Joonas Kuorilehto

@joneskoo@infosec.exchange
49 Followers
58 Following
147 Posts
Infosec, cloud, Go and whatever.
Twitterhttps://twitter.com/joneskoo_yx
Githubhttps://github.com/joneskoo
Webhttps://joneskoo.yx.fi/
Joonas KuorilehtoApr 16
BrianKrebsApr 15

I boosted several posts about this already, but since people keep asking if I've seen it....

MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16. The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn't really anyone else left who does this, and it's typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw.

I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.

https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001

MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject

Yosry Barsoum, vice president and director at MITRE's Center for Securing the Homeland, said:

“On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE™) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”

USAspending.gov

Joonas KuorilehtoApr 14
Show threadFilippo Valsorda Apr 14

@yossarian something related that I'm getting convinced of is that in e.g. crypto/tls we should do profiles instead of config options.

We take responsibility for the defaults, but then we say "if they don't fit, here are all the dials". Instead, we should have opinionated FIPS 140, compatibility, modern, etc. profiles, just like we have the default profile.

Joonas KuorilehtoApr 1
AnarchoCatgirlismApr 1
Do you think Microsoft understands what consent is?
Yes
0.6%
Remind me in 3 days
99.4%
Poll ended at .
Joonas KuorilehtoMar 21
Frederic JacobsMar 19
So much freedom of speech that they refused entry to a French CNRS aerospace researcher after scanning his phone and laptop and finding in private conversations opinions critical of Trump’s policies.
https://www.lemonde.fr/international/article/2025/03/19/etats-unis-un-chercheur-francais-refoule-pour-avoir-exprime-une-opinion-personnelle-sur-la-politique-menee-par-l-administration-trump_6583618_3210.html
Etats-Unis : un chercheur français refoulé pour avoir exprimé « une opinion personnelle sur la politique menée par l’administration Trump »

Le ministre de la recherche français a dit sa « préoccupation », mercredi, après cette décision des autorités américaines. Le chercheur du CNRS aurait subi un contrôle aléatoire à son arrivée, avant que son ordinateur et son téléphone ne soient fouillés.

Le Monde
Joonas KuorilehtoMar 20
Bodo TascheMar 19

The german government increased the travel warning for the USA because of the "we jail random people coming into the US” things that are happening atm.

https://www.spiegel.de/politik/usa-auswaertiges-amt-verschaerft-reisehinweise-fuer-die-vereinigten-staaten-a-54ec92a8-35ea-403a-9d08-72a010441475

Nach einzelnen Festnahmen: Auswärtiges Amt verschärft Reisehinweise für die USA

Im Zuge der US-Abschiebeoffensive waren dort zuletzt mehrfach auch Deutsche festgesetzt worden. Das Haus von Annalena Baerbock warnt nun bei bestimmten Bedingungen explizit vor »Festnahme, Abschiebehaft und Abschiebung«.

DER SPIEGEL
Joonas KuorilehtoMar 12
Michael Stapelberg 🐧🐹😺Mar 11

The TypeScript compiler will be written in Go! 🥳

https://devblogs.microsoft.com/typescript/typescript-native-port/

It’s nice to see that Go is very capable to produce fast build tooling — first https://esbuild.github.io/, now tsc :)

#golang

A 10x Faster TypeScript - TypeScript

Embarking on a native port of the existing TypeScript compiler and toolset to achieve a 10x performance speed-up.

TypeScript
Joonas KuorilehtoFeb 13
Asahi LinuxFeb 13

With a heavy heart, we announce the resignation of Asahi Linux founder Hector Martin. Our project is continuing with new collective governance. Our statement is on our project blog.

https://asahilinux.org/2025/02/passing-the-torch/

Passing the torch on Asahi Linux - Asahi Linux

Joonas KuorilehtoFeb 12
PSA: If you use Google Workspace, there's an admin setting to disable "AI warning sparkles" in the apps. Of course it's not visible by default, you need to contact support to "enable the option to turn off Gemini in all apps". This is what it looks like by default. Then you get settings to apply "Feature access" by application and by OU. Took 5 min by chat support, worth it!
Joonas KuorilehtoFeb 1
SpielmannSpielFeb 1

TIL matplotlib has xkcd style since 2013, and you can just turn it on with plt.xkcd()

via https://vxtwitter.com/jwt0625/status/1885247693678928360

#xkcd #matplotlib #python #dev #programmingtips #pythontips

vxTwitter / fixvx 💖 70 🔁 189
Joonas KuorilehtoJan 16
1.3.6.1.4.1.61513Jan 14

TIL CS energy made a video on Callide C4 generator explosion - aka what happens when a coal generator becomes an unplanned motor.

Its pretty good https://www.youtube.com/watch?v=vbLvjFohK9g

Animation of the Callide Unit C4 incident

YouTube