Anyone give weight to the concerns lawmakers are advancing about TP-Link routers?

https://www.reuters.com/world/us/us-lawmakers-urge-probe-wifi-router-maker-tp-link-over-fears-chinese-cyber-2024-08-15/?mod=djemCybersecruityPro&tpl=cs

#infosec 

 Any user-friendly antivirus for linux?

(no, clamav doesn't count)

If not, why are you recommending regular folks use linux? I'm concerned by this trend. 

 i have a confession

i found a fresh ecig while cleaning the other day and i've been vaping nicotine lightly but regularly since and it has been sooooooo fucking nice.

pleasure has been fleeting for me (thanks depression) and nicotine lights up my brain like little else.

but a week or so in, another problem flared, and so i sat down (gingerly) to research. And...

...did anyone else know that nicotine aggravates hemorrhoids? 🙃 

i share this story as a warning. 

 Why is it so hard to keep eyeglasses clean, and furthermore why is this an attack on me, personally, on this grim Monday morning? 

 One of the things that continues to give me hope - and this may be silly to some - is just how actively @749d2a0c continues to improve and expand in organic ways.

I moved from GMail to Proton and haven't had a second of doubt. They respond quickly and clearly to support requests and provide multiple avenues to usability that emphasize user privacy.

(I have no connection to Proton AG other than as a happy paying customer.)

https://mastodon.social/@protonmail/111726406129916106 

 After a month or so of working with it, had my first significant grapheneOS issue: Google Play Store repeatedly crashing.

Device reboot fixed it.

I do kind of worry about Graphene's longevity as Google moves more and more of Play/etc into core Android services (but it's entirely viable for now).

#TurnItOffAndOnAgain #grapheneOS 

 Curious if this is Okta's LastPass moment. 

 Gettin a very pronounced vibe of "We're sick of your shit, Okta" from many directions this fine Friday evening.

https://blog.cloudflare.com/how-cloudflare-mitigated-yet-another-okta-compromise/ 

 After a few weeks and a work trip with the Google Pixel Fold:

-It's a solid folding phone so far in a consumptive/tablet sense

-It's actually kinda neat to read kindle books in a two-column format with the phone a bit creased like a small book.

-I've tried half a dozen different stylus types on it and none worked really well, and the handling on it for trying to write/do much besides read/watch things is awkward. 

-It's nice to not have Samsung bloatware, but jesus h christ the amount of weird Google stuff that needs network permissions is annoying. 

 Any good books out there that provide a good intro to (FDM) 3D Printing for someone with zero background or applicable skills? 

 it is so cool out and i love it so much. 

 Random Maker question: if I want to make enclosures, in the context of creating cyberdeck/custom laptop kinds of things, am I looking at a particular 3D printer, or a CNC, or am I better off getting the materials and grinding/altering/constructing more conventionally? 

 wtaf 

"In the trial, Issam Najm, an environmental engineer who specializes in water chemistry and testing, testified that the hydrazine likely formed in the "ionizer," which was just titanium tubes electrified with what looked like jumper cables used to charge a car battery."

https://arstechnica.com/health/2023/10/jury-awards-229m-to-victims-of-real-water-tainted-with-rocket-fuel-chemical/ 

 23andMe: "Oh it's everyone else's fault, it's credential stuffing."

But that's worse, right? You get how not having credential stuffing mitigations in your fucking gene registry is worse? 

 Had to warn my boss,

"So... this next blog post I wrote for GTM is... a little unique. Maybe a little unhinged. So if Marketing comes to you and asks 'Is Ian okay?!' that's probably why." 

 i hate feeling like i'm not doing my best work. covid brain suuuuuucks. 

 @d7a8a49d if anyone i know has ideas here, you might: https://tech.lgbt/@hpux735/111184192554424272 

 Gmail tab on chrome, just sitting there: memory usage of 700+ MB.

what the hell, people 

 Note for neurodivergents/etc with strong sensory components: one of the items I've found most useful are these spiky "sensory rings" that easily roll on and off any finger, producing unique pressure and sensation.

They've been a great, subtle stim, including a good distraction from other sensory problems and sensory-related covid symptoms. And they're quite cheap.

#neurodivergent #ActuallyAutistic

https://www.amazon.com/gp/product/B08D3VSRFV/

https://masto.deoan.org/system/media_attachments/files/111/182/814/800/661/395/original/1783f28783c92956.png 

 For folks headed to BSides Orlando, my bud Dan Fernandez will be speaking on machine learning security issues.

Details here: https://www.linkedin.com/posts/dafdz_bsidesorlando-cybersecurity-machinelearning-activity-7113591646797094914-Bat5?utm_source=share&utm_medium=member_desktop 

 I think it's fundamentally unfair that I have rebound covid when I don't even play basketball. 

 aw son of a bitch, i just tested positive for covid again. finished paxlovid on saturday, negative tests on sunday and tuesday.

(this is not unheard of; see term post-paxlovid covid rebound - it just sucks) 

 *slow clap*

Well played, Permission Slip.

https://masto.deoan.org/system/media_attachments/files/111/178/675/056/758/599/original/3c5ddb86eff7585d.png 

 Wondering how many dummies brought phones into SCIFs and other clean areas only to have them go off today.

"Smith... is that your phone?"

"No, uh, that's my Emotional Support FEMA Alert..." 

 too relatable, from a private IRC channel:

<redacted> hahahaha, i just went to file a bug report on an instance of the issue i detected

<redacted> THE GOD DAMN BUG REPORT TICKET FEATURE ON THE GOD DAMN WEB SITE THREW A 400 BAD REQUEST 

 Just finished interviewing on an infosec podcast, pushing da neurodivergent propaganda as i do

feelsgoodyall.jpg

I'll link it when it comes out. 

 Ah, this'll go well.

TorchServe, a production server for machine learning framework PyTorch, exposes its management console to the world in default config with what looks like multiple paths to remote command execution.

https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654 

 Anyone else ever see the RJ45 inputs of rack-mounted switches as rows of teeth with tentacles, or is this another one of those things I should keep to therapy?

#spooktober 

 Split this one off from fb.

https://masto.deoan.org/system/media_attachments/files/111/173/221/313/704/448/original/fe1efdc08332b255.jpg 

 Aaaaaahaahahhahahahahahahahahaha aaaaaaaaaaaaaaaaahahahahahahhaa fuck you McCarthy 

 aw crap

https://masto.deoan.org/system/media_attachments/files/111/172/754/251/719/715/original/bcd5540efee74554.png 

 Just delivered a spooky October blogpost to Marketing that will likely leave folk with one overriding reaction:

"da fuq did I just read?!"

We'll see if they dig it... ;) 

 How do you say "Happy Cybersecurity Awareness Month" in Elvish?

(filched from elsewhere.)

https://masto.deoan.org/system/media_attachments/files/111/171/042/558/365/606/original/fba69ef7e58c56f9.jpg 

 Ohhhh, Michael Lewis' book on Sam Bankman-Fried, Going Infinite, is out today.

This promises many lulz. 

 

https://masto.deoan.org/system/media_attachments/files/111/167/643/044/752/927/original/723f889d43518a7e.jpg 

 Monday vibes.

(filched from elsewhere)

https://masto.deoan.org/system/media_attachments/files/111/165/347/400/845/422/original/a58a4159c485a4da.png 

 Well I *WAS* gonna go all white knight and help Captain No Luck take down the Crimson Fleet but then he decided to get all high and mighty about me wasting a few generic corporate security guards, 

so I guess it's a pirate's life for me. 

 Did anyone else get a weird email from Amazon about the danger of their Google Play Gift Card order despite never having done so, and nothing appearing in order history? 

 Well that's one negative covid test on the books.

Continuing with same precautions (indoor masking, isolation, good airflow, surface cleaning) till at least Tuesday, when I will test again.

We've been careful, but feeling real lucky dad seemingly hasn't caught it yet. 

 And so it begins.

https://masto.deoan.org/system/media_attachments/files/111/158/161/404/318/222/original/a09c5096f14883ee.jpg 

 Oh this gives me serious pause about Framework laptops.

https://octodon.social/@jalefkowit/111156703105077035 

 Random service note: I've been happy enough that I'm upgrading my Proton Mail/etc subscription from Unlimited ($10/mo) to Proton Family ($30/mo if monthly; $20/mo if paid ahead).

The latter ups Proton Drive space from 500GB to 3TB so I can move any cloud storage needs there; it also allows for 6 separate users, 90 addresses,  3 custom domains, and a bunch of other stuff.

That's how well Proton is doing service-wise for me, with an emphasis on privacy. 

And as a reminder, I have no ties to Proton AG other than as a happy paying customer.

#privacy #security 

 it always amazes me when i look at some corporate attempt to be mildly creative, that has cross-neuronal possibilities, and my synesthesia exhibits absolutely no response.

https://unstable.systems/@AmyZenunim/111155060958943493