@neverpanic@chaos.social
@neverpanic@chaos.social avatar

neverpanic

@neverpanic@chaos.social

MacPorts Developer, PPL/A, Works at Red Hat on Cryptography

searchable

This profile is from a federated server and may be incomplete. Browse more on the original instance.

NanoRaptor, to random
@NanoRaptor@bitbang.social avatar

What are some numbers in your field that anyone else in the field would identify without even thinking about it, but folk outside may have no idea. Just the numbers, no explanations. Yet.

105 148 210 297 420 594 841 1189

neverpanic,
@neverpanic@chaos.social avatar

@gsuberland @NanoRaptor Good one, but you're missing 140-3, 19790, 800-56Br2, 800-131Ar2.

mattgrayyes, to random
@mattgrayyes@chaos.social avatar

For @emf, Iโ€™m making Mastodot, which in theory prints toots that are hashtagged for the event!

#emfcamp

neverpanic,
@neverpanic@chaos.social avatar

@mattgrayyes I'm wondering whether that can be improved by throwing some dithering at those images, for more grayscale bandwidth.

jwildeboer, to random
@jwildeboer@social.wildeboer.net avatar

The little wins. Managed to reset the service warning on my Smart Roadster with an affordable OBD device (iCarSoft MB v1.0)

neverpanic,
@neverpanic@chaos.social avatar

@jwildeboer No, some data and functionality is legally required to be freely available to allow independent garages to perform repairs.

You only need the vendor specific tools for more detailed insights and in-depth functionality (and to understand some of the error codes).

neverpanic,
@neverpanic@chaos.social avatar

@jwildeboer Ah, yes, more of this work has been done on older cars. Modern ones hide this stuff behind cryptographic authentication of the attached tester, though, so this is now increasingly difficult in modern cars ๐Ÿ˜”

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

Slack have decided to start training AI on enterprise customer data, including DMs, private workspaces and files. You have to have admin opt out via email. HT @Quinnypig

https://slack.com/intl/en-gb/trust/data-management/privacy-principles

neverpanic,
@neverpanic@chaos.social avatar

@drhaywardj @chetwisniewski Here's one written by @jwildeboer: https://jan.wildeboer.net/2022/08/Email-0-The-Journey-2022/

aka_pugs, to random
@aka_pugs@mastodon.social avatar

Excellent article about the demise of Mobile Phones. I was there during the peak of fun in the year 2000. https://www.theregister.com/2024/05/05/microsoft_nokia_anniversary/

neverpanic,
@neverpanic@chaos.social avatar

@aka_pugs @nblr This article and the comments confirms what Ex-Nokia devs that became my colleagues at BMW told me: They essentially had a good smartphone OS, but management didn't want it and went with Windows, eventually dooming their entire phone business. Sad.

jwildeboer, to random
@jwildeboer@social.wildeboer.net avatar

"Due to almost nobody actually using these features we introduced some years ago, we will now remove them to make our code more accessible and maintainable and also to remove possible attack vectors" is something I would really LOVE to read more often in release notes of FOSS projects :)

neverpanic,
@neverpanic@chaos.social avatar

@jwildeboer @fabian I like that idea, but it should be limited to unused code. Pretty sure a lot of code on glibc hasn't been touched in the last 5 years but removing it would be a problem.

mxk, to random
@mxk@hachyderm.io avatar

We have reached the point, where I miss emoji reactions on sites which don't have them.
Like why can't I โ™ฅ๏ธ this Jira ticket?

neverpanic,
@neverpanic@chaos.social avatar

@mxk Can't reproduce. Sounds like you need a better JIRA.

SteveBellovin, to random
@SteveBellovin@mastodon.lawprofs.org avatar

If you use Homebrew on MacOS, you're affectedโ€”do 'brew update' and 'brew upgradeโ€™.
https://infosec.exchange/@wdormann/112179988525798247

neverpanic,
@neverpanic@chaos.social avatar

@seachanged @SteveBellovin not really necessary on macOS, see https://chaos.social/@neverpanic/112183630657119344 and replies.

isotopp, to random German
@isotopp@chaos.social avatar

TIL Python Installations aren't mobile.

When you build in /home/koehntopp/.pyenv/versions/3.8.18 and then move things to {bin,lib,...} /tools/python/3.8.18/Linux_x86, everything is broken.

I am confident there are good reasons for that, but I can still be enraged about this.

neverpanic,
@neverpanic@chaos.social avatar

@isotopp Is this specific to Python? I'd expect most software to break if you configure it for one path and then move it to another after installation.

neverpanic,
@neverpanic@chaos.social avatar

@isotopp from my experience in packaging software, I'd say most software does not do that. Just a feeling, though, don't have numbers to back this up.

jwildeboer, to random
@jwildeboer@social.wildeboer.net avatar

So it seems that my connection from Munich to Salzburg by train tomorrow is NOT affected by the strike in Germany. Meaning I should be able to make it to Brno. Let's hope I'm right!

neverpanic,
@neverpanic@chaos.social avatar

@jwildeboer Don't think so. Good public transport, though. Works with credit card tap-in.

neverpanic, to mechanicalkeyboards
@neverpanic@chaos.social avatar

New keyboard, looking forward to building it after work. Feels very heavy compared to my plastic Keychron K8 Pro.

julian, to random German
@julian@chaos.social avatar

Es ist Sonntag, warum bin ich bereits wach?

neverpanic,
@neverpanic@chaos.social avatar

@F30 @mxk @julian Morgen zusammen!

filippo, to random
@filippo@abyssdomain.expert avatar

Interestingly, the .af NIC just suspended inet.af, too. It used to host Go modules. This suggests queer.af maybe wasn't specifically targeted for being LGBTQ+ friendly, but for being unrelated to Afghanistan.

https://bsky.app/profile/bradfitz.com/post/3klbnykibm32j

/cc @erincandescent

neverpanic,
@neverpanic@chaos.social avatar

@filippo Isn't Android's approach of tying things to the signer's pubkey resistant to that issue? Comes with its own set of problems though, since you can't rotate keys, which might actually be worse.

neverpanic, to random
@neverpanic@chaos.social avatar

Interesting post from Google on rolling out security features: https://bughunters.google.com/blog/5896512897417216/a-recipe-for-scaling-security

The key takeaway for me (and probably others that aren't operating at Google's scale) is how expensive it is to enable security features after development.

neverpanic,
@neverpanic@chaos.social avatar

That matches my experience in security for infotainment at $carmaker. We enabled SELinux early during dev. At some point, $team had $feature working without SELinux, but wouldn't meet their deadline if they had to ship with enforcing. Management decided we had to temporarily disable enforcing mode. We pocket vetoed.

Management was angry at us, but I still believe it was the right decision. Enabling security enforcement features late is time consuming and frustrating.

da_667, to random

Complete the sentence:

"I work in information security. That's why I _________________"

where blank can be words or an image macro as you so desire.

neverpanic,
@neverpanic@chaos.social avatar

@da_667
... will opt out of electronic patient records.

... use a separate password for every site and 2FA where possible

... think the system is a dumpster fire in need of reform.

... don't do online banking on my phone

... run adblockers everywhere

... am considering to switch careers to "something with wood"

textvr, to random German
@textvr@berlin.social avatar

TPM must know the elliptic curves it can use, limited choice. 25519 not even on radar. You will have to use the NIST curves.

neverpanic,
@neverpanic@chaos.social avatar

@textvr Luckily now that ed25519 is finally approved as a FIPS algorithm by NIST, maybe we'll see it show up in HSMs and TPM as well.

julian, to random German
@julian@chaos.social avatar

Fehlendes Kriterium in den meisten Kontovergleichen: Wie groรŸ ist die App, die ich gezwungenermaรŸen fรผr TANs verwenden muss?

neverpanic,
@neverpanic@chaos.social avatar

@julian Ich hรคtte auch gerne noch: Wie unsicher ist die Authentifizierung. Gerade bei einem Broker vorbei gekommen der Telefonnummer + 6-stellige PIN + SMS-TAN nutzt.

Hรคtte gerne mal eine Bank mit FIDO2 oder TOTP die ich auf einen Yubikey schieben kannโ€ฆ

neverpanic, to Aviation
@neverpanic@chaos.social avatar

I love this just for the picture alone. It's a bit dark, though.

https://infosec.exchange/@Heitec/111826950474709557

isotopp, to random German
@isotopp@chaos.social avatar

Homomorphic Encryption. Die Kernfusion der Security Branche.

Wird auch schon seit sechzig Jahren in dreiรŸig Jahren funktionieren.

neverpanic,
@neverpanic@chaos.social avatar

@isotopp Ach was, pures RSA ist doch homomorphic unter Multiplikation. Kann halt kein Mensch gebrauchen und ist ein Sicherheitsproblem, weswegen wir รผberall Padding machen, aber ich bin mir sicher der Durchbruch steht kurz bevor!1!!

neverpanic, to random
@neverpanic@chaos.social avatar

, now with more undo, in case you change your mind.

carbontwelve, to php
@carbontwelve@notacult.social avatar

My method of installing different #PHP versions with homebrew is now broken; the versions install but trying to run php results in :"Library not loaded: /usr/local/opt/libvmaf/lib/libvmaf.1.dylib"

Ugh.

neverpanic,
@neverpanic@chaos.social avatar

@carbontwelve @danielsiepmann The installer likely didn't hang, but was downloading the initial copy of the Portfiles, which can take a while. Killing it may also explain why kerberos5 was missing. Running sudo port selfupdate should fix that.

nblr, to random German
@nblr@chaos.social avatar

Die Faktenfรผchse von der Tagesschau sind mal wieder mit ner feisten Text-Bild-Schere am Start und verwechseln mal eben eine Notausstiegtรผre (sehr gross) mit einem Fenster (ehr klein). Darรผberhinaus phantasiert man sich einen โ€žzerberstenden Rumpfโ€œ hinzu. Wie kommt man auf so nen Stuss? Liest das niemand gegen?

https://www.tagesschau.de/ausland/amerika/alaska-airlines-notlandung-100.html

neverpanic,
@neverpanic@chaos.social avatar

@nblr Mir scheint der zustรคndige Redakteur fรผr Luftverkehr hat nicht so massiv viel Ahnung. Im letzten Artikel zu der Nummer in Tokio hat der auch "continue approach" vom Controller als Beleg interpretiert, das die Maschine eine Landefreigabe hatte.

"continue approach" sagen Controller aber nur genau dann, wenn sie zu dem Zeitpunkt eben grade keine Landefreigabe geben wollen.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • โ€ข
  • anitta
  • InstantRegret
  • mdbf
  • ngwrru68w68
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • osvaldo12
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • JUstTest
  • tacticalgear
  • ethstaker
  • modclub
  • cisconetworking
  • tester
  • GTA5RPClips
  • cubers
  • everett
  • megavids
  • provamag3
  • normalnudes
  • Leos
  • lostlight
  • All magazines
    •