[-] cheet@infosec.pub 12 points 2 months ago

Tramp, ASCII and Neo?

[-] cheet@infosec.pub 17 points 3 months ago

Unfortunately a lot of rentals dont have their own laundry, or have to use a shared building laundry.

At my last place we had to pay 3$ for a wash and 6$ for a dry. Had to use a credit/debit machine to load a card, and the machine was frequently broken, so I'd have to go to another building in the area to reload it, but I'd have to wait for someone to let me tailgate in the lobby.

Just own it is like saying people should just buy homes or move to a better apt.

[-] cheet@infosec.pub 54 points 3 months ago

I had a headhunter complain to me on LinkedIn about ignoring their connection request, as if I owe them something. They really are unhinged sometimes.

[-] cheet@infosec.pub 21 points 5 months ago

Specifically the album "audio video disco"

[-] cheet@infosec.pub 14 points 6 months ago

Holy shit, that's actually hilarious, I imagine someone would have noticed when their paste/auto type password managers didn't work

For those confused, this sounds like instead of making a real website, they spin up a vm, embed a remote desktop tool into their website and have you login through chrome running on their VM, this is sooooo sketch it, its unreal anyone would use this in a public product.

Imagine if to sign into facebook from an app, you had to go to someone else's computer, login and save your credentials on their PC, would that be a good idea?

[-] cheet@infosec.pub 29 points 8 months ago

Try to take it easy man, don't burn yourself out over work, your health is important.

[-] cheet@infosec.pub 16 points 8 months ago

The blog post they did showing how they do a sort of regression testing is still some of the coolest devops I've seen.

Check the FifoCI stuff here.

https://dolphin-emu.org/blog/2015/01/25/making-developers-more-productive-dolphin-development-infrastructure/

[-] cheet@infosec.pub 141 points 9 months ago

Im a security professional who works to harden medical devices. I use the flipper zero to easily test many different protocols that would be a pain in the ass to do "manually".

The flipper makes it easy for me to verify IR, sub GHz, USB, SPI, and many other protocols while being able to walk around the devices I test.

Without the flipper I could totally do these checks with homebrew tools, a pi and an rtlsdr (unless thats gonna be illegal too?) But it would take me writing new tools and procedures rather than the ease of the flipper.

Anybody in the know can tell you that the hardware isn't anything special, and like many others have said, its like making a swiss army knife illegal cause the toothpick can be used to pick a lock.

This isn't gonna stop anybody, if pentest tools are showing flaws in your product, maybe we should send flippers to the car manufacturers and tell them to fix their shit. You shouldn't be allowed to sell a car that can be wirelessly hacked like this, just like how the FDA doesn't let you sell medical devices that can be hacked like that.

You don't just put the cat back in the bag...

[-] cheet@infosec.pub 18 points 9 months ago

In addition to what the other commented said, a lot of sys and net admins really don't like the idea of every lan device being globally addressable, while there's ways around it, a standard ipv4 Nat is a safety blanket to a lot of admins... Not that it should be like that, just my observation.

[-] cheet@infosec.pub 43 points 9 months ago

We use gitlab ultimate at my work, I'm the main admin of the instance. Like 2 weeks ago when there was the cvss 10 vuln, gitlab sent us a .patch file to apply to the instance instead of releasing a new minor cause they didn't wanna make the vuln public yet. I guess that's coordinated disclosure, but I still found that remarkably jank.

[-] cheet@infosec.pub 14 points 10 months ago

Yeah I'm still not over losing my notification led either. Was a staple of the android experience imo

[-] cheet@infosec.pub 39 points 1 year ago

I'm a torrenter with the sonarr radar lidarr prowlarr *arr setups.

I've dabbled with Usenet and here's my understanding.

With torrents you're all sharing something live, if you want ubuntu.iso and I have ubuntu.iso you can get it from me and many others who seed this file. A torrent tracker (or the dht) helps put us in touch so you know where the file is.

With Usenet it's more like I dead drop this file, zipped and encrypted(?) onto a Usenet news server. All the Usenet providers mirror each other or something like that, so if you're on a diff provider than me that same file should still be available. Then I tell an indexer, like dognzb or nzbgeek that this file is in fact ubuntu.iso and not garbage data. When you want ubuntu.iso you ask the indexer, indexer gives you a link and you get the file.

Beyond this, I don't know about how much safer it is, but my immediate guess is that since you're not seeding there's less risk.

Now if you're really snobby like me, you'll quickly realize that the release groups you're used to aren't as well represented. I've often landed in situations where episode 7 of 20 is missing on Usenet...

As a snob, I've decided private trackers are probably the best place to be to keep my quality expectations satisfied.

Hope this helps.

view more: next ›

cheet

joined 1 year ago