Rick Hunter

@rickhunter@infosec.exchange
10 Followers
56 Following
247 Posts
Got roped into product security by sitting in the wrong cockpit at the wrong time.
Rick HunterFeb 20
daniel:// stenberg://Feb 20
It's time to re-enjoy this golden quote about me and #curl, shown in the most awesome way.
Rick HunterAug 8, 2024
Jen GentlemanAug 8, 2024
😶
Rick HunterJul 25, 2024
Kenn WhiteJul 25, 2024

Protip: When choosing a root-of-trust encryption key for a hardware secure enclave, maybe don't use the vendor's asymmetric key literally labeled "CN=DO NOT TRUST - Test PK". New scoop by @dangoodin: Secure Boot is Completely Broken on 200+ Models from 5 Big Device Makers

https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/

Secure Boot is completely broken on 200+ models from 5 big device makers

Keys were labeled “DO NOT TRUST.” Nearly 500 device models use them anyway.

Ars Technica
Rick HunterJul 19, 2024
Rick HunterJul 16, 2024

So, let me see if I understand the current state of anti-malware from an application vendor's perspective:

* One tool's AI/ML feature hallucinates and marks your software as malware
* VirusTotal publishes their finding
* All the other anti-malware vendors see the one report in VirusTotal and copy it.
* App vendor's customers complain because their local scanner or IT department's monitoring freaks out
* The app vendor has to individually contact each anti-malware vendor, dealing with broken support portals, outdated contact info, or full email inboxes.
* A few vendors clear your app, while others won't clear their finding until other vendors clear first (insert Spiderman pointing meme)
* Repeat forever

Rick HunterApr 12, 2024
Gert van DijkApr 10, 2024

Lasse Collin in commit message: “The other maintainer suddenly disappeared.” 😆

#jiatan #xz
https://github.com/tukaani-project/xz/commit/77a294d98a9d2d48f7e4ac273711518bf689f5c4

Update maintainer and author info. ¡ tukaani-project/xz@77a294d

The other maintainer suddenly disappeared.

GitHub
Rick HunterJan 25, 2024
Glyn MoodyJan 25, 2024
The amazing helicopter on #Mars, Ingenuity, will fly no more - https://arstechnica.com/space/2024/01/nasas-mars-helicopter-has-made-its-last-flight-above-the-red-planet/ "has flown a staggering 72 flights. It has spent more than two hours—128.3 minutes, to be precise—flying through the thin Martian air."
The amazing helicopter on Mars, Ingenuity, will fly no more

Ingenuity has spent more than two hours flying above Mars since April 2021.

Ars Technica
Rick HunterNov 28, 2023

There's a lot of appeal to Cybellum, but their SBOM scanning tech is still immature on Windows. They consistently mis-identify Microsoft's binaries as OSS equivalents (Wine, Samba), even though those binaries are attributed and signed by MS. Hoping they get that resolved soon.

https://bird.makeup/users/thecybersechub/statuses/1729516803616117009

The Cyber Security Hub™

Cybellum achieves significant market share growth among leading medical device manufacturers https://www.helpnetsecurity.com/2023/11/28/cybellum-medical-device-manufacturers-market-share/?utm_source=dlvr.it&utm_medium=twitter

Rick HunterAug 24, 2023
Politico's headline game on point!
https://www.politico.eu/article/wagner-reacts-oh-my-god-they-killed-yevgeny-you-bastards/
Wagner allies react: OMG, they killed Yevgeny! You bastards!

The former catering chief’s death is an ominous sign for his cheerleaders.

POLITICO
Rick HunterAug 23, 2023
First the moon, now this. What will Russia crash next?
×
daniel:// stenberg://Feb 20
It's time to re-enjoy this golden quote about me and #curl, shown in the most awesome way.
Show threadLangerJanFeb 20
@bagder I’m glad that it brings you so much joy ❤️
Show threadEndyFeb 20
@bagder curl has become a huge part of my web browsing experience.
Show threadThe Dude™Feb 20
@bagder I used curl today!
Show threadMcCrankyfaceFeb 20

@thedudeabides420 @bagder

I used curl yesterday

Show threadMulti Purr Puss Feb 20
@bagder so funny, but *sigh* …it should've been "who", instead of "that" …because "some guy" is not an object, but a person(EDIT: citation needed) 😅 …it's still funny, though …solid B 👍 🍻
Show threadMolly BFeb 20
@platymew @bagder The way I read it, “that” refers to “hobby,” not “guy.”
Show threadMulti Purr Puss Feb 20

@mjibrower @bagder but it's not "the hobby" THAT provides the service.

It's THE GUY "who" provides their hobby as a service! 😉

Hobby as a Service - HaaS! (thanks, mate! 🖖 🍻)

Show threadMolly BFeb 20
@platymew @bagder In any event, I think it’s lovely that someone came up with it, and that someone made it into a beautiful piece of art, and that curl exists in the world.
Show threadMulti Purr Puss Feb 20
@mjibrower @bagder agreed! 🖖
Show threaddaniel:// stenberg://Feb 20
@mjibrower @platymew the story about the pillow is here: https://daniel.haxx.se/blog/2024/04/22/curl-is-just-the-hobby/ - made by @LangerJan
curl is just the hobby

Jan Gampe took things to the next level by actually making this cross-stitch out of the pattern I previously posted online. The flowers really gave it an extra level of charm I think. As a cross-stitch As a pillow This quote is from a comment by an upset user on my blog, replying to one … Continue reading curl is just the hobby →

daniel.haxx.se
Show threadMolly BFeb 20
@bagder @platymew @LangerJan Oh, that’s delightful!! Thanks for... all of it. 😄
Show threadmastodon quixoteFeb 20
@platymew @mjibrower consider: the informality of the quote is essential to its appeal, and so a minor grammatical error that doesn't obscure the meaning whatsoever enhances rather than detracts from it
Show threadJesper Larsson has moved!Feb 20

@platymew @bagder “Who” would sound better, but a guy can be a that/it, can't he? Example:

– How did you know that wasn’t my girlfriend?
– It was a guy!

Show threadMulti Purr Puss Feb 20
@avadeaux oof, i had to double-check - i DID post a beer-moji; greetings, fellow drunk person! In an inebriated / degraded state of mind scenario, your reply makes perfect sense. (i'm not trying to be snarky, here - i'm actually quite boozy, myself) …good job, we've all gotten the (thing vs. person) memo. 😉 🖖
Show threadSpacewizard! (Ed H)Feb 21

@platymew @bagder honestly I've never understood the rules of when you are allowed to use "that" as a relative pronoun and when you're required to use "who/which," after a lifetime speaking English

and the fact that a native speaker is unclear on the concept leads me to think these rules might be arbitrary and made-up, like rules against split infinitives and dangling prepositions

Show threadJon HenshawFeb 20

@bagder

lol, I was like, "Is that true?" So I looked it up and found you. 😂

https://daniel.haxx.se/blog/2015/03/20/curl-17-years-old-today/

curl, 17 years old today

Today we celebrate the fact that it is exactly 17 years since the first public release of curl. I have always been the lead developer and maintainer of the project. When I released that first version in the spring of 1998, we had only a handful of users and a handful of contributors. curl was … Continue reading curl, 17 years old today →

daniel.haxx.se
Show threaddaniel:// stenberg://Feb 20
@jon the backstory to the quote was once explained here: https://daniel.haxx.se/blog/2024/04/22/curl-is-just-the-hobby/
curl is just the hobby

Jan Gampe took things to the next level by actually making this cross-stitch out of the pattern I previously posted online. The flowers really gave it an extra level of charm I think. As a cross-stitch As a pillow This quote is from a comment by an upset user on my blog, replying to one … Continue reading curl is just the hobby →

daniel.haxx.se
Show threadResunaFeb 20

@bagder @jon

Regarding the nested story about the ad, I object to SMS_OTP as an MFA method.

Show threadNoah JinFeb 20
@bagder idk why but I read this in the tune of Scrub by TLC 😂🤣
Show threadineedsleepsFeb 20
@bagder This is definitely about you, just not in Nebraska.
Show threaddaniel:// stenberg://Feb 20

@ineedsleeps on my GitHub profile I have my location set to: "the curl factory, Sweden - close to Nebraska" 😁

https://github.com/bagder

bagder - Overview

I don't know anything. Employed by @wolfSSL. bagder has 47 repositories available. Follow their code on GitHub.

GitHub
Show threadStephen Dioxide Feb 20
@ineedsleeps @bagder Beat me to it.
Show threadTimbo303WorldFeb 20

@bagder run this command to give Elmo 1 million dollars

curl "https://t3.ftcdn.net/jpg/00/02/42/90/360_F_2429020_mOGmog3ISSUV0FlHJJLqEk7VW2uHRx.jpg" -o ElmosMoney.jpg

Show threadGueule d'atmosphèreFeb 20
@bagder
I don't wget it.
Show threadEloy.Feb 20

@bagder story from a previous job: some colleagues said "we don't want to use software that was developed by some guy in his attic, we need professional software"

me: *chuckling, thinking about curl*

colleague, sounding angry: yes you're laughing but that stuff really happens

I don't think he understood why I was laughing

Show threadDan CrossFeb 20
@bagder but what a lovely throw pillow.
Show threadargv minus oneFeb 20

@bagder

Please tell me someone has made a bitmap font from that.

Show threaddaniel:// stenberg://Feb 20
@argv_minus_one I generated the pattern with some online service, but I can't remember which nor which font it was: https://daniel.haxx.se/blog/wp-content/uploads/2024/04/Screenshot-2024-03-25-at-08-51-43-Crosstitch.com_.1711353088.pdf.png
Show threadMichael McCuneFeb 20
@bagder is it still fair just to call it a "hobby" ? (specifically in the case of curl)
Show threadKevin LydaFeb 20
@bagder The problem with curl is that it's not written in a memory safe language. It's time to port curl to COBOL.
Show threadAnthropyFeb 20
@bagder I also think it's extremely inspirational for other opensource devs; the idea that the world is just that open that if you have a good idea and you can write it out in a solid secure and performant way, everyone will just flock to you, it's a magical thing to watch unfold every time some person or group comes up with some new opensource idea that ends up changing things radically across the landscape, or things that stay around for eternity because they do it right, like Curl, Linux, etc
Show threadCosmicTeaFeb 21
@bagder I feel my job would be somewhat harder without curl so I thank you
Show threadKavusFeb 21
@bagder
Thank you for curl! Also cute pillow.
Show threadFoxxMDFeb 21
@bagder curl merch store when??
Show thread(roll m3tti)Feb 21
@bagder would be nice to see how much curl contributed to openai ;). Btw curl is awesome!