Between 2005 and 2010, the nation of Canada simply ceased to exist.

The threat model helps a lot.

I work for a small consulting firm. We do security assessments, but not the kind you’re looking for. I don’t want to sell you anything.

From your intro here, I would expect to book a resource on this project at 50% utilization (to avoid burnout) for about 3 weeks. One week of assessment, one week of report writing, and we’ll say a week of overhead / buffer (to get things rolling / ask questions / interviews / report readout). That’s a total of 60 hours.

My employer is expensive; we charge about $300/hr per resource. That comes out to about $18k. I would call this an upper limit (though in truth there is no upper limit. If you put multiple $700/hr resources on a project and let them bring in SMEs, things get expensive fast)

If you haven’t done a security review before, I wouldn’t worry - you aren’t ready for the $18k service, or the $1k service. You will need a 3rd-party certificate eventually, but right now all you need is trust from your userbase, and openness and transparency are a good initial strategy.

When it’s time, throw a hundred bucks at a local college student who’s into cryptography. Then fix / address all their findings. Then go for the next level, and fix their findings. There will always be findings; what you are buying is user trust. The more in-depth the review, the more trustworthy - but you don’t want the expensive service to be distracted by things a college student could have caught.

I am intoxicated and rambling - let me know what questions you have :)

Arch-packaging-haskell moment

If youtube manages to stop fast forwarding, maybe at the very least we could auto-mute, and maybe overlay photos of puppies or something

My apologies, allow me to elaborate - grayhatwarfare.com is a cybersecurity company that crawls and indexes publicly-available blob stores, like s3 buckets, azure storage accounts, digital ocean spaces, and google cloud object stores. They offer limited search capabilities for free, no account-wall.

They are a legitimate cybersecurity company, despite their name.

My employer is working on a sensitive data scanning service, to alert clients in case their information surfaces in these buckets (even if they do not own the bucket), leveraging the grayhatwarfare api. In short, allowing us to detect and remediate the problem, which I hope you will agree is a white-hat activity :)

I do not publicly condone breaking the law. I reserve the right to criticize the DMCA tho ;)

And if google dorks aren’t interesting enough, because google does not index enough public buckets for you, then we get to learn about gray hat warfare too :)

You are one of today’s lucky 10,000:

https://knowyourmeme.com/memes/i-crave-that-mineral

But that is a sick fact about the lichen, I did not know that.

They crave that mineral

I want to see a 600MB image upload. I want to see the upvote federation stress test lemmy’s infrastructure. I want an image so wide that my app crashes. I want to see how far we can push this before admins need a database upgrade to handle it. I want to watch the system burn in the name of a wider en passant.

I’m happy to revisit and explain, but I don’t have much time to type right now - the wikipedia page for estonia has great info; you will need a basic understanding of cryptographic hashing and merkle trees

I pay attention to credit card readers.

I have gotten to know their makes and some models. I have developed preferences. When I go to a run down establishment and they have a nice reader, I am pleasantly surprised. I know that walmart uses ingenico isc250s, and they do not support tap. I know that dunkin has high quality readers, and sometimes tim hortons does too, but less frequently.

When leaving a place, I might say something like “damn, you don’t see that model of verifone very often”, and my friends will look at me funny.

Semi-related, did you know that most receipt printers have embedded telnet servers in them?

At what point does a collection of microservices become a monolith that uses http instead of a bus 🤔

Please continue making hundreds of beavers gifs. It is an absolutely incredible movie.

Those things are awesome. They weigh next to nothing, the small ones have 60 inhales in them, and a single hit is night and day when running at high altitude. A buddy didn’t have time to acclimate before a race, so we got him one as a joke, and it unironically helped him a lot

As “down”, I hereby grant maculata retroactive permission to make the above joke; and formally proclaim that I found said joke to be at least somewhat amusing

This is cyberpunk as hell, and awesome.

Unfortunately apple does not expose mac addresses to apps, so iPhone users can’t do it :(

I can’t help but be curious, does udm=13 or udm=15 do anything?

Markdown + pandoc means it goes through an intermediary latex template on the way to pdf land - which means your markdown can be a bastardized mix of markdown, html, latex commands, and sometimes more ;)

I absolutely love R markdown! Being able to iterate on your analysis and report at the same time is fantastic

Had to write a paper in college with 100 citations.

We used zotero for citation management, and it would dump a bibtex file on demand.

The paper was written in markdown, stored in git, and rendered through pandoc. We would cite a paper with parentheses and something resembling an id, like (lewis).

We gave pandoc a “citation style definition”, and it took care of everything. Every citation was perfectly formatted. The bibliography was perfectly formatted. Inline references were perfect. Numbering was perfect. All the metadata was ripped from pdfs automatically. It was downright magical.