Stephen Hoffman

@HoffmanLabs@infosec.exchange
231 Followers
187 Following
3.2K Posts
VSI OpenVMS, Apple macOS, iOS, iPadOS; Server & Network Security; IP & DECnet Networking; TLS, DNS, C et al. ⌘ irc·2600·net #vms pwd:VMS
Stephen Hoffman27m ago
BleepingComputer8h ago

News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.

https://www.bleepingcomputer.com/news/security/no-the-16-billion-credentials-leak-is-not-a-new-data-breach/

No, the 16 billion credentials leak is not a new data breach

News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.

BleepingComputer
Stephen Hoffman12h ago
Farce Majeure3d ago
Revisiting a lucky favorite from April with my constructed leading lines approach.

#Boston #photography
Stephen Hoffman13h ago
Nicholas Weaver3d ago
I thought they were supposed to hold random pizza parties to obscure that sidechannel.

RE: https://bsky.app/profile/did:plc:pdwryunie6mmkobp2wgjy2ak/post/3lrrg2khjis2q
Stephen Hoffman13h ago
Unfortunately, a large chunk of that $200 million will necessarily go to legal and compliance and contract-administrative costs. But yeah, a whole lot can be built for what’s left.
https://fed.brid.gy/r/https://bsky.app/profile/did:plc:qpviqmyexowd5orod4utv34f/post/3lrrfjxbb622t
Nicholas Weaver (@ncweaver.skerry-tech.com)

$200M would allow me to build a 200,000 drone autonomous assault force. We can even call it "AI powered" for marketing reasons. Any NATO gov interested? Call me... [contains quote post or other embedded content]

Bluesky Social
Stephen Hoffman1d ago
Nicolas Christin3d ago

PSA: If you're using homebrew, and discovered that MAME crashes w/ a Bus Error upon startup after upgrading to Sequoia, 1) update mame.ini so that the line containing gl_lib points to /System/Library/Frameworks/OpenGL.framework/Libraries/libGLVMPlugin.dylib 2) launch w/ DYLD_LIBRARY_PATH="" mame

Details: it's likely that there are some symbol mismatches between some homebrew libraries linked against old OpenGL libs and the new OpenGL shipping with Sequoia. This drove me nuts. So I'm posting this here in hopes people don't waste their time. Oh, and don't ask an LLM, they're clueless.

Stephen Hoffman2d ago
Martin Fowler3d ago

From one of the people I trust most on LLMs - a clear explanation of a common and very dangerous security threat

https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

The lethal trifecta for AI agents: private data, untrusted content, and external communication

If you are a user of LLM systems that use tools (you can call them “AI agents” if you like) it is critically important that you understand the risk of …

Simon Willison’s Weblog
Stephen Hoffman4d ago
Ken Shirriff5d ago
When landing on the Moon, the astronauts watched an instrument called the FDAI that showed the spacecraft's orientation. The ball inside the Flight Director/Attitude Indicator rotated in three axes as the Lunar Module rotated. Let's look inside and see how it works. 1/N
Stephen Hoffman4d ago
TayFoNay🍿5d ago
Norwegian marshmallow harvest is upon us
Stephen Hoffman4d ago
McNadoMD6d ago
If you are zip-tied after being detained, and have any numbness/tingling/weakness in the wrists/hands, DEMAND medical care. DEMAND an ER visit. Do whatever you can to get it documented. The “temporary” nerve injury is not always temporary. You may not know for weeks. It can be disabling. I see it. Not often, but occasionally. When dipshits mass-arrest people and use non-standard restraints with no re-assessment, people get hurt. Make sure you have a paper trail.
Stephen Hoffman4d ago

I overlaid two contiguous files and two reserved storage ranges onto up to five GPT partitions, to allow a non-partition-supporting operating system to coexist with EFI and its required GPT partitioning, and with the two files placed atop the boot and maintenance partitions.

#UglyHack #openvms https://infosec.exchange/@postmodern/114679619465262045

postmodern (@postmodern@infosec.exchange)

Controversial Topic Time: what are the recommended partition sizes for `/boot` and `/boot/efi` (aka ESP)? Go! #linux

Infosec Exchange
×
Dreadnought Holiday6d ago

Vestas Wind. The navigator calculated the fastest course was straight across a reef over thirty miles wide and appearing on every chart since the 17th century.

The reef begged to differ.

#FailureFriday

Show threadRocketman6d ago

@DreadShips I bet that made an interesting sound

You know, like when you back your car into something, and it just sounds expensive?

Show threadJon Rowe6d ago
@slothrop @DreadShips The video of it is still up https://www.youtube.com/watch?v=qi0S1eoG-Ts
Team Vestas Wind on the reef at Cargos Carajos Shoals

YouTube
Show threadRocketman6d ago
@JonRowe @DreadShips So, uh, the aft section fell off?
Show threadRocketman6d ago
@JonRowe @DreadShips I like how casual everyone is about ramming a massively expensive racing yacht into a rock
Show threadJon Rowe6d ago
@slothrop @DreadShips What, the "fuck its a rock, a big fucking rock" not professional enough for you 😂
Show threadjaKa Močnik6d ago
@JonRowe @slothrop @DreadShips the thing is wouter verbraak, the vestas router, didn't zoom in enough on the charts to reveal enough detail to see the reef, and the routing software didn't seem to be bothered by arbitrary constraints such as the depth being lower than the draft of the boat. it was, in the end, a very pricey ux fail. :)
Show threadjaKa Močnik6d ago
@JonRowe @slothrop @DreadShips footage wise, here's the running aground itself. scarry shit. https://youtu.be/W6fE7J_X6F8?feature=shared
Dramatic Footage of Team Vestas Wind's #VOR Crash

YouTube
Show threadJon Rowe6d ago
@jkmcnk that is part of it but there is also the fact one of the two computers couldn’t give the right answer, only one of the two otherwise equally equipped computers (the designated weather and routing pc rather than that designated nav pc) had charts able to to give the right answer
Show threadJon Rowe6d ago

@jkmcnk so there was a ux fail, but only as part of a series of compound failures.

The route was changed last minute meaning that previous research was invalidated and forcing a hurried research of the actual route.

On higher zooms both nav pcs showed only a sea mound.

During the race, navigating on a carbon rollercoaster combined with an expectation of a seamount meant there wasn’t a further zoom in on the machine that could show an actual hazard…

Show threadjaKa Močnik6d ago
@JonRowe the thing is, everyone involved here is a top level sportsman, sailor and navigator, way beyond us occasional offshore sailors commenting on this. wouter had multiple competitive circumnavigations by that time. it would not have happened if routing were done on paper charts and synoptic forecasts via radio. it happened due to the ux of the tech involved. that was kind of my .02 cents.
Show threadJon Rowe6d ago

@jkmcnk you need a Time Machine to go with those 2 cents.

Commercial shipping doesn’t use paper charts because it’s conviennent.

Race yachts don’t use paper charts because they are impractical in modern yachts, the boats are too wet, the charts are too large and electronic navigation is better 99% of the time. This is one exception where electronic navigation let down the navigator due to human factors.

Show threadJon Rowe6d ago

@jkmcnk

As an aside Synoptic forecasts are fine for long term forecasts and to see what’s where, but modern forecasting is so much better, it also had no bearing on this incident, the forecast was accurate, just no one on the boat knew there was a hazard.

Show threadJon Rowe6d ago
@jkmcnk also they had paper charts on board and they had been checked before departure but due to the aforementioned human factors it was missed
Show threadJon Rowe6d ago
@slothrop @DreadShips Well.. was ripped/abraded off behind a bulkhead
Show threadRocketman6d ago
@JonRowe @DreadShips I would have given the crew extra credit for pulling off a “the front fell off” reenactment then and there
Show threadjaKa Močnik6d ago
@slothrop @JonRowe @DreadShips these boats are built to strict maritime standards. ;)
Show threadgreem6d ago
@DreadShips Oof, that's some barb in the alt text!
Show threadjaKa Močnik6d ago
@DreadShips have to chime in as I have just this morning managed to run a first 36, not quite a vo65, but still a nice performance yacht, on a rock while mooring for a refuel in an unexpected gust of northeasterly. no vestas level damage though, just scratched the keel a bit. 🤷
Show threadHitzekätzchen 🔥🌞🙀6d ago
@DreadShips
I did something similar once... it was a little dinghy without keel, the "reef" was a 3 cubic meters concrete block uncharted and unmarked but the noise that the splintering rudder made was equally unwelcome. 🤣
Also it's much fun to do a full stop in half a second with a bang when you don't see anything coming up in front.
Show threadJon Rowe6d ago
@DreadShips Not every chart... one of the two navigation computers on board lacked the chart detail to show it and the navigator thought it was a 40m sea mound due to this... (I'm sure you know even thats an over simplification of the compounding series of failures that led to the incident. ..)
Show threadKuba =)K6d ago
@DreadShips the water seems to be more like a knee deep (but I am not a sailor)
Show threadJo6d ago
@DreadShips perhaps they are using AI to map read?
Show threadNigel6d ago
@DreadShips perhaps an LLM was involved somehow? 🤔😂
Show threadCade6d ago

@DreadShips years ago in Panama, a nice yacht washed up on a beach near a popular anchorage and the owners fled. Some months later, after locals had stripped the vessel to their satisfaction, a group of enterprising cruising sailors went with a battery-powered sawsall and cut out a big chunk of the teak-decked foredeck and some attached interior bulkheads and dragged this chunk up the beach to the perennial venue of the Monday night potluck dinner and combustible-trash-burning party.

It was poignant to eat potluck dinners around that magnificent triangular dining table embedded in the sand - seating for 18! A grim reminder that all glory is fleeting.

Show threadAearil  6d ago
@DreadShips That story has made the rounds for years now in sailing circles. It's the de-facto cautionary tale told to any sailor using digital maps

(the story being that the map plotter didn't show the reef at lower levels of zoom, and the navigator didn't think to zoom in on a random spot in the middle of indian ocean)
Show threadDreadnought Holiday6d ago
@aearil I seem to recall there were indications on the plotter that a closer look was merited - and he fully intended to - but he never got around to it until the arrow of time was no longer pointing in a useful direction...
Show threadEd Davies6d ago

@DreadShips @aearil This lad fell for the same mistake off the coast of France; ran into an unlit buoy at night because he was zoomed out too much.

https://www.youtube.com/watch?v=9xdyhlFQLe0

When I watched it I thought that's a bit of a UI error - actual open ocean (as far as the chart makers know) really should look different to water too cluttered to show all the details. Maybe it does but he was a bit embarrassed to show that.

Disaster at Sea - We're Taking On Water! | Ep. 6

YouTube
Show threadPhil Haigh6d ago
@DreadShips oops. Same issue in 2017 when one of the Clipper Round The World yachts ran aground off the South African coast. I’ve still got the pictures of it being cut up for removal…
Show threadSaricchiella6d ago
@DreadShips i especially love the pose of the guy closest to us, with his hands on his hips. We can almost hear the "pffff ok where is the duct tape"
Show threadDavid Cantrell 🏏6d ago
@DreadShips they're not the last people to go "oh bother" there: https://en.wikipedia.org/wiki/St._Brandon#Shipwrecks
St. Brandon - Wikipedia

Show threadJim Campbell6d ago

@DreadShips

Having given up on achieving line honours, the skipper was trying for first place on handicap.

Show threadTim Desjardins5d ago
@DreadShips draft, we don't need no stinking draft