Show newer

Getting ready for the weather tomorrow, might be a lot of rain and wind or nothing at all. Who knows?

TL;DR "We know layoffs don't really cut costs and they hurt productivity, but everyone else is doing them and our board wants to know why we aren't."

does anyone still use #keybase for anything mission critical? just before the #zoom acquisition, commits to the client repo plummeted and the @keybaseio #twitter account went dormant. after 3 years of radio silence, what must their infrastructure look like?

I remember the days of trying to hold page sizes below 32K, with graphics.

I just looked at the HTML of a news site. The <head> section alone is around 180K. It has 38 instances of dns-prefetch, 28 preconnect, and 11 preload. With inlined custom fonts and a mountain of inline Javascript and styles, it's no wonder the page performance sucks even before the multiple ad servers and surveillance platforms get involved.

Moving out of Ohio to keep my #TransKid safe and my current employer won't let me take my hybrid job full remote, despite the reason.

Anyone got any full remote #CyberSecurity jobs open? I'm a blue teamer with experience in incident response, endpoint protection, email security, and SIEM engineering. Can probably settle in to #ThreatHunting or #ThreatIntel pretty quickly too!


[Edit 2/19/23: I got a job! Fully remote, and they know I'm moving to a different time zone. Better title and a significant raise! Thanks to the DOZENS of people who responded with tips and leads.]

First time the snow stuck to everything this winter. Note how the grass is still taller.

"By banning some of us, Musk is sending a message to everyone else: Comply with the dictator or lose access. Twitter has become a virtual simulation of authoritarian rule."

"But Musk didn’t build Twitter. We, collectively, turned the bird app into a consequential power. If it remains under the control of a man who sees journalists as enemies, we have a moral responsibility to fly the coop."
--@gilduran on getting banned from #twitter.

I’ve now seen four reports of people’s #LastPass accounts being configured with 1 (in words: one!) PBKDF2 iteration. This used to be the LastPass default somewhere around 2010. And it’s 310,000 times less than it should be per current OWASP recommendation.

So: LastPass updated the PBKDF2 defaults three times in total. Each and every time they failed to update the security settings for existing accounts, at least for some of them. So in year 2022 we still have accounts that have the default from 2010 configured, even though it was completely inadequate even back then already.

Not just that. LastPass could do a simple database query and notify the affected users. But so far people are left to figure it out on their own. Nobody knows how many people are affected but unaware of it because the official LastPass statement essentially says “nothing to worry about, it’s all safely encrypted.”


Show thread

BBC news - Russia objector jailed 

A #Russian #serviceman has been sent to prison for #refusing to fight in #Ukraine. The man, named only as "Alexei B" was stationed in the far eastern region of #Kamchatka when he was ordered to join what Russia calls its "special military operation" in #Ukraine. According to the local news agency, Kam24, he was #tried by a #military #court, and given a 20 month sentence. He has now filed an appeal.

Joining or renewing your support for EFF has never been easier:
- Click the link below
- Choose your donation amount
- Browse some conversation-starting gear
- Pick from credit/debit, PayPal, mobile payment, etc.
- Status: SUPPORTER! ✅

RT @[email protected]

Here’s the thing: I’m very sure that lumping Meghan Markle (for standing up for herself) with the likes of…a white supremacist, apartheid Clyde and a hitler sympathizer is clickbait.

And I don’t care. DRAG THEM. @[email protected], this is absolute trash


RT @[email protected]

Placing Meghan Markle at the center of criminals and antisemites is not an accident. The hate for Meghan is palpable. A woman of color protecting her family and defending herself isn't narcissism; it's survival. @[email protected] & @[email protected] should apologize for this garbage take.


Such the difference between district courts and the supreme court.

District court: "My husband is a partner at a firm that did some work for FTX, and may do work in the future for those suing FTX. I'm recusing myself"

Supreme Count: "My wife was an internal planner in an armed insurrection against the United States. I see no problem here"

Needing to do another blog post, thinking about discussing policy based routing and VPNs. No idea when I'll get the chance to draft and publish.

As a human rights lawyer who has done extensive immigration work, let me make something absolutely clear.

Asylum is legal immigration.
There's no "port of entry" requirement.
There's no "visa" requirement.
There's no "first country" requirement.
You enter the United States, and you apply for asylum.

Because asylum is legal immigration. Period.


RT @[email protected]

There was a far right attack in #Paris today.

Man opened fire on a Kurdish cultural center, killing three.

He'd attacked African refugees with sword in 2021

And was released from pre-trial detention for that attack 11 days ago...

By @[email protected]


LastPass attackers know your name and billing address and all websites you have saved passwords for, and if your master password isn't sufficiently strong may be possible to brute-force open everything on attacker's machines.


The fact LastPass doesn't encrypt website URLs is a known flaw it appears they never fixed on purpose, going back almost 6 years:

This eventual possible security breach was planned-for as part of LastPass' design for username and password protection. This doesn't break the core offering.
But it has stripped away multiple layers of protection and will hasten my looking at @bitwarden

It's impossible to be completely secure in a massive offering. However I have always disagreed with their decision to not 100% encrypt all metadata, and this event shows that was a foolish choice when seen against the inevitable of the entropy our complex electronic systems.

In the end, a password manager is still right choice in comparison to alternative. And a cloud-native offering like LastPass strongly hedges against data loss by normal users trying to manage their own vault. That is an undersold primary risk, not hackers. Still, very disappointed.

Current password setup:
- Primary vault is LastPass with 2FA
- Core fallback "key" accounts like email that allow pw reset are only in a KeyPass db file with 20char password, synced via OneDrive+2FA.
- This is then further backed-up with BackBlaze, using 40char encryption key

Show older

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!