launchdaemon

@launchdaemon@infosec.exchange
32 Followers
300 Following
173 Posts
Mostly interested in mobile security/ malware/ reversing, coffee and burritos.
Twitterhttps://twitter.com/launchdaemon
launchdaemon2d ago
Liam Proven4d ago

Some users report their Firefox browser is scoffing CPU power

https://www.theregister.com/2025/08/13/firefox_ai_scoffing_power/

You guessed it: looks like it's a so-called AI

<- by me on @theregister

Some users report their Firefox browser is scoffing CPU power

: You guessed it: looks like it's a so-called AI

The Register
launchdaemon2d ago
Pen Test Partners2d ago

Speculative plans in Terraform Cloud can open an attack path.🚨

On a Red Team engagement, we compromised a Terraform token with plan permissions. By adding a custom external data source, we ran code on the Terraform Cloud runner.

That exposed short-lived AWS and GCP credentials, letting us work outside the version control workflow.

Even VCS-backed workspaces do not stop this. The runner still holds the keys during a plan — and that is the risk.

Jack McBride explains the technique and how tighter token scopes and Sentinel allow lists can prevent it.

📌 https://www.pentestpartners.com/security-blog/terraform-token-abuse-speculative-plan/

#CloudSecurity #RedTeam #Terraform #CyberSecurity #DevSecOps #AWS #GCP

launchdaemon3d ago
Alexia Starling  3d ago
cyrneko.eu/donations.html
launchdaemon5d ago
Natasha Jay5d ago

Did AI recommend this? In a new digital twist to environmental responsibility, the #UK government is now suggesting people to “Delete old emails and pictures” in data centres to help with the current drought 🤪

This country ... (no words)

https://www.gov.uk/government/news/national-drought-group-meets-to-address-nationally-significant-water-shortfall

launchdaemon6d ago
ɗ𐐩ʃƕρʋJul 31

Any technical solution that is supposed to block teenagers from anything is not going to work very well, because you are facing an opponent that:

* is smarter than you,
* is very dedicated,
* has a lot of free time,
* has an extensive network of friends,
* faces no serious consequences if caught,
* outnumbers you,
* considers you an immoral crook.

You really, *really* want to have them on your side. That means education rather than control.

launchdaemon6d ago
Dissent Doe  6d ago

OT: I get very annoyed at sites that have cookie plugins that require you to scroll down and down and down, manually rejecting each of the "legitimate interest" vendors sections.

What they call "legitimate interest" is often not my definition of "legitimate interest."

Please use a plugin with a "reject all" for non-essential cookies.

Maybe you think I'll just get tired of scrolling down and will just accept all. But I don't. If your site irritates me on cookies, I just leave.

#advertising #cookies #consent

launchdaemonAug 6
JordanAug 6

Finally, a thorough answer and workaround for “why did Ctrl-C stop working in my Mac terminal even though Ctrl-G still works”! I’ve been running into this (infrequently) for years.

https://superuser.com/a/1909498

Ctrl-C not working on MacOS/Zsh

I have a similar problem to Ctrl-C Not working in zsh But it is not the stty setting or the key-bindings. It definitely happened in one terminal, while on others it works. I get: from stty: eol2 = ...

Super User
launchdaemonJul 31
Oasus Plainsview Jul 31

So this is how Newgrounds is apparently handling age verification RE: UK's Online Safety Act.

Their ultimate solution is... unique.

launchdaemonJul 22
Tavis OrmandyJul 22
I noticed someone use ls, but there were icons in the output....? I realized later you could probably do that with dircolors and emoji, but I think that's GNU specific and they were on a mac... how did they do it? 🤔
launchdaemonJul 21
Brian TatoskyJul 21
JD Vance is vacationing soon in the Cotswalds and Scotland, where if there is any justice, no one will give him a break the entire time that shitbag is there in places he denigrated months earlier.
×
Oasus Plainsview Jul 31

So this is how Newgrounds is apparently handling age verification RE: UK's Online Safety Act.

Their ultimate solution is... unique.

Show threadSouthern Wolf 🐧🦀Jul 31
@itsOasus I love this approach honestly. It passes off the need for identification verification to another party who would already have done that (payment processors), and also benefits the service you're looking to sign-up for.
Show threadJasper 🍉Jul 31

@southernwolf everyone still getting identified..

But crime will continue, the innocent closely surveilled @itsOasus

Show threadantimagic heart-sicknessJul 31
@itsOasus based
Show threadInfrapink (he/his/him)Jul 31
@itsOasus TIL Newgrounds is still around. Good on them.
Show threadBloodyWingJul 31
@Infrapink @itsOasus Yes i upload my art there, much better than DeviantArt. I don't even know what their idea is with this clusterfuck.
Show threadGoodNewsGreyShoes🔞Jul 31
@bloodywing @Infrapink @itsOasus DeviantArt has gone far sketchier than I'd ever believed possible for a platform literally created for (& supposedly devoted to) 'deviant artists'.🫠
Show threadHakan Bayındır5d ago

@bloodywing @Infrapink @itsOasus

I remember when DeviantArt was "good", and we basked its green glow and discuss stuff.

Now they are... something else.

Show threadJes Moved to @Jes@labyrinth.zoneJul 31
@itsOasus I don't hate it. probably the least invasive verification check.
Show threadJes Moved to @Jes@labyrinth.zoneJul 31
@itsOasus another thing they could do is have the verification payment count has a month of supporter for one time only as an apology for asking for payment, but I can see why they didn't
Show threadLongspeakJul 31
@itsOasus I wonder if my account is still active...
Show threadSlightlyCyberpunkJul 31

@itsOasus Doesn't really seem like a bad plan though. I had some stupid little investment account that was opened for me as a child and you would not believe how difficult it was to prove I was over 18 to get the money out when the account itself, which was in my name, had been open for 20 years...nice to see some BASIC FUCKING LOGIC in this shit...

(I mean the law is trash, but...)

Show threadJake in the desertJul 31
@itsOasus perfection. I like how they point out the obvious, the only real winner is big tech. Blech
Show threadHakan Bayındır5d ago

@jake4480 @itsOasus

I mean, why do you even breathe if you are not going to serve big tech with your presence and data?

/s

Show threadGoodNewsGreyShoes🔞Jul 31
@itsOasus I love this, actually.😍👌🏆✨
Show threadDrYakJul 31
@itsOasus borders on malicious compliance:
They manage to fullfil what the pretense of the act is ("think of the children!"), without letting the surveillance and excessive pii hoarding (ID documents, face videos, etc.) that the pushers of the act coveted.
Show threadTerence EdenJul 31
@dryak @itsOasus
Nothing malicious about it. That's literally a standard way of doing age verification.
Show threadJasmineJul 31

@itsOasus six year old me was a genius to register

(I’m 33 now, but anyway)

Show threadChristopher SnowhillJul 31
@jamoo @itsOasus My little brother was 14 when he joined. I was 18, four years prior. I joined in 2000. Thanks for reminding me, I just revived my account and added TOTP to it.
Show thread🌱🏴‍🅰️🏳️‍⚧️🐧📎 AmbiyelpJul 31
@itsOasus I wonder if private card numbers would work you know those services where you use a proxy card number to pay for things online. Generally I prefer to use #monero (XMR) for additional privacy against the govt, payment processors & websites
Show threadChristopher SnowhillJul 31
@ambiguous_yelp @itsOasus The private card numbers service I use, privacy.com, already doesn't work for anything that restricts prepaid and/or virtual cards.
Show threadadison verliceJul 31
@itsOasus Oh that's totally going to work right? Oh that's totally going to work right??? Oh that's totally going to work right??? Right? I mean parents couldn't possibly help kids by using their own credit cards right? Right right people?
Show threadThe Cyber Claw CollectiveJul 31
@adisonverlice @itsOasus Get back under your bridge, troll.
Show threadinamruzuiJul 31
@CyberClawCollective @itsOasus apparently that isn't the first instance they have been in
Show threadshadowsJul 31
@adisonverlice @itsOasus in a logical world it should. All of the primary methods are already being circumvented. Of course, in a logical world this law wouldn’t exist.
Show threadadison verliceJul 31
@shadows @itsOasus Yeah that was a sarcastic post. Of course it's not going to work.
Show threadadison verliceJul 31
@shadows @itsOasus I guess you can say that post was I guess you can say that post was tongue-in-cheek.
Show threadAriaflameJul 31
@adisonverlice @itsOasus So you agree there are no valid age checking methods which are free from error and thus it's worthless to bother?
Show threadadison verliceJul 31
@ariaflame @itsOasus Absolutely! I'll say it again. This cannot be enforced! In any capacity.
Show threadJay PAug 3
@adisonverlice
Just as effective as a kid pointing their phone at their parent's face to get verified. Or maybe Norman Reedus.
@itsOasus
Show threadadison verliceAug 3
@mmportal @itsOasus Exactly! It doesn't work!
Show threadFrost, glow wolf 🐺Jul 31
@itsOasus Honestly, I'd say that's way more trustworthy than the creepy ID shit.
Show threadnigelJul 31
@itsOasus better than most at protecting privacy too heh.
Show threadPeter BrownJul 31
@itsOasus not only unique, but brilliant!
Show threadpriryoJul 31
@peterbrown
I think pretty flawless, and widely applicable (as someone who recently got bank account access restored partly because the account was older than the person in the call centre).
@itsOasus
Show threadDylan :crumb_dancing:Jul 31
@itsOasus I am less than a year off that ten year mark so oh no I had to support a really cool indie website oh noooooo
Show threadStephen BoylettJul 31

@itsOasus I remember my sister getting IDed for alcohol when she was twenty-something at a local supermarket. They quite happily accepted her credit card though. She then proceeded to go Karen on them, as they had just committed fraud by their own measure.

I've no idea who Newgrounds are, but i will be finding out and they will definitely be going on my list of preferred vendors.

Show thread🌸 lily 🏳️‍⚧️   θΔ ⋐ & ∞Jul 31
@StephenBoylett @itsOasus newgrounds is an old (older than youtube) website which people upload things like art, animation and music to
Show threadRussell_Senpai 🎮Jul 31
@itsOasus That seems like way too much work.
Show threadWorkshopshedJul 31
@itsOasus unfortunately the assumption on debit cards is not valid. You can have a debit card earlier than 16. GoHenry account has a card and can be used from 6 years old. High street banks seems to be 11 but not looked at them all.
Apple pay is 13.
Show threadPēteris KrišjānisJul 31
@Workshopshed @itsOasus I wanted to say, sorry guys, this legal theory is pants.
Jesus, this is a farce.
Show threadJoJul 31
@peteriskrisjanis @Workshopshed @itsOasus It's entirely possible to differentiate and filter debit cards out.
Show threadzbrownJul 31

@jo @peteriskrisjanis @Workshopshed @itsOasus …which they already know, because it's part of their original plan :)

Specifically the part where they assume that a credit card payment + two years is eighteen, except as shown it might just be eight.

Whereas debit cards are taken as immediate proof, which does work.

Show threadKoos Pol 🇺🇦Jul 31
@itsOasus The Netherlands has solved this with the Yivy app @yivi_privacybydesign .
You have an identity wallet on your phone which provides attributes (>18, SSN, VAT number, etc) which you retrieve from the relevant attribute authority (chamber of commerce, etc). You never need to disclose more than the attribute requested.
Show threadProxfox Virtual Environment 🦊Jul 31
@itsOasus shout out to 10 year old me for having the foresight to register for a newgrounds account back in 2014. the only issue is i would still have to pay because i did a Trans and its 2.99 to change your username 
Show threadSeanBurlington 🌈 🕊️Jul 31

@itsOasus they clearly need better age restrictions

A quick search of the site shows it is not entirely innocent with sexual and abusive content available.

Show thread0x4d6165 (Mae or Julie)Jul 31
@sean @itsOasus which content would you like to censor and who would you like to be given the power to do so?
Show threadSeanBurlington 🌈 🕊️Jul 31

@0x4d6165 @itsOasus

Well lets start with the currently illegal stuff like kiddy stuff, revenge stuff, up-skirting, incitement to violence, hate speech etc

I don't think the police should be the only people drawing a line - and I think there is space in between illegal, and freely available.

I see in your profile "aspiring Quaker" - in my experience Quakers are welcoming of diversity but intolerant where harm is being done. There is a lot of harmful content on the internet.

Show thread0x4d6165 (Mae or Julie)Jul 31
@sean @itsOasus illegal stuff is already illegal you don't need an orewllian surveillance state to make it illegal.


I see much more harm being done to sex workers and queer people than good potential. Hence, why it aligns with my values to be against this. What are your values? Why do you value giving the government free reign to censor the internet?

Not to mention, this creates and entire strata of middleman ID verification services that are super shady and likely have terrible security practices.

CSAM is deplorable. This is a terrible solution to that.
Show threadRAKAug 1
@0x4d6165 @itsOasus @sean: Indeed, this is the motte of TERF Nation's motte-and-bailey strategy.
Show threadJeder  Jul 31
@sean @itsOasus there should be more of it then
Show thread Tired Bunny  5d ago
@sean @itsOasus

You clearly should be posting your ID publicly or sending it to every admin of every instance you federate with as the platform you are on has a lot of sexual content available.