Let's not forget telling developers that the "debug a process" privilege is just something they'll never have again. Again, consider doing work on personal, unsecured and unmanaged computers.

Show thread

There's a setting regarding outbound RPC connections. The "secure" sounding option prevents Connect-MSOLService from ever authenticating. Solution of course, from now on people will use personal desktops to logon to Azure as an administrator.

Show thread

There's a Swiftonsecurity thread about messing with security settings doing more harm than good. I have many examples of this. 1) After being forced to implement the CIS benchmarks *exactly*, it was noted that the "Backup files and directories" was now restricted to "Domain Admins" because adding someone was bad. Suddenly a whole backup team were made domain admins in order to do their job.

The whole "some SEO people are legitimate" argument is so similar to the "what if this email really did come from the prince of Nigeria" argument I've actually had with people.

The greatest trick the hacker ever pulled was convincing the victim to disable Windows Defender. By telling them they need to spend on an "upgrade" to a product that disables it.

Building a web scraper is a terrible experience for someone driven on correctness. You can implement a common algorithm and you can spend a lot of time working to get it 100% accurate. Or you can implement a scraper and know fully that it'll magically break next week when the site you scrape updates.

I get that maths has historically used non-latin characters, but can we agree that at some point, using an English word wouldn't kill you?

Me at work: "That's more regex than I ever want to see again"
Me at home: Writes more regex

The original UK NCSC article had much better detail, but I really appreciate this sort of thing hitting mainstream news. It's good seeing stuff you've argued for years getting credibility. theguardian.com/technology/201

jsmall boosted

Wotan is a good boy and deserves boosts. If you don't boost him he will be sad

Can we all take a moment to think about the impact on Assange's cat?

jsmall boosted

"Starting a Gradle Daemon, 1 incompatible Daemon could not be reused"


did I scuff the circle of protection or

According to the leading SEO product, this is the number one competitor to my tech blog. And you wonder why that industry is a shambles.

It's just a request for a medical consultation. You have nothing to fear if you have nothing to hide right?

jsmall boosted

It only took Solarwinds seven months to respond to a vulnerability report. After which they informed me I needed to go request a CVE myself for it to be actioned. CVE-2019-10690 is now issued.

Show more

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!