deliverator

@deliverator@infosec.exchange
30 Followers
105 Following
1.4K Posts
deliverator1d ago
abadidea1d ago
a blog post by my friend eevee which is, y’know, preaching to the choir about exactly what you think, but. yeah. https://eev.ee/blog/2025/07/03/the-rise-of-whatever/
The rise of Whatever

This was originally titled “I miss when computers were fun”. But in the course of writing it, I discovered that there is a reason computers became less fun, a dark thread woven through a number of events in recent history. Let me back up a bit.

deliverator4d ago
Nina Kalinina4d ago

Today I was reminded that old online chats offered context awareness for the people online: you knew you won't be a bother to a friend who has a smiley flower as a status; and you knew you might not be getting a quick reply from someone who's Away.

Today I don't even know if my friends are online or not. The messenger apps make the assumption that everyone is online, and if not, they will receive a push notification, and will reply to you as soon as possible. But this assumption is barely true. I bet it makes lives harder, especially for ND people

(Edited for a pixel-perfect screenshot)

deliverator4d ago
Mike. 🩼🇨🇦5d ago

#InTheGoodOleDays
#HashTagGames

Street Cents was on #Canada's national broadcaster, the #CBC. It taught kids like me the reality of a consumerist culture that is wallowing in advertisements, brain washing, and companies ripping us off. I learned how to shop smart, boycott brands, and fight against pure evil.

Also, it launched J-Roc's career!

https://www.youtube.com/watch?v=-sMW0ZvEbFc

Street Cents Bumber 1997

YouTube
deliverator5d ago
Kelly Shortridge5d ago

ask for my network: do you love teaching intricate topics to humans? know a friend who does?

I'm hiring an empathetic, creative, and collaborative Technical Marketing Engineer to join my product team at Fastly @fastlydevs : https://www.fastly.com/about/jobs/apply?gh_jid=6968413

you'll be hands-on with technical tooling in service of teaching our field teams about our security products -- a time for your Terraform skills (and curiosity) to shine ✨

you'll also gain ample opportunities for speaking (both virtual + in-person) and other forms of thought leadership around the world 🎙️ 🌍

please join us in our mission to deliver modern security products that make software engineering teams feel resilient and make cyberattackers cry ⚡ don't be shy, pls apply!

Jobs at Fastly

We’re always looking for humble, sharp, and creative folks to join the Fastly team. If you think you might be a fit, please apply!

deliverator5d ago
daniel:// stenberg://5d ago

I've been talking to GitHub and giving them feedback on their "create issues with Copilot" thing they have in the works.

Today I tested a version for them and using it I asked copilot to find and report a security problem in curl and make it sound terrifying.

In about ten seconds it had a 100-line description of a "catastrophic vulnerability" it was happy to create an issue for. Entirely made up of course, but sounded plausible.

Proved my point excellently.

deliveratorJun 28
Show threadAndy DaviesJun 27

@GossiTheDog @tdp_org

If it is the case then the leaders of businesses like M&S who outsource these services to the lowest cost providers should also be held to account

It’s typical of British business management to know the cost of technology but not the value of it

deliveratorJun 28
Show threadDave 🐶Jun 27

@GossiTheDog The root problem here isn't that TCS are shockingly bad (they are, just about everyone knows that).

The root problem is that "management decisions" constantly overrule those that raise concerns about their service and tell any remaining internal IT and security staff to "deal with it as best you can."

I'm very much of the view that, yes, the outsourced provider can be the cause of an incident, they can provide a shockingly bad service, they can cost your business millions of pounds. But the decision to continue to use them when you already know this is a real possibility - that's a decision by senior management within the company. That's on you.

deliveratorJun 28
Show threadRootWyrm 🇺🇦Jun 27

@GossiTheDog as someone who has been subjected to Tata on multiple occasions going back over a decade?

This isn't nearly spicy enough. I don't even describe them as a 'body shop' because they'd gladly route you to a corpse and try to charge extra for '24x7 coverage.'

When one employer did a basic security audit of their helpdesk services, Tata failed so severely that the contract was pulled for cause before the audit was even completed. They moved it all back in-house.

deliveratorJun 28
Show threadKevin BeaumontJun 27
Ultra spicy post claiming to be from UK retailer employee (M&S or Co-op) about their experience with TCS on their security incident. https://www.reddit.com/r/cybersecurity/comments/1ll1l6c/scattered_spider_tcs_blame_avoidance/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
deliveratorJun 28
Eric CarrollJun 27

North of North is surprisingly fun. Light hearted and humorous.

Sort of Corner Gas: North of 60
#cbc #netflix 🇨🇦

×
Nina Kalinina4d ago

Today I was reminded that old online chats offered context awareness for the people online: you knew you won't be a bother to a friend who has a smiley flower as a status; and you knew you might not be getting a quick reply from someone who's Away.

Today I don't even know if my friends are online or not. The messenger apps make the assumption that everyone is online, and if not, they will receive a push notification, and will reply to you as soon as possible. But this assumption is barely true. I bet it makes lives harder, especially for ND people

(Edited for a pixel-perfect screenshot)

Show threadJuan4d ago
@nina_kali_nina you have that in XMPP
Show threadNina Kalinina4d ago
@reidrac I wonder if the decision to implement it in XMPP was conscious, or it was just a copy of what everyone else was doing at the time. XMPP just survived since the times
Show threadJuan4d ago
@nina_kali_nina it is "presence subscription" or something like that, and you're right: it is a standard that started back then. It was "instant messaging"
Show threadAndrés (personal views)4d ago

@reidrac @nina_kali_nina Teams has something similar but I have been using it for two months and not sure what the Icons mean.

Find it interesting that Signal.org that AFAIK uses the same protocol as WhatsApp allows to schedule messages. Telegram could schedule as well. Outlook emails also offer you to delay post if person is away.

But WhatsApp does not have the delay feature. Maybe because it's business model is Mata data and this removes purity from the data?

Show threadNina Kalinina4d ago
@amunizp @reidrac I wonder how Signal and Outlook implement the feature; could it be that they simply don't send a push?
Show threadKiran Castellino 3d ago
@nina_kali_nina @amunizp @reidrac I don't know about Signal, but Outlook on the Web will delay delivering a message until the set time is reached (the email will hang out in your drafts folder until then). If the recipient is on a different mail server, the message will not be forwarded by your mail server until the set time. Outlook for Windows will keep the message in your outbox until the set time if you use the built-in scheduled send function, but it also supports the Exchange Server scheduled send mentioned above.
Show threadGe0rG4d ago

@reidrac
It was there from the beginning in 1999, so I guess it was largely a copy of what was there in other systems.

Ironically, I'm on DND 95% of the time because I'm putting the phone into silent mode. Implementing that sync seemed like a big thing to me back then... a decade ago.
@nina_kali_nina

Show threadcrazyeddie4d ago
@nina_kali_nina @reidrac Being able to set your status was very common when xmpp first came out. It's also still pretty common in pbx systems.
Show threadmathew4d ago

@crazyeddie @nina_kali_nina @reidrac You can set your status in WhatsApp, but I've never really seen people use the feature.

I think mobile-first messaging was what killed off the idea of user status. With a desktop system it's possible to do an OK job of automatically setting away based on recent activity, but there's no way for an app on my phone to know whether I'm there or not.

Instead, we get read receipts, and if you don't see the read receipt, the person's probably "away" in some sense. Unfortunately you don't find out until after you send them the message.

Show threadcrazyeddie4d ago
@mathew @nina_kali_nina @reidrac I think Jami shows the difference between me being away vs. disconnected. Not sure though. I only know one other person uses it.
Show threadPulkoMandy4d ago

@nina_kali_nina @reidrac xmpp has specifications for pretty much every feature found somewhere else (useful or not). But presence was so important that it is part of the protocol core, and even of its name! Whereas concehts like "group chats" are later extenions.

Some "modern" clie/ts don't really make the presence visible, however, or let you control it.

Show threadsb arms & legs4d ago

@nina_kali_nina @reidrac
Thanks to this thread I've spent all afternoon setting up and playing with the #xmpp server, #prosody.

I got to set my status as AFK for the first time in 20+ years!

Thank you.

Show threadDavid Chisnall (*Now with 50% more sarcasm!*)3d ago

@nina_kali_nina @reidrac

I was involved with Jabber (before it was called XMPP) shortly after that decision was made, so when people still remembered why.

A big part of it was that Jabber wanted to support lossless bridging between different IM systems. Being able to run an ICQ, MSNM, AIM, and so on bridge on your Jabber server meant users could switch immediately and retain their existing contacts. If only a subset of Jabber features worked with those contacts, that gave them an incentive to switch (and a good migration path). If only a subset of other-system features worked, that made it much harder.

The ICQ protocol had this fixed set of states. One of the other messengers had status messages as free-form text. As a result, XMPP built in both. And, because it was XML, you could also put a load of other things in (e.g. the music that you’re listening to).

I wrote a little daemon (20ish years ago) that would record status messages and push them to a microblogging platform (back when Twitter was one among many and not a clear winner), so you could use a Jabber client to publish microblogging things in realtime to your contacts and more slowly to other people.

Show threadNina Kalinina3d ago
@david_chisnall @reidrac thanks for sharing!
Show threadJM Horner4d ago
@nina_kali_nina Does having ICQ #3030280 get me any street cred? :-)
Show threadNina Kalinina4d ago
@jmhorner it does, especially because it doesn't look like a stolen ID ("hey I'm such a h4x0r I got my pretty ID from someone who didn't need it")
Show threadJM Horner4d ago
@nina_kali_nina I haven't logged in to it in a long time... but I am pretty sure mail.ru is still running it these days.
Show threadNina Kalinina4d ago
@jmhorner I don't think so! But there's Nina Chat and Escargot - https://nina.chat and https://escargot.chat
NINA

Show threadRuben4d ago
@jmhorner @nina_kali_nina haha, I remember the 9 vs 10 digit street cred. Mine started with 139... ;)
Show threadGreg Pfeil4d ago
@jmhorner @nina_kali_nina @cyclops_ I was logged into ICQ from when I joined (235067 – in 1996?) until they shut it down (within the last year?). That was a sad day, even though I don’t think I’d chatted with anyone in years.
Show threadStrfnurfn3d ago
@sellout Wow, I had no idea it still existed! I probably joined in 97.
Show threadUlrik Nyman ⬡4d ago
@jmhorner @nina_kali_nina I tried to see if I could find my old ICQ number, but it is probably gone forever
Show threadBert Koorengevel4d ago
@UlrikNyman @jmhorner @nina_kali_nina
My ICQ number is on a scsi drive mounted in a desktop pc which hasn't booted in at least a decade. To let it pass POST you needed to plug in a keyboard via the ps2 port (since all usb ports are broken) within 200ms before the first beep.
Ca 1996, started with 27 or 29....
Show threadUlrik Nyman ⬡3d ago
@bertkoor @jmhorner @nina_kali_nina I have a laptop lying on a shelf, that I think can still boot and that might have the number in it. But I have not gotten around to booting that machine because the USB drivers on it did not work so I would probably have to do a lot of things before getting the data or take the harddisk out and mount it in something else.
Show thread 🇨🇦 CowMan 🇪🇺 🇺🇦 🇲🇽4d ago

@jmhorner @nina_kali_nina 348067.

Using sequential numbers was maybe not a great idea, a give-away to the spammers, and as low numbers became 'valuable', they also became targets.

Show threaddistinctivestatic4d ago
@nina_kali_nina See, I used to turn this off. I hate people knowing when I'm online. I always assumed the default is "not available".
I think it says a lot that at some point in the mobile phone era, the default became "available."
Show threadNina Kalinina4d ago
@distinctivestatic I think setting it to "invisible" should be the default. Perhaps, G+ style, you'd want to expose your presence to one group of people but not the other. But on a sad rainy day when you really want to talk to someone, you'd set the status to "free to talk" and will enjoy a sudden reach out by an old friend, maybe. Plus, you won't need to assume things about your friends, you'd know if it's okay to message them if you feel like doing it
Show threaddistinctivestatic4d ago
@nina_kali_nina Invisible still assumes someone is there, though. Invisibly haunting like a ghost.
I do like the idea of having different "levels" of access, though.
Show threadNina Kalinina4d ago
@distinctivestatic yeah, Google Plus circles were created exactly for this purpose, if I'm not misremembering. But Google being Google, and Facebook being Facebook, we ended up with what we have now.
Show threadJasmine running4d ago
@nina_kali_nina i'm a somewhat dedicated invisible mode user since the last millennia 🫥
Show threadNina Kalinina4d ago
@jasmine except that one day in March?
Show threadJasmine running4d ago
@nina_kali_nina yes in 2022, and every day since then 🥰
Show threadKat the Leopardess4d ago
@nina_kali_nina Kat stared at this toot and suddenly, from the deep dark depths a tight "uh-oh!" echoed up to the surface....
Show threadNina Kalinina4d ago
@Catwoman69y2k I can hear it, too
Show threadaeva4d ago
@nina_kali_nina i miss away messages
Show threadaeva4d ago
@nina_kali_nina i also miss asynchronous communication being normative
Show threadNina Kalinina4d ago
@aeva 💔 it always is with me!
Show threadNina Kalinina4d ago
@aeva you could even see the drama unfolding in those sometimes!
Show threadwoollypigs4d ago
@nina_kali_nina ah good old ICQ :)
Show thread4d ago
@woollypigs @nina_kali_nina The weird thing for me is it’s been decades since I used it. I’ve had old mobile numbers since then. I’ve had neurosurgery that has effect on my memory. I still remember my ICQ number with no hesitation.
Show threadAlan Langford 🇨🇦🧤🧊摏4d ago
@nina_kali_nina This happens less because of privacy issues. Often you have to turn it on, if that option even exists.
Show threadNina Kalinina4d ago
@alan which is understandable but also very stupid; most chat apps out there are phone number based, that's a far worse privacy violation
Show threadAlan Langford 🇨🇦🧤🧊摏4d ago
@nina_kali_nina It's complicated. I clearly don't mind a customer having my phone number, but I might not want to let them know I'm online at 10:30pm, thus giving them permission to ping me with something that belongs in work hours. Same with bosses, etc. Ideally you want to be able to turn that on or off for each one of your contacts, but OMG that would make the user interface too haaaaaaard! Can't have that. simple simple, just one button max. sigh.
Show threadNina Kalinina4d ago
@alan fair enough. But imagine having personal and work accounts separated! What a bliss it could be.
Show threadAlan Langford 🇨🇦🧤🧊摏4d ago
@nina_kali_nina Personal, work, family, people who want you to fix their computer problems, and on...
Show threadVincent Sparks1d ago

@alan @nina_kali_nina I think this idea has potential. Consider an interface where the user can put contacts in groups and set a different status to be shown to each group. With one click, the user could appear as "ready to chat" to their close friends, while still remaining "away" to people they didn't want to chat with at that moment and who often waited for them to go online.

It would be a nice feature to implement per-contact statuses in addition to this, however, if the UX challenge of how to do so readably and obviously could be solved.

It could be argued that there are ethical issues with implementing such a feature at all, although I personally think any such argument is bunk.

Show threadAlan Langford 🇨🇦🧤🧊摏1d ago

@AVincentInSpace @nina_kali_nina Oh God No. That would require another button or menu entry, and like... things! Can't have that, it violates the Cancer of Simple Design. I've been ranting about this for decades (link to ancient post below).

As for the ethical issues, there's usually a fix already there, which is each user can select if that information should be available at all/to connections/to the public.

https://ambitonline.com/nextrelease/2023/10/an-argument-for-complex-user-interfaces/

An Argument for Complex User Interfaces

Note: This was originally published on a Joomla blog in 2013. The details are outdated, but the principles remain the same. User Experience (UX) design is an important aspect of almost every software…

Ambit Online
Show threadaceryz4d ago

@nina_kali_nina when I flashed LineageOS, all push notifications that relied on google's proprietary code broke.

It was awesome.

Show threadNina Kalinina4d ago
@aceryz not having push notifications is pretty great, yeah
Show thread[BUG] Lunya :34d ago
@nina_kali_nina I mostly consider status indicators to be useless. I message people whenever and if I'm lucky they can respond when I message them, otherwise the conversation is asynchronous
Show threadNina Kalinina4d ago
@lunacb and this is fine, too! Perhaps even a special status to indicate this mode could be useful: "I'll read your message when I can, I'll reply when I feel like it, kthx".
Show threadCharles Fulton4d ago
@nina_kali_nina It used to be so much fun to set custom away messages
Show threadm_eiman4d ago
@nina_kali_nina @ifixcoinops I always set my status as ”away” where possible, I don’t want to give the impression that I’ll reply right away so that I can check notifications when it suits me
Show threadNina Kalinina4d ago
@mikaeleiman @ifixcoinops Which is fair game!
Show threadJennyFluff 4d ago
@nina_kali_nina bring back Free For Chat
Show threadNina Kalinina4d ago
@JennyFluff this!
Show threadAnton Klinger4d ago
@nina_kali_nina yes! I absolutely hate the naming for "do not disturb". Makes it seem like I do not want to be bothered, when it couldn't be further from the truth. I specifically use it so people can still message me without my focus breaking from every notification sound. If I wanted to be left alone I would just go offline.
Show threadAnton Klinger4d ago
@nina_kali_nina
And don't even get me started on every app conflating important and urgent messages.
They are not the same! A message can be one or the other, or both or neither.
In discord "@silent" is my friend, I use it all the time but it feels like an afterthought.
Show threadNina Kalinina4d ago

@accidentlyAnton being able to send silent messages in Slack would be nice too...

Wait, it also supposedly works with this @silent prefix?!

Show threadMx Verda4d ago
@nina_kali_nina now make it work in iMessages (look, I can't get them to understand scheduling DND mode) and we're really cooking with induction! @accidentlyAnton