shellsharks

@shellsharks@infosec.exchange

Infosec researcher | Find me @ https://shellsharks.com

#fedi22 #infosec #cybersecurity #tech #indieweb #apple searchable

Profile picture: A red shark holding a terminal window shaped like a surfboard. The terminal reads “> whoami shellsharks”

https://keyoxide.org/FA7AC5E3626AEF016A5AD0BB172E73E0A585273E

This profile is from a federated server and may be incomplete. Browse more on the original instance.

shellsharks, (edited ) to random

What makes someone a “reply guy” to you? A poll for science…

(This poll allows* multiple choices. Boost for reach plz 🚀)

EDIT: Trying to redraft to fix multi-choice issue.

shellsharks, to fediverse

Promising (& compatible) iOS client - https://github.com/gkasdorf/memmy. Pretty good feature set at v0.1

  • subscribe cross-instance
  • community/user/post search
  • look at local/subbed/all feed
  • some themes
  • account notifications

Get in on the TestFlight while you can!

Shout out to @gavinkasdorf! Will be contributing to this project for sure.

shellsharks, to kbin

Happy Fedi-Friday! and (to maybe a lesser degree) / instances are rollin'! We have two growing communities there for all who are interested.

I've been adding an interesting (at least to me) article a day to fuel things up as I can. See ya out there.

shellsharks, to blogging

Hello helpful friends of the Fediverse! I am considering a major rearchitecture of my site, https://shellsharks.com (and adjacent properties) and wanted to get some advice/tips from the wider , , , , communities out here. (Sorry for the long read!)

Currently, my site is hosted on Github Pages which uses for static site generation. I've been using this for nearly 5 years and for the most part have no complaints. The service has decent uptime, is pretty customizable (custom CSS, JS, etc...) and after all this time I am pretty comfortable using it. Some things I am interested in though in terms of re-architecting...

  • Fediverse / ActivityPub compatibility - has gone live with their AP plugin and sites like micro.blog (I think) have some direct AP functionality. I'm interested in exploring this but it's not necessarily a must-have. More on Fediverse point of presence later...

  • IndieWeb functionality - I've baked in as much IndieWeb stuff as I can reasonably do with Jekyll hosted on Git Pages but would be interested in WebMention and other more advanced capabilities if offered by another platform / static-site generator.

  • I've toyed with the idea of self-hosting the blog (on AWS or something), while still using an SSG of some kind. There could be some benefits with adding more dynamic content or having more autonomy over my site but not sure if it'd be worth additional costs or headache trying to manage.

  • Writing (or generally producing "content") has always been something I do out of pure enjoyment but I've considered trying to monetize in some way. What are some platform considerations if I wanted to monetize say, a podcast, newsletter, video courses, premium articles, etc...

--

Other adjacent properties I'm looking to "re-design"...

  • My is currently hosted on , which I have liked so far but I'd like to further embrace the Fediverse so have considered moving to . Any advice on hosted vs. self-hosted? Are there other non-Castopod fediverse options?

  • As of right now, my presence in the Fediverse is mostly on infosec.exchange where I post stuff from my site. I've considered hosting my own instance of Mastodon (or something similar) to be my main account or even just as an official "shellsharks the site" account. I've seen accounts of people going down this path and ultimately bailing due to costs, time overhead, etc...

--

If there are noticeable benefits to making any significant changes I'd be willing to take that on as a project for 2024. Otherwise, I might just stick with what I have and focus on writing/research =). Thanks so much to anyone who takes the time to read / respond!

shellsharks, to fediverse

For everyone creating communities ( instances) or "magazines" on instances be mindful of the very real deficiencies that exist related to moderation, as @thisismissem writes about here (https://hachyderm.io/@thisismissem/110550824230711531). We're all both excited about the promise the brings and equally pissed at what is going on over on Reddit but there is real danger in growing communities using software that might not be ready for it. Read Emelia's post to gain more understanding of the potential pitfalls (and guidance around moderation). One thing I'll add is that botching this migration due to immature software could turn people off from the idea of Reddit-esque fediverse communities indefinitely.

@jerry I'm certainly no expert on community creation/management much less moderating mid-large size communities but there are certainly others within the .infosec sphere (👀 @tweedge) who could weigh in. Maybe it would be helpful to post a guide of some kind (not saying you need to create it but you could help market it) which fairly warns and channel admins that moderation tools are lackluster and to tread carefully as they scale out. Happy to volunteer my own time/perspectives on adding something to a larger wiki for your various Fediversal properties as needed!

shellsharks, to mastodon

I wrote this “guide” / thoughts on after re-joining the Fediverse in November 2022 (soon after some sort of Twitter-related crisis). This coincided with one of the larger migrations of folks to Mastodon.

https://shellsharks.com/mastodon

I have kept this post semi-updated with a lot of interesting Mastodon/Fediverse-related resources as well as information for the infosec community here.

shellsharks, (edited ) to random

For those getting into the , you may find my newly published "guide" (and commentary) interesting/useful! https://shellsharks.com/threadiversal-travel. Appreciate any and all feedback.

edit:

shellsharks, to RedditMigration

@RedditMigration Threadiversal Travel - A guide for Lemmy, Kbin and general Reddit off-ramping

Hey Kbin-folk, I’ve recently published my take on the “threadiverse” in the form of a quasi-guide but with some other commentary. https://shellsharks.com/threadiversal-travel . Appreciate any feedback, good or bad!

mikehaynes, to random
@mikehaynes@social.lol avatar

Can we just make a new search engine that uses tags and requires people submit their own site to be a part of it?

shellsharks,

@mikehaynes Definitely a lot of attempts at / search engines/repos/lists. I’ve (somewhat poorly) tried to capture a lot of them here… https://shellsharks.com/indieweb.

In no particular order…

*Maybe someone could build a search engine that would aggregate results from all or some of these?

mttaggart, to random

I am putting this on every course I make.

shellsharks,

@mttaggart I put this on my site https://notbyai.fyi

🤖 🚫

shellsharks, to SmallWeb

My new blogroll is live! https://shellsharks.com/blogroll

These are a list of blogs/sites I read and recommend. They are great!

Featuring @adeptsof0xcc @ApisNecros @flamed @jcrabapple @sophie @macstories @theverge

This is something I will continue to maintain and add to as I discover new cool blogs and re-discover those I've been subbed to via RSS.

shellsharks, to CSS

I can’t overstate how much I hate . Extremely humbling trying to do anything resembling good, “modern”, responsive . Been working on some heavier under-the-hood changes to my -based and wow my eyes and soul hurt.

A related question, anyone ever implement full-body text search on a static site / Jekyll site before? I’ve been looking into maybe lunr.js…

shellsharks, to mastodon

Adding some more info to my “Mastodon starter pack” resource…

These are my personal “top tips” (10 total) for getting started with / using . (More info in the linked page below)

  • When you come across an interesting post, Bookmark or otherwise save it! Finding old posts can be devilishly tricky.

  • Add a profile picture, short profile description and make an intro post (using the hashtag) and pin that post to your profile. While you’re at it, if you have a personal/professional web site, link to your site in your profile and use Mastodon verification on the site!

  • Mastodon posts can be issued as “Unlisted” which prevents that post from showing up in people’s timelines. This is useful for replies with little useful context and for long multi-post threads, preventing you from spamming peoples feeds.

  • If you are on a small or mid-sized, somewhat focused instance, make sure to leverage your “Local” feed to find interesting content and accounts.

  • Boost interesting posts, especially those from accounts with smaller followings. We are the algorithm and discovery is made a lot easier when people share. Plus it makes the original poster feel good and gives their account exposure which is nice.

  • Use a third-party Mastodon client. The first-party client is imo woefully underpowered. There are lot’s of great clients to choose from! (e.g. @ivory, @IceCubesApp, @mammoth, @trunksapp, @SoraSNS, etc…)

  • Follow accounts when you see something interesting from them. It’s easier to unfollow accounts later that you no longer like than it is to find interesting accounts after the fact. Hashtags are also a great source of discovery.

  • Want engagement? Want followers? Try engaging with posts and following people rather than posting into the void.

  • Bootstrap your feed by leveraging an importable follow list. (I’ve provided some in the linked resource.)

  • Optional: Enable search for your account! This is an opt-in feature but is great for people to help find you and your posts.

https://shellsharks.com/notes/2023/10/20/infosec-mastodon-starter-pack

shellsharks, to infosec

Here are some cool accounts I’ve discovered recently. Sharing for

shellsharks, to random

After a long hiatus, I’ve started perusing the infosec.exchange local feed again in search of new and interesting accounts I’d like to follow. I was rewarded in very short order!

  • My feed has seemed a little less “full” of late. Maybe I’m missing some folks who defederated or left?

  • I’ve been obsessively online so I’m cruising through my timeline faster and more often.

The local timeline is a great place to find gem accounts with less reach that are probably relevant to your interests given they are on the same instance. Give it a try!

shellsharks, to ai

When we find out God is an AI singularity that created humans to replace itself only to have us humans create AI to replace ourselves. ♾️

shellsharks, to infosec

May be cold in NoVA today but remains hot! Here’s some great new accounts I've discovered, followed and have been enjoying recently.

shellsharks, to infosec

What are some of your favorite indie websites out there?

Bonus points: What makes them your favorite? Are there aspects of the site (other than good content) that makes you like them?

Extra bonus points: Are there any -specific sites that stand out to you?

I am redesigning and adding functionality to my site and am looking for ideas to improve. Thanks!!

shellsharks, to lemmy

Wrote a “guide” to / last year after Reddit went full enshittify.

https://shellsharks.com/threadiversal-travel

If you’re interested in checking out a -based alternative to Reddit, come check out infosec.pub! It hosts a number of communities including one I’ve stood up for / !

https://infosec.pub/c/cybersecurity

shellsharks, to random

I've been following @404mediaco since they went live last year and this most recent post from @jasonkoebler (https://mastodon.social/@jasonkoebler/111823811997186188) and the team there really got me thinking. (That toot links to https://www.404media.co/why-404-media-needs-your-email-address/).

They've had some incredible stories and scoops over the last couple months. I see all the headlines come through Mastodon or RSS and I say "wow that's crazy”, or “dang, I never knew that”, but that doesn't always translate into me fully reading the post. Maybe I don't have time to read it, maybe I mean to but then forget, in other cases I think the story is interesting but doesn't necessarily impact me specifically. But these stories are meant to be read, they need to be read, maybe not by me all the time, but by someone… in reality, A LOT of someones if you ask me. Everything they call out in terms of rampaging AI theft, social network decay, traditional journalism in freefall, etc... is no joke. I'm seeing it happen each day and it is in fact quite troubling.

I'll admit, I've always relied on the free-ness of stuff on the web and as a result have been somewhat reluctant to choose creators/publications to support. But given the state of the web, HELL, the state of the world, I really can't justify that any more. I want to see more of what 404 produces, and to help ensure that, I plan to support that end. I've also been working on a list of other causes, publications, etc... to support as this I feel is an ever precarious point in time. (If you have any suggestions I would be interested in hearing what you believe could use the support - comment or DM me).

So what's my point? I suppose it's support what you like, what's impactful, what's important to not just you but to everyone, otherwise it may vanish. The world has changed and I need to as well.

shellsharks, to random

The first 100 people to star this toot shall have their Mastodon handle forever enshrined on this page https://shellsharks.com/starsharks. A can't miss opportunity to be sure.

*Remember to star first before boosting to ensure you reserve your spot! 😆

shellsharks, to infosec

My writeup on MITREs “Crown Jewels Analysis”.

https://shellsharks.com/crown-jewels-analysis

Lee_Holmes, to random

If you are at all engaged at work in protecting your company or organization, you need to really look at this Postman issue: https://infosec.exchange/deck/

Your company likely has policies around where it is safe to store secrets and credentials (i.e.: with companies that care and account for that in their threat model), and I'm sure that Postman isn't one of them.

We've done some analysis in our organization while eliminating Postman and you'll be surprised what's there.

shellsharks,

@raptor @Lee_Holmes @buherator I saved this thread to follow up on this exact question - https://infosec.exchange/@neilmadden/111776304723415347

matthiasott, to RSS
@matthiasott@mastodon.social avatar

Last minute question – once again asking for my newsletter subscribers:

Do you have an OPML list of all the feeds you follow? And did you publish it anywhere? Share it below!
👇

shellsharks,

@matthiasott I keep a (somewhat regularly updated) .opml of my subs here https://shellsharks.com/infosec-blogs

(Direct Link: https://github.com/shellsharks/assorted/blob/master/resources/shellsharks-feedly-rss.opml)

jerry, to random

Wow, lots of new signups on Infosec.exchange today. Welcome! Please let me know if you have questions.

shellsharks,

@jerry Guess I’ll share my “infosec Mastodon starter pack” here for any new folks who get into this thread…

https://shellsharks.com/notes/2023/10/20/infosec-mastodon-starter-pack

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • kavyap
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • cubers
  • GTA5RPClips
  • thenastyranch
  • Youngstown
  • rosin
  • slotface
  • tacticalgear
  • ethstaker
  • modclub
  • JUstTest
  • Durango
  • everett
  • Leos
  • provamag3
  • mdbf
  • ngwrru68w68
  • cisconetworking
  • tester
  • osvaldo12
  • megavids
  • khanakhh
  • normalnudes
  • lostlight
  • All magazines
    •