Hacker, Rapper, Developer, dade. https://0xda.de
717 followers 121 following 307 posts
view profile on Bluesky
A recent episode of South Park has Randy talking to ChatGPT about everything - marital problems, business ideas, etc. Sharon gets annoyed, tries it out, sees how insane it is, then starts responding to Randy like ChatGPT would in order to ween him off of it.
My ZSA keyboards also have whack-a-mole style training but I think it relies on the web-serial connection to support that, and it shows the location on my board when I miss something.
I practice pretty regularly with monkeytype.com. I don’t know that it’s designed to specifically help learn touch typing, but it’s decent. There is also keybr.com which is designed to help you focus on specific letters that you struggle with.
Uninterruptible Burrito Emergency Relief
Forgot about this very niche meme that relies on knowing both Donnie Darko and that Intel has special clean room suits called Bunny Suits.
I am currently available over Tor.
At defcon this year someone at the contest table was trying to do a RuneScape dance for his “performance” to earn a raffle ticket. Bro didn’t count on me having 20 years of RuneScape knowledge to know that he was doing the dance wrong 😭
My RuneScape account is older than your neopets.
One of my favorite article subheadings that I’ve seen in ages.
Hyper mediocrityyyy
It seems sarcasm doesn’t translate very well on BlueSky.
I don’t need PGP when I’ve got Protonmail 😏
Celebrating 10 years an @eff.org member today.
youtu.be/xUuf2l_dtJs
Who called it Shodan and not PortLand?
Mypy good, yourpy bad.
The difficulty with policies like this is that they have to be deployable in a way that the user of the machine can’t just launch obsidian without it or can’t easily modify it. This unfortunately means things like GPO on windows or system profiles in MacOS.
Damn I was happy to have forgotten this guy existed (allegedly). But what a tweet to bring him back to my attention.
Time to start work on my broadway musical: emails, egirls, emacs, egads!
I also think the financial cycle plays a part in this. Buying a tool to “fix” a problem is much easier accounting than spending multiple quarters actually working to eliminate the underlying issue. Tasks that don’t fit easily into quarterly planning are often rejected. “Gotta have something to show”
Enterprise agents especially at scale are largely just compensators for incompetence and inability by the teams.
I was just about to send you this picture of the new Lexus sport concept they unveiled yesterday but couldn’t figure out how to send a picture in Bluesky DMs lol.
Sometimes I think about atproto vs activitypub and why I find myself on Bluesky more than mastodon. I think an underrated thing that I really value is that my handle is literally my domain. You can find me via my domain. So it centers my identity on something I control and not bound to bsky.
I swear @vacci.ne found him at some point, or someone in the old Thugcrowd crew. But I could be completely misremembering.
Black tap goes hard. I have a picture from ages ago with like a poptart and a laffy taffy and sprinkles in mine. Utterly insane.
gatekeeping is so god dang cringe dude
Real "Right pocket is getting ready to invest in left pocket" type shit.
Haha they aren’t easy for me, I just had a hard time picking something that would be easy for everyone. What’s easy for me probably isn’t the same as what’s easy for you, etc.
Nothing on your todo list that you feel you can do? Add something really straight forward and easy like “take a shower” or “brush teeth” to the list and then do it and check it off. It’s like a portable battery for your brain.
I meant to tell you after whose slide when you mentioned it, but we had to dip early to get to sleep before our morning shifts. Next year is WSIIA 10-year, right? Let’s do something gargantuan for it.
That’s all on @elcannibal.bsky.social! It had an exclusive song of mine on it, which was very exciting!
And a very special thanks to @scrumdumpster69.bsky.social for always helping make sure I can do all the things I overcommit myself to.
Thanks to @grifter801.bsky.social, @defconmusicorg.bsky.social, @hak5.bsky.social, @elcannibal.bsky.social, @lintile.lol, and everyone else who made this a @defcon.bsky.social to remember.
Oh and on Sunday we got a country fan to rap an original song for me, a Canadian to sing the star spangled banner, an Air Force member to practice sitting down 40 times, as well as various other feats and performances in exchange for raffle tickets at the Contest Ops unofficial trading outpost.
I carried around an access point that gave people access to exclusive music and puzzles as part of The Subnet Music Project. All in, I got about 60k steps in between Thursday and Sunday. I managed to mostly keep my voice, and mostly get decent sleep each night.
I performed a rap show live on Saturday night (with the unfortunate pants ripping incident and all). I then rushed over to Hacker Jeopardy and performed a live rap clue for the NOTORIOUS category that I organized this year.
I am home finally and this con was a crazy one for me. It was busier than usual, but in all the best ways. It was my 10 year anniversary of defcon. I joined the C&E goon team. I helped Hak5 get pineapple pager preorders into the hands of hundreds of excited customers. I was on the soundtrack (DFIU)
We got a good look at it and there’s almost zero chance I revive this as a jumpsuit. Might cut the top, turn it into a vest, then get pants in the same split pattern but with looser more movable material 😂
There’s also geocities.restorativland.org but other than that I’m not sure
I’ve learned today that @missjackalopedj.bsky.social even got it clipped on Twitch. I’m thankful for the angle of the camera as well as the audience presence on the stream haha. m.twitch.tv/defconorg_en...
Last night, I rapped live at @defcon.bsky.social for the first time. During my song titled “DFIU”, I attempted to get off stage and ripped my pants. While literally singing about “don’t fuck it up,” I fucked it up. Could not have been funnier if I had planned it. Still finished the set.
The @defcon.bsky.social soundtrack is out today and @int0x80.com and I are on there with a TroubleShooters banger. Very excited to be included, as always, and the soundtrack is pay what you want and supports the @eff.org. defconcommunications.bandcamp.com/album/def-co....
If you’re a fan of Hacker Jeopardy, check out my song DFIU on the @defcon.bsky.social soundtrack. You can pay what you want to own (that’s right, you can actually possess the files yourself!) soundtrack and all proceeds go to the EFF. defconcommunications.bandcamp.com/track/dfiu
Hide your servers, the SMB officer is coming!
The FREE DEF CON 33 Original Soundtrack is live! 33 Tunes from amazing producers. It is free to download, but if you'd like to donate, 100% of revenue goes to support the Electronic Frontier Foundation. defconcommunications.bandcamp.com/album/def-co... #DEFCON #DEFCON33 #EFF #DC33
Disagree and commit crimes
I was thinking about setting up ntfy.sh soon. Of course, you always run the risk of the notification service crashing and not sending you notifications about it, lol.
Design a bastion to not even offer users a shell. No need for it, so don’t even offer it.
I want to hear about how the scene has changed for the better, how it has changed for the worse, and what we can do to bring back the golden age of zines. I also want to ask them to save me a physical copy (I’ll distribute some at the booth again if you want)
The Subnet is a project by @elcannibal.bsky.social that encourages you to connect to suspicious open access points in order to get free exclusive music from some of your favorite artists. thesubnetmusicproject.github.io/TheSubnet/
I have _TWO_ new songs dropping at @defcon.bsky.social this year. One is on the @defconmusicorg.bsky.social soundtrack, it’s an ode to Hacker Jeopardy in collaboration with @lintile.lol called DFIU. One is a 56-bar free verse that will be exclusively available on The Subnet (details below).
Are you going to @defcon.bsky.social?? We'll be giving away 9500 print copies of Phrack! Come by main stage Sunday @ noon to see @vacci.ne @richinseattle.bsky.social and chompie talk hacker history! This will mark the first time Phrack staff appear together on DEF CON’s main stage.
Content publishers can now get paid per request, effectively, by bots. This gives bots a more reliable way to access the data than participating in the arms race. Places where captcha served anti-abuse can basically be replaced by “you can make as many requests as you want, pay for each one.”
I honestly fully expect the traditional captcha experience to go away. With Cloudflare and Fastly both introducing payment schemes for websites to directly charge bots for interactions, I think it flips the captcha game on its head for most use-cases.
Part of the job as a cybersecurity professional is in fact arguing to purge and not log information about your customers. Data is not oil. It's risk.
Oh wait second complaint is that I pay an annual subscription to not be able to tell the time. But the annual subscription is comparable to buying a new smart watch every year or two, I guess.
I’ve been such a big fan of the whoop band specifically because it’s not a smart watch. All the health tracking features, a convenient vibrate-my-wrist alarm, no notifications, multi-day battery life, can recharge while wearing. Only complaint is it doesn’t tell the time.
Come see me rap at the @defcon.bsky.social chillout stage on Saturday Aug 9 @ 8pm. There will be old raps and new raps, borrowed raps and blue raps.
I’m at #OpenSauce and the PCB badge has a SAO connector. Badge Life is taking over every conference, isn’t it?
MiKAL KWeLL
No one knows how many users @obsidian.md has I think it's around 5-10 million people but I'm not sure? Anyone can download the app and start using it without creating an account or talking to anyone, and there are no analytics built-in 🤷♂️
I still can’t believe they renamed the Cyber Cold War to the Cybrrrr War.
The existence of cyber 9/11 must mean that cyber Pearl Harbor already happened.
Can’t wait for 13ft.io
Hello, IT. Have you tried turning it off and setting it on fire?
And you can download it in various file formats, but ONLY via FTP. Just for old times' sake. If you don't keep an FTP client installed, try your command line. I bet there's one there. 199.201.145.189 u: nerdcore p: //_]-[_1_P_]-[_0_P_\\
![screenshot: 230 Login successful. ftp> dir 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -r--r--r-- 1 0 0 28112251 Jul 13 16:45 MC Frontalot - Nerdcore Hip-Hop (25th Anniversary Vocal Re-Record) [44.1].flac -r--r--r-- 1 0 0 39994442 Jul 10 17:01 MC Frontalot - Nerdcore Hip-Hop (25th Anniversary Vocal Re-Record) [44.1].wav -r--r--r-- 1 0 0 5079511 Jul 13 16:47 MC Frontalot - Nerdcore Hip-Hop (25th Anniversary Vocal Re-Record).m4a -r--r--r-- 1 0 0 6050342 Jul 10 17:01 MC Frontalot - Nerdcore Hip-Hop (25th Anniversary Vocal Re-Record).mp3 dr-xr-xr-x 3 0 0 4096 Jul 13 16:55 the hi-res flac is in here 226 Directory send OK. ftp: 610 bytes received in 0.08Seconds 7.63Kbytes/sec. ... I wrote DIR instead of LS because I gotta keep those feelings of impostor syndrome pulsating inside me.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:3vn4s7qgf6v4dyxkhxyoqknu/bafkreibfiyfwd3lhkkeas6gk2jn3bawr6xhqnvirtzleiqvmf7pxf7hcei@jpeg "Click to view full size")
I had this idea last night while driving home from SFO and seeing all the AI billboards. Call the company “Actual Intelligence” and a slogan I’m working on: “When even Hitachi can’t fix your vibes, you need Actual Intelligence.”
“Center for Conservative Scholarship” and it’s just got packs of crayons and finger paints, dedicated nap time, and for the thesis they might make some macaroni art. Make sure to watch them around the glue, though. It’s been known to mysteriously wind up in digestion tracts when left unattended.
From BitchX to Bitch@, 20 years of bitching on the internet.
The three types of data structures in computer science are FIFO, LIFO, and FAFO.
In two years 68% of customer interactions will be performed by AI agents, but in three years 100% of customer interactions will be handled by human beings.
Can DM me here for now and if we have to move beyond that I can share signal or email 🙂
Hacker parody of Goodies by Ciara called Hoodies. My hoodies, my hoodies, my hoodies, Not my hoodies (ow!)
Haha I did look at the repo and the thing I wanted has a very long thread that highlighted several reasons I don’t actually want to use the software, that I didn’t know til I read the thread. (Zen browser)
Oakland street art. The melting on the sidewalk was a real nice touch.
I can’t believe it, I have discovered a package I want to install that isn’t available in nixpkgs. It’s been a year and this hasn’t happened to me before now. Incredible.
You mean to tell me Amazon Web Services certified these welders?
Oh my god I might finally be able to survive a Lyft ride again.
I also just noticed that Twitch and Cloudflare in my Authy app use 7 digits, in a 2-3-2 pattern. Just really off on a rabbit hole now of why someone picks a specific number of digits for their solution. 😂
Oh yeah I guess I just meant why 4 or 6, why not 5 or 7? Like with the validity window and accounting for skew and stuff, I do understand why the lower count is feasible, just unclear on if there’s an actual mathematical or psychological reason why 6 is the de facto standard for TOTP.
Oh yeah I don’t think there’s any actual value in ten digits. Though now that I’ve said that, I also don’t know if there’s any actual value in four or six digits. All feels a little arbitrary without the additional context of expiration and/or throttling 😂
Maybe they don’t know how to expire the codes so they just made them longer and are hoping. Or maybe they don’t know how to throttle attempts so they just said “surely no one can guess 10 digits in this 10 minute window”
I really wanted to a laser jet but the physical footprint is too big for the table I had to put a printer on so I ended up with a brother inkjet. I regret it about every 3rd or 4th print.
It just occurred to me that it’s called ghost riding not ghost walking. I must be on my Danny phantom shit right now.
Poopwalk the whip?
Very cool that I ain't heard shit from the social security administration in ages and now I'm getting Trumpism propaganda delivered to my inbox.
Choosing my handle all those years ago was strategic so that I would be the first name listed on the @defcon.bsky.social music lineup this year. It’s my first year being on stage as an artist at Defcon, and I’m very excited to rap my ass off for you all.
My work devices are even isolated on their own vlan at home - they can talk to each other and to the internet, and nothing else on my network can talk to them. Never cross-contaminate accounts. You’re one legal hold away from your general counsel having to explain your DMs in court.
Exportable passkeys are objectively still better than passwords or totp 2FA. But it’s also a marked downgrade from hardware bound keys, and in a way that seems pretty transparent to the user.
Hardware backed passkeys? Great security. Can’t be exported. Can’t be used without your device. Can’t be used without your device. Obviously this required that we create a solution where the passkeys could be used on another device besides the one you set it up on. Now passkeys can be exported.
This isn’t to blame the people working on the specs, or even the tools. It’s just the emergent reality of the various actors all trying their best.
Passkeys are legitimately so much better for security, and then we fucked it up.
Passkeys have the added bonus of being practically incomprehensible, with varying levels of security contained in the magic word “passkey”, but never really exposed to the user. Bonus points for my password manager, browser, and operating system all competing to lock me into their passkey provider.
This brought up an interesting consideration for me. I think I would rather someone tell me to use chatgpt than for them to respond to my question/comment with “chatgpt says…” I’m not sure exactly why, but I think it’s the less annoying of the two common situations.
Apple was the real saboteur in this situation involving slobber tourers.
Always open to at least talk about projects!
Imagine hardstyle at 2x. “Tonight’s show will feature music between the 360 and 400bpm range. Strap in.”
Like install a windows registry cleaner?
I remember discovering findom because I searched twitter for “teamviewer” like 6 years ago and it was almost entirely findom content. Who knew.