Since my audience here is diverging a bit from my Mastodon account, seems appropriate to mention here too.
I was part of a company-wide layoff in June. After visiting family in July and taking some time I was just starting my next job search at the beginning of this month, when Covid hit.
As the symptoms clear, I'll be picking this up again.
Please pass along any leads if you know of someone hiring for a full-remote, #infosec Senior Security Architect role, or similar.
My previous position was as a Senior Security Engineer for 5.5 years.
#CISSP. Strong communication skills. #C #Unix #AWS #Python
Happy to fire a resume out for anything that looks interesting. Not interested in relocating, but would consider hybrid in the California Bay Area.
Thanks.
#fedihired #jobs
Just announced a CVE in RubyGems.org where I played the role of security researched, incident coordinator, deployer, and patcher.
Anyways, if you want to read about it: https://github.com/rubygems/rubygems.org/security/advisories/GHSA-rxcq-2m4f-94wm
Just to be clear: this is terrible.
Look, if someone wants to (try to) delete something they created off the web because they don't like it, that's fine (probably impossible, but fine). But to delete content simply to cater to one monopoly's algorithm...just chalk this up as the latest reason why large tech companies are poison for this world.
Nuclear Power Trio - Critical Bass Theory #music https://www.youtube.com/watch?v=a6TPL_fgUsc
@antonyjohnston - On the latest episode of https://thrashitoutpodcast.com/: "There's people who discovered [Paradise Lost] with the album following this one [Host]"
Me: represent!
In response to Google's monopolistic implementation of the Web Environment Integrity, I have a modest proposal:
Open source JavaScript libraries should add bugs which only occur when they find "navigator.getEnvironmentIntegrity" is being used.
Go into a "while(true)" loop. Start throwing exceptions randomly. Just fuck up the page. Make the lives of every developer who is in the origin trial who uses your library completely miserable.
If they want to fork, they have the freedom to do so. But then they're taking on the maintenance that they would prefer to outsource to their community.
If you have enough big libraries doing this, it might make a dent.
The zoom terms of service have been updated to require consent to use your call data for AI training. No opt-out possible.
The near-future of proprietary internet is bleak.
Switch to the free internet. Use #jitsi, #bigbluebutton, etc.
Speaking of which, hot new robots.txt entry just dropped:
User-agent: GPTBot
Disallow: /
Paying for curry delivery last night, the restaurant's webapp threw a security error. Apparently I was sending a potentially dangerous request!
In reality, an input validator had decided that the password I was sending (on account creation) had funny characters, perhaps an attempt to inject malicious code.
Anyway, I had to retry with a weaker password...
Metalhead, aspiring bass player, wannabe SJW. Web development pays my bills. Happy to pay more tax in exchange for functioning public services.