north

north, 7 days ago to random

If anybody ever forks Go, they should call it Vroom. You can have that one for free.

Follow for more stupid insights.

north, 11 days ago to Cybersecurity

I'll give this a shot.

I'm looking to #GetFediHired for a role in #cybersecurity. I've done both offensive (see e.g. https://github.com/qwell/disclosures/) and defensive security work, and have over 20 years of software development experience in many different languages.

ISC2 CC

DMs always open.

#FediHire #FediHired (we should pick a hashtag and stick with it) #InfoSec

north, 13 days ago to Cybersecurity

I'm looking to borrow (it's $200 and I'm not buying it) a copy of an extremely niche book from a law school library for a week or so. It's called "Cybersecurity and the Courthouse: Safeguarding the Judicial Process".

It should be very useful for all of my recent #cybersecurity work in that area (see https://github.com/qwell/disclosures/).

If you, dear reader, have access to such things, I'd like to have a chat to see what we can figure out.

Boosts highly appreciated.

#infosec #law #library

north, 1 month ago to fediverse

If I were to create a #webfinger #fediverse alias system, would there be any interest? The usernames would be like:

@alice @ۦ.ws
@bob @ۦ.ws

north, 1 month ago to random

Remember how I said I'm on the service list in Georgia v. Trump? Well, this is the fun stuff I get earlier than any media.

Edit: https://drive.google.com/file/d/17lBwE-Q1ePRHW65cWNyqzuyIzEnj3oWS/view

north, 1 month ago to fediverse

Do you create #fediverse platforms?

Do you have any interest in testing your #IDN (Internationalized Domain Name) support?

If so, hit me up, I've got some really evil ones I can create subdomains on.

pixelfed, 1 month ago to Pixelfed

Our Wikipedia page is at risk of being deleted because it may not meet notability guidelines.

Can we get some help?

We're not that familiar with Wikipedia or its processes, but we think our project is notable enough for inclusion.

https://en.wikipedia.org/wiki/Pixelfed

#pixelfed #wikipedia

north, 1 month ago to Cybersecurity

Look, reporters, I'm not going to beg you to cover my #court #cybersecurity #vulnerabilities, but I'm not above it either.

For the three reporters who have written articles about this, and the one who provided invaluable guidance, my gratitude is endless. This post doesn't apply to you, nor "the feds", the cybersecurity experts, or #lawyers (including and especially @eff), who were extremely helpful. The rest, however, should take note.

I've willingly laid my neck on a chopping block, unprotected, for over six months.

My outreach has been exhaustive:

• Attempted to engage with over 150 journalists and #news organizations,
• Coordinated frequently with the Cybersecurity and Infrastructure Security Agency (#CISA or "the feds"),
• Consulted with numerous cybersecurity experts,
• Sought advice from multiple lawyers,
• Spoke with ten state and state court CISOs,
• Attempted to talk to several dozen state and county court clerks and judges,
• Sent emails to every Florida State Senator, State Representative, and Supreme Court justice, and to multiple governors,
• Discussed with the staff of multiple U.S. Senators and U.S. Representatives,
• Contacted twelve vendors and over 40 employees

I've offered to write articles -- for free.

I've had no fewer than eight background checks done on me.

I've been cyberstalked by the Arizona Supreme Court.

I've put my job and my family's livelihood at risk in more ways than one.

I've made a grand total of $0; in fact, I've invested several hundred.

When I'm able to sleep, it's with one eye open, always waiting for "that" knock on the door.

After my first #disclosure, I prepared for a week to deal with what I expected to be a #media circus. What I received was one preemptive email from a state court #CISO (who was not affected) and one kind person (who is not a #journalist) on the #fediverse.

I've spent over 900 hours discovering, documenting, reporting, and disclosing vulnerabilities, trying to get this fixed on a mass scale, and attempting to contact the above list. I see no signs of this slowing down any time soon. All of this for what is merely a #hobby.

I've done my part. It's time for reporters to step up. The real-world harm these vulnerabilities have caused — and continue to cause — cannot be overstated. The need for widespread awareness and action is urgent.

Context: https://github.com/qwell/disclosures/

Email: north@ꩰ.com
Signal: north.01

#infosec #govtech #privacy #technology #law #journalism

atomicpoet, 1 month ago to random

No one is using using Truth Social. It’s on the stock market entirely so that Trump can cash out and thus deal with his legal problems. DWAC interest is at 11% which means a whole lot of people expect it to crash.

It’s worth noting, though, that Truth Social is almost entirely based on Fediverse software – though it doesn’t federate – and its current valuation is around $5 billion.

Remember that for the next time someone says your Fediverse server isn’t worth anything.

https://finance.yahoo.com/news/trumps-truth-social-stock-soars-in-first-day-of-trading-133705717.html

molly0xfff, 1 month ago to random

In case it might be useful to anyone else, I just wrote a quick Chrome extension to download all PDFs on CourtListener when there are multiple attachments to one docket entry.

https://github.com/molly/courtlistener-download

#CourtListener #PACER

drewharwell, 1 month ago to random

With Threads' entry into the fediverse, I'll be posting and playing around with two accounts now.

This one, on Mastodon.social: @drewharwell

And this one, on Threads: @drewharwell

How are y'all planning to do it?

north, 2 months ago to random

I just received the first one, so I figured I would share.

I now get served with documents any time anything gets posted to the docket on Georgia v. Trump, et al.

(Don't ask...)

vaurora, 2 months ago to random

Call for interviews! I'm working on an article about an example policy for contributions to open source projects. The goal is for all the contributors to a project, new and old, to have the same expectations regarding credit, reviews, requests for changes, etc. to reduce conflict.

Do you want to share your experiences with conflict over contributions (of any kind) to an open source project? Reply to this post or fill out this form:

https://forms.gle/FJzAvy4MFjqViECv5

Thank you!

CmdrTaco, 2 months ago to random

I tried to use a voice assistant to turn off the “rec room” lights but “rec” sounds like “rack” so it decided to turn off the switches in the room “rack” which just so happens to be where I put the ad blocker, the kids internet toggle, and… the wifi. So I got that going for me. Which is nice.

north, 2 months ago to random

Disclosure day!

Insufficient permission check vulnerabilities in Granicus's GovQA allowed unauthorized access to view, edit, and change ownership of open records requests, including restricted-access confidential records. By changing ownership of a request, an attacker could effectively deny a legitimate user's access to that request. The vulnerabilities affected various deployments, including numerous Departments of Children and Family Services or their equivalents, which handle highly sensitive records of domestic violence and sexual abuse allegations against children.

Details:
https://github.com/qwell/disclosure-granicus-govqa/

Coverage:
https://www.nextgov.com/cybersecurity/2024/03/flaws-public-records-management-tool-could-let-hackers-nab-sensitive-data-linked-requests/394755/