PaddleMaster
@PaddleMaster@beehaw.org
- Comment on What are You Working on Wednesday 1 day ago:
Schedule slips of capability installs, and fighting fake status updates. Oh joy! Nothing like having a vendor report that something is working and delivered and it’s completely missing. But somehow, it meets requirements, so contractually, they’re good.
- Comment on What are You Working on Wednesday 1 week ago:
Funding was cut by 20%. So I have to figure out what the team can’t get to.
Super fun. Also, I’ll probably start looking for something else. This stress is not worth it.
- Comment on What are You Working on Wednesday 3 months ago:
Personal project: trying to get OP-TEE to work on a rpi3. Seems like there’s some known issues in my way of success. It’s annoying. But once it’s working, I’ve got some experiments I’d like to try out.
- Comment on Router scan 5 months ago:
Looks like there’s a metasploit available. You can use that on your router to see if it’s susceptible. A quick google search indicates that this is only successful on older routers without input validation.
In general, follow good cyber security hygiene, and update the firmware on your router. If your router no longer is supported by the vendor (no more firmware updates for vulnerabilities found), then it’s old and you should upgrade.
- Comment on Off-Topic Friday 5 months ago:
I love coffee. I started with a French press, then moved to an areopress, then an espresso machine. I still use all 3, and experiment with what beans are best brewed with the different methods. Very fun hobby.
I love tea as well. But it’s to relax after a stressful day. It’s a different vibe for me. I usually go for tisane or a mild green (sencha).
The act of making coffee, opening the bean package, grinding the beans, preparing the brewing method, brewing, cleaning up, then enjoying the coffee is very zen for me. It’s like practicing mindfulness.
I cannot have coffee after like 1pm without it keeping me awake. And I certainly would be climbing across the ceiling with 5 mugs of coffee.
- Comment on Off-Topic Friday 5 months ago:
Got back from vacation yesterday. Today, the Blue Angels are practicing for their show (exhibition? Not really sure what they call it). Super fun to get to watch them play in the sky all day.
- Comment on 5 months ago:
Looks great!
- Comment on Off-Topic Friday 6 months ago:
I’d really like if this line of work wasn’t completely doom and gloom all the time. I’m burnt out of telling people what seems like extremely dramatic, doomed scenarios of the “state of security” all the time. I feel like I’m always the asshole in the room all the time.
I’m assuming any risk management or actuary job is similar. It can be soul crushing sometimes.
- Comment on "X": Far-right conspiracy theorists have returned in droves after Elon Musk took over the former Twitter, new study says 6 months ago:
And most news papers were acquired by the same handful of media companies. In turn these companies ravaged local markets and there’s just no coverage of the actual truth, even on local happenings.
There’s an article about my hometown covered by NY times or something (I forget, it’s been a few years). We had a flourishing newspaper that employed a decent amount of the community, when that article came out (2010ish) the same company had 3 reporters and 5 staff. The newspaper would cover legitimate issues locally and nationally. They had amazing journalists that promoted great things happening too (local studies, non profits doing the hard work to benefit the community, etc). Basically, the boring stuff that isn’t flashy enough for social media. And now it’s all gone.
I legitimately have a difficult time finding news stories on any platform that I can trust.
- Comment on Implementing Least-Privilege Administrative Models 7 months ago:
Some of that, yes. I work for a university that’s government adjacent, so we have to get audited pretty often. Part of that is proving that we STIG and conform to other frameworks. But within certain labs, access is remote only, so I’m not sure how they would handle having a PAW, when there’s probably just a few admin accounts that have strict rules and limits applied.
- Comment on What are You Working on Wednesday 7 months ago:
That’s neat. I’m curious about this now. With “normal” search engines that have generally gone to shit, AI chat bots are on trend to give better results. If the robots.txt file is blocked from OpenAI, can I assume it hits other chatbots? And would that extend to Google/bing?
- Comment on What are You Working on Wednesday 7 months ago:
That’s a neat project. Are you looking for trends, or something specific?
- Comment on What are You Working on Wednesday 7 months ago:
Project Management crap. It’s the money season in the government, so I get to ask for lots of money to try to do cool things.
- Comment on It’s time for a hard reset on notifications 7 months ago:
I was going to try to explain it, but realized I’m not very good at calling menus and such their proper names. So whatever I tell you wouldn’t be very helpful.
support.apple.com/guide/iphone/…/ios
Apple also has a YouTube video that’s about 5 minutes long. The article is probably faster.
I’m not a power user, so I don’t use the majority of features on my phone. I generally set my “do not disturb” at bedtime. It allows calls through from my favorite contact list and my morning alarm. I have friends that set focus time and they love it.
- Comment on What are You Working on Wednesday 8 months ago:
Sounds like a fun assignment! Glad you got some interesting results!
- Comment on What are You Working on Wednesday 8 months ago:
Sounds thrilling!!
I’ll be on vacation for our audit next week. I’m thrilled to miss it.
- Comment on Big Tech has already made enough money in 2024 to pay all its 2023 fines 10 months ago:
Gross. Can we start making fines meaningful? % of revenue maybe? I’m not an expert on this. But these fines should be more than enough to discourage behavior and not be “cost of doing business”.
- Comment on Threat Thursday - CTI, vulnerabilities and discussions 11 months ago:
We’ve got a threat briefing on all the recent PLA activity. I’m going on vacation, so I’ll miss it which is a bummer.
The hospital my partner works for had a ransomware attack. They haven’t publicly disclosed, so I’m hoping that means they had actual back ups and nothing was compromised.
Personal anecdote: so many things were breached lately. I have an extreme uptick of calls from my “best friend” Scam Likely. I get more calls from Scam Likely than anyone else, hence the “best friend” designation.
- Comment on What are You Working on Wednesday 11 months ago:
My research grant was funded. Now the hard part- executing with the goal of getting year 2 funding.
Also going crazy because everyone wants their risk reports before the holiday. As if they’ll even get read before vacations start.
- Comment on Mentorship Monday - Discussions for career and learning! 1 year ago:
There’s more than enough time. I took my time, and didn’t really get anxious about the time limit. I finished with extra time left.
- Comment on Training Tuesday - Discussions for certs, training and learning-at-home 1 year ago:
If you mean CompTIA, then yes! Security+ is a great entry level certification. It helped me land my first job outside of my internship.
- Comment on HW Security Keys - 2023 - State of Tech? 1 year ago:
YubiKeys are pretty great. I use it. I hate when you have to authenticate via sms, and apps are slightly better.
If you get a YubiKey, you can use it to authenticate into your password manager. I know some people who do only that and they use the randomize password function that’s long and would never be human memorizable.
If you don’t do that, support for the key is listed on their website. There’s enough support on various platforms to make it worth it. But I was surprised the list was so small. I do wish more financial institutions would get with it. Most of my banks only do sms.