Posts by Lee_Holmes@infosec.exchange
 (DIR) Post #AUkYtc45uKDYkgGirQ by Lee_Holmes@infosec.exchange
       2023-04-17T17:33:27Z
       
       0 likes, 0 repeats
       
       @sj Congrats!
       
 (DIR) Post #AVmmAXGHNcF4BVD4DY by Lee_Holmes@infosec.exchange
       2023-05-18T14:58:34Z
       
       1 likes, 0 repeats
       
       Had the opportunity to use a Curta the other day, and OMG what a mechanical masterpiece. Every single calculation you do on it feels like magic.https://www.youtube.com/watch?v=j9uRckJLqLk
       
 (DIR) Post #AYVEGKs4bkcDC2WmtE by Lee_Holmes@infosec.exchange
       2023-08-07T23:29:59Z
       
       0 likes, 0 repeats
       
       @sj Gotta love the researchers' recommended mitigations: change your typing patterns, or play keyboard typing sounds over top of your actual typing :)The research is neat though. This has been a fruitful area of research for decades (I remember seeing a Microsoft Research one in the early 2000s): https://security.stackexchange.com/questions/23322/keyboard-sniffing-through-audio-recorded-typing-patterns
       
 (DIR) Post #AZ2BXhyykahBHz909g by Lee_Holmes@infosec.exchange
       2023-08-23T21:02:36Z
       
       0 likes, 0 repeats
       
       @simon But if they've gone for 30 years without the intellectual curiosity to watch it, are they even worth talking to?
       
 (DIR) Post #AZVJDnXYa8eZXyeH6e by Lee_Holmes@infosec.exchange
       2023-09-06T22:17:37Z
       
       0 likes, 0 repeats
       
       @sj I've been becoming more suspicious of "unverifiable" engagement metrics such as likes, boosts / shares and followers since so many of them seem to be bot-driven. But I'm surprised to see the difference in comments - I would have thought that Masto would be higher.
       
 (DIR) Post #AZxxzIK54tJzImsfR2 by Lee_Holmes@infosec.exchange
       2023-09-20T17:58:16Z
       
       0 likes, 0 repeats
       
       TIL that the oft-derided, naïve, slow "Trial Division" method to determine whether a number is prime or not... is actually totally reasonable (about 3 seconds) for casual use even for numbers that are 13 digits long. Only 36 milliseconds for the Jenny Prime (7 digits).https://infosec.exchange/deck/@Lee_Holmes/111098708505520611
       
 (DIR) Post #AaEjjvVJLCyjQvINuK by Lee_Holmes@infosec.exchange
       2023-09-28T20:16:43Z
       
       0 likes, 0 repeats
       
       @sj Hmmm, this could be a self-fulfilling prophecy, but most of the Raspberry Pi projects I see tend to be wired.Arduino and ESP32 tend to focus on low-power.
       
 (DIR) Post #AaEskiY1tdbd7y1FZo by Lee_Holmes@infosec.exchange
       2023-09-28T21:57:48Z
       
       0 likes, 0 repeats
       
       @sj What about a binary encoding of the version, where "FINAL" means a binary 1, and "UPDATED" means a binary 0? So version 14 is FINAL_FINAL_FINAL_UPDATED. Would definitely make things more efficient.
       
 (DIR) Post #AawPohwh4IeOaBaREW by Lee_Holmes@infosec.exchange
       2023-10-19T21:59:46Z
       
       0 likes, 0 repeats
       
       @textfiles 360x480 should be high res enough for anybody.
       
 (DIR) Post #AbqA9xelgcO4swe9gG by Lee_Holmes@infosec.exchange
       2023-11-15T19:04:11Z
       
       1 likes, 0 repeats
       
       @Coyote @sj Interesting. There is another large class of algorithms under the classification of 'Reservoir Sampling' you might like as well. This is what PowerShell uses for the Get-Random cmdlet on pipleine input. It's expensive CPU-wise, but not on memory.https://en.wikipedia.org/wiki/Reservoir_samplinghttps://github.com/PowerShell/PowerShell/blob/5cd04f2377b624dedd17a85ff3f38a0343292477/src/Microsoft.PowerShell.Commands.Utility/commands/utility/GetRandomCommandBase.cs#L453(The PowerShell code used to have a link to the Wikipedia article - not sure why that was removed)
       
 (DIR) Post #Ad0hLV6buqgtOQzmiW by Lee_Holmes@infosec.exchange
       2023-12-20T18:01:06Z
       
       0 likes, 1 repeats
       
       Yikes. Postman recently pivoted to store all of your session data (including authentication tokens etc.) in their Cloud Service, which you can fully browse and explore in their online tool.Their security page makes it clear that they have not considered the Okta-style risks associated with this change. If your company has any devs using Postman for production testing, I would strongly recommend Insomnia: https://insomnia.rest/, and then consider any credentials stored in Postman history to be at risk and should be rotated.
       
 (DIR) Post #Anz1gk4ybJ4ZFZ2kDY by Lee_Holmes@infosec.exchange
       2024-11-13T00:28:03Z
       
       1 likes, 0 repeats
       
       This is every computing performance article ever. Never believe anybody else's performance numbers until you've measured it on an actual scenario you care about.
       
 (DIR) Post #AoTdocNA4umcTGHiOe by Lee_Holmes@infosec.exchange
       2024-11-27T18:28:33Z
       
       1 likes, 0 repeats
       
       @SwiftOnSecurity Nice try, robot.
       
 (DIR) Post #AoTqIqlgJsLTFsw5xo by Lee_Holmes@infosec.exchange
       2024-11-27T21:19:42Z
       
       7 likes, 10 repeats
       
       
       
 (DIR) Post #ArUl7JAgQ1BuOXfxmi by Lee_Holmes@infosec.exchange
       2025-02-26T01:23:32Z
       
       1 likes, 0 repeats
       
       TIL how crazy the "BD+" BluRay copy protection mechanism is. BluRay discs ship actual executable programs written for a custom virtual machine that can execute arbitrary code??!!Also LOL:"The copy protection scheme was to take "10 years" to crack, according to Richard Doherty, an analyst with Envisioneering Group".Oct 2007: The first discs with BD+ encryption are releasedMarch 2008: AnyDVD HD released, allowing the full decryption of BD+, allowing not only the viewing of the film itself but also playing and copying disks with third-party software.https://en.wikipedia.org/wiki/BD%2B
       
 (DIR) Post #AttNdPMmlcq8KgyElc by Lee_Holmes@infosec.exchange
       2025-05-08T17:45:25Z
       
       0 likes, 0 repeats
       
       It makes me super uncomfortable that globbing in Bash can turn into code execution. The fact that the name of a file can change the behavior of ls is scary. This also works for other commands that you tend to glob with, such as rm.
       
 (DIR) Post #AttNdT6Gsy0TudH6a8 by Lee_Holmes@infosec.exchange
       2025-05-08T17:57:28Z
       
       0 likes, 0 repeats
       
       I'm sure there's something here, but I don't have the patience to find it :)
       
 (DIR) Post #Aw2H6UrUgGPLoJTe6a by Lee_Holmes@infosec.exchange
       2025-07-11T20:01:20Z
       
       0 likes, 0 repeats
       
       @SwiftOnSecurity Sometimes, both the machine and the human are doing mechanical work and it's wonderful. I've had the pleasure of using several Curtas and even the simplest of calculations brings joy.https://youtu.be/P0cGjC62XRQ?t=265
       
 (DIR) Post #Aw2H6W02RypxL6Tz3w by Lee_Holmes@infosec.exchange
       2025-07-11T20:04:30Z
       
       1 likes, 0 repeats
       
       @SwiftOnSecurity Like OMG
       
 (DIR) Post #B38Gk6BXD0qEV5sWDQ by Lee_Holmes@infosec.exchange
       2026-02-09T02:58:37Z
       
       0 likes, 1 repeats
       
       Lol, that was predictable