shellsharks

@shellsharks@infosec.exchange

Infosec researcher | Find me @ https://shellsharks.com

#fedi22 #infosec #cybersecurity #tech #indieweb #apple searchable

Profile picture: A red shark holding a terminal window shaped like a surfboard. The terminal reads “> whoami shellsharks”

https://keyoxide.org/FA7AC5E3626AEF016A5AD0BB172E73E0A585273E

This profile is from a federated server and may be incomplete. Browse more on the original instance.

shellsharks, to blogging

Discovered this cool post --> https://lu.is/2024/01/after-twitter/ <-- from @luis_in_brief while exploring @molly0xfff 's drop-your-blog thread (https://hachyderm.io/@molly0xfff/111908294962007998). It has some great tips for those still orienting themselves with the Fediverse. Check it out!

shellsharks,

@luis_in_brief I don’t have any specific suggestions per se. I've written other things on this same subject and enjoyed reading your thoughts/perspective.

I've tried to compile some of my "tips" here though if you wanted to check it out https://shellsharks.com/notes/2023/10/20/infosec-mastodon-starter-pack. Cheers!

funes, to infosec

Fellow professionals. Our jobs can constantly feel like Sisyphean tasks. Regular parts of life constantly do as well. What do you do in your life that makes you feel like you're actually progressing with something?

shellsharks,

@funes I’m actually working on a long-ish piece on burnout (and related topics) that I hope to share in the not too distant future. That said…

Being a father (of now 2!), I find it's easy to get perspective when I need it in terms of "what's important in life” by just hanging with the kiddos.

Outside that, I've actually found that blogging is a good way to help with burnout.

  • It can be a place where you can vent (anyone seen that crankysec article making the rounds?)
  • It can help you document something that you can reference in the future, which may save you time and mitigate burnout possibility
  • It let's you "achieve" something regardless of whether you feel what you did at work was impactful. So if you're churning at work, write about what you are doing and you will have that as evidence of your toil that you can share rather than just having your hours completely wasted.
  • I write about a bunch of other reasons I like blogging here for anyone interested https://shellsharks.com/you-should-blog.
shellsharks, to random

The first 100 people to star this toot shall have their Mastodon handle forever enshrined on this page https://shellsharks.com/starsharks. A can't miss opportunity to be sure.

*Remember to star first before boosting to ensure you reserve your spot! 😆

shellsharks,

@kdawson Not sure I’m followin' Keith! But I can assure you that star would certainly inject the same if not more of that same endorphin hit =). Couple that with the reverse endorphin hit I get by adding the names to the page =). 'tis a silly thing anyways. I find Mondays need some silliness. Happy internet-ing! 👋

shellsharks,

@ittavern Haha I think I scammed myself by committing to manually adding all these markdown links to this page 👨‍💻😓😆

shellsharks,

@kpwn Secured your very coveted spot at . Lucky you for sure 😆

shellsharks,

@ittavern Honestly there's no other motive lol. The idea popped up in my head last night and just decided to do it. But if you've bopped around my site enough (which I wouldn't fault you or anyone else for not having done this) you'd know that I do all sorts of silly things for no other reason than to add whimsy or experiment.

That said, this experiment has yielded a few things for me...

  • I've discovered some new cool accounts, including those that are infosec-related but not on infosec-primary instances.

  • I've also discovered a lot of new instances that I had never heard of. I always like finding these since they open up new areas of the Fediverse for me.

  • I've had some conversations with people I wouldnt have had otherwise. This platform is all about socializing afterall =).

Also there's boredom and me procrastinating on other stuff hah!

shellsharks, to infosec

A quick-look at a not-so-talked-about type of security assessment, the "Secure Configuration Review”. Here I introduce a quick methodology for conducting this sort of review and provide examples of configs/settings you might typically evaluate during the assessment. Consider using this assessment type in the context of triaging OWASP Top 10 "Security Misconfiguration" or CWE-16-type flaws.

https://shellsharks.com/secure-config-review

fridgehead, to random

Whats the blog platform of choice these days? I occasionally feel the need to publicly document all the stupid stuff I keep finding but CBA fighting with self hosting anything

shellsharks,

@fridgehead It somewhat depends if you have any specific functionality requirements. But if you don't have anything specific, you could check out one of the many / -compatible blog hosting providers I've compiled here https://shellsharks.com/indieweb#hosting. I personally have used GitHub pages + Jekyll since 2019 and really like it but don't know if I would choose it if I was starting a new blog today. On the list I've shared I've heard great things about Micro.blog, omg.lol, Pika and mmm.page.

Also, when you do stand up the blog, let me know about it so I can add it to my inventory (https://shellsharks.com/infosec-blogs). Cheers!

shellsharks,

@fridgehead fwiw I don't know a thing about Ruby and have never once had to do anything with ruby in the 4 years I've been using Jekyll/GitHub. I suppose I've been ignoring a large area of jekyll power-user stuff but it goes to show you can do pretty much all webby kinda stuff without having to worry about it.

Caseydunham, to random

I need a new laptop to replace my almost dead early 2015 MacBook Pro. I’m really torn between a Librem 14 from @purism or buying a new MacBook. Cost isn’t a factor, but privacy is. So far I’ve been mostly ok with Apple’s stance and ecosystem as someone who’s been doing offensive AppSec full time for almost 10 years, maybe it’s time to switch.

shellsharks,

@Caseydunham @purism One thing to keep in mind with new Mac's is M1 architecture and not Intel - if that changes the utility for ya...

adele, to SmallWeb
@adele@phpc.social avatar

When your non-tech friend asks you for a solution to create a blog respecting concept, what is your answer?

Share your advice!

shellsharks,

@adele I've been compiling a list of / -compatible blog hosting providers here https://shellsharks.com/indieweb#hosting. I personally use GitHub pages but with the association with GitHub/MSFT I wouldn't necessarily recommend it more widely. On the list I've shared I've heard great things about Micro.blog, omg.lol, Pika and mmm.page. Cheers!

simonroses, to random

Does LinkedIn have any value/use to you?

shellsharks,

@simonroses Linkedin provides minimal, but some value…

  • There are a couple of people I chat with via LinkedIn that for whatever other reason I have not migrated chatting with them over to any other service.

  • I get some decent job opportunity messages from recruiters there from time to time. Don't think I've ever actually taken/gotten a job which originated from LinkedIn though...

  • Though most of my (and any one elses) LinkedIn feed is cringey nonsense I do surprisingly find some interesting blog posts from time to time.

  • I don't have enough analytics on my site to give any useful numbers, but I know LinkedIn drives some amount of traffic to my site, and thus to my other properties across the web 🤷‍♂️.

  • It is, in the end, where most jobs/hiring managers will want to turn when they want to look at your “professional profile”, even if you have a blog or w/e else, those will almost always be supplemental to 1. your resume and 2. your LinkedIn profile. So having a presence on Linkedin is important for that reason I suppose. I have taken a somewhat principled stance on how I present myself on LI. Rather than reduce myself to my timeline of jobs, I've decided to instead emphasize my skills, my portfolio (blog), my education, my credentials, and the orgs I am a part of.

For more ramblings on why I don't like traditional resumes/LI profiles, read on... https://shellsharks.com/notes/2021/09/01/a-rant-on-traditional-resumes

matthiasott, to RSS
@matthiasott@mastodon.social avatar

Last minute question – once again asking for my newsletter subscribers:

Do you have an OPML list of all the feeds you follow? And did you publish it anywhere? Share it below!
👇

shellsharks,

@matthiasott I keep a (somewhat regularly updated) .opml of my subs here https://shellsharks.com/infosec-blogs

(Direct Link: https://github.com/shellsharks/assorted/blob/master/resources/shellsharks-feedly-rss.opml)

molly0xfff, to random
@molly0xfff@hachyderm.io avatar

fuck i love blogs. if i had nothing but time i would just read blogs all day.

shellsharks,

@molly0xfff My blog: https://shellsharks.com/

My blogroll: https://shellsharks.com/blogroll

rendick, to random

I just checked the comments under my first post and was surprised at how friendly this place is. There was no such thing on mastodon.social! Pleasant)

shellsharks,

@rendick Yeah we're pretty great 😜

cheapchrome2020, to random

hello!

shellsharks,

@cheapchrome2020 👋 hi

rgarciairvine, to random

Is it even possible to follow a bluesky account on here?

shellsharks,

@rgarciairvine Not natively no. There maybe some bridges available. Alternatively you could try this particular client that has bsky integration https://apps.apple.com/us/app/sora-for-mastodon-bluesky/id6450969760. Another option is to follow the bsky profiles RSS feed using https://mastofeed.org/ which can push it into Mastodon.

blakehensley, to mastodon

As we know, aren’t really a thing in (yet, hopefully) but in my phases of trying out different mastodon clients I have noticed that one of them actually gives you the option to ‘quote post’ something — but how is an iOS client able to have the feature when mastodon as a whole does not? If anybody knows/has knowledge about this and could shed some light on it, that’d be super cool. I’ve just always wondered.

So here I am ‘quote posting’ this Washington Post article just to go over to my other mastodon client, mammoth to see what it looks like. If anybody sees this and cares any amount at all, feel free to let me know what it looks like on your end! I just want to know if it actually works as a quote post on the other side of things. Because if so, well then Ice Cubes is awesome but again how does that work?

P.s. I’m so glad I moved back to the InfoSec instance. I never have to worry about running out of space when posting now. So, randomly, if you see this — thanks Jerry! 😂

From: @washingtonpost
https://press.coop/@washingtonpost/111902345450071921

shellsharks,

@blakehensley @washingtonpost QPs are on the roadmap for Mastodon https://joinmastodon.org/roadmap. As for why some clients support a qp-like feature, it's a popular requested feature and not difficult (imo) in practice to provide. A QP is really just a link to another post where you can see the text and OP account. I think whether it works or not in other clients will vary.

Muddobbers, to random

Does not having a profile picture on LinkedIn affect any opportunities to come your way? I don't have one at the moment and not getting much of a response from the profile. Also not using Premium..

shellsharks,

@Muddobbers I think it would definitely affect your opportunities.

nmott, to random

Redid my site: https://nathanielmott.com/

shellsharks,

@nmott Dig it.

Suggestion(s): You should have your Mastodon link on your site (I didn't see it if it's already there) and maybe consider adding search sometime in the future. I personally love having search on my site since I reference my own stuff all the time. Cheers!

shellsharks, to infosec

Small this week but great follows all the same if you ask me. Check these two cool -related accounts out!

Cheers!

bw, to random
@bw@social.lol avatar

What is the dead simplest way for a beginner HTML hobbyist to get their website on the internet?

shellsharks,

@bw I've been compiling a list of / hosting providers here https://shellsharks.com/indieweb#hosting. Of this list, I’m not sure which would best meet the two requirements of 1. Being super-simple and 2. Being HTML-customization friendly, but I can say I've heard great reviews of omg.lol, Pika, mmm.page and Micro.blog.

10011011000010, to animals

Hi all, don’t have anything with or against cats, but does anyone know how to get rid of these cat posts in my feed?

shellsharks,

@10011011000010 Mastodon filters https://docs.joinmastodon.org/user/moderating/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • normalnudes
  • khanakhh
  • magazineikmin
  • Youngstown
  • cisconetworking
  • slotface
  • everett
  • mdbf
  • thenastyranch
  • kavyap
  • rosin
  • InstantRegret
  • PowerRangers
  • DreamBathrooms
  • anitta
  • vwfavf
  • hgfsjryuu7
  • tester
  • Durango
  • osvaldo12
  • tacticalgear
  • ngwrru68w68
  • GTA5RPClips
  • ethstaker
  • Leos
  • modclub
  • cubers
  • provamag3
  • All magazines
    •