@cendyne@furry.engineer
@cendyne@furry.engineer avatar

cendyne

@cendyne@furry.engineer

#cryptography and cloud infrastructure naga #infosec #appsec
Not into internet fun money

This profile is from a federated server and may be incomplete. Browse more on the original instance.

cendyne, to random
@cendyne@furry.engineer avatar

For you wide screen folks
I have a floating table of contents now
No Javascript
This is all CSS!

Might add js in the future for progress tracking

cendyne, to DEFCON
@cendyne@furry.engineer avatar

Ready for quantum stuff? At the Quantum Village, I attended a debate about how advances in quantum technology would improve or harm privacy. In the end, I felt there was a lot of hopes, dreams, dear, uncertainty, and doubt — I had hoped for some substance.

(Look forward to the post quantum cryptography article in 12 days!)

https://cendyne.dev/posts/2023-08-30-the-quantum-debates.html

cendyne, to random
@cendyne@furry.engineer avatar

More blog technology!

Reading times are now calculated and added in CI.

The date is also rendered as Today, Yesterday, or a date on the edge.

cendyne, to random
@cendyne@furry.engineer avatar

Working on a post quantum cryptography article.

I have like 30 notes to write up into their own paragraph. This is taking a lot of energy.

(Even so, I have articles queued up. Expect 3 this week)

cendyne, to DEFCON
@cendyne@furry.engineer avatar

Another DEF CON talk: "Attacking Decentralized Identity". It introduced and clarified DIDs and verifiable credentials in approachable language. Here's my distillation of that introduction.

@cadey also had something to share at the end too

https://cendyne.dev/posts/2023-08-25-attacking-decentralized-identity.html

cendyne, to security
@cendyne@furry.engineer avatar

A short one! At DEF CON, one of the talks shared how to enumerate permissions on AWS without leaving useful events in CloudTrail.

AWSs responses were mixed on repairing these security defects. Security researchers are encouraged to find more undocumented APIs, non-production endpoints, and change the protocol on requests to AWS to find reportable issues.

https://cendyne.dev/posts/2023-08-23-evading-logging-in-the-cloud-bypassing-cloudtrail.html

geerlingguy, to random
@geerlingguy@mastodon.social avatar

My desk right now... testing ALL the bandwidth!

cendyne,
@cendyne@furry.engineer avatar

@geerlingguy what are the exposed PCB devices?

cendyne, to security
@cendyne@furry.engineer avatar

Passkeys align security with the individuals it benefits. Apple, Google, and Microsoft provide their own passkeys now, but the cross platform story remains underserved. Third party password managers have been good enough for many people, I believe it is okay to have passkeys come from those too as they serve individuals across platforms.

https://cendyne.dev/posts/2023-08-21-passkeys-in-password-managers-is-okay.html

#webauthn #security

cendyne, to random
@cendyne@furry.engineer avatar

OpenSea won't pay royalties anymore to artists as part of the transactions

Technologists
Keeping Promises
Not even once

cendyne, to DEFCON
@cendyne@furry.engineer avatar

First time seeing the orb and it's weird as heck at

cendyne, to random
@cendyne@furry.engineer avatar

He looks a lot more menacing at this angle

cendyne, to random
@cendyne@furry.engineer avatar

Hey so when is NPM, a Microsoft property, going to add OIDC authentication to publish packages with GitHub, also a Microsoft property?

cendyne,
@cendyne@furry.engineer avatar

@arch https://github.blog/2020-03-16-npm-is-joining-github/
Yes, and NPM is a buggy mess.

cendyne, to random
@cendyne@furry.engineer avatar

Why do CG anime horses always move so poorly

filippo, to random
@filippo@abyssdomain.expert avatar

Ok I need some help, if I build a library on top of libsodium.js, how am I supposed to handle the annoying sodium.ready promise, or browser ready callback?

Take sodium as an argument to every constructor / exported function?

Make all functions async and await sodium.ready in them?

Do nothing and document (and check) that the caller needs to await sodium.ready?

Assume I want this to work in the browser, too, even if I have not yet figured out how to publish for that.

cendyne,
@cendyne@furry.engineer avatar

@filippo You may have success with vite. It bundles things well enough and vite tests can do async too.

If you are expecting the user to await, it may be helpful to document with jsdoc that the return type is a Promise<...>

If there's a sodium.ready thing, then all functions may need to be async if you wish to lazily call that once. (Oh, but then you have to track if there's an existing promise for that work and direct other concurrent calls to the same promise! Have fun...)

cendyne, to random
@cendyne@furry.engineer avatar

Recalling the time when I reverted work that marketing got into the product: links that automatically log people in through unsolicited campaign emails. These magic links had lifetimes of months and went into a third party email marketing provider. Anyone with access, including interns, could use the links that went into that third party's email merge tables.

Does this give you anxiety? Does it give you vibes?

Nearly unrestricted access to impersonate any user and purchase items with their saved credit cards flayed my mind.

cendyne, to random
@cendyne@furry.engineer avatar

Search how to generate password with bash
The first suggestion in the first result is... hash the date

NOOO DO NOT HASH THE DATE

cendyne, to random
@cendyne@furry.engineer avatar

Oh goodie, the proof came in!
Gave some feedback to the artist.
If I don't have it complete and delivered by DEF CON I'll be wearing this

cendyne, to random
@cendyne@furry.engineer avatar

Life is sad
Pinball from win98 didn't need telemetry

Why does calc need it today

cendyne, to Blog
@cendyne@furry.engineer avatar

Here it is! My most precious side project is the very blog that I write on!

So much goes into performance to keep the edit-and-refresh cycle time low.

It was a static site, and while it still builds like one, what you see is really something else.

https://cendyne.dev/posts/2023-07-10-a-precious-side-project.html

jerry, to random

Quick reminder that infosec.exchange will be down for maintenance later this morning US time to apply some security updates (do not require downtime) and to overhaul the database/redis infrastructure (does require downtime - at least for mere mortals like me)

cendyne,
@cendyne@furry.engineer avatar

@jerry jerry, how is it that a dragon llama like you is considered mortal?

cendyne, to random
@cendyne@furry.engineer avatar

There's a phishing scam spreading like a worm throughout Telegram right now.

One of my friends lost their account and several others nearly fell for it.

Included are instructions to recover your account, how the phishing scam works, and what you can do to combat this threat:

https://cendyne.dev/posts/2023-07-04-help-a-friend-scam-on-telegram.html

cendyne, to random
@cendyne@furry.engineer avatar

NIST to withdraw 800-67 R2

In other words, yeet :blobfoxyeet: 3DES for further encryption.

Decryption, key unwrapping, and verification of existing MACs to remain.


https://content.govdelivery.com/accounts/USNIST/bulletins/362a68f

cendyne, to random
@cendyne@furry.engineer avatar

I found a video with "No views"

Maybe it is less than 10? Or could it truly be 0?

IETF CFRG meeting notes must not get a lot of ad revenue.

emc2, to fediverse

ITT: open-source, , and how it can influence private sector and create change.

Note up front: I'm going to use words like "decommodify", "consumerism", "capital", and "rentierism" a lot here, because I need the vocabulary. I am not a Marxist or some other kind of radical, nor wholesale anti-capitalist, and certainly not a revolutionary. I'm a social democrat, progressive, and reformist. Keep that in mind if you reply to me.

cendyne,
@cendyne@furry.engineer avatar

@emc2 thank you for the thread, Eric. It was a good read.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • everett
  • InstantRegret
  • thenastyranch
  • magazineikmin
  • khanakhh
  • rosin
  • Youngstown
  • slotface
  • mdbf
  • cubers
  • kavyap
  • ethstaker
  • DreamBathrooms
  • provamag3
  • ngwrru68w68
  • Durango
  • osvaldo12
  • tacticalgear
  • cisconetworking
  • tester
  • normalnudes
  • anitta
  • GTA5RPClips
  • modclub
  • Leos
  • megavids
  • lostlight
  • All magazines
    •