shellsharks

@shellsharks@infosec.exchange

Infosec researcher | Find me @ https://shellsharks.com

#fedi22 #infosec #cybersecurity #tech #indieweb #apple searchable

Profile picture: A red shark holding a terminal window shaped like a surfboard. The terminal reads “> whoami shellsharks”

https://keyoxide.org/FA7AC5E3626AEF016A5AD0BB172E73E0A585273E

This profile is from a federated server and may be incomplete. Browse more on the original instance.

rendick, to random

My first post on Infosec!

shellsharks,

@rendick Ayy! 👋

shellsharks, to SmallWeb

My new blogroll is live! https://shellsharks.com/blogroll

These are a list of blogs/sites I read and recommend. They are great!

Featuring @adeptsof0xcc @ApisNecros @flamed @jcrabapple @sophie @macstories @theverge

This is something I will continue to maintain and add to as I discover new cool blogs and re-discover those I've been subbed to via RSS.

shellsharks,

@ittavern The old redirect was to this https://shellsharks.com/infosec-blogs#boutique-security-blogs which is just a giant list of indie infosec blogs I've discovered and not really in the spirit of a traditional "blogroll" which is blogs I personally really like.

jerry, to random

I am happy to announce my new cloud-based, AI enabled XDR offering for toothbrushes. Please form an orderly line to deposit your investment capital.

shellsharks,

@jerry Will it have a rule for CVE-2024-7337H, i.e. "GumBleed"?

joshsternberg, to random
@joshsternberg@mstdn.social avatar

I've been using both Mastodon and BlueSky since Nov 22, when I left the Twitter cesspool, and find that while I spend time on both, I am more of a passive lurker here and more active poster there.

With BlueSky opening up to everyone, how are you all feeling about it?

shellsharks,

@joshsternberg I don't think it moves the needle much for me unless a substantial infosec presence makes its way there (which would surprise me).

I can see how them opening the gates could quickly expose some moderation and scaling issues and annoy the folks who like the "cool-kids-club" vibes. I really don't see what bluesky brings to the table that isn't already covered by Twitter / Threads / Mastodon.

That said, I like having non-Meta, non-Twitter options out there for folks and if Mastodon isn't meeting their needs and bsky is then that's great.

lars, to random
@lars@mastodon.social avatar

Thinking about how best to present various form of content on my personal website.

Currently, I create posts (long-ish) and notes (short, but mostly links). Wondering if I should split links into a distinct post type, and keep notes as «clean» short posts.

Also, current front page doesn’t do it. Messy. Some people do a unified feed for all post types on the front page, but I’m not convinced about that either. Requires much mental sorting to make out what’s what.

Ideas?

shellsharks,

@lars

To answer your first question, I think a separate post type would be good and make more sense.

As for your front page, this is something I've been wrestling with how to do cleanly as well. I only somewhat recently introduced the concept of "notes” on my site and for a while I've just been featuring the latest note as the top item in my list of links on my home page. This is fine for pushing people into that note and maybe into my feed of other notes but its not obvious at all that that is whats happening from what you see on my home page.

My plan (which IM working on now) is to have my notes show up below my post list for smaller screens and on the side bar (right-side) on larger screens. Though I'll have to see how this looks when I actually have it implemented. My header I try to keep somewhat clean so I don't really want links at the top for "posts” and "notes" but you could absolutely do it. That said, I think your "Writing" drop-down is perfectly fine.

I have been thinking of changing up how my post list is presented though. Right now its very simplistic with just a publish date and blog title but I like the idea of having the description as well like you do.... fun stuff to consider!

matthiasott, to RSS
@matthiasott@mastodon.social avatar

Citizens of the open web! 💚

Does your website or blog have an feed? Let me – and my newsletter subscribers – know the URL(s) below.
👇

shellsharks,

@matthiasott Yep! Not only do I have an feed, I actually have two! One for my regular feed of posts and another for my "notes" (short-form stuff).

filippo, to random
@filippo@abyssdomain.expert avatar

Bluesky registrations are now open! https://bsky.social/about/blog/02-06-2024-join-bluesky

I have been posting primarily there for months now. It has an early Twitter vibe and UX, a hacking friendly protocol that will allow federation, and cool custom feed algorithms.

Join me there! → @/filippo.abyssdomain.expert 🦋
https://bsky.app/profile/filippo.abyssdomain.expert

shellsharks,

@filippo

  • Yes, opt-in, customizable algo feeds are awesome and need to come here.

  • How so? This seems to be based on the friends you keep. I'm in infosec and my feed is almost exclusively hacker-types who of course very much support the same... is this what you mean?

  • Federation, or decentralized nature of Fediverse/Mastodon is an overall benefit compared to the weaknesses of these traditional centralized networks. Look no further than X. Bsky is no different. It would be nice to see this issue with federating stuff for smaller issues be sorted though.

  • My fav feature of Bsky is the domain-as-your-handle. Wish mastodon could do something like this too. Like, I could still be @ infosec.exchange but also addressable via my domain or something...

  • Atmosphere is dependent yet again on the friends you keep. If who you follow is serious, your feed will be serious. There are plenty of unserious folks on here. Go follow them. As for reply guys, this comes with A. Scale (bsky doesn't have a huge user base), B. Invite-only-ness and C. People are just more active here, thus more replies, not all of which you (or others) may like... 🤷‍♂️

The reply guy thing is interesting too. Like, is this reply a "reply guy" reply? I do kinda disagree or hold slightly differing viewpoints on some things as well as agree with you on others. To me, this is honest, genuine, good-spirited engagement albeit a little debate-ey.

Anyways, I think choice is great and if you're (or anyone) happy and making connections on bsky or threads or wherever than good for you yknow? I think the whole "my social network is better than yours" thing is kinda silly anyways. They all have pros and cons and which is better is subject to a lot of variables. Hell, I tried Mastodon a few times before it stuck for me.

darrenpmeyer, to random

I can finally be public about my new role as a Staff Research Engineer at Endor Labs!

I’m going back to my research roots here, getting a chance to focus on topics for education, research work, and contributing to the OpenSource ecosystem. This role has been a year in the making, and I’m super excited to get started on the work!

shellsharks,

@darrenpmeyer sounds dope. Good luck!

aircooledcafe, to random

So glad the apps cache creds, but yikes. 1Password is down.

https://mastodon.social/@verge/111880295124128385

shellsharks,

@aircooledcafe I don't see the big deal with this tbh. I use 1P and all my creds are stored locally on all devices I have. Cloud service is only needed for sync (maybe?) and account sign-in/verification stuff.

jerry, to random

There is a noticeable decline in the number of active users on Infosec.exchange lately. Where are the cool kids hanging out these days?

shellsharks,

@jerry This is obviously directed at me, me being very c00l 'n all. I'm at the beach, so my Internetting is down quite a bit for another few days. 🏖️

shellsharks,

@jerry @eljefedsecurit I really think people just aren't good at discovery. They can't or are unwilling to explore and/or curate. I find my feed to be incredibly lively and rich but I've admittedly put a TON of effort into finding a very diverse set of folks across a ton of instances to follow.

So because of this, people's feeds go stale and they think Mastodon is dead, so they too leave or take a break.

This said, I think Mastodon should add create-your-own-algo kinda feature like Bsky has so that people who don't/can't feed themselves are instead spoon-fed. Make it opt-in if that makes Mastodon devs feel better 🤷‍♂️.

stark4n6, to random

Anyone have experience migrating a website from Blogger to Jekyll/Github?

shellsharks,

@stark4n6 Migrate? No. But I've been using Jekyll for 5ish years now so happy to help with any one-off q's. Good luck!!

shellsharks,

@stark4n6 Does blogger have an export? For Jekyll you just need your posts to be markdown and have a little frontmatter. Seems pretty doable if you have the export.

ludicity, to random
@ludicity@mastodon.sprawl.club avatar

This describes every interaction I've ever had with enterprise security teams, and if you replace the word "security" with "data", it almost describes them too. And most importantly, it is filled with the seething invectives required to keep my heart pumping:

https://crankysec.com/blog/shite/

shellsharks,

@ludicity @swapgs This could quite possibly be the best thing I've ever read. 🧑‍🍳 😚 10/10

simontsui, to random

At 600 followers, I will downgrade Volt Typhoon to a Volt Depression 🌀

shellsharks,

@simontsui @crudd I vote for "Zap Drizzle"

shellsharks, to SmallWeb

In 2019 I started my blog but knew nothing of the or . Thanks in large part to the awesome community I was introduced to these concepts and have been diving in ever since, adding IndieWeb capabilities to my site and exploring the Indie World in its entirety. To help introduce others to the IndieWeb as well as catalog useful/interesting things I encounter I decided to write a post about it.

https://shellsharks.com/indieweb

That piece features a few cool lists like a list of webrings, blogrolls, IndieWeb search engines, indie site hosting providers and more!

To further help “score” my site on its “IndieWeb-ness”, I also wrote the following post about which includes my site’s score.

https://shellsharks.com/indiemark-score

gamingonlinux, to random
@gamingonlinux@mastodon.social avatar

They were...what?

shellsharks,

@gamingonlinux this is up 300% YoY 😂

Scorpion_Byte13, to random

What are some good Cybersecurity focused podcasts?

shellsharks,

@Scorpion_Byte13 I can give you at least “Cybersecurity focused”. I am working on a "season 2" right now but you can sub to my podcast and listen to the back catalog if you'd like! https://shellsharks.com/podcast (There's about 18 shows total)

ittavern, to random

I am happy to share with you the new design of my blog.

New logo, new thumbnails, lots of CSS changes and everything is now hosted in a German DC.

The goal was to create a clean design and reduce the loading time even further.

Feedback is welcome.

https://ittavern.com

shellsharks,

@ittavern Cool! Simple and has the necessities I think (e.g. RSS, basic search, blog, tags & about). Some other ideas as you continue to tweak and add though...

  • A "Notes” section where you can publish short-form stuff.
  • A /Uses page
  • A /Now page
  • Blogroll
  • Humans.txt
  • Custom 404 page

Cheers!

shellsharks,

@ittavern For infosec stuff, I haven't really seen a lot of chatter. For anything else, I probably couldn't tell you if it's good or not. There are people who seem to really like Bsky but personally I think Mastodon is better now and better set up to stick around into the future.

technotenshi, to random

Just moved from my old account, @technomike to this, my new home. welcome everyone!

shellsharks,

@technotenshi @technomike Howdy and welcome! 🤠👋

adamshostack, to random

How do you choose when to follow back? My current approach is to look at the persons most recent tweets and see if they seem to be likely to make a positive change to what I see, mostly if they’re saying something rather than a stream of RT. I don’t love this plan.

shellsharks,

@adamshostack My how-I-follow strategy kinda looks like this…

  • I see something interesting from an account I don't follow and want to consider following them.

  • As you said, I pop into their profile and look at their recent posts (maybe like 5-10). If they are like 2/3+ interesting and not like 90% just boosts then I will follow.

  • For the previous step, I like to lean on more liberally following accounts that are somewhat consistently interesting as I have found it is MUCH harder to find an account later than it is to simply unfollow them if they become too noisy, off-topic, or not what I want to see in my timeline.

  • I also am FAR more careful following someone if they are a very frequent poster. Anything more than like 3-5x /day and you have to be pretty high signal. In my experience, there are enough people I follow who will boost the one interesting thing out of every 50 posts an account like this would toot so I still get it in my timeline without having to follow them.

  • Operationally, as you scroll your feed, be mindful of accounts you are seeing that post too much, or about things you dont care about and be perfectly willing to unfollow. Pruning is a big part of keeping your timeline enjoyable and manageable.

  • I also actually run two Mastodon accounts (not that I would recommend this approach but it kinda helps in this one regard). This account is mostly dedicated to infosec stuff. I try to mostly write about infosec (or Mastodon meta) and follow infosec accounts. My other Masto account is for everything else. This means I can experiment more with who I follow there and not have to worry about missing things over here. A similar strategy could be deployed via Lists here as well if lists were a thing someone wanted to manage and try.

  • Sometimes I follow because I see someone from an interesting instance that I've never seen before and see that as an opportunity to get boosts from them which would in theory be places across the Fediverse that I don't that much reach in to.

  • Finding serial boosters is in many cases too much of a burden on a timeline, but having a few solid accounts who do this in your follow list is great as it helps keep your timeilne more dynamic and interesting, having it fed accounts from all over the Fediverse.

  • Other times it’s just vibes. They say something funny, they have an interesting profile, etc... For those who only post every once in a while, it has very little effect to just go and follow them as you’ll only have to scroll past an item of theirs every once in a while.

  • I don't give much weight to whether I'm being followed by an account or follow-backs or anything like that. I follow people because I enjoy what they have to say, not because I want them to have to listen to me haha.

ben, to random
@ben@werd.social avatar

I've been setting up a new Mac. What are your must-haves? Alfred, Firefox, and 1Password are always my first, second, and third installs.

shellsharks,

@ben I maintain a (pretty up-to-date) list of stuff I use on my Mac here https://shellsharks.com/mac-tools.

bens, to random
@bens@mastodon.xyz avatar

I don't understand why anyone, in 2024, still has a Medium blog. The experience reading it is terrible and they often hide the content unless you create an account (which I won’t do). So I just close the tab.

shellsharks,

@bens Though I do agree with you here, I have a better understanding these days of what Medium provides to both writers and readers. I wrote this up about a week ago about this very topic https://shellsharks.com/notes/2024/01/19/a-different-perspective-on-medium. I've always disliked Medium for the reason you mentioned and a few others but these days (thanks in large part to listening to the podcast that I mention in the linked note) I understand what Medium does provide to the current Internet. Yes, it'd be far preferable to me if people just had their own blog rather than relying on Medium, but that low barrier-to-entry is so appealing for writers who do not want to "tech" anything.

For anyone wondering what's out there aside from Medium, check out this list I've started compiling of great Indie hosting options https://shellsharks.com/indieweb#hosting. This list doesn't even include traditional places to host a great blog like WordPress, Github Pages (where my blog is actually hosted), Squarespace, Blogger, Neocities, etc…

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • kavyap
  • DreamBathrooms
  • normalnudes
  • magazineikmin
  • InstantRegret
  • GTA5RPClips
  • thenastyranch
  • Youngstown
  • rosin
  • slotface
  • osvaldo12
  • ngwrru68w68
  • ethstaker
  • JUstTest
  • everett
  • Durango
  • Leos
  • cubers
  • mdbf
  • khanakhh
  • tester
  • modclub
  • cisconetworking
  • anitta
  • tacticalgear
  • provamag3
  • lostlight
  • All magazines
    •