sluggard   

@sluggard@infosec.exchange
99 Followers
587 Following
624 Posts
Dad (Husband too)
Background {product mgt|appdev|ml|privacy|sales(really)}
Current doing PM work
sluggard   Nov 18, 2024
evacideNov 17, 2024

If you could tell your Congressional rep not to vote for a bill that would give the Trump administration the power to revoke non-profit status from any org they don't like...say...EFF, for example, I would appreciate it.

https://act.eff.org/action/tell-congress-not-to-weaponize-the-treasury-department-against-nonprofits

Tell Congress Not To Weaponize The Treasury Department Against Nonprofits

The House of Representatives just passed a dangerous bill that gives broad and easily abused new powers to the executive branch would allow the Secretary of Treasury to strip a U.S. nonprofit of its tax-exempt status. Nonprofits would not have a meaningful opportunity to defend themselves, and could be targeted without disclosing the reasons or evidence for the decision. Even if they are not targeted, the threat alone could chill the activities of some nonprofit organizations. Over 130 civil liberties, religious, reproductive health, immigrant rights, human rights, racial justice, LGBTQ+, environmental, and educational organizations signed a letter opposing the bill as written. We most tell the Senate not to pass H.R. 9495, the so-called “Stop Terror-Financing and Tax Penalties on American Hostages Act.”

sluggard   Aug 2, 2024
Dan GillmorAug 2, 2024

I never, ever respond to political text messages. It is impossible (for me, anyway) to know which ones are scams -- most of them, I suspect -- and which might be legit.

Even the "legit" texts are a plague of spam in any case.

I block and report as spam all political texts.

YMMV, but it looks from here like criminals have declared open season on our bank accounts.

sluggard   Aug 2, 2024
Kevin CollierAug 2, 2024
With Or Without You but covered by people who did those early aughts X shreds memes
https://www.nbcnews.com/news/world/russia-spies-prisoner-swap-putin-children-rcna164852
Children of spies only discovered they were Russian on the plane to Moscow, Kremlin says

Why did Russian President Vladimir Putin greet the children of just-freed Russian spies in Spanish?

NBC News
Show threadsluggard   Aug 2, 2024

Doh! It was Friday we flew out! That was the first day.

The next day, my son in college was flying out. He had a seat assigned. His aircraft had been parked at the airport the night before. Reportedly, the airport was less chaotic.

We found out about his flight delay about five minutes before he did. He was delayed about an hour.

Then, we found out about his flight cancellation about five or ten minutes before he did.

He had to get into a massive line to rebook. The mobile app offered to help him rebook his flight, but that kept erroring and not showing any alternative flights. I called him. At the time, I didn’t think this was the worst airline IT fiasco. Now, it looks like one of the worst, if not the worst—espresso for Delta.

The mobile app wasn’t effective. He couldn’t talk to their call center—hold times were hours. Texting didn’t work. He doesn’t have a Xitter account, and I don’t think that would have helped. Chat support was down.

I went to the website, and worked to rebook his Saturday flight. There was nothing for Saturday or Sunday. Other airlines, like Southwest, were sold out on Sunday.

The rebooking pages look like HTML from 1998. I rescheduled for Monday, and was redirected to the home page—it turns out, the seat was probably acquired by someone else, and there was no error message. I rescheduled again—same mystery behavior again. Finally, I got confirmation on a Tuesday flight. It was clear that this part of the operation hadn’t gotten attention in years.

My son got a ride from the airport with a friend

I’d never had to go this far down the website to do anything with Delta. We had a great trip—my son’s was shorter than planned—but a lot of less tech-savvy people who travel less probably ended up in worse shape

sluggard   Aug 2, 2024

Took a while to write this, but I was flying on Delta almost two weeks ago—on the Saturday when the CrowdStrike bug hit.

We were flying on a family vacation. Our departure was scheduled for the afternoon. The TSA lines looked long, but nowhere close to a bad day. The lines for the customer service desks stretched through the airport.

Delta had made an effort to bring all their employees in. There were a lot of employees in vests, and most of them were busy. Customers with problems still vastly outnumbered the airline staff.

Once we got past security, we saw the LONG lines. Customers lined up from the customer service desk until the end of the concourse. It might have been as massive of mess as I’ve seen.

Screens all over the airport had error messages.

Our flight had a standby list of about 150 passengers, which was a fair fraction of the plane’s capacity. The flight was almost completely sold beforehand, so all the standby passengers were competing for only a few seats. The gate area was overflowing.

Huge numbers of passengers were lined up to ask where they were in the pecking order. The public monitors had blue screens. The gate agents announced to all the passengers that, if they had a seat assigned, they’d be on the flight. If they had a seat request, then it was a long shot and to expect to be flying on Monday or Tuesday.

The flight was delayed—first by a late arrival, then waiting on a member of the flight crew, then because they needed a motor to start an engine. All in all, delayed for about two hours, and we were lucky. A hundred or so had to wait on another flight.

Some passengers tried to get into the Sky Club—that had been over capacity for hours, and usually turns people away on a good day.

The gate staff and the flight staff and the other passengers were tired, but decent people, and acted kind.

sluggard   Aug 2, 2024
corqAug 2, 2024
How to Install and Run Plexamp on the Raspberry Pi https://blog.adafruit.com/2024/08/02/how-to-install-and-run-plexamp-on-the-raspberry-pi/?utm_source=dlvr.it&utm_medium=%5Binfosec.exchange%5D
How to Install and Run Plexamp on the Raspberry Pi

PiMyLifeUp shares how to play music on your Pi using Plexamp! Plexamp is a special version of the standard Plex client. It has been rebuilt from the ground up to be a perfect client for playing mus…

Adafruit Industries - Makers, hackers, artists, designers and engineers!
sluggard   Aug 2, 2024
Miguel de Icaza ᯅ🍉Aug 2, 2024
I like the Twitter ads that say “here ever? Upgrade your premium”, because they are a reminder to close the app.
sluggard   Jun 12, 2024
My spouse asked me what the safest money transfer app is in the US. I’m not sure how to answer.
Has anybody done a review of the apps and their security?
The articles I’ve seen online are mostly “Apple Pay is easy if you have an iPhone”, which doesn’t mean much to me.
sluggard   Jun 9, 2024
FrederikJun 9, 2024

I've done it! After literal months of work, I've finally finished my (rather long) blog post about how AES-GCM works and how it's security guarantees can be completely broken when a nonce is reused:

https://frereit.de/aes_gcm/

It includes more than 10 interactive widgets for you to try out AES-GCM, GHASH and the nonce reuse attack right in your browser! (Powered by #RustLang and #WASM )

If you're interested in #cryptography , #math (or #maths ) or #infosec you might find it interesting.

If you do read it, I'm all ears for feedback and criticism!

AES-GCM and breaking it on nonce reuse

In this post, we will look at how the security of the AES-GCM mode of operation can be completely compromised when a nonce is reused.

frereit's blog
sluggard   Jun 9, 2024
Anthony Collette  / LoistavaJun 9, 2024

QUOTE OF THE DAY

“Facts do not cease to exist because they are ignored.”
— Aldous Huxley

Agree, disagree — be inspired or not.
QOTD is fuel for conversation, and food for thought.

#QOTD
#QuoteOfTheDay