Hacker. Enby. Administrative inconvenience. Purveyor of technically sophisticated shitposts. Suing the UK for more gender, help with my legal bills: https://enby.org.uk/ Mastodon: https://infosec.exchange/@ryanc Non-binary trans androgynous (they/them)
5,823 followers 964 following 3,832 posts
view profile on Bluesky
The paper I presented at Security Protocols Workshop is out! The theme was "controversial security". We work to bridge the gap between platonic models of rational actors and the trenches, exploring why the real players don't always disclose vulnerabilities or issue patches. rya.nc/files/strate...
Is he? Let's file complaints and get his license revoked.
Report JKR's tweets to the police, she's inciting violence.
The paper I presented at Security Protocols Workshop is out! The theme was "controversial security". We work to bridge the gap between platonic models of rational actors and the trenches, exploring why the real players don't always disclose vulnerabilities or issue patches. rya.nc/files/strate...
I heard about it, hadn't really looked into it. Using CLI LLM tools to steal secrets seems... deeply lazy.
making a list of algorithms that are chaotic and algorithms that are lawful
The "do I want to do her or be her" feelings brought on by Kate Libby, or Dade Murphy in drag?
egg-producing equipment? does joanne mean like a dvd copy of 1995 trans-coded film classic HACKERS?
I've been sitting on this code since the Bitfi debacle of 2018 - John McAfee was spokestroll for an "unhackable" cryptocurrency wallet, and long story short @saleem.bsky.social and built a reliable key extraction exploit and withheld the details out of spite. gist.github.com/ryancdotorg/...
Of course BBC deadnames her in the byline.
I ran the math on the London GIC again recently, it's more like 15 years.
petition.parliament.uk/petitions/71...
π 40,000 women have signed - and weβre not stopping here. Weβre united in rejecting discrimination against the trans and non-binary community. We refuse to let our voices be used to divide. This is our moment β and weβre heading for 50,000...and beyond! ππ₯ π’ Hereβs how you can help us get there...
I just saw someone on Reddit describe Las Vegas as βIf Ticketmaster was a cityβ and holy crap.
Truth. I remember in the friggin' 90s reading essays by forward-thinking hacker types who were like "We cannot allow the internet to become funded and sustained by advertisers, it must be nationalized now as a public service" and thinking "Seems dramatic!" lol. LOOOOL.
If youβre an individual, you can write to your MP to express your concerns, and state that you no longer recognise the EHRC as a NHRI. Weβve prepared a letter you can personalise and send. It helps show this issue matters to constituents.
This thumbnail is killing me
I mostly share this sentiment, but what I really want is to be recognized as nonbinary. I do get spontaneously referred to in a gender neutral way fairly regularly.
I saved a screenshot of this as one of many life goals.
Or you could leave it Or you could give us human rights and I'd volunteer to clean it off for free
Just looked up someone I once worked with on a CTF, and he's released something called "Monarch of the Hill" and I love it.
starting to think we should give "strange women lying in ponds distributing swords" a chance as a basis for our system of government
The top anti-rights extremists are well aware of this, but since the facts don't support their position, they lie. We all pay the price.
Fully endorse this, and every trans, LGBTQ+, race and disability org should do the same. Personally Im going one step further - I will not support, donate or promote any trans or LGBTQ+ org that doesnt follow suit. [1]
Statement: Effective immediately, we will no longer cooperate with the EHRC. We no longer recognise the EHRC as a human rights body. It is no longer independent, and we will not engage with them. We urge other orgs to do the same.
#SaveSpeech its been a week, and while we cannot let up pressure on making phone calls, we need to start applying pressure elsewhere now as well! PHASE 2: START MAILING PHYSICAL LETTERS imgur: imgur.com/a/3pVupWQ more comprehensive info can be found here: stop-paypros.neocities.org yellat.money
βWe must name this threat for what it is: a deliberate and coordinated attack on human rights, led by actors who are weaponising misinformation, fabricating moral panic about abortion care and LGBTI peopleβ¦β New Amnesty UK report shows how anti-rights groups are funding attacks on bodily autonomy.
The 12th annual international Gender Census 2025 is now open until at least 30th August 2025! survey.gendercensus.com It's for anyone whose gender (or lack thereof) isn't described by the M/F binary. It's short and easy, and results are useful in academia, business and self-advocacy.
You stand for neither Equality nor Human Rights, and it is offensive that you use those terms.
Look I know this is hard to reckon with but we donβt have time any longer to wait for you to catch up. This Labour government is in fact worse than the last 15 years of Tory led governments. For us all. And talking specifically about our LGBTQIA+ sector for a secondβ¦ we need to acknowledge this.
I've moved past annoyance and into a state of professional empathy for the poor dev who built this switch's UI. Given the constraints they were clearly under, the design is actually quite clever. Its one minor bug is that it completely breaks if you use SSH port forwarding. For reasons.
So, after all that, I have a Python script that can successfully authenticate and scrape the FDB. There was no technical challenge here, just a series of escalating "what the fuck" moments. Reverse engineering this cursed thing has been so annoying that I have forgotten what I wanted the data for.
The architectural genius continued. All the data is in JavaScript, dynamically generated by the embedded web server. The whole thing reeks of a web dev, way out of their depth, being plonked into firmware work and (sensibly) deciding to avoid C at all costs. I'm not even mad. It's a work of art.
The password field? MD5 hashed. In JavaScript. Not even challenge/response. You can just "pass the hash". This isn't a security mechanism; it's malicious compliance. It seems pretty clear that there was a mandate not to send the password in plaintext, and this checked that box.
The web interface is a masterpiece of nonsensical design. It starts by redirecting you to a page that sets a session cookie via JavaScript, which in turn redirects you back to the login page. So I wrote a regex to parse the JavaScript and code to update the cookie jar. But the madness continued.
I had a simple goal: dump the MAC address forwarding database from a "Web Managed" PoE switch. It has SNMP, but of course it doesn't expose that information. Fine. Violence (scraping with a Python script) it is. I should have known this would not be straightforward.
periodic reminder that no one here likes it when you quote skeet people espousing garbage opinions, even to mock or rebuke them we greatly prefer it if you block them and just let their opinion die a quiet death a lot of people will even block both of you if they see you doing it a lot
The FTC is seeking public comment about gender affirming care in order to go after providers and restrict access. Share your stories instead of how this care has helped you and how it is life saving. We need to counteract their false narratives. Please share! www.regulations.gov/docket/FTC-2...
Sneak peek: Spicy pillow! I really want to do a series of items I call βa hackerβs nightmare.β
Yes, but also its writers made some Interesting Choices.
Shots fired.
I've watched ENT in full, but somehow missed it when editing this list.
For the record, I do not consider myself a Trekkie.
Order of airing, or in-universe chronology? What about time travel episodes, and e.g. Carbon Creek? The Kelvin timeline?
β TNG β VOY β DS9 β PIC β DIS β PRO β LD β TOS 1οΈβ£2οΈβ£ SNW β TAS Just a couple movies and the final season of Strange New Worlds left. This, and experiencing bij, is the only way to get all of the obscure references in Lower Decks. Please do not tell me how much time this represents.
happy VPN configuration day to all who celebrate
Yeah, but I have both...
No, not for several years. Too much toxicity.
Meanwhile according to my NHS records my sex is indeterminate.
It assumes you have the factory hardware for whatever you choose, so if you've got nonstandard anatomy you have to pick based on what you need to be seen about.
I've had to pick based on which anatomy I needed to be seen about, it's really stupid.
I have been feeding fake data about myself into every system I encounter since I was a teenager. A data broker's portrait of me as a sixty-something businesswoman who drinks bud light proves that my history is a useless, contradictory mess as a result. It's shitposting elevated to performance art.
I drilled a 38mm hole and have a 35mm grommet. I simply ordered some 38mm grommets.
No. This is plugged into a UPS my house so I'm not concerned about a fire marshal. The IEC C-14/C-13 cables don't have fuses either, is there some actual safety issue I'm missing?
I have hole saw bits in seven different sizes and grommets in three different sizes. None of them match, because of course they don't. π€¦ββοΈ
Czech Games Edition announced a bigot-wizard themed version of one of their games and posted about some event they're holding at gencon. Apparently they're now in damage control mode...
LLM I am being "encouraged" to use at work: "I have both the complete set of RFCs and the SCP wiki in my training set, so I think I'm prepared to deal with ad tech." Customizing the system prompt was a fantastic move if I'm going to have to use this thing as a rubber duck.
I just came across this and was reminded of Rule 34: docs.rspamd.com/modules/gpt/ I'm not sure whether to laugh or cry. cc @cstross.bsky.social
Current status: Rewiring a power strip to replace the BS 1363 plug with an IEC C-14 plug while the fibre installers wonder if they're somehow being pranked.
Let's show up and make it the most important issue.
They've partnered with a virulent anti-trans bigot, I better see news of protests at whatever bullshit they're doing there.
Quit your job now while there's still a chance to claim ignorance.
How many people have been driven to suicide due to JK Rowling's hateful bigotry.
A four month branch divergence with major work on both sides. A full day of cherry-picking to fix it. I now have several new git aliases which are as sophisticated as they are cursed (e.g. `git pick-next OTHER_BRANCH`) that I hope to never use again. My ~/.gitalias file is not a place of honor.
If you want to actually solve the problem, instead of punishing itch, start calling payment cos Collective Shout, which is run by people who get published by Spinifex, a very terf-seeming organization, apparently needed 1,000 people to yell at visa to get this done. We got more than 1000 people.
The purpose is not to verify age, it's to satisfy the law in whatever way works best for the corporation. Face scan verification is cheap.
ok then. one angle of attack then needs to be actively bombarding Visa and Mastercard's phone numbers and emails. are customer support phone numbers/emails the best avenue to start with or is there a better option?
My employer "encouraged" LLM experiments continue. I am currently being lectured on network protocol analysis by not-lcamtuf. We have transcended mansplaining. This is something new: a sterile, condescending, stochastic mansplaining-as-a-service.
I am a fucking goddamn 43 year old woman in the year 2025, why am I fighting the Puritans, we should all be having gay space sex in our moneyless orbital torus or whateverthefuck
It's location based for the UK
They really should add proxy support to the app.
On the other hand, they completely disabled direct messages if you haven't verified.
Bluesky's age verification is the least offensive one I've seen so far - does a credit card pre authorization but critically does not ask for the name on the card or the zip/post code. I wonder if prepaid cards or debit cards work?
It's not, but the online safety act is terrible.
Due to a psychological operation.
I considered trying that, but assumed they couldn't possibly be that bad. Apparently I need to recalibrate.
8) Humans are incapable of generating secure passwords/passphrases (including me), and pretending otherwise is harmful. 9) Swiss cheese is the worst variety of cheese, and before you "well, actually" me, American "cheese" isn't really cheese.
1) Sneakers is the best hacker movie ever made. 2) Anything sold as "audiophile grade" is a scam. 3) Postel's Law was a mistake. 4) Star Anise is disgusting. 5) Star Trek is better than Star Wars. 6) Smartphones screens should be about 20% smaller. 7) Pi-Hole is extremely overrated.
Age verification that does face scanning.
Oh gods, now it's showing Celsius, if it flips back and forth...
I tried restarting. I have my locale set to en-us and that's probably the issue.
She blocked me for this after implying I'm either lying or incompetent. I have a Pixel 6a. There was a documented mandatory no opt out update, though my battery is not impacted. support.google.com/pixelphone/a... bsky.app/profile/imlu...
I have a pixel 6a, the forced update was reported in the press.
Wow, this person blocked me for my reply here? This is exactly the contemptuous view of consent I'm highlighting. Victim blaming.
No, absolutely not. I confirmed my settings before posting. My phone rebooted overnight to install an update. And even if I had mistakenly approved an update (I didn't), my point would still stand because these systems are designed to wear users down to manufacture "consent".
Doubt what? That my phone updated itself despite being explicitly configured not to?
If you don't consent to cookies: archive.is/v7pIY
I figured out how to change it and it's still showing fascism units on the lock screen!
"I am altering the deal. Pray I do not alter it further."
Oh, what the fuck, it's now displaying the weather in Β°F, how do I fix thisβ½
My Android phone just performed a forced, unauthorized OS update, removing root access in the process. Despite automatic updates being explicitly disabled. The tech industry's understanding of "consent" is contemptuous. "No" means "no", not "maybe later", or "unless you think you know better".
Also, I implemented a factory pattern in there somewhere, which I hate purely for the reminder that Java exists.
A component I'm working on in Rust now has enough nested structs to make a matryoshka blush. I keep hearing "zero-cost abstractions", and while I have experience making compilers work _hard_, this seems too good to be true. Eventually, this is going to get down to "opcodes or it didn't happen".
Oh, heck yeah, I'm down for this. One like, one opinion that's not politics. (caveat: I'm heading to bed and will answer in the morning)
I'm feeling kinda shitty. If I've made a positive impact in your life in some way, could you please tell me about it? Private messages welcome.
But that's less funny.
Thanks, didn't test the golfed version