AlesandroOrtiz

@AlesandroOrtiz@infosec.exchange

Software Engineer. Security Researcher. Puerto Rican 🇵🇷. New Yorker. Bilingual. LG(B)TQ 🏳️‍🌈. He/him.

Focused on browser research. Glad to collaborate.

Website: https://AlesandroOrtiz.com
(Header 📷: roriv3ra on IG)

This profile is from a federated server and may be incomplete. Browse more on the original instance.

0xabad1dea, to random

I am so fatally online that I just parsed the word “ghost” as referring to a hosting service provided by google

AlesandroOrtiz,

@0xabad1dea I'm sorry to inform you that gHost shut down in 2013. It's now a literal ghost.

zachleat, to random
@zachleat@zachleat.com avatar

Formal and official hierarchy of email hostnames:

@YOUR_CUSTOM_DOMAIN
@fastmail.com



@icloud.com
@gmail.com
@aol.com
@outlook.com
@hotmail.com









@hey.com

AlesandroOrtiz,

@zachleat Where's @.earthlink.net?

AlesandroOrtiz, to random

JFK 🛬 SJU 🇵🇷♥️ https://www.swarmapp.com/the_php_jedi/checkin/65b7caecf700c074584a2b78?s=JGKBriHIv1LBys2OzZPuKfggQvE

simon, (edited ) to random
@simon@simonwillison.net avatar

Account security software design question: if a user has created an account with an email and password, and verified that email address (via clicking a link/entering a code in an email they sent you)... and then later they SSO "sign in with Google" from a Google account for that same email address, is it OK to grant them access to their previously created account without first requiring their password as an extra verification step?

AlesandroOrtiz,

@simon In an ideal world: Yes.
In reality: No, due to you needing to trust all accepted SSO providers to validate email. And hope that they don't have vulnerabilities now or in the future that allow impersonation.

danhon, to random
@danhon@dan.mastohon.com avatar

hey hey, do I know anyone who's worked on dating apps? or do you know anyone who's cool who's worked on dating apps, specifically in the realm of stuff like trust and safety?

AlesandroOrtiz,

@danhon Maybe the folks over at https://integrityinstitute.org/ might be able to point you in the right direction?

dangoodin, to random

Is it no longer possible to download the cc transcripts of a YouTube video? I could swear there was an option by clicking the 3 dots. Now I can't find it.

AlesandroOrtiz,

@dangoodin I know using yt-dlp can download subs from a video and write them to a separate file. https://github.com/yt-dlp/yt-dlp

zachleat, to random
@zachleat@zachleat.com avatar

“When I […] go to canisue, it seems that all browsers support the inert attribute.”

is canisue new? haven’t heard of that one before

AlesandroOrtiz,

@zachleat Welcome to Can I Sue!

  1. Who do you want to sue?
    [ ] A government agency/official
    [X] A company
    [ ] An individual

  2. Have you signed an arbitration agreement?
    [ ] Yes
    [ ] No
    [X] Didn't read agreements

  3. Did you receive a check for less than $3 from a prior class-action lawsuit relating to this matter?
    [X] Yes
    [ ] No

Result: We're sorry, but you probably can't sue them for this matter by accepting the $3 or less check. A lawyer may still be able to help. You can consult a lawyer using the affiliate links below:

AlesandroOrtiz,

@zachleat I swear I wrote this on my phone's tiny on-screen keyboard.

foone, to random
@foone@digipres.club avatar

the good news is that Mouser has the part I want
the bad news is that the minimum order is 3600 of them.

anybody got 10k$ to spare? I'm building a keyboard. I need, uh, one of these.

AlesandroOrtiz,

@foone cut to eBay listing of 3,599 parts

lzg, to random
@lzg@mastodon.social avatar

deleted_by_author

    •
    AlesandroOrtiz,

    @lzg This could be the title screen of an indie video game.

    fasterthanlime, to random
    @fasterthanlime@hachyderm.io avatar

    POV: the only tool you have is recurring subscriptions but you want to sell a lifetime subscription

    AlesandroOrtiz,

    @fasterthanlime sheepishly raises hands I've implemented this exact method for lifetime plans in the past...

    seldo, (edited ) to random

    Do you have a device that can receive radio broadcasts in your house (not your car)?

    AlesandroOrtiz,

    @seldo AM/FM specifically?

    AlesandroOrtiz,

    @seldo 👍🏻 Yes, but only as part of a NOAA weather radio (for emergencies) that also has AM/FM capabilities. I don't use it for regular radio in non-emergencies.

    I may have an alarm clock with AM/FM radio too, but also don't use it for radio.

    danhon, to random
    @danhon@dan.mastohon.com avatar

    RIP bash.org :(

    AlesandroOrtiz,

    @danhon :( but I also remember looking at the top quotes a decade ago (and again now), and a vast majority were incredibly racist, sexist, or otherwise yikes-inducing. If memory serves correctly, this was the norm for new submissions in its heyday.

    Maybe that kind of humor was acceptable in some circles back then and might still be now, but it never sat well with me.

    AlesandroOrtiz, to random

    About once a week I come across a user who is still using Chrome version 90-something, released in 2021. Incredibly dangerous.

    Most of the time, they are running Chromebooks.

    I always implore them to update if possible, but I suspect in most cases the devices have been EOL'd by the manufacturer/Google.

    marsroverdriver, to random
    @marsroverdriver@deepspace.social avatar

    I'm a big fan of Mastodon's "private note about this account." I often use it to store the URL of the post that got me to follow someone. Not only is this a rich (if scattered) selection of great links, but also it comes in handy when I ask myself "why am I following this person who is tooting about traffic patterns in Detroit" and it reminds me that they also toot thoughtfully about the political implications of software or something.

    AlesandroOrtiz,

    @marsroverdriver Same. It's something I sorely needed with Twitter, to the point I kept my own notes.

    I think they were API-enabled services that would email/notify you after a new follow to add the context, but with recent API restrictions those apps are probably dead.

    hdm, (edited ) to random

    Piping /dev/urandom into the USB HID keyboard stream[1] of a Windows 11 host logon screen makes for some funny videos.

    Semi-related, you can do silly things with the "Microsoft OS Descriptor" USB parameters (properties get mapped to registry keys/values), but it looks generally safe, since not much happens automatically with those properties, especially outside of the Explorer view for Mass Storage/MTP/PTP devices.

    1. Pi Zero W 2 in OTG mode, setup as a composite device via ConfigFS, and literally mashing random bytes into /dev/hidg0

    #usb

    AlesandroOrtiz,

    @hdm This is one way of fuzzing...

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    Orange Spain outage looks real, BGP hijack by somebody for laughs apparently. #threatintel https://benjojo.co.uk/u/benjojo/h/r1zj333N4L6cF7P1xv

    AlesandroOrtiz,

    @GossiTheDog I'm afraid to favorite this post. Don't want to be placed in a watchlist. :P

    kf, to random
    @kf@666.glitchwit.ch avatar

    I want to get rid of the desk in my apartment SO BAD

    right now, I really only use it for interviewing candidates at work, so it’s not an impossibility

    I mostly work from a coworking office

    but the idea of getting rid of it completely is so anxiety-inducing for some reason

    AlesandroOrtiz,

    @kf With the right green screen magic, it can look like you're sitting in the board room and they're all the way across the table.

    mjg59, to random
    @mjg59@nondeterministic.computer avatar

    https://mm.icann.org/pipermail/tz/2023-December/033317.html really feels like Old Internet (read the entire thread, it's amazing)

    AlesandroOrtiz,

    @mjg59 I need a dramatic reading of this whole thread on YouTube

    harrymccracken, to random
    @harrymccracken@mastodon.social avatar

    I didn't realize that the ITC situation only impacts Apple's direct sales of the Apple Watch, not resellers such as Best Buy. https://www.bloomberg.com/news/articles/2023-12-18/apple-plans-rescue-for-17-billion-watch-business-in-face-of-ban

    AlesandroOrtiz,

    @harrymccracken This article says the order prohibits Apple from importing into the U.S. or selling to anyone within the U.S., including selling to resellers. https://9to5mac.com/2023/12/18/apple-halting-apple-watch-series-9-and-apple-watch-ultra-2-sales/

    AlesandroOrtiz,

    @harrymccracken That's also what I assume. As long as supplies last for those resellers

    timbray, to photography
    @timbray@cosocial.ca avatar

    This poor old guy is 14, has a bad leg, and his closely-bonded sister recently died, so he’s kind of sad and can use all the affection he can get.

    #caturday #photography

    AlesandroOrtiz,

    @timbray 💜

    AlesandroOrtiz, to random

    For reasons, I've tested 4 different vendors that provide cookie banners (consent management).
    Every single one of them has blocking functional bugs that prevent their cookie-management logic from working as advertised, or has an unacceptable effect on the embedding website (like CSS for their modal unexpectedly affecting the actual website content).

    I see things have not changed in enterprise world in the past 7 years. Brings me back to my old job where I was constantly finding blocking bugs in enterprise software.

    Viss, to random
    @Viss@mastodon.social avatar

    wow i cant save gifs from the itnernet anymore?
    thanks chrome.

    AlesandroOrtiz,

    @Viss Chrome report from 2020 says it's a MacOS bug that also affects other apps (see comment 6, and the search results): https://bugs.chromium.org/p/chromium/issues/detail?id=1127773#c6

    Comment 5 indicates the error is from the OS, not Chrome, despite the Chrome icon being shown in the dialog.

    e.g. Sublime Text has experienced the issue too: https://github.com/sublimehq/sublime_text/issues/3174

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • InstantRegret
  • mdbf
  • osvaldo12
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • cubers
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • anitta
  • Durango
  • everett
  • ethstaker
  • cisconetworking
  • provamag3
  • Leos
  • modclub
  • ngwrru68w68
  • tacticalgear
  • tester
  • megavids
  • normalnudes
  • lostlight
  • All magazines
    •