ن Aaron Poffenberger

Thoughtful, well articulated reply here from Damien Miller (@damienmiller) explaining why the #OpenSSH team committed and released fixes to the "user enumeration" defect without fanfare, secrecy or embargo. (CVE-2018-15473) http://www.openwall.com/lists/oss-security/2018/08/24/1 …https://twitter.com/_Sn0rkY/status/1032926920000733186 …

Who woke up that one day and thought: You know, in addition to content, images, style-sheets, and JavaScript we need web fonts. And while we're at it, let's use emojis specific to a given web font in lieu of graphics. Oh, and forget about graceful degradation.

You probably really want something like: SRC != find src -type f \( -name \*.md -o -name \*.txt \) OUT := $(SRC:R:S/$/.html/g) # :R removes suffixes.

Use the ':R' modifier in make(1) when file suffixes vary, but output suffixes should be the same: SRC != find src -type f OUT := $(SRC:R:S/$/.html/g) # :R removes suffixes. Didn't know you could chain modifiers? See make(1) on variable expansion. #OpenBSD #ReadMan

Life stretch goal: World Air Cellist Champion

My wife made the most awesome cookies tonight. The two main ingredients were chocolate chips and potato chips. Yeah, you read that right. I'll see you on the other side of a serious milk and cookie binge.

There you go! I just accidentally verified @letsencrypt respect the CAA no-issue property ";". https://tools.ietf.org/html/rfc6844#section-5.2 …

And then accepting the OTP without further transformation. Where's the security in that? SMS #2FA is dangerous security theater. It provides the illusion of security without the reality. 2/2

SMS #2FA is so bad I call it irresponsible in the blog post, and will say it's security malpractice. You're sending an OTP over a cracked protocol, via carriers who are demonstrably incapable of guaranteeing the owner of the account is in possession of the reception endpoint. 1/

Repeat after me: SMS #2FA is not secure[1] and is worse than nothing.[2] [1] With un-transformed values. [2] I said it and stand by it. SMS #2FA is worse than nothing. (You use a different password with each site, right?) See tweet above, blog below. http://akpoff.com/archive/2016/supporting_sms_otp_for_two_factor_auth_is_irresponsible.html …

Yes, finally! Someone is trying to hold a mobile operator accountable for an unauthorized SIM swap. Now, if only we could convince more companies that SMS #2FA (with un-transformed codes) is not secure.https://twitter.com/briankrebs/status/1030138905688006656 …

While slack is down you'll have enough browser resources to read about #irc. http://www.ircbeginner.com/ircinfo/ircc-commands.html …