savagejen @Savagejen@mastodon.social

Follow up story:
A mentor was working on something he found interesting that everybody else thought was not valuable. That small bit of esoteric technical knowledge was later reused in a seriously impressive exploit.
He said this to me about it, "we don't need to know where the lock for a key is to recognize that a key is valuable."

A few years ago, someone I looked up to said something discouraging about something I had worked on. It was not specifically directed at me, but it stung just the same. A certain amount of hard won confidence in my abilities was undermined by this and I still think about it from time to time.

But here is the hard won secret to combatting these feelings: not everything you work on has to be immediately valuable. If it holds your interest, it is a worthwhile pursuit.

I mean if you see how to exploit it, feel free to speak up 😘

Seems like there is a lot of interest in #CVE-2016-10229 so I went ahead and looked at it a little.

Start here: https://nvd.nist.gov/vuln/detail/CVE-2016-10229#vulnDescriptionTitle

Then read this commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191
Look at the code changes, it's not obviously vulnerable.

And then finally read this message from the commit author: https://plus.google.com/+EricDumazet/posts/ZQie5XjAic2

It bothers me when people say "if you are good at X, you can't also be good at Y." I have heard the stereotype repeated often that devs are either good at seeing the big picture or the implementation details, but not both. It bothers me because I feel that I can do both, and in fact some of my most clever work was the result of using an implementation detail to subvert system design to fit my needs. Stop typecasting people along these lines.

Sunday morning. Vaguely wishing I was chilling on a couch with a good latte listening to someone spin chill out music.

Cloud at cost *still* hasn't processed payment for my VPS. :disappointed:

Has anyone tried the new keybase chat client? https://keybase.io/blog/keybase-chat
What do you think of it?
(Source here: https://github.com/keybase/client )

Are there any ccc affiliated instances yet? When are hackerspaces and chaostreffs going to stand up instances for their members?

(Specifically this happens when running a full scan)

Not for nothing, but I've found even just having old Zeus binaries (from the time period when the source was leaked) on the hard drive of a windows 10 box (in this case I have never run them at all) causes the box to blue screen and reboot, and upon startup Windows Defender reports that the scan completed successfully, even though it did not! I sent Microsoft a note about it weeks ago and never heard back.

This place already has better content than other social networks I've joined. Consistently seeing great infosec content posted. Maybe it's just the extra space to talk?