tautology

@tautology@infosec.exchange
352 Followers
193 Following
351 Posts

@tautology0
@tautology
@tautology.uk

vi is the best editor. FACT!

X5O!P%@ap[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

tautologyJun 3
This is the demo I was working on, the largest controller for SuperTuxKart ever?
tautologyMay 23
So who else spent the day turning a knackered old Renault Clio into a controller for SuperTuxCart?
tautologyMay 18

Spent an hour trying to find out why the sprog's Junior Parkrun results came out in the weird US date format. IMO it was due to bad assumptions by my browser and the Parkrun website. If they'd just use ISO 8601 dates it would've simplified everything!

https://tautology.org.uk/blog/2025/05/18/about-dates-a-tenative-story-of-making-assumptions/

About dates: A tenative story of making assumptions – Tautology’s Blog

tautologyMay 4
leyrerMay 4
tautologyMar 12
Pen Test PartnersMar 12

Although frequently misunderstood, the HTTP Cache-Control header is crucial because it specifies caching mechanisms within requests and responses.  In its typical format, it reveals details as to how resources are stored, the location of the resource and the maximum age before expiring…

In our latest blog post, Kieran Larking highlights that the No-cache directive does not prevent caching and looks at typical caching behaviour directives and how to correctly use these directives to balance performance and security: https://www.pentestpartners.com/security-blog/take-control-of-cache-control-and-local-caching/

#Caching #CacheControl #WebPerformance #WebSecurity #HTTPHeaders #Cybersecurity #DeveloperGuide #HTTP

Take control of Cache-Control and local caching | Pen Test Partners

TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directive prevents caching Introduction The HTTP Cache-Control header is sometimes misunderstood. It's important because it is used to specify caching mechanisms within requests and responses. In its typical format, it

tautologyFeb 26
Pen Test PartnersFeb 26

After scouring the internet, we realised that information on Rockchip MCUs is either scarce or hidden behind NDAs. So in our latest blog, David Lodge looks at the Rockchip boot process. He covers the boot order and how to force the MCU into low-level modes for direct USB access.
 
He also dives into essential tools like xrock and rkflashtool that let you read and write the MCU’s RAM and flash memory.

Read here: https://www.pentestpartners.com/security-blog/a-dive-into-the-rockchip-bootloader/

#rockchip #bootloader #mcu #firmware #embeddedsystems #reverseengineering #hardwarehacking

A dive into the Rockchip Bootloader | Pen Test Partners

TL;DR Rockchip has a structured sequence of bootloaders. Using various plugs can allow access to the MCU’s RAM and storage. There are many utilities to allow reading of information from the MCU. Use this guide to access and reverse engineer bootloaders. Introduction Rockchip are a Chinese company that makes a number of devices, including tablets

tautologyFeb 12
Terence EdenFeb 8

🆕 blog! “endless.downward.spiral - is this the beginning of the end of What3Words?”

Long-time readers know that I am not a fan of What Three Words. I think it is a closed, proprietary, and user-unfriendly attempt to enclose the commons. I consider that it has some dangerous failure modes.

A year ago, The Financial Times wrote about What3Words'…

👀 Read more: https://shkspr.mobi/blog/2025/02/endless-downward-spiral-is-this-the-beginning-of-the-end-of-what3words/

#maps #what3words

endless.downward.spiral - is this the beginning of the end of What3Words?

Long-time readers know that I am not a fan of What Three Words. I think it is a closed, proprietary, and user-unfriendly attempt to enclose the commons. I consider that it has some dangerous failure modes. A year ago, The Financial Times wrote about What3Words' business woes. But it looks like things are about to get a lot worse. As reported by a user on Reddit, Mercedes cars no longer support What3words. I was in touch with What3words customer support and they confirmed me that Mercedes…

Terence Eden’s Blog
tautologyFeb 9
Enfys 🏴󠁧󠁢󠁷󠁬󠁳󠁿 🏳️‍⚧Feb 8
Fedi via Teletext has to be one of the best ideas I've had in a while
tautologyJan 3
Joby  (he/him)Jan 2

Just read: "The sheriff said Tesla CEO Elon Musk helped the investigation by ... and giving investigators video of the suspect at charging stations along its route from Colorado to Las Vegas." And I have questions and concerns.

So ... were there any checks and balances involved? Or can Elon Musk just grab any current or past footage from the built-in cameras of any Tesla ... just like whenever he feels like it? Is there a paper trail? Is there any oversight whatsoever?

Is there any actual process at Tesla for this kind of thing? Do they need a warrant? Or is the process for pulling footage "when Elon personally asks for it?" Because that's a bad process.

Is the standard for when it's okay to pull and share video "when Elon thinks it's a good idea?" Because that's a bad standard.

The CEO of a large corporation should actually not be directly involved in these sorts of processes.

Show threadtautologyDec 18

Direct quote:
"All very true; I will end my days in a Wankh dungeon"

Is there any surprise that some later versions had them renamed to "Wannek"?