Post AiCDaSWaoHfm8GF37w by eaton@phire.place
(DIR) More posts by eaton@phire.place
(DIR) Post #AiAShiZ2gSvItwO3CC by foone@digipres.club
2024-05-23T01:42:39Z
0 likes, 0 repeats
FUN FACT: if you build electronic devices which contain a raspberry pi in them, consider what will happen if one of them gets thrown out.someone might open them up, stick the microSD card in them into a reader, and open up that tantalizing "apps.json" file which has YOUR GOD DAMN AWS KEYS? IN UNENCRYPTED PLAIN TEXT?
(DIR) Post #AiASrN3tU4vH6nQ8J6 by foone@digipres.club
2024-05-23T01:42:57Z
0 likes, 0 repeats
it has been zero days since foone has opened up some old tech and accidentally gotten information she was not supposed to have.
(DIR) Post #AiATQijostJUTIt3LM by foone@digipres.club
2024-05-23T01:50:50Z
0 likes, 0 repeats
It was literally the first file I opened
(DIR) Post #AiAUWkYJ9SMnn3wQ0O by JLab8@mastodon.gamedev.place
2024-05-23T02:03:00Z
0 likes, 0 repeats
@foone counterpoint - if you have the device legitimately, you're supposed to have all the information within.
(DIR) Post #AiAVnBSmxsSfqBlB3Y by schrockwell@mastodon.social
2024-05-23T02:16:52Z
0 likes, 0 repeats
@foone Funner fact: I accidentally did this with an Electron app. It packaged up my local .env file in the release. Imagine my surprise finding a .txt on my S3 instance from a well-meaning user.
(DIR) Post #AiAkPckfM2DwpvLUnY by momo@social.linux.pizza
2024-05-23T05:00:47Z
0 likes, 0 repeats
@fooneWait, wait, let me grab a bucket of popcorn first! This gonna be good!
(DIR) Post #AiAktQ3f75sG9hRFKq by StarkRG@myside-yourside.net
2024-05-23T05:06:47Z
0 likes, 0 repeats
@foone Email them back to the company with the subject line "I think you dropped your keys"
(DIR) Post #AiAkzQDnQ114Or2amG by stormy@furry.engineer
2024-05-23T05:07:16Z
0 likes, 0 repeats
@foone I'm pretty sure Google is starting to take a more proactive stance on leaked keys but you can probably still find newly minted ones in GitHub every five minutes. Same is true for the other cloud providers.
(DIR) Post #AiAu8aAQi29nRJuQW8 by waldi@chaos.social
2024-05-23T06:49:55Z
0 likes, 0 repeats
@foone Can you get AWS to revoke published keys, similar to the way CA are supposed to do it?
(DIR) Post #AiAvMdYZ0M23xYSmEy by cdamian@rls.social
2024-05-23T07:03:53Z
0 likes, 0 repeats
@foone "someone"
(DIR) Post #AiBNp3yXAeo4ilxBPk by Serene117@mastodon.world
2024-05-23T12:22:34Z
0 likes, 0 repeats
@foone what was in it?
(DIR) Post #AiC8B1db8f3xjWZUCO by adorfer@chaos.social
2024-05-23T21:01:18Z
0 likes, 0 repeats
@foone the RPI platform was never meant to be in a remote location. there is no TPM and providing USB based tokens is really hard to carry over remote dist-upgrades... speaking of dist-upgrades on RPI....
(DIR) Post #AiCDJqcfxcWxwrAMbo by foone@digipres.club
2024-05-23T21:59:13Z
0 likes, 0 repeats
I did a little more searching. This raspi was running balenaOS which is a docker-containers-on-raspi thing. Fun fact: If you pass environment options to a docker image you're building, they get stored in the config.v2.json file for that container! So there's ANOTHER COPY OF THE AWS KEYS HERE!
(DIR) Post #AiCDaSWaoHfm8GF37w by eaton@phire.place
2024-05-23T22:00:53Z
0 likes, 0 repeats
@foone i'm imagining planning meetings in which engineers ask, "Realistically, what are the odds any of us will work here when that bill comes due?”
(DIR) Post #AiCDrMWUNSIERQFlSq by foone@digipres.club
2024-05-23T22:03:41Z
0 likes, 0 repeats
anyway this is what I have:https://www.linkedin.com/pulse/ari-introduces-wellness-detector-jonathan-burke/Good news: That company/product doesn't seem to be active anymore. So these keys have almost certainly expired and been invalidated. I'm just gonna assume that and not check because I don't want to get in trouble for "hacking"
(DIR) Post #AiCEIUk7vKcJknZPF2 by eaton@phire.place
2024-05-23T22:10:26Z
0 likes, 0 repeats
@foone "wellness status: 403”
(DIR) Post #AiCGa6FXvZ4suUmxXs by kastor@shelter.moe
2024-05-23T22:35:07Z
0 likes, 0 repeats
@foone so, it's like Code Veronica VMU for real life?
(DIR) Post #AiCHDBYS8auCenGlua by scruss@xoxo.zone
2024-05-23T22:43:24Z
0 likes, 0 repeats
@foone sure beats the collection of mediocre MP3s and two full-res DVD movie rips I found on a Raspberry Pi-based advertising interactive I used to maintain
(DIR) Post #AiCIE2qy4gFFuiu5JI by griibor@mas.to
2024-05-23T22:54:19Z
0 likes, 0 repeats
@foone damn, where do you keep finding this cool e-junk?
(DIR) Post #AiCIP5sPAtPSTXqP9U by foone@digipres.club
2024-05-23T22:55:01Z
0 likes, 0 repeats
@griibor A local e-waste place that my roommate has access to
(DIR) Post #AiCQN2iijnVBjzqbNA by iDave@mastodon.me.uk
2024-05-24T00:25:53Z
0 likes, 0 repeats
@foone for a brief, glorious moment, I thought they were some kind of Next Gen Dreamcast Visual Memory Units.
(DIR) Post #AiCQmZDF4LufkmIJaC by mark@mastodon.fixermark.com
2024-05-24T00:30:26Z
0 likes, 0 repeats
@foone But SD cards are that form factor specifically so you can smash them to powder so easily!
(DIR) Post #AiCSJgI5sCgjDUuxM0 by jleedev@mastodon.sdf.org
2024-05-24T00:47:20Z
0 likes, 0 repeats
@foone just pipe them into github, it'll automatically cast remove curse on them
(DIR) Post #AiCUKBE53YyN4LPFGS by llewelly@sauropods.win
2024-05-24T01:09:34Z
0 likes, 0 repeats
@foone a whale of a leak?
(DIR) Post #AiD1kQUiD1FYRIJB2m by lucasmz@hachyderm.io
2024-05-24T07:24:55Z
0 likes, 0 repeats
@foone I wonder if TPM helps here
(DIR) Post #AiDEHzEHHk33AqOH0y by montar@mastodon.social
2024-05-24T09:44:41Z
0 likes, 0 repeats
@foone publish those keys.