it's astonishing how often this happens in my line of work

it's astonishing how often this happens in my line of work:

client: can you review our source code for security issues?

me: of course!

[we stare at each other in a long, tense silence]

me: ... may I see the source code?

client: absolutely not.

@mawhrin @dysfun I understand your point that the old fashioned sirens may be a bit more robust, but also - they're not very actionable as a general alarm. What are you expected to do when you hear one? Either it's extremely obvious what's wrong by looking out the window (so the alarm is just a formality) or you have no idea and need an alternate communication source. Air raid sirens were invented to communicate a single thing ("bombers incoming! get to shelter!") but that's just not a problem here for many decades and I sure hope for many more. The last few times the sirens have been deployed anywhere in NL, it was to announce floods - where running to your bomb shelter is the exact opposite of what will help!

@mawhrin @dysfun doesn't that still apply to the old-fashioned sirens just as well? they need power to operate and they need communications to receive the order to weewoo

@dysfun it was apparently announced several months ago but I missed it https://nos.nl/artikel/2511033-maandags-luchtalarm-gaat-volgend-jaar-verdwijnen-nl-alert-neemt-het-over

Just found out that the Dutch air raid sirens are getting decommissioned next year (because cell phone alerts have just as high a penetration these days and can bundle a message explaining what's actually wrong). I've only been here three years and I'm getting all teary-eyed nostalgic at the thought of never hearing the test air raid alarm again

* EDIT: I said "at the new year" but after re-reading the news it just says next year sometime

Okta managed to write a bug where a really long account name could be logged into with no password. Please check in with the John Jacob Jingleheimer Schmidts in your life

https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/

Me and my tiny baby Odin as photographed by my husband who was hoping to sit on the couch

#dogs #dogsofmastodon

explaining why we rated the finding as high-security-risk to the customer

@Iwillyeah @WhiteCatTamer boustrophedon compromise

a new frontier in baffling interface design has opened.

#ui #ux #uxfail

This is fantastic news for all sufferers of medical emergencies and McFlurry emergencies https://www.404media.co/it-is-now-legal-to-hack-mcflurry-machines-and-medical-devices-to-fix-them/

I had a call with a customer so frustrating that when I hung up, I let loose a primal scream of frustration that summoned Odin in "oh boy it is time to Play Rough" mode

As much as I've been inconvenienced by the Internet Archive being offline this long, I'm proud of them for making up their minds to just keep it down for as long as it takes to make sure everything's fixed and safe before exposing it again. I hope everyone involved is putting in reasonable hours and getting enough sleep.

I checked my gmail spam folder and found a legitimate notice that I may qualify for a class action suite against Google over invasion of privacy. this is a maximally google turn of events

@batterpunts I estimate a 5% chance they either sigh and unblock me or send me logs demonstrating that someone once nmap'd them from this IP address two years ago, but whoever clicks it will have to live forever with the nagging knowledge that they have angered a witch

I sent them a very polite email informing them that they'd accidentally blocked me, an American trying to access American government services, and that I was probably not the only person affected so they might want to double check their block list. They wrote back that they refuse to unblock me because they've detected "high threat activity" from my IP address. I have sent them another very polite email:

That is very interesting. I had assumed you had blocked a large range that unintentionally included me, but you say you have logs on my IP address specifically. I didn't mention this in my first email, but I happen to be a computer scientist working in information security. If my personal home IP address in Amsterdam is performing attacks against you, that sounds like information I would be very keen on seeing. Kindly send me the logs that demonstrate I am launching some sort of metasploit probe and not just trying to connect to my own government's public website from my iPad, so that I can track down the rogue raspberry pi someone apparently planted in my closet to inconvenience me when I am trying to exercise my right to vote; we'll both sleep easier when it's done.

@andrewdwilliams I understand but IRC is the worst alternative conceivable. The usability is absolute worst in class, it is highly vulnerable to network hiccups and also so notoriously easy to abuse that it’s trained up several generations of script kiddies. It is the simplest thing that could work in 1988, not a serious communications platform for general usage.

@andrewdwilliams @mttaggart @binford2k also wouldn’t have happened on the pony express, I don’t see how that’s especially helpful

I keep getting replies about GDPR, but there is absolutely no reason to think this has anything to do with GDPR. An American government website that only provides completely public information does not need to do anything at all to comply with GDPR, and the error message was extremely clear that I was IP banned for being "suspicious traffic", so probably everyone outside the US is suspicious.

this is especially funny/mysterious considering that Massachusetts is the most European state in the US and has an especially high amount of US/EU immigration in both directions