fsebugoutzone.org:9999

       Post AkA4UlC2Rs3bCc35l2 by shortridge@hachyderm.io
 (DIR) More posts by shortridge@hachyderm.io
 (DIR) Post #AkA4UiWqM3uswGlAGm by shortridge@hachyderm.io
       2024-07-21T15:02:53Z
       
       1 likes, 2 repeats
       
       tl;dr of the current crowdstrike incident discourse:cyber bro in wrinkly chinos: “actually, modern software practices do not work, pls stop bullying the c-suite of an $80bn corporation”trans furry platform dev: “bitch u live like this????? I don’t sandbend compilers for u losers to skip unit tests”
       
 (DIR) Post #AkA4UjcYIK4qKGREo4 by shortridge@hachyderm.io
       2024-07-21T15:16:32Z
       
       1 likes, 0 repeats
       
       it’s kind of funny seeing the dynamic I’ve lived when speaking at conferences the past ~5 years play out at scale nowcyberpro bros adamantly refuse to believe modern software practices can workand platform engineers / SREs are dumbfounded upon learning how behind cybersecurity is as an industry
       
 (DIR) Post #AkA4UkQBJnmAoBesAC by bynkii@mastodon.social
       2024-07-21T15:50:30Z
       
       0 likes, 0 repeats
       
       @shortridge but if everyone used modern best practice and architected systems to be both resistant and resilient by design, then cyberbros would no longer be seen as Superman!
       
 (DIR) Post #AkA4UlC2Rs3bCc35l2 by shortridge@hachyderm.io
       2024-07-21T16:00:33Z
       
       0 likes, 0 repeats
       
       @bynkii the irony is, the security leaders I know who _do_ adopt modern engineering practices and think in terms of software resilience all seem… way more chill? like they actually love their work, feel fulfilled, burn out less, are more respectedsometimes feels like a lot of traditional infosec selected for self-sabotaging / perpetual victim vibes. it’s a crappy way to live.
       
 (DIR) Post #AkA4UllUK4PgyYdP0q by bynkii@mastodon.social
       2024-07-21T16:20:07Z
       
       1 likes, 0 repeats
       
       @shortridge it’s how they’ve been taught to see things. If you look in their lives, they view almost everything through the “value is determined by pain” lens. They can’t just work out, they have to find the most extreme gym. They can’t just have a nice home wifi, they have to run conduit for fiber to everything.A *lot* of them have to make everything hard so they feel fulfilled in accomplishing it.
       
 (DIR) Post #AkA4UmJWHXdSg6Ya3c by tomjennings@tldr.nettime.org
       2024-07-21T16:56:51Z
       
       0 likes, 0 repeats
       
       @bynkii Variations on that theme are very popular in all tech worlds!
       
 (DIR) Post #AkA4UnCoxvs5RcQkFs by shortridge@hachyderm.io
       2024-07-21T15:17:32Z
       
       1 likes, 0 repeats
       
       I’m especially tickled that cyberpro bros have always haaaated when I said outages are way worse in terms of business impact than the vast majority of cyberattacksand that cybersecurity problems really aren’t as hard relative to other software concerns as they pretend they are… (see also: https://kellyshortridge.com/blog/posts/cybersecurity-isnt-special/)
       
 (DIR) Post #AkA4UnKyTcORquFFxo by bynkii@mastodon.social
       2024-07-21T16:25:34Z
       
       2 likes, 1 repeats
       
       @shortridge actual conversation I’ve had:Them: “you have a vulnerability relating to &lt;CVE&gt;”Me: &lt;reads CVE&gt; “the CVE refers to a file not on &lt;server&gt;, vuln scanner is doing &lt;process I understand *very* well because I use it daily&gt; which only gives a version number. It’s a dumb plugin”Them: “how will you mitigate?”Me: “the file referenced does not exist on the server, it is perfectly mitigated”Them: “when will the vendor fix?”Me: “never, they do not use that file”Goto 10, endlessly
       
 (DIR) Post #AkA4UpwGnvPlv9i4NE by shortridge@hachyderm.io
       2024-07-21T15:21:54Z
       
       1 likes, 0 repeats
       
       I’ve long felt that if the software engineering world realized:1) how accessible cybersecurity actually is in terms of an understanding of what matters in practice2) how dreadfully behind the cybersecurity industry is in terms of basic practices, understanding of systems, etc. immense outrage would foment at large, and perhaps real change demandedthere’s a reason why infosec pros present the problems as arcane and inaccessible, why they protect their own and knit tight cliques…
       
 (DIR) Post #AkA4Ut84wTdvoeG2hE by shortridge@hachyderm.io
       2024-07-21T15:26:33Z
       
       1 likes, 0 repeats
       
       P.S. probably my primary goal with writing my book was to address both 1 &amp; 2 above ^reveal to platform engineers &amp; SREs how very capable they already are to solve cybersecurity challengesand to teach cyberpros how software works, a crash course in software delivery practices, all the opportunities they overlook while drooling over the RSAC vendor hall, etc.shameless plug: https://securitychaoseng.com/
       
 (DIR) Post #AkA7dJcgcgP0ADHgv2 by lanodan@queer.hacktivis.me
       2024-07-21T17:31:32.323155Z
       
       0 likes, 0 repeats
       
       @bynkii @shortridge  &gt; “value is determined by pain”Reminds me of the security = usability¯¹ thing which I find to be bullshit. The best security is the most usable one and in fact I&#39;d say good security improves usability by being reliable (one easy example there is data integrity). The worst security is the one users disables, avoids, or works around.And sure it&#39;s hard but that&#39;s design for you.
       
 (DIR) Post #AkAd1ZKUyUfSPEp1UG by ignaloidas@not.acu.lt
       2024-07-21T23:23:47.236Z
       
       1 likes, 0 repeats
       
       @lanodan@queer.hacktivis.me @bynkii@mastodon.social @shortridge@hachyderm.io the best security is the one that doesn&#39;t make you want to make workarounds for it