リフロー係 #shapoart

A colleague and good friend of mine, with whom I have worked for 32 years (seriously), is looking for a job in one of The Netherlands, Belgium, Germany and Switzerland. They are fluent in English, German and Dutch, speaks French too! German nationality.

They have been managing complex IT projects for decades, are an excellent programmer and used to managing large development teams. Was doing "agile" when it was still called XP and pair programming (I used to make fun of them calling it 🍐 programming ;P … geek humour, sorry).

If you have anything I can send their way I'd be grateful. Please don't bother if you are ageist 'cos they're somewhat older than me and I am a greybeard (yes, they speak FORTRAN).

#fedijobs #getfedihired

@david_chisnall While I mostly share your views, as a (former) red teamer I have to tell you that endpoint protection is a massive PITA during initial access. They can always be circumvented of course, but a major pain point is that you (as an attacker) can't test the exact configuration that your target(s) run, esp. with cloud analysis that changes by the minute. (A related concept is binary reputation, that will immediately flag unique binaries).

Click Fix and similar, convoluted attacker techniques have evolved exactly because you can't simply deliver malicious executable code to the target environment these days.

I know my opinion matters a lot to your webshop, and I'd happily provide it if you didn't require me to:

- spend more than 30s
- answer trick questions
- write essays
- give out my PII

@rikviergever I know it's a weird thing to ask, but you should create a LinkedIn post about this, as most relevant people are over there. I'd be happy to share too to my many bank IT peers (if the damn thing allows me to log in...).

I'm looking for people working at a bank in Europe who are interested in #EthicalTech and who would be interested to help us ensure that banking apps function well on European operating systems. Do you know anyone who might be interested? Please reach out to me via DM!

#DigitalSovereignty #banking #FairTech #banks #finance #tech #buyEU #DMA #DSA #SocEnt #EUtech

#Revolut #bunq #Curve #WERO #IDEAL #ING #ABNAMRO #ASN #Triodos #Rabobank #UBS #HSBC #BNP #Paribas #N26 #Wise #Qonto #BNP #Paribas

MISSION: Save Myrient (https://myrient.erista.me/)

DEADLINE: 30 days.

HARDWARE:
- 2500 USD:
--- 1 x Supermicro SSG-6029P-E1CR24L [1]
- 10600 USD: (20 x 530 USD)
--- 20 x HDD 3.5 Seagate Exos 24TB

SOFTWARE:
- FreeBSD along with redundant ZFS (RAIDZ2 or DRAID) with ZSTD compression

TOTAL COST:
- 13500 USD

Maybe some company come with the needed budget.

I can do the FreeBSD/ZFS part for free.

[1] https://ebay.com/itm/375757742355

IRC made me do #curl

https://youtu.be/ohzzGy5K9Dk

I said it before: scale matters, even for digital/intellectual property.

"Careless big-time users are treating FOSS repos like content delivery networks"

https://www.theregister.com/2026/02/28/open_source_opinion/

Illustrative joke:

Little girl: Ice cream man, how much is for an empty cone?
Ice cream man: Oh I'll give that to you for free :)
Little girl: Great, then I'll have 5000 empty cones!

Of course, LLMs are another example of this phenomenon.

Tired me: shit my code doesn't handle this special case, how could I be so stupid?

Me after sleep: The code actually handles the special case, I just commented out the relevant part for some reason...

Also #ProTip: Always `git status` after getting back to your after some time

@jerry @zackwhittaker Pulse Secure's problems started way before Ivanti. I was at NetScreen when we acquired Neoteris in 2003 - back then, the SSL VPN product was *fantastic*. The Juniper acquisition was the beginning of the decline - Pradeep didn't give a shit about anything that didn't run JunOS, so ScreenOS and Secure Access were among the many red-headed stepchildren that came into the product portfolio by acquisition and then were completely neglected.
When we found out the (rebranded) Pulse Secure line was being sold, I was initially excited at the chance to be something other than a wart - but Siris was chasing that 10x return and when they couldn't get it by generating more revenue, they started cutting headcount. Many of the developers, QA, and support engineers who understood the products were let go long before the Ivanti acquisition... which compounded the problem of an aging codebase and increasingly complicated set of bolt-ons as Siris chased the latest buzzwords.
This whole China debacle was *entirely* predictable and *entirely* avoidable. The incentives in the security industry are just fucked. (@haroonmeer absolutely nailed this back in 2019, btw: https://m.youtube.com/watch?v=GHuQC1qLnJ4 )

@airwhale @Natasha_Jay @Allinrep I kind of want one...

If I use a LLM on a tiny bit of a 0day exploit, is that an AI enabled cyber weapon?

@cR0w "Infosec isn't a sprint, it's a marathon!"

No, infosec is a hamster wheel with a giant motor attached to it. And if you stop running, the wheel keeps turning and you die tumbling.

Security firm Trail of Bits has released mquire, a Linux memory forensics tool that works without any external dependencies

https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/

[RSS] Total Recall - Retracing Your Steps Back to NT AUTHORITY @MDSecLabs

https://www.mdsec.co.uk/2026/02/total-recall-retracing-your-steps-back-to-nt-authoritysystem/

New #NameThatWare challenge. I did repair this today at work.

Please hide your deductions and guesses behind a CW to not spoil it for others. Googling is fair game.

Please don't just write a single word as answer, instead describe your observations and deductions so we all can learn about electronics.

If you are familiar with this kind of device, try to figure out the specific make and model instead of just saying something like 'Audio amplifier'.
Solution will be posted on Monday.

This should be obvious for everyone by now, but if you're not from US you must assume that all your use of US AI services (#ChatGPT, #Claude, #Gemini etc) is fed directly to US intelligence services.

"We may share your Personal Data, including information about your interaction with our Services, with government authorities ... in compliance with the law (i)" (OpenAI)

"We may disclose personal data to governmental regulatory authorities as required by law" (Claude)

"We will share personal information outside of Google ... to: Respond to any applicable law, regulation, legal process, or enforceable governmental request" (Gemini)

The amount of valuable information fed to the systems voluntarily is staggering. It's not a matter of "if" it is happening, but "of course it is". It would be outright negligent if they weren’t capturing and disseminating it all.

https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act#Without_a_court_order

#privacy

"Never have, never will." Promise, shmomise.

This is some bullshit, Mozilla.

https://github.com/mozilla/bedrock/commit/d459addab846d8144b61939b7f4310eb80c5470e#diff-a24e74e4595fa85440a2f4e7e5dcfe68aba6e1e593aef05a2d35581a91423847

And the explanation is bullshit, too, and sounds rather annoyed at having to explain to us silly users that *of course* you have to "share some data with our partners".

https://blog.mozilla.org/en/firefox/update-on-terms-of-use/

A very good use of Gorton.