Pinned toot

Here's my post, lost by the account migration:

I'm a Cyber Security Consultant and do pentests for a living. Before that I used to do software, mostly web development. I speak German, English and Russian. Things fascinating me:

-
-
-
-
-
-
-
- Japanese and Soviet-era culture
-
-
-

Tunapunk boosted
Tunapunk boosted

Many people have written lately asking for the best way to get electronic editions of my books and audiobooks, so now's a good time to remind you that I run my own ebook store, where I sell my publishers' electronic editions of my books:

craphound.com/shop/

So I'm getting the 30% that Amazon would take if you bought the books from them, then I send the 70% to my publishers, and then THEY send me 25% of that back as my royalty - basically doubling my income.
1/

Tunapunk boosted

gwern.net/GPT-3

They trained an AI to generate navy seal copypastas

"I’ve been involved in numerous secret raids of conventions & furmeetups, & I have over 300 confirmed awesome~ adorable cuddles."

This is the best use of AI yet

street art 

Another banana spotted in Cologne on an art shop.

spooky 

I suspect the government office is still on Windows 7. The non-flat busy cursor animation gave it away. For some reason every time a new waiting number appears, the Windows XP shutdown sound plays. I hope this nightmare is over soon.

random manga recommendation 

Do you like JJBA? Do you have a thing for Hokuto no Ken? How about doctors? Then give Super Doctor K a read, an 80ies manga about an illegal doctor who can punch as well as performing ridiculous surgeries. All that while being on the run from goons that try to use his superpowers for evil.

It's absolutely ridiculous and I can only imagine how painful it must have been to translate all that jargon...

Tunapunk boosted

Amazing! PS2 can finally boot arbitrary code thanks to a vuln in the DVD Video player: cturt.github.io/freedvdboot.ht

The solution to my problem was this line I've copy-pasted many years ago into my muttrc:

set sendmail_wait = -1

This makes email delivery asynchronous to the degree of not even communicating the exit status of the child. Or maybe it should:

Note that if you specify a value other than 0, the output of the child process will be put in a temporary file. If there is some error, you will be informed as to where to find the output.

Show thread

On a positive note, did you know mutt has a "weed" option?

weed
Type: boolean
Default: yes

When set, mutt will weed headers when displaying, forwarding, printing, or replying to messages.

Show thread

rant 

I guess my hate is not so much about email as about the approach of stringing crap together using what they call "UNIX philosophy" of doing things silently and with plain text as lowest common denominator. Normally you immediately realize when part of the contraption fails, for example because it's all happening on the same machine or because the parts have been made by people who strongly care about it all working (this wouldn't have happened with Thunderbird or webmail). If I were to rely on other distributed systems of questionable quality, I'd be similarly angry. Good that this whole Fediverse thing is mostly for amusement.

Show thread
Tunapunk boosted

rant 

I realized today that my changes to .msmtprc prevented me from sending email for a whole month. The culprit? I've removed a few account blocks, but didn't adjust the line specifying the default account. To guard against errors I've added a default setting for logging, but it never got applied. Once I've added that setting to each account, it worked, but only logged a single line of delivery (or not), no errors or anything actually helpful. If msmtp did fail with an exit code and message, then I didn't notice because mutt didn't show that. This cascade of errors and amounts of duct tape is what I hate about email, it's a dumpster fire only eclipsed by the shit show that web development is.

For this reason I've resent the six emails since then (mutt has a handy M-e shortcut for this), so apologies if anyone reading this waited for me to respond.

Tunapunk boosted

also psa if you blur a picture of a mailpiece to hide your address make sure you blur out those weird barcodes because those contain address info too

Show thread

S-expressions sighted in the wild :blobcathappy: dune.readthedocs.io/en/latest/

Except they're not s-expressions :blobcatoh: dune.readthedocs.io/en/latest/

> All configuration files read by Dune are using a syntax similar to the one of S-expressions, which is very simple. The Dune language can represent three kinds of values: atoms, strings and lists.

Mixing up symbols and atoms, eh. "End of line strings" are another funny looking invention.

Tunapunk boosted
Tunapunk boosted

> Пришло осознание, что жизнь это боль. Придется посмотреть на ассемблер 6502 и попробовать понять, как оно там внутри работает.

habr.com/en/post/498106/

AV evasion can be disappointingly simple at times. Seemingly all solutions know about stock Metasploit payloads and detect dodgy behavior. I took one that's a bunch of obfuscated Powershell, undid the obfuscation and that made it pass. Bonus: Now it's way easier to adjust manually and I can reuse it instead of regenerating the whole thing because some remote port or host changed.

Tunapunk boosted

If you for some reason want to break free from a restricted Windows environment (kiosk, remote desktop client, breakout test), here's the most useful guide I've found on the topic: pentestpartners.com/security-b

The weirdest technique presented there is to use mspaint to create a specific pattern of pixels, saving as 24-bit .bmp and renaming to .bat. From experience you don't need to go that far, typically admins block one thing (cmd.exe, .vbs) and forget the other (powershell.exe, .js).

Show more
lonely.town

A lonely little town in the wider world of the fediverse.