Mastodawn

Hmm. Phishing kits are putting more and more effort into blocking automatic security scanners. This is a relatively short set of evasion rules - I'm seeing some kits with eight *entire files* worth of rules of what IPs, hostnames, user agents, etc. to block.

Show thread

Chris Partridge 10h ago

masto is it good when all these phishing kits have attackers email addresses in them

Chris Partridge 11h ago

About five years ago I made and then largely forgot about a project called Phossil.

I forget who had mentioned to me, but phishers accidentally leave kits exposed in open directories on whatever compromised or bought host they're operating from.

I wrote a couple scripts which would quickly crawl through phishing sites reported on Phishtank, hunt for open directories, then snarf up any related data.

In five years, it's found 12,118 files (88.7 GB). I'm going to start digging though it today!

Chris Partridge 3d ago

bitzero 3d ago

The game is rigged against us, but it hasn't to be this way: The evolution of trust (game theory) https://ncase.me/trust/

The Evolution of Trust

an interactive guide to the game theory of why & how we trust each other

Chris Partridge 6d ago

Chris Adams Mar 15

“A Resume.org survey of 1,000 hiring managers found that 59% say they emphasize AI’s role in layoffs because it “is viewed more favorably by stakeholders than saying layoffs or hiring freezes are driven by financial constraints.” Only 9% said AI had fully replaced any roles. This is not a technology story; it’s a management honesty story that happens to involve technology.”
https://www.bloomberg.com/opinion/articles/2026-03-13/the-ai-washing-of-job-cuts-is-corrosive-and-confusing

Chris Partridge Mar 5

mhoye Mar 5

Just absolutely no regard for security at all. None. The entire burden of self-protection shifted to humans alone at their endpoints in systems and communities entirely, foundationally built on mutual trust and trustworthiness.

Chris Partridge Mar 3

tomate 🍅Mar 3

When someone says „Scientists do not want you to know“ you can dismiss everything from there on. Scientists want you to know. They are desperate that you know. They can’t shut up about what they found out and want you to know.

Chris Partridge Mar 1

Executive dysfunction be damned that boy can write one (1) blog post every fourteen (14) months.

I can tell it's tax season based on the IRS-impersonating email spam and #malware landing in my inbox. It's not a sophisticated campaign, but they did some things right I got a good chuckle from the things they did wrong (gif attached of the "IRS" webpage I was directed to) 😁

Post here: https://chris.partridge.tech/2026/tax-season-irs-impersonation-malware/

Hope you enjoy and good luck to the USA on our overcomplicated taxes as always.

Show thread

Chris Partridge Mar 1

Example things I use small LLMs for to accelerate our work:
* If a human engineer judges that an issue is a true positive, an LLM drafts customer-facing justification w/ additional context. Human engineer reviews and corrects minor issues before sending.
* Human engineers write rough notes what they worked on every week. An LLM transforms the team's notes into draft updates at various depths: a technical update we review in standup, a higher level update for program managers and leadership, etc.

Chris Partridge Mar 1

Maybe this is a controversial take, but SoTA small LLMs are where it's at, IMO. My team and I use them at work. They cost near-$0, ex. we run 8B or smaller models like Phi locally on instances we were already running (didn't even need to upgrade). At home I have Llama 3b hooked up to HomeAssistant Voice. They aren't wise, but the tech is useful with a human-in-the-loop, and you can do useful things with only a handful of watts' power budget and without spending thousands of dollars on GPUs.

Blogging	https://chris.partridge.tech
GitHub	https://github.com/tweedge
Proofs	https://tweedge.proven.lol
Pronouns	he/him