become cursed with the knowledge that you really should be accounting for it pretty much everywhere

SteveSyfuhs, 2 months ago to random

In which @tiraniddo sends me a copy of Windows Security Internals. Yeegads this is a massive book.

I can confirm the authentication bits are up to snuff though.

For now.

image/png

mjg59, 2 months ago to random

Discovering that Ubuntu 22.04 shipped one version of git too early to have the commit that allows signing with ecdsa SSH certs, requiring elaborate workarounds where I have to lie about the key type and then wrap ssh-keygen to fix it up again, but I have successfully demonstrated that I can sign commits with hardware-backed SSH certs

SteveSyfuhs, 2 months ago to random

Ned did us a solid and gave a presentation on NTLM deprecation goop. Watch it. Has demos even.

https://techcommunity.microsoft.com/t5/windows-server-events/the-evolution-of-windows-authentication/ec-p/4092431#M307

gsuberland, 2 months ago to random

a really weird thing about adhd's effect on memory chronology is that I can't remember most stuff about my life on command; I need some sort of associative trigger or anchor to recall those memories. I was thinking about this recently and I noticed I can't remember most of my childhood unless someone else brings up details and specifics, which feels pretty weird.

GossiTheDog, 2 months ago to random

deleted_by_author

gsuberland, 3 months ago to random

I feel like one of the best examples of "a team can consist of both very competent and very incompetent people" is Microsoft's security folks, where most of the folks in the trenches are doing excellent work to harden systems and eliminate bug classes while a bunch in the disclosure side are shoving crayons up their noses.

gsuberland, 4 months ago to random

PHP has changed for the better in so many ways in the time between PHP5 and PHP8, making it far easier to write good code, but oh wow do I wish their basic string and array manipulation functions had some consistency. I'm extremely tempted to port LINQ to PHP just so I don't have to deal with completely random* naming & parameter ordering.

(*not actually random; it stems from an old design quirk to do with how standard functions were hashed and indexed internally. it's just annoying)

gsuberland, 4 months ago (edited 4 months ago) to random

kinda interesting that Cities Skylines 2 only schedules its threads across 64 processors max on Windows 11, which changed the default scheduler behaviour so that threads default to inheriting the process' preferred processor group but can be scheduled on any group, as long as no manual group allocation is done with SetThreadGroupAffinity.

this implies that either the game, Unity, or the underlying .NET thread pool implementation is doing things wrong on Win11.

SteveSyfuhs, 5 months ago to random

Credential Guard is probably the biggest enclave-based service in Windows, which we built on VSM. We're pretty explicit about what security guarantees we provide with it: you cannot exfiltrate high value secrets once they cross the boundary.

That's the critical piece: once they cross the boundary.

@Ericlaw @vcsjones

https://infosec.exchange/@vcsjones/111710479349047258

vcsjones, 5 months ago to random

Wrote a TLS client in 30 minutes today I am going to hell.

mjg59, 5 months ago to random

Ok I now have redundant mechanisms for triggering alerts that there's a bear hanging out outside the cabin when I'm in SF and allowing the playing of loud music to encourage the bear to maybe be somewhere else

foone, 5 months ago to random

wait a fucking second...

it has been ZERO DAYS since I found an off-by-one error in a game from 1990

ftp_alun, 6 months ago to random

AI is not good at not doing what I want it to not do.

SwiftOnSecurity, 6 months ago to random

@SteveSyfuhs What does this mean precisely? "Accounts for services and computers cannot be members of Protected Users" https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/how-to-configure-protected-accounts

mattblaze, 6 months ago to random

In 2020, the emergence of COVID-19 gave us a stark, terrifying, but very valuable lesson in how thin our collective values are once push comes to shove. Within WEEKS after lockdowns started, the op-ed class repeatedly suggested that

• We should suspend child labor laws (they claimed, incorrectly, that children weren't harmed by COVID)

• The elderly have already lived long enough and should be willing to die now to help the economy.

• The weak and compromised should be regarded as expendable.

GossiTheDog, 10 months ago to random

Microsoft quietly snuck out a blog yesterday to say that Office 365 got compromised by China and used to steal emails. Thread follows. https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/