Mastodawn

Vanja Ćosić Oct 17, 2024

Ricky Mondello Oct 8, 2024

I was recently asked if the strong passwords that Apple Passwords generates contain ”gibberish two-syllable ‘words’”. I explain the answer to this question in a new post on my blog: https://rmondello.com/2024/10/07/apple-passwords-generated-strong-password-format/

Apple Passwords’ Generated Strong Password Format

This post briefly summarizes part of a talk I gave in 2018. All information in this post has been accessible on YouTube since then. There is no new information or news in this post. On Mastodon recently, [email protected] asked me: Having an annoying argument on Threads about Apple generated passwords. Every iOS Password (like hupvEw-fodne1-qabjyg) [...]

Ricky Mondello

Vanja Ćosić Jul 19, 2024

Kenn White Jul 19, 2024

Coverage from the excellent security team at Wired

https://www.wired.com/story/crowdstrike-outage-update-windows/

How One Bad CrowdStrike Update Crashed the World’s Computers

A defective CrowdStrike update sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.

WIRED

Vanja Ćosić Jul 19, 2024

Tony “Abolish ICE” Arcieri🌹🦀Jul 19, 2024

To fix the bungled CrowdStrike update, apparently you need to boot the system into safe mode and remove a file.

If the system was encrypted with Bitlocker, you need to enter the system's Bitlocker recovery key.

Apparently, many people are discovering they didn't have key management in place to store Bitlocker recovery keys, making it akin to a self-inflicted ransomware attack.

Vanja Ćosić Jul 19, 2024

Soatok Dreamseeker Jul 19, 2024

#Crowdstrike #outage #Microsoft
The Crowdstrike homepage is unintentionally hilarious today

Vanja Ćosić Jul 19, 2024

BleepingComputer Jul 19, 2024

A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals.

https://www.bleepingcomputer.com/news/security/crowdstrike-update-crashes-windows-systems-causes-outages-worldwide/

CrowdStrike update crashes Windows systems, causes outages worldwide

A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals.

BleepingComputer

Vanja Ćosić Nov 30, 2023

Dare Obasanjo Nov 30, 2023

Henry Kissinger being responsible for three to four million deaths then living to 100 and dying peacefully as a kindly grandfather is why humanity invented religion. There’s no better way to cope with the unfairness of life than by imagining a fair afterlife.

https://www.rollingstone.com/politics/politics-news/henry-kissinger-war-criminal-dead-1234804748/

Henry Kissinger, War Criminal Beloved by America’s Ruling Class, Finally Dies

Henry Kissinger has died at age 100, his consulting firm said in a statement on Wednesday.

Rolling Stone

Vanja Ćosić Oct 20, 2023

Jason Koebler Oct 20, 2023

I wrote about my first two months on Mastodon. I was a Mastodon hater because I thought it would be weird, complicated, or dead. It's been none of those things.

I'm ashamed I didn't join earlier and I'm ashamed I haven't been telling people to join it, because it's a version of the internet and social media I've long advocated for with my reporting: decentralized, portable, user controlled, not corporate:

https://www.404media.co/mastodon-is-the-good-one/

Mastodon Is the Good One

Mastodon is interoperable, decentralized, operated by a nonprofit, lively, and, ACTUALLY, isn't hard to use. So why is everyone championing Threads as the main Twitter alternative?

404 Media

Vanja Ćosić Sep 27, 2023

Oh no... Quora uses a dumb algorithm that answer random questions incorrectly and then Google uses a dumb algorithm to put those wrong answers at the top of search results. Thanks, "AI".
The internet that was created for and by humans is dying 😔
https://arstechnica.com/information-technology/2023/09/can-you-melt-eggs-quoras-ai-says-yes-and-google-is-sharing-the-result/
#misinformation

Can you melt eggs? Quora’s AI says “yes,” and Google is sharing the result

Incorrect AI-generated answers are forming a feedback loop of misinformation online.

Ars Technica

Vanja Ćosić Sep 22, 2023

A deep technical exploration of how to trigger a tricky 0-day vulnerability in the WebP image library (potentially the one discovered by Citizen Lab recently)
Impressive work by @hawkes and @mistymntncop 👏
https://blog.isosceles.com/the-webp-0day/
#infosec #reverseengineering

The WebP 0day

Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple's Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image library, and it had a familiar warning attached: "Google

Isosceles Blog

Vanja Ćosić Sep 21, 2023

Yet another example of why open source software is amazing:

PostgreSQL 16 added support for using underscores as thousand separators to improve readability of large numbers, eg. `1_500_000`. It's something I really appreciate in #Elixir, #Rust, and now it's coming to #SQL too.

The amazing part, as usual, is behind the scenes.

@petereisentraut shared how the feature came to be and why it took 4 years from idea to release.
An incredible amount of effort goes into bringing (deceptively) "simple" features to any project as complex as Postgres - including the detour of getting it into the SQL standard first!

Thanks to Peter (and the team) for not only putting in the work, but also sharing the story, I really enjoyed it! 🐘🩶

https://peter.eisentraut.org/blog/2023/09/20/grouping-digits-in-sql

#opensource #postgresql

Grouping digits in SQL

PostgreSQL 16 was released last week. This is the story of a feature.

Peter Eisentraut

Website	https://vanjacosic.com
Security work	https://kompilers.com
GitHub	https://github.com/vanjacosic
Twitter	https://twitter.com/vanjacosic
127.0.0.1	Copenhagen 🇩🇰