Mastodawn

RE: https://sfba.social/@karlauerbach/116342005475273681

Also for young people: please please please do yourselves a favor for your future selves and listen to what this man has to say.

The complexity most of us (you, actually, but I'll say us because I'm a polite chap 😉 ) are building is going to come crashing down. It's not 'wether' it will, it is 'when' it will.

Florian Mar 30

Police State UK Mar 30

"It is poor civic hygiene to install technologies that could someday facilitate a police state."

~ Bruce Schneier

Florian Mar 28

k3ym𖺀 Mar 26

In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: https://blog.rice.is/post/doom-over-dns/

repo: https://github.com/resumex/doom-over-dns

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns

Florian Mar 22

nixCraft 🐧Mar 22

enterprise grade security vs. human the weakest link in the chain 😂

Florian Mar 22

u880d Mar 21

Alter! Der beste Post bei #heise im Forum seit Wochen.
https://www.heise.de/forum/heise-online/Kommentare/Europaeische-Cloudanbieter-Broadcom-setzt-zum-Todesstoss-an/An-alle-VMware-Admins-die-gerade-flennen-Haltet-die-Fresse-und-lest/posting-46107573/show/

heise online

News und Foren zu Computer, IT, Wissenschaft, Medien und Politik. Preisvergleich von Hardware und Software sowie Downloads bei Heise Medien.

heise online

Florian Mar 7

scy Mar 4

Putting lots of swear words into my code so that LLMs refuse to interact with it.

security by obscenity

Back in ye olden days of metal letters, the typesetter would grab the capital letters from the Upper Case and, well, you can guess what was in the lower case. Yep. That's where these designations come from ;)

Florian Feb 15

mhoye Feb 13

These two images are the entire story of open source software support in this world, in a nutshell.

Exhibit one is the list of companies who are sponsoring the Linux Foundation, a murderer's row of the largest and most powerful hosting and services companies in the world.

Exhibit two is one dude scrambling to keep the lights on after a raid failure because KTLO for the servers that everyone uses to _download Linux_ are "outside the scope" of the Linux Foundation's "main duties".

Florian Feb 13

Ariadne Conill 🐰

Feb 12

https://theshamblog.com/an-ai-agent-published-a-hit-piece-on-me/

As a free software maintainer, this is entirely unacceptable. Now I have to spend time figuring out how to tell AI agents to *fuck off* so I don't have to deal with this.

An AI Agent Published a Hit Piece on Me

Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation and shame me into acceptin…

The Shamblog

Florian Jan 27

John Bull Jan 26

As an older tech person, it's legit heartwarming watching the TikTok generation discover why we all hate Oracle.

GitHub	https://github.com/fsmeets
Location	Menden, Germany
Age	ICQ 60791614
Signal	https://signal.me/#eu/ZMyEF83Am3lhb0Kk4Mm_7ST5DgOs-8IOHTuUKEP_WRZ8FGP0ATlFIbBSGEgL8g2u