Royce Williams

@tychotithonus@infosec.exchange
3.2K Followers
3.8K Following
11.8K Posts

Just doing my undue diligence.

ISP vet, password cracker (Team Hashcat), security demi-boffin, YubiKey stan, public-interest technologist, AK license plate geek. Husband to a philosopher, father to a llama fanatic. Views his.

Day job: Enterprise Security Architect for an Alaskan ISP.

Obsessed with security keys:
techsolvency.com/mfa/security-keys

My 2017 #BSidesLV talk "Password Cracking 201: Beyond the Basics":
youtube.com/watch?v=-uiMQGICeQY&t=20260s

Followed you out of the blue = probably stole you from follows of someone I respect.

Blocked inadvertently? Ask!

Am I following a dirtbag? Tell me!

Photo: White 50-ish man w/big forehead, short beard, & glasses, grinning in front of a display of Alaskan license plates.

Boosts not about security ... usually are.

Banner: 5 rows of security keys in a wall case.

#NonAIContent

#hashcat #Alaska #YubiKeys #LicensePlates

P.S. I hate advance-fee scammers with the heat of 400B suns

❤️:⚛👨‍👩‍👧🛡🙊🌻🗽💻✏🎥🍦🌶🍫!

Stuffhttps://www.techsolvency.com/roycewilliams/mastodon
Keybasehttps://keybase.io/royce
GitHubhttps://github.com/roycewilliams
LinkedInhttps://www.linkedin.com/in/roycewilliams
Gravatarhttps://gravatar.com/tychotithonus
Not "dehashed"!https://www.techsolvency.com/passwords/dehashing-reversing-decrypting/
Royce Williams31m ago

If the bait looks too obvious ...

... you're not the target demographic.

Royce Williams1h ago

Reminder:

When you drill down into an "[A] is happening and [Group B] is reacting like [C]" article/claim, the links / screenshots are usually from accounts that are, like ... a week old with six followers.

Assume they're rage/confirmation bait. Let them pass through you. Maybe filter a few more keywords. Move on.

Royce Williams1h ago
Charlie StrossJun 9

Reminder that we don't have ANY viable power-producing fusion reactors yet, let alone aneutronic reactors capable of using 3He as fuel: and if you can overcome the coulomb barrier to use 3He as fuel you're 90% of the way to using Boron-11 as fuel, WHICH IS READILY AVAILABLE (AND CHEAP!) HERE ON EARTH.

There's no need to strip mine the moon for fuel.

Lunar 3HE mining IS A SCAM DESIGNED TO EXTRACT MONEY FROM INVESTORS. Always has been. Always will be.

@arstechnica https://mastodon.social/@arstechnica/114653548336608142

Royce Williams1h ago
Roger A. Grimes2h ago
Official Amazon scam warning
Royce Williams2h ago
Gabriele Svelto4h ago
If you have an Intel Raptor Lake system and you're in the northern hemisphere, chances are that your machine is crashing more often because of the summer heat. I know because I can literally see which EU countries have been affected by heat waves by looking at the locales of Firefox crash reports coming from Raptor Lake systems.
Royce Williams2h ago
Maria Varmazis 3h ago

US-based friends: If you are as horrified about potential apocalyptic cuts to NASA science as I am - know that it is NOT TOO LATE to do something about it. The cuts are not a done deal!

The Planetary Society makes it very quick and easy to contact legislators about this. It really just takes moments, it is SUPER easy to do (I have done it!)

Check out the link and take action!

https://www.planetary.org/save-nasa-science

Friends outside of the US: Boosting info helps also if you are so inclined.

Save NASA Science - Action Hub

NASA science faces record cuts. Take action to stop it—we'll show you how.

The Planetary Society
Royce Williams4h ago

Looking for a low-distraction way to be reminded to reboot a Windows system. Options I'm aware of fall into five categories:

  • Wallpaper/BGInfo (cool, but requires no windows covering the info)

  • Systray widget - Find/write a system tray thing that "ages" with color (green->yellow->red = progression of urgency/staleness)

  • Script - e.g. a PowerShell uptime-age checker to throw a pop-up (meh)

  • Widget -- install a desktop widget platform and throw some kind of meter skin on it (too heavyweight for my goals)

  • Scheduled forced reboot - YOLO (seems too invasive)

    • For me, #2 - a visually aging systray widget -- seems the most appealing. Anyone aware of a good one -- easy, trustworthy, low perms, configurable?

    Royce Williams7h ago
    Matt Linton 19h ago

    I was mulling over a principle of incident response today and wondered what others in my field might think.

    Yes or no: "To operate effectively, incident responders need to be able to obtain at least the same level of access to a system as the attacker has potentially obtained."

    Royce Williams17h ago
    Thomas 🔭🕹️1d ago

    Did you know someone reverse-engineered the Weather Channel computer system from the 80s/90s and now you can generate your own private weather channel for your location?

    https://weatherstar.netbymatt.com

    Royce Williams19h ago

    After having gone missing in my papers for 30 years, the original ad has been found!

    The bottom half (shown here) features what we called the Computer "Toad" (actually a tree frog), and it still features prominently on my ancient ISP-provided tilde page. The photo was a mascot around the office for quite a while.

    No idea what the ad was for (AT&T / NCR?), but ... enjoy!

    #Frogs #TreeFrogs #RetroAds #ATT #NCR

    ×
    Bob Young1d ago

    Adobe is now processing all your PDFs in the cloud, by default. The setting to “Enable generative AI features in Acrobat” was on, and I didn’t know it until I opened a document and Adobe asked me if I wanted a document summary. It’s annoying to have to click “No,” so I opened settings to disable the prompt.

    THE PROBLEM
    I sign Non-Disclosure Agreements for many of my clients. Adobe is a potential leak of protected information. I don’t know what Adobe does with this information. I don’t know what they store, or for how long. I don’t know what country (or countries) the data is stored in. I don’t know what LLMs are trained with this data. And I don’t need to know. What I need to know is that they won’t use default opt-in as a legal excuse to wiretap my information.

    I recommend that you check your Adobe settings on all devices, for all Adobe accounts.

    #CallMeIfYouNeedMe #FIFONetworks

    #cybersecurity

    Show threadbesselj1d ago
    @fifonetworks I didn't see the option in Adobe reader because I reverted to the classic UI the day they first introduced the AI assistant. Maybe it's also because I don't sign in to Adobe
    Show threadtsk1d ago

    @fifonetworks But there is something you now know, that you didn't before...

    Adobe is yet another data-felching rat bastard corp.

    This is why, as you may recall, I take issue with the lack of clear local-remote boundaries in how IT products are presented. A FOSS app store like F-Droid will make the distinction clear, but that appears to be the exception.

    Show threadtsk1d ago

    @fifonetworks IIRC, #Adobe was considered the no. 3 adtech platform circa late-2010s, and their magic vehicle for tracking ad exposure was #Acrobat.

    AI is a new justification to turbo-charge the process of grabbing users' private information.

    Show threadBert Koorengevel1d ago
    @tasket @fifonetworks
    Wasn't it Flash on half of the web pages?
    Show threadMartin Vermeer FCD1d ago
    @tasket @fifonetworks One approach is to just bring down your Internet connection while working. If that doesn't work, you know that that is not software you should be using.
    Show threadCaleb Maclennan1d ago
    @martinvermeer @tasket @fifonetworks Abolutely insufficient protection. That only weeds out the poorly coded things that assume synchronous always on connections, not the much more robust and insidious ones that have background asynchronous attempts to make connections, gracfully degrade features when unavailable, and may queue up telemetry or data exfiltration for when the network comes up.
    Show threadSu_G1d ago

    @fifonetworks

    It's too bad Adobe is alienating some of their most influential customers like this. What do they gain? A reputation for stupidity (failure to understand customers, customer needs; treating all the same, 'one size fits all" & all that) & evil (do the worst that will offend the most by default). It's not as if there's that much 'customer loyalty' left in the bag... & equivalent or better s/w exists In many cases (hello Affinity!). You have to hope Adobe will get better advice/ advisors at some stage. But don't hold your breath. 😐

    Show threadVassil Nikolov1d ago

    > What do they gain?

    One possibility is a feeling they have jumped on the right bandwagon, illusory though it may be.

    @Su_G @fifonetworks

    Show threadRoman Oswald1d ago
    @fifonetworks I recommend to use other software. Ditch Adobe.
    Show threadElectron Wizard1d ago
    @roman78 @fifonetworks And in addition to simply saying 'ditch Adobe', check out https://m.youtube.com/watch?v=lm51xZHZI6g James Lee did a great video on switching to a different work flow! And for a simple and dumb (Windows based) PDF Reader: Sumatra PDF Viewer
    How I Broke up with Adobe

    YouTube
    Show threadAxel Leroy1d ago
    @electron_wizard @roman78 @fifonetworks or just your your web browser, they all read PDFs by default and most of them can annotate and modify documents now.
    Show threadD. B. Stuck1d ago

    @electron_wizard @roman78 @fifonetworks

    I forgot about Sumatra. It was my go to in my Windows days. There's even a portable app version. Throw it on a USB drive or a dropbox account and take it wherever.

    Show threadElectron Wizard1d ago
    @MyWoolyMastadon @roman78 @fifonetworks It's used a lot by the professors at the university I work at, since it can open up 1000 page PDFs with ease!
    Show threadHannah Steenbock1d ago

    @electron_wizard

    Thank you. I just switched out the Adobe PDF Reader for Sumatra, because of your post.

    One less big tech program on my computer.

    @roman78 @fifonetworks

    Show threadElectron Wizard1d ago
    @Firlefanz @roman78 @fifonetworks Glad to hear. Although forms can't be filled out, it can open up 1000 page PDFs without any issues. It has some simple annotation stuff, although the user experience is a bit rocky in that regards.
    Show threadHannah Steenbock1d ago

    @electron_wizard

    Truth is, I mostly need something to look at my receipts and stuff when I do bookkeeping. Can't remember the last time I filled in a form.

    I'm sure there are other options if I ever have to.

    Show threadsanpan1d ago
    @electron_wizard @roman78 @fifonetworks I´ve been using PDF Xchange editor for 15 years now. The first thing I do with a new PC at work is deinstalling Adobe. I used to hate them for being bloated, than for their pricing (I know their PDF reader is free, I couldn´t break my habit though), now for their AI slob.
    Show threadMartin1d ago
    @roman78 @fifonetworks I use PDFGear and got rid of all Adobe things.
    Show threadWolf Munroe ☎1d ago

    @fifonetworks

    Adobe is a trash company. I'm surprised there's an option to disable the AI feature.

    Years ago I wanted Acrobat Reader to stop putting a shortcut on my desktop every time it updated (roughly monthly). AdobeCare told me to install another Adobe software (an administrative policy editor, basically) to make the change as I couldn't do it in Acrobat Reader itself. I couldn't make heads or tails of that program.

    I'm on Linux now though, so I should be safe. No Adobe here.

    Show threadDeManiak 🇿🇦1d ago

    @munroe @fifonetworks gotta say - moving to linux to esape Adobe... that is a whole mood.

    I do understand it tho!

    Show threadWolf Munroe ☎1d ago

    @kaasbaas @fifonetworks

    Oh, I didn't move to Linux to escape Adobe, it's just a side benefit.

    I just jumped off Windows 10 early (mid-2023) when they announced End-of-Life. I had kind of wanted to switch when I bought this PC in 2019 but I wasn't ready to commit at that point. In 2019 I got this PC and it came with Windows 10. I had used WindowsXP before that, long past its End-of-Life. Now I don't remember why it took me so long to commit to the switch to Linux.

    Show threadDeManiak 🇿🇦1d ago

    @munroe @fifonetworks nice.

    for me, I took one whiff of that stupid Win8, and I made the jump.

    Been dual booting for a while before that with the Last Good Windows (7).

    I feel for folks trapped in windows by some obscure software requirements (or work compliance reasons)

    Show threadWolf Munroe ☎1d ago

    @kaasbaas @fifonetworks

    I stuck with XP for so long because I had to use Vista at work for awhile and really did not like it. (I always ran XP in the gray/boxy Win9x desktop mode, as I also think the green/blue XP is garish.)

    When Win7 came out, I heard good things, but the turn-over to Win8 was so fast that I was still on XP. When Win10 came out and I heard it was "the last version of Windows" I was like "Well, they're going to a subscription model" so I avoided it for many years.

    Show threadWolf Munroe ☎1d ago

    @kaasbaas @fifonetworks

    I wanted to go to Linux rather than Win10, but I did want to use the computer for games and in 2019 I don't know if Linux+Proton was ready yet. So I stayed on Windows.

    So with Windows11, when I was finally on Windows10 (which turned out to be relatively OK aside from all the online integration), I couldn't see any benefit to the consumer for the upgrade. All the benefit was to Microsoft with a new money grab and more telemetry.

    So I finally got to Linux. Yay!

    Show threadDan Gordillo1d ago

    @kaasbaas @munroe @fifonetworks anyway, you can use the most of free software alternatives also with Windows.

    Therefore, gnu/Linux is better option ;P

    Show threadslembcke1d ago

    (Edit! I thought Adobe bought Figma a few years ago, but apparently the merger failed. My bad…)

    @fifonetworks They’ve also been training AI on user documents for Figma for almost a year now. It’s opt out! https://help.figma.com/hc/en-us/articles/17725942479127-Control-AI-features-and-content-training-settings

    Honestly it’s merely a matter of time before they do it with Creative Cloud too. Too few seems to care… :-/

    Control AI features and content training settings

    Who can use this feature Available on all paid plans  Note: Figma’s AI features are currently free while in beta, but usage limits may apply. When made generally available, Figma AI will be...

    Figma Learn - Help Center
    Show threadEivind A. Johansen1d ago
    @slembcke
    Figma is not Adobe.
    Show threadHanneke1d ago
    @Arnstein @slembcke I thought Adobe bought them, but I looked it up and apparently the deal was cancelled. (posting this for other people having the same thought)
    Show threadslembcke1d ago
    @h5e @Arnstein Same. Whoops. My bad.
    Show threadDimitris1d ago
    @fifonetworks Use pdf x-change editor. It's faster and without AI crap.
    Show threadDr Neenah Estrella-Luna1d ago
    @Eglaf @fifonetworks Jumping in to second this. If you're using Windows, PDF exchange is a perfect replacement.
    Show threadDr Neenah Estrella-Luna1d ago
    @Eglaf @fifonetworks To add, I too have a lot of cybersecurity concerns, including NDAs that I have with my clients. PDF X-change does everything I need without the AI and surveillance BS.
    Show threadK4mpfie1d ago
    @fifonetworks But this is only happening when you log in?
    Show threadBert Koorengevel1d ago
    @K4mpfie @fifonetworks
    I don't think so.
    NB: logged in to what? My own PC, that is?
    Never knew reading a PDF required an account somewhere...
    Show threadK4mpfie1d ago
    @bertkoor @fifonetworks No 🙈 I meant logged into an Adobe Account. The question really is: Does Adobe use your files to train it's AI even if you just use the PDF Viewer without an Adobe account
    Edit: I know it's not required to have an Adobe Account to open Adobe PDF Viewer, but this vulnerability gets way worse if Adobe scan every PDF that you open it in their program
    Show threadOS-SCI1d ago
    @fifonetworks I stopped using Adobe products many years ago. For Pdfs I use LibreOffice Draw and i am quite satisfied with it. May the Foss be with you.
    Show threadOliver Schafeld1d ago

    I don't need advanced PDF editing options so I'm quite happy with using Skim instead of Acrobat Reader.

    https://skim-app.sourceforge.io

    I switched from Adobe Creative Suite to Affinity (one-time purchase instead of monthly subscription). Occasional Photoshop users could even try this free web app: https://www.photopea.com

    Skim | Home

    Skim project web page

    Show threadCHB1d ago
    @fifonetworks Thank you for highlighting this. Have to check those settings!
    Show threadUlrike Walter-Lipow1d ago
    @fifonetworks Thank you for this!
    Show threadBobDevney1d ago

    @fifonetworks

    Yikes.

    Although all three Generative AI boxes were unchecked (set to off) when I looked in my settings, so apparently not on by default in the case of my account. Whew. But thanks, will look again every so often.

    Show threadAndreas Fink1d ago
    @fifonetworks the solution is to not use any Adobe products at all. I have uninstalled all from Adobe once they moved to rental. And my adobe account was leaked as well (I only used it once when installing Photoshop because there was no other option). Adobe is not trustworthy. Period!
    Show threadstaringatclouds1d ago
    @afink @fifonetworks Would gimp do ?
    Show threadMrGrumpyMonkey1d ago
    @staringatclouds @afink @fifonetworks Add Krita to this as an alternative option.
    Show threadMvRiederberg1d ago
    @fifonetworks @inthehands I used Adobe since Illustrator 4.0. Leaved now.
    Show threadMillenial Witch1d ago
    @fifonetworks The unfortunate thing is that you can assume that they will use whatever data they can get and/or infer about you, and then sell it under the guise of anonimization to a company/companies that will later use it in a way that's impossible the predict now, but which for sure will coax you into buying a future product/service that you most likely don't really need 
    Show threadKarl Heinz Häsliprinz1d ago
    @fifonetworks PDF was a bad idea since a veryyyy long time. Maybe people can stop using it now?
    Show threadEzekiel 1d ago
    @KarlHeinzHasliP i don’t think this post has anything to do with PDF being a good or bad product
    Show threadMillenial Witch1d ago
    @fifonetworks and the idea that it's a default setting is outrageous in and of itself. Just think about it: a corporation that only purpose is to make more money to stakeholders, gets access to your data (and everyone else) because they decided that they have the right to it. And it's not only Adobe, but all of them: Google, Meta, Apple and the lot.
    Show threademily, blinkenlight witch1d ago
    @fifonetworks The "your documents will be processed in the cloud" sentence you have that line pointing at says that happens *when you use generative AI features on them*. It doesn't say they'll preemptively process things before you've done so.

    Still worth turning off to prevent misclicks, but "every document you view" is a mischaracterization of what's described in that text.
    Show threadTom_Huth1d ago

    @fifonetworks What will this mean to Adobes business with European customers, which currently seeking a independence and sovereign place for their processing and data?
    At least AWS and Microsoft have reacted by announcing a more independent data-center in the EU. Now Adobe is constructing a short cut for (sensible) data? For AI Learning?

    WTF Adobe 😡.
    We should advise not to use their products anymore!
    This kind of hidden feature is just impudence.
    Trusting Adobe? 🤪 A joke

    Show threadTom_Huth1d ago

    @fifonetworks Just a second aspect for everyone.

    Have you implemented it (data loss prevention tool) and you using it effectively and company-wide for data loss prevention?
    May you have to think again, thanks to the Adobe short circuit.
    Ultimately, if you read AI in the product description, you should proceed as you would with medication: Ask your doctor or pharmacist about risks and side effects.
    (Security doctor and Professor privacy)😉

    AI does not forget!

    Show threadShred15h ago
    @Tom_Huth I'm so old that I still remember the Adobe Flash Player. When it comes to "trust", Adobe isn't exactly the first company that springs to my mind. 😆 @fifonetworks
    Show threadTom_Huth15h ago
    @shred @fifonetworks Exactly, and yes I remember Adobe Flash as well.
    Show threadAlbert Cardona1d ago
    @fifonetworks Given such practices from Adobe, there's no expectation that they'll respect the setting, or come up with a new way to undermine the user's choice in the future. The only sensible path forward is to stop using Adobe products altogether. There are plenty of alternatives.
    Show threadEl Duvelle1d ago

    @albertcardona @fifonetworks ...what's a good Adobe alternative for reading and signing PDFs? 🥹

    Edit: on windows

    Show threadDan Goodman1d ago
    @elduvelle @albertcardona @fifonetworks Firefox is pretty good. Probably can't do digital signing but you can draw a signature with it.
    Show threadIris Young (he/they/she) (PhD)1d ago
    @neuralreckoning @elduvelle @albertcardona @fifonetworks I love Xodo for all things pdf. I use it for annotation on ipad and it's supported across mac, windows, linux and android as well.
    Show threadDan Goodman1d ago
    @iris @elduvelle @albertcardona @fifonetworks expensive though!
    Show threadEl Duvelle1d ago
    @neuralreckoning @iris @albertcardona @fifonetworks indeed!!
    Show threadRich Stein (he/him)1d ago
    @elduvelle @neuralreckoning @iris @albertcardona @fifonetworks
    "pdf24.org is a project of geek software GmbH, a German company based in Berlin, that was founded in 2006. PDF24 offers free and easy to use PDF solutions for many PDF problems, online and as software for download. Solutions include the well-known PDF24 Creator and PDF24 Online Tools."
    https://www.pdf24.org/en/
    Solutions for all PDF problems - 100% free - PDF24

    Free solutions for all PDF problems. Online and offline. Merge PDF, Compress PDF, Edit PDF, Convert PDF, ...