I had a choice.
Follow
Kurt Seifried (He/Him)
@kurtseifried
Kurt Seifried (He/Him)’s Tweets
So Dall-E "a black cat eating a shark" is ok but "a fat black cat eating a shark" results in:
1
2
We had one fraudulent transaction (which we promptly canceled and refunded) and upon further investigation, there appear to be some similar transactions, but those cards aren't contacting us... yet...
Show this thread
With suspected CC fraud is there some way to push a notification upstream so that the card issuer gets told "hey card # 1234 appears to maybe be stolen, you should check into it"? There doesn't appear to be a way to do the right thing. ? 1/
1
1
Show this thread
Bad news: security patches are getting worse and ZDI has the data to back it up, good news: they’re trying to fix it, find out with and on the #osspodcast opensourcesecurity.io/2022/08/21/epi tldr it’s complicated, but simple enough to fit in a podcast episode
3
It’s weird to see quotes like “and 55% agreed that QR codes were hard to read and browse through.” Cause uhh you know QR codes just point you to a webpage typically. Get a less crappy website I guess?
1
Topics to follow
Sign up to get Tweets about the Topics you follow in your Home timeline.
Carousel
Let’s define new levels of technical drunkenness. I’ll start: drink enough to remotely hit the “update firmware” button on the WiFi control panel and reboot it for the main office.
1
I seem to be good at finding glitches in sites. Signed up for Zero Trust and it says I have to pick a plan, but won't let me pick a plan?!? The auth setup worked though...
Hint: you could take customers' money in advance and sit on it and they wouldn't even be that grumpy about it I bet.
1
Show this thread
Why can't I pay a partial fee in order to get my DNS renewals to line up, or at least happen quarterly instead of having 30-40 renewal events per year? Why doesn't some registrar provide this service?
1
1
Show this thread
It turns out this is a lot harder than you’d think.
4
Front page is up but any org I try to load is down.
2
1
Show this thread
The scammers are getting better, but I haven’t been a Fido customer in over a decade. So I should click that link because they finally did my refund right?
1
Hey If I go to tokens dash.cloudflare.com/profile/api-to and click "Create Token" and "Use Template" for "Read all resources" it appears to be the intent was to enumerate every read item (makes sense) but some are not selected? Not sure what behavior this results in.
The problem of incident response:
Fixing/cleaning up the problem: minutes
Fixing/cleaning up all the gaps you discover along the way: several days of work
Dealing with future outages quicker and having better backups: priceless.
If a kid ever asks you why they need to learn to read an analog clock face tell them it's so they can pass the CAPTCHA for securedrop and blow the whistle on wrongdoing?
5
Serious question: is the #babyformula shortage over? I haven't seen any recent press but e.g. the CanGov site is still up: canada.ca/en/health-cana and en.wikipedia.org/wiki/2022_Unit doesn't say if it's over. I know cough syrup is still rare in stores.
I feel like password requirements (special character/lower/upper case/etc.) are the moral equivalent to this carpet, in that it sort of got people to stop running, but also made things much worse for everyone. What other #infosec solutions are like this carpet?
2
8
Yeah it's unsigned so Windows throws a tantrum
Show this thread
#infosec has a data problem. Well, the problem is we don't have data, find out with and on #osspodcast
opensourcesecurity.io/2022/08/14/epi TL;DR: If you say something loud enough and often enough you can convince people it's data.
2
What the hell? A smiling dog? I grew up with cats.
1
1
1
Show this thread
Oh my. We're doomed, aren't we?
2
Show this thread
Ok. WHAT?!? Take 12 months to pay for a $70 item? Isn't this kind of how we got into the 2008 housing crash?
1
2
Show this thread
Amusingly I assumed the battery had failed because the run time was so short. It just has a comically small battery. Lesson learned, if it feels light, it probably is.
1
2
Show this thread
Lesson learned. A Dremel and a new battery (which you have to replace every 3 years anyways…) and I’ll have a decent cheapo UPS
1
2
Show this thread
Ok I need to redo the 40 year old yucky carpet floor on the below ground level (water isn't a real problem) so as I see it three main options:
Laminate flooring
Tile
Epoxy paint
+ a rug or two
Am I missing anything new and clever? Cork seems like it'd get damaged too easily.
2
1
2
Apple HEIC photos/video aren't supported in Windows?!? Also, you have to pay Microsoft $1.29 to add it?!? Also, does it work in Windows 11? Gah.
2
3
4) In line with machine-readable it needs to be in a widely accepted standard like SWID (never took off), SPDX (taking off), or make use of good standards like Package URL, or... uh... that's all I got really. Those are your 3 options right now.
5/
1
Show this thread
3) It needs to be in a machine-readable format. #SBOM has to be consumable by machines, not just humans. Anything not machine readable is literally malicious compliance with SBOM requirements.
4/
1
Show this thread
I think an #SBOM needs to meet the following requirements:
1) Generated by a tool that can be run, SBOM's can be hand-curated monstrosities, I know, I've done it and seen what happens. So Automation/tooling, anything else is artisanal data
2/
1
Show this thread
I see people using the term #SBOM a lot but I haven't seen a definition anywhere for it. What constitutes an SBOM? Is an RPM/DPKG/etc file count as having SBOM data? What about this license compliance statement: moba.i.mercedes-benz.com/bai-cars/ba/fo 1/
3
2
Show this thread