rysiek ✅ @rysiek@mastodon.social

Beached ship

today was 😒 + 😠 day..
fuck this day

There is an amazingly extensive list of #bugbounty writeups over on the @PentesterLand@twitter.com website:

https://pentester.land/list-of-bug-bounty-writeups.html

#security #infosec #appsec

@succfemboi @rysiek @privacylab

> --fingerprinting-client-rects-noise - Implements fingerprinting deception of JS APIs getClientRects() and getBoundingClientRect() by scaling their output values with a random factor in the range -5% to 5%, which are recomputed for every document instantiation.

Niiiice

@rysiek sorry, it's not a real tech conference unless it's financed by the Quatari Development Bank and features a "Women in Tech" panel with Arianna Huffington.

@succfemboi @rysiek would be great if these changes were rolled into chromium-browser in major distros

@pb I think the point is being missed.

I have no issues at all with people charging for services.

I have no issue with people not releasing their source code when it isn't ready for public release.

What I have a problem with is projects that see all the work happening in the open, slap on a connector to that work, begin charging people for it, and still don't release that code.

If it's in a good enough state that people can pay for it, it's good enough for me to read, and contribute to, and learn from.

Speculative execution claims another scalp. Seems you can get into SGX (and basically read any L1 cache). #foreshadow

https://foreshadowattack.eu

"O pożytkach płynących z rozdawania pieniędzy", Piotr Wójcik: https://nowyobywatel.pl/2018/08/13/o-pozytkach-plynacych-z-rozdawania-pieniedzy/

> „Bieda to nie brak charakteru, lecz brak pieniędzy” – tak zatytułował swoje wystąpienie na konferencji TED Holender Rutger Bregman, jeden z bardziej znanych zwolenników wprowadzenia bezwarunkowego dochodu podstawowego (BDP).

#bdp #ubi

In french we don't say "I'm a huge fan", we say "Je suis un gros ventilateur" and I think it's beautiful.

Hey #Fediverse. When you post pictures, please please please with puppies on top fill in that description box for the visually impaired. You will be helping us out tremendously. We want to enjoy your pictures as much as others do. You don't have to write a novel, but just fill in some details.

Thanks with much love:
A Blind Dude

Who knows a good front end dev? How is it possible that we are having a hard time filling a #job for @greenpeace international 1st #FOSS project? Peeps - please share: https://workfor.greenpeace.org/vacancies/details/front-end-developer/

@njoseph
@rysiek
btw. I've seen a cool poem some time ago on the fedi, can't remember who posted it, but it was sth like this:

Roses are red
Violets are blue
In surveillance capitalism
The poem reads you

“If every book had been reporting its reader to headquarters every single day for the last 500 years, we would not have what we are pleased to consider the human rights of citizens…,”
- Eben Moglen, Yale Privacy Lab, 2017

https://web.archive.org/web/20171221040028/http://www.ip-watch.org/2017/09/29/moglen-privacy-machine-not-yet/

#kindle #drm #surveillancecapitalism

#5yrsago Dear airline execs: crowing about new fees and price hikes before your merger makes the DoJ mad https://boingboing.net/2013/08/15/dear-airline-execs-crowing-ab.html

@rysiek Aha, that blue-green article confirms something I’d wondered about after some confusing Chinese conversations. Thanks!

"It means a lot."

At the top of everyone's computer security threat models should be:

1. Silicon Valley is run by a clique of unaccountable billionaires at least some of whom are actual Nazis, or at least Nazi-curious and find Nazis sympathetic and interesting and worth hearing out because they have important and fun ideas

2. The United States Government, as of 2017, is run by people who are actual Nazis and also Russian Mafia

Yet very few Silicon Valley Best Practices seem to take #1 into account