JustaMom

@stoicybele@toad.social
127 Followers
217 Following
9K Posts

"Be what you would seem to be..."

-- Alice's Adventures in Wonderland, Lewis Carroll, 1865

PronounsShe/Her
Profile ImageA photo of old-timey Peanut Butter Kisses: taffy candies in orange and black wrappers. Likely stale. IYKYK.
AttitudeStank
Here forideas, discoveries, venting, news, camaraderie, 'the duration'..until I'm not
JustaMomMay 2
Tinker ☀️Apr 30

Looks like Corporate #infosec has made it's choice.

#RSAC is filled with talks embracing AI and making it "secure".

And they invited and encouraged the Trump regime to spread its disinformation - fully sanctioned and encouraged by the conference leadership(and by conference attendees who laughed at the regime's jokes and lies and issued no challenges or stands during the talk).

With the ostracization of #ChrisKrebs by industry and the full embrace of Kristi Noem as a speaker, this was the moment that infosec made its bed.

Y'all lie in it now.

JustaMomMay 2
Eric AlperMay 2
Jill Sobule has passed away at age 66. She paved the way with heart, humor, and honesty. The first openly gay artist to break the Billboard Top 20, her songs like “I Kissed a Girl” and “Supermodel” changed the soundtrack—and the conversation.
JustaMomApr 19
AkaSci 🛰️Apr 18

This newly processed image of a cosmic pillar in the Eagle Nebula M16 has been released as part of ESA/Hubble’s 35th anniversary celebrations.

The 9.5 light-years tall pillar is 7,000 light-years from Earth.

The intricate structure is sculpted from cold Hydrogen gas by the fierce radiation and stellar winds of stars north-east of this image near the center of M16. New star formation is occurring within the compressed gas of the pillar.

https://science.nasa.gov/missions/hubble/hubble-spies-cosmic-pillar-in-eagle-nebula/
ESA/Hubble & NASA, K. Noll
1/

Hubble Spies Cosmic Pillar in Eagle Nebula

Hubble releases a new image from the Eagle Nebula (Messier 16). This iconic "Pillar of Creation" is an area where new stars are forming.

NASA Science
JustaMomApr 18
Cory DoctorowApr 18

Today's threads (a thread)

Inside: Mark Zuckerberg personally lost the Facebook antitrust case; and more!

Archived at: https://pluralistic.net/2025/04/18/chatty-zucky/

#Pluralistic

1/

Pluralistic: Mark Zuckerberg personally lost the Facebook antitrust case (18 Apr 2025) – Pluralistic: Daily links from Cory Doctorow

JustaMomApr 18
Coach Pāṇini ®Apr 18

as the #Microsoft CEO, Satya Nadella, began talking up new products, five employees stood on a platform above, exposing lettering on their T-shirts that spelled out the words: “Does Our Code Kill Kids, Satya?”

#genocide
https://www.theguardian.com/technology/2025/apr/18/microsoft-ai-israel-gaza-war

Microsoft faces growing unrest over role in Israel’s war on Gaza: ‘Close to a tipping point’

Internal turmoil rises at company over Israel’s extensive use of its AI and cloud computing services in Gaza war

The Guardian
JustaMomApr 15
Show threadJonathan Kamens 86 47Apr 15
P.S. I noticed one error in the article: the description of DNS tunneling is wrong. When someone is using DNS tunneling to exfiltrate data, they're generating the DNS queries with the data in them from inside the network, causing them to be sent to a DNS server under their control outside the network. It's not the server generating the queries as described in the article.
I didn't notice any other substantive errors in the article.
#infosec #DNSTunneling
JustaMomApr 15
Jonathan Kamens 86 47Apr 15
This is a long, well-reported, well-sourced article about all the f*ckery DOGE is doing with exfiltrating data from government agencies for purposes unknown (likely nefarious and illegal).
Many of the dangers and threats cited here are the things I was saying were going to happen to anyone in the media who would listen during my media blitz after I was fired. Glad to see them getting more attention.
#politics #USPol #DOGE #infosec
Ref: https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
JustaMomApr 15
Show threadPetra van CronenburgApr 15

🧵 Read the alt texts of the photos above about the #yarn's history. Here you can learn more about the history of this "more glossy than silk" patent: https://en.wikipedia.org/wiki/Rayon

This #emboidery #floss was a hype since 1905/1910 ... and we can imagine that some of the governesses who had the misfortune to be on board, used it for #embroideries in the luxury rooms of the #Titanic.

#history #textileHistory #histodon #fibreArts #textileArts

Rayon - Wikipedia

JustaMomApr 15
Petra van CronenburgApr 15

🧵 #OTD the #Titanic sank in 1912. When I was a very small child, I knew an old woman who narrowly escaped this disaster. As the governess of a US millionaire's children, she was supposed to be travelling on the Titanic. They arrived too late in England and couldn't get tickets.

Shortly before her death, she gave me some old #yarn. I haven't dared to use it to this day because it's like travelling back in #deepTime. 113 years can feel so near.

#histodon #museum #embroidery #fiberArts #history

JustaMomApr 15
Denis BuckleyApr 15

'“Taxes,” declared Oliver Wendell Holmes, “are what we pay for civilized society.” But these days barbarians are in control.'

https://open.substack.com/pub/paulkrugman/p/happy-tax-evasion-day?utm_source=share&utm_medium=android&r=diqr

Happy Tax Evasion Day!

DOGE is stealing your tax revenue and giving it to rich cheaters

Paul Krugman
×
Tinker ☀️Apr 30

Looks like Corporate #infosec has made it's choice.

#RSAC is filled with talks embracing AI and making it "secure".

And they invited and encouraged the Trump regime to spread its disinformation - fully sanctioned and encouraged by the conference leadership(and by conference attendees who laughed at the regime's jokes and lies and issued no challenges or stands during the talk).

With the ostracization of #ChrisKrebs by industry and the full embrace of Kristi Noem as a speaker, this was the moment that infosec made its bed.

Y'all lie in it now.

Show threadTinker ☀️Apr 30

This is damning.

Kevin Collier, journalist from NBC News states:

"I will say [Kristi Noem] has come out swinging, insisting her vision of CISA will improve [DHS] and falsely describing its previous work as being substantially devoted to policing misinfo.

The crowd has been relatively into it. Tepidly bit on her laugh lines. No boos, no heckling. This is a corporate crowd, not Def Con, but I would have not been surprised to have seen some disruption."

Source: https://bsky.app/profile/kevincollier.bsky.social/post/3lny67kekqc26

#infosec #RSAC

Kevin Collier (@kevincollier.bsky.social)

The crowd has been relatively into it. Tepidly bit on her laugh lines. No boos, no heckling. This is a corporate crowd, not Def Con, but I would have not been surprised to have seen some disruption. Still a few minutes left.

Bluesky Social
Show threadwall-e / DanielApr 30
@tinker That is absolutely disgusting and disgraceful.
Show threadThe 500 Hats of LambdaCalculusApr 30
@tinker And people don't mock or jeer these MAGAt fuckheads!?
Show threadMichael KoerferApr 30
@tinker holy moly
Show threadTim HergertApr 30
@OT_MacDonald @tinker BTW I read this in Ella Purnell's voice.
Show threadmanchickenApr 30

@tinker given that the American government has abdicated the leadership role that they insisted the rest of the world should follow, I can’t imagine how anything any fed would have to say could possibly contribute to the practice of cybersecurity (or pretty much anything else, either).

The Trump administration’s message to the rest of the world is pretty clear: fuck off and find your own way without America. Their message to the American people is similar: robber-barons are here to loot; good luck.

Show threadFennixApr 30

@tinker

It'll be REAL interesting to see how front and centre all the government shit is at this years' #DEFCON.

Show threadYet another Josh Apr 30

@fennix @tinker

I'm going to go on a limb, that after this last years' badge debacle with Dmitri, that Defcon admin will also bend over to Corporate Infosec and Trump.

Defcon's already these days known as the cheap Blackhat. And most of the feds go to both anyways.

https://www.theregister.com/2024/08/13/defcon_badge_disagreement_gets_physical/

I also won't go back to Defcon, for that and toxicity reasons.

DEF CON badge disagreement gets physical as firmware dev removed from event stage

Is it not a strange fate that we should suffer so much fear and doubt for so small a thing?

The Register
Show threadatom_skillzMay 2
@crankylinuxuser @fennix @tinker They were in the gov's pocket ever since "spot the fed" got too easy,
Show threadI Voted for McGovernApr 30
@tinker
Lolz, Dakota State “University” is a university in a bad dream ffs. It’s a cow college people, chaos and cows and small mindedness
Show threadRachelApr 30
@tinker godamn.

I am...... Not even a little surprised.
Show threadboB Rudis 🇺🇦 🇬🇱 🇨🇦Apr 30
Good overview of her "talk" @ cyberscoop: https://cyberscoop.com/kristi-noem-rsac-2025-cisa-mission/
DHS Secretary Noem: CISA needs to get back to ‘core mission’

At the 2025 RSAC Conference, DHS Secretary Kristi Noem vowed to refocus CISA on its core mission of critical infrastructure protection.

CyberScoop
Show threadDatalineApr 30
@tinker Hosed
Show threadBillApr 30
@tinker I has a disappoint
Show threadCaseyApr 30
@Sempf @tinker Not surprised at all.
Show threadLesley Carhart Apr 30
@Caseydunham @Sempf @tinker not surprised, but disappointed.
Show threadBillApr 30
@hacks4pancakes @Caseydunham @tinker Yeah, there isn't much we can do about people that don't want to change. It's ugly. Long as the $$$ keeps flowing amirite?
Show threadrobert daniel pickardApr 30

@tinker i don't know if defcon would react differently

last year was so full of feds and cops giving presentations that i broke my brain and i decided i won't be going back

i really think 2010 black hat having Michael Hayden was a turning point. I remember the room being pretty evenly split between boos and fanboys. i think the fed fanboys have gained ground at blackhat and defcon now

Show threadThe 500 Hats of LambdaCalculusApr 30
@rdp @tinker DEF CON needs to be brought back to pure hacker energy and a serious #ACAB attitude.
Show threadViolet MadderApr 30

@lambdacalculus @rdp @tinker

They'll probably need to hold it outside the US for that. And I'm wondering how many hackers are still free at all.

Show threadfeldMay 2
@lambdacalculus @dsp @rdp @tinker It's been dead long before pool2girl happened, so how far back do we really have to go
Show threaddspMay 2
@feld
I have faith in the DEFCON crew honestly. During all these years, mistakes happen(ed) for sure, but this group is, in a sense, all of us here. We can reclaim a hope for a future filled with hacking, truth and ethics.
Show threadfeldMay 2
@dsp I think most of the problem is that it's too big now. It needs to be significantly reduced in size -- maybe not even normal public ticket sales
Show threadJeff MossApr 30
@rdp @tinker We would. #DEFCON != RSAC
Show threadThe 500 Hats of LambdaCalculusApr 30
@thedarktangent @rdp @tinker That may be true but I do have to agree that the fed stink is getting a little too strong. We need more pure hacker/punk/goth energy.
Show threadKluthulhu' XOR 1=1--Apr 30
@thedarktangent @rdp @tinker This you?
https://forum.defcon.org/node/246116
forum.defcon.org

Secretary of the Department of Homeland Security Alejandro Mayorkas Alejandro Mayorkas, Secretary of the Department of Homeland Security 45 Minutes The Secretary of US Homeland Security, Alejandro Mayorkas, joins DEF CON for a fireside chat. Secretary Mayorkas will lay some foundational groundwork on some of DHS' priorities in

DEF CON Forums
Show threadJeff MossMay 1
@kluthulhu @rdp @tinker If you think they are equivalent then 🤷‍♂️ You'll have to wait for the speakers to be announced.
Show threadKluthulhu' XOR 1=1--May 1
@thedarktangent @rdp @tinker Both were invited in their function as Secretary of the DHS.
Show threadYou S BluesApr 30

@rdp @tinker What I’m curious about, if anyone is there, is, are the Feds there (besides Kristy Noem)?

Elon has put the kibosh on Fed travel so I’m curious if it is reflected in the attendees. I heard the Appian conference in Denver was missing many representatives of the software maker’s largest customer, the US gov.

Show threadYou S BluesApr 30
@rdp @tinker - I just confirmed that no one from the government was at the Appian conference.
Show threadAriaflameMay 2
@rdp @tinker So it's Fedcon now?
Show threadMarko VujnovicApr 30

@tinker I think most people are aware of that point in your employment when doing things to keep your job are different from doing things to do your job well.

This is a crowd trying to remain employed.

Show threadWeird SocksApr 30

@dawngreeter @tinker
Agreed. I've never heard tell of flying to the conference on the company dime and then heckling the speakers.

I posit that the tell is who attended. There are many conferences. Who voted with their feet? Which firms had, y'know, unfortunate scheduling conflicts?

Show threadNathan WeilApr 30
@tinker @hacks4pancakes My company CISO just responded to me that her speech “…was pretty good.” Ugh…but really I expect no less anymore.
Show threadspiegelmamaApr 30
@weiln @tinker @hacks4pancakes 🤢
Show threadFuturistic Robert [KJ5ELX] Apr 30
@tinker so a room full of fascists.
Show threadtlarivMay 2
@0xF21D
With names and addresses.
@tinker
Show threadwinterApr 30

@tinker Corporate is gonna have to learn a lesson about what happens when you lie down with dogs.

(You wake up with major security vulnerabilities and infrastructure built on PR and vibes.)

Show threadGlyphMay 1
@winterayars @tinker @btanderson well I mean not if Noem is around, if you lie down with dogs in that context you just get covered in dog blood
Show threadGlyphMay 1
@winterayars @tinker @btanderson I really hope I don’t know anyone at RSAC this year, to be a party to this and not absolutely lose your shit in the audience would be a lifelong embarrassment
Show threadAsta [AMP]May 1
@glyph @winterayars @tinker @btanderson Here's a woman who murders dogs and considers parading in front of people she enslaved to be a 'photo op'. Like. You can't make up that level of fucking awfulness. Boo her ass.
Show threadAsta [AMP]May 1
@glyph @winterayars @tinker @btanderson But, you know, this is what "respectability" is. It's what it always has been. "You have to be nice", at all costs, to live in society. To a woman who brags about killing dogs and enslaving random Hispanic people in a fucking foreign labor camp.

And no one there says "hm, maybe I shouldn't laugh at the dog killing slaver's joke?" mann
Show threadPonygirlMay 2
@tinker Noam is a puta.
Show threadThe 500 Hats of LambdaCalculusApr 30

@tinker

$ git reset --hard united-states

Show threadTroed SångbergApr 30
@tinker Were there any actual infosec people in the crowd or just infosec-aligned managers?
Show threadTinker ☀️Apr 30
@troed - No idea. But I hate to break it to you, management and policy is actual infosec. Tech folks who wield the tools do so at the behest and direction of the decision makers.
Show threadStarkRGApr 30
@tinker I would definitely not have pegged infosec as an industry rife with the kind of gullible idiot AI is marketed at. In fact, I would have assumed the exact opposite.
Show threadJ. R. DePriest    :EA DATA. SF:Apr 30

@StarkRG @tinker

Our CISO is super-hyped on AI as a tool to eventually handle Tier 1 SOC, write reports, and summarize data.
* some assembly required

Show threadStarkRGApr 30
@jrdepriest @tinker I don't claim to be an expert (either in infosec or AI), however, I can certainly see that there are some situations where using AI can be a good choice and every single one of them requires a real person double-checking every result. If you don't want to pay people to hand-check everything returned by an AI algorithm, then AI algorithms aren't the solution you're looking for. It's good for producing "that feels like it could be right" matches in enormous datasets.
Show threadJ. R. DePriest    :EA DATA. SF:Apr 30

@StarkRG @tinker
The current workflow with live people requires someone else to review and approve the work. He's hoping we can replace much of it with LLMs so it will be faster to get to level 2 for review.
We aren't to the stage where we can even test it yet. Still dealing with demos and vendor hype.
We have a private ChatGPT instance we are strongly encouraged to use. I know he uses it to write or rewrite emails and summaries tailored to specific audiences (technical vs. executive).
I do not see the need for that at my level.

I do not like genAI. My manager doesn't like it.
It doesn't understand anything.

But our adversaries are using it to accelerate their attacks. We can't hire the people to be fast and agile enough to keep up. We have so much noise to parse and automated tools may be able to filter and parse it for us.
The volume of attacks has increased but their quality has not improved. Still, it makes finding that needle difficult.

Show threadStarkRGApr 30

@jrdepriest Setting aside the ethics of training data sources and completely unsustainable energy requirements, it's fine as long as there is always a person between the output and implementation double checking to make sure it's acceptable. That goes regardless of the purpose (code, pictures, legal filings, etc). It's a tool, yes, but an extremely fallible one, it should not be allowed to become a plausible deniability generator.

(and then, also, let's not set aside the ethics)

Show threadJ. R. DePriest    :EA DATA. SF:Apr 30

@StarkRG

My boss is in a band and I am a writer. We both hate LLMs for being trained in stolen works and destroying ingenuity and creativity.
I further hate them for the environmental impact.
Obviously, I mean the tech bros and the massive corporations behind the current bubble of LLMs when I say "them".

But we still have to do our jobs.

As they say, there is no ethical consumption under capitalism.

Show threadKatApr 30
@jrdepriest @StarkRG @tinker But is an LLM the right tool for that job? ML seems like a better hammer for that nail.
Show threadJ. R. DePriest    :EA DATA. SF:Apr 30
@KatS @StarkRG @tinker definitely ML would be better but we are being asked to evaluate this so we are evaluating it. If it can keep from from having to write no-code / code to parse random JSON to Markdown or HTML for reports, I'll take.
It's been hard to hire people, ironically because they are using LLMs to game their resumés and video interviews.
Show threadzygmydApr 30

@StarkRG

Unfortunately in the corporate fragments of this industry you will get people ticketing you about your containers not passing automated tooling checking for bad OS components when in fact they are distroless containers with a single binary and a config file. So it definitely varies.

Show threadDio9sysApr 30

@StarkRG

I wish I had your level of optimism...

Show threadVVeloxApr 30
@tinker @StarkRG If you need further proof that drek can be prevalent in the industry, see Wazuh. It is a utter dumpsterfire with insanely out of date rules with no meaningful way to keep them up to date.
Show threadPaul SomeoneElseApr 30
IME the infosec industry has been reactionary from the beginning.

CC: @tinker@infosec.exchange
Show threadMatt PalmerApr 30
@StarkRG from where I sit, at least 90% of infosec is a gloopy mixture of snake oil and cargo cultism. I'm entirely unsurprised that magical LLM thinking has taken strong root in such fertile soil.
Show threadwall-e / DanielApr 30

@tinker this ties into a thought I had recently:

How does responsible disclosure work in a world where these systems are used by a fascist government to harm people?

Should anyone really be helping these fucking collaborators free of charge, to make their systems more secure and less destroyable?