Show newer

At this point, somebody in the sec team knows what's going on, which has already compromised the test. Even if you yank that team member, which will be one of your core members, now anybody doing IR will be tracing back the SSH login, a red herring missing the point of the test.

For the people advocating simulating 0day... how *exactly* does that work? Some team member with admin rights over security appliances [this is a security team member] would need to log in over SSH if that's even possible, escape the management interface and run a command, right?

"That's what sticks in my craw here. Not the policy part, not the (naive, flawed) implementation. Somebody asked the Chromium team to restrict students access to devtools and source code, and there wasn't even a discussion."
mastodon.social/@mhoye/1072543

That's what sticks in my craw here. Not the policy part, not the (naive, flawed) implementation. Somebody asked the Chromium team to restrict students access to devtools and source code, and there wasn't even a discussion.

Show thread

(To everyone saying "this is just an enterprise policy": Look at the conversations in the bugs.

Somebody said, to the Chromium team, schools are using Google Forms for testing, and the kids can see the right answers in the forms, so to address that, we want to prevent students from reading source code.

And without an ounce of pushback, without so much as a nod in the direction that this might not be the right solution to this problem, the Chromium team said yes.)

Show thread

Seriously, the Chrome team just landed a patch that lets sites block "View Source" _right in the middle_ of the Chrome Dev Summit.

chromium-review.googlesource.c

developer.chrome.com/devsummit

Can we keep trash posting Comcast customers or can they see us again?

schadnfreude debuted at Texas Cyber Summit 2021, those slides are now posted.
scriptjunkie.us/2021/11/schadn
@texascyber

schadnfreude
A new end-to-end encrypted, anonymous ID and IP-hiding, decentralized, audio/video/file sharing/offline messaging multi-device platform built for both communications and application security and performance.
scriptjunkie.us/2021/11/schadn

I got zero responses last time I hit up the Fediverse offering paid creative work, but I'm not giving up!

Some #Owncast features being worked on require iconography. And while we could use an icon library or something like Fiverr it'd be nice to work with an illustrator on the Fediverse who focuses on icons to have something that is custom.

This is paid work, so please boost and tell your friends.

Feel free to message me on the fediverse or email me: gabek@real-ity.com

Show me a 10ft paywall, I’ll show you a 12ft ladder

Pretty simple add any pay walled URL to
12ft.io/ and boom you are reading that shit.

Note! If you are onsite, the location has been updated to salon A, Track 3.

The plumbers are going to have a surprise when they come back today to check on the hole in the dining room floor.

#halloween #spooky

Show thread

After absurd amounts of typing, I've finally put up the transcript version of my keynote at the last (2019 😢) PyCon UK: rixx.de/blog/while-history-con

My main motivation were my grandparents, who wanted to watch the talk, but don't speak English too well, so now there's also a translated version!

The Supreme Court has already effectively ruled that taxing unrealized gains is unconstitutional.

Show older