Profile picture
, 8 tweets, 1 min read
My Authors
Read all threads
I heard that somewhere on Twitter a discussion about publishing exploit PoCs arose. Good thing information security is so repetitive, and I can field most discussions by referring to previously written long-form blog posts: addxorrol.blogspot.com/2019/08/rashom…
Another note: Discussions make progress when new arguments are fielded, not when old ones are repeated, so I encourage y’all to write long-form posts with new arguments vs celebrating Groundhog Day on Twitter.
Before going to sleep, some troll-y arguments why exploits or PoCs should never be published:
Troll 1) I already know how to write them, so game-theoretically my lifetime income is maximized if my skill remains scarce. As such no teachable artifacts should exist.
Troll 2) Defenders being confused about how modern exploits work is great because it ensures that defensive resources are misapplied, ensuring sustainable economics on the offensive side.
Troll 3) Bugs in libraries have much better long term survival if no triggers are published, ensuring slower bug depletion and the survival of otherwise endangered species.
Troll 4) Mitigations for which people want to get promoted may look broken, endangering proper career progression.
I will try to think of more reasons tomorrow.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with halvarflake

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @halvarflake see all

Profile picture
halvarflake
@halvarflake
While I am sitting here with an infant sleeping on top of me so I can’t move, may as well tweet my take on capital1 stuff.
The Cap1 stuff is interesting because it points a spotlight onto the problems with our security architectures as we move from separate servers to massive distributed systems running on “the computer” (datacenter-as-computer, cloud). For individual computers, we have a security...
...model; it involves privileged and unprivileged processes, user accounts, and access control (either WinNT style ACLs, or Unix file perms). We also have Kerberos and LDAP based authentication between systems. This is not a great architecture, but we kinda know it.
Read 7 tweets
Profile picture
halvarflake
@halvarflake
With the fronts between those yelling criticism of capitalism and those yelling that it is the only solution, I always wonder: Do y’all really think in such simple categories? There are things that are magical, and there are things that are horrible in our existing economic ...
... systems, but I do not think that the terms “capitalism” or “socialism” describe them very well. Also: I get annoyed when people conflate “markets” and “capitalism” or “redistribution” and “socialism”. You can Imagine having a system with UBI and intentionally...
.... hyperinflating stores of value; such a system bears no resemblance to capitalism yet uses markets. You can have a highly capitalistic system with strong redistribution.

The ills that are plaguing us politically right now are issues such as negative externalities that are...
Read 8 tweets
Profile picture
halvarflake
@halvarflake
Sometimes I suspect that the reason why the cryptocurrency crowd and me have difficulties understanding each other is because we have different views on the origin, and purpose, of money. My view is similar to the one espoused by Aaron Brown in "Red-Blooded Risk": That money ...
... arises automatically from debt, and that it's purpose is a medium of exchange, and a *short term* storage of value (long enough so I can transact with it). The cryptocurrency people appear to mostly have a view of money as "gold equivalent" and somehow think that it should...
... be a long-term store of constant or appreciating value.

I don't know who is right, but I do know that an appreciating currency has all sorts of bizarre effects on investment decisions, and with a lot of talk about it being revolutionary, there are surprisingly few ..
Read 4 tweets

Related threads

Profile picture
T. Greg Doucette
@greg_doucette
YOU SHUT YOUR FILTHY F*CKING MOUTH RIGHT THIS INSTANT

It's a total outrage really

Ugh, the *worst*

Read 1746 tweets
Profile picture
T. Greg Doucette
@greg_doucette
I mean really 😂
Got a thread on it that ends here:

There are some additional nuances by state, but that should get him mostly up-to-speed

Basically, yes. It's not an affirmative defense but it will be an argument they make in their briefs, based on the evidence that comes out during discovery or affidavits that get filed

That language is more signaling than legal effect though

1/
Read 1708 tweets
Profile picture
T. Greg Doucette
@greg_doucette
Exactly that

Always glad to provide the entertainment! 👊

Tex. Civ. Prac. & Rem. Code § 73.054(b)

Read 1683 tweets
Profile picture
T. Greg Doucette
@greg_doucette
This was already addressed mid-thread. You do realize filing lawsuits costs money to the court, yes?

Not getting paid != going into the hole paying the court costs

The goat's still waiting...

There are a few options. Provide evidence he wasn't there or X wasn't there, or depose X and challenge X's credibility (history of lying, etc), or provide evidence X is lying (emails, texts, etc), or get on the stand to say "that's false" and pray

They're too dim to realize ppl find out about the GFMs *because* they were shared on Twitter

Read 1743 tweets
Profile picture
T. Greg Doucette
@greg_doucette
Earlier today I learned about this #StandWithVic hashtag and the total gibberish sent by his lawyers as part of a LOLsuit

Reminder to check out the defamation basics #Law140 on why this is going to end poorly for him
You seem to have missed the thread explaining the law

Not entirely surprised literacy is not your strong suit though

Witty!

Read 1651 tweets

Trending hashtags

#EcoSocialism #ODD #observations #WorkingClass #Russian #IslamicState #KHive #theatre #GDR #Klout #dead #PrimaryElection #Sulouk #protests #GamblingIsFraud #VAT #ClimateCatastrophe #Libyans #CrimesAgainstHumanity #walking #left #WFP #VincentKennedy #ResignTrudeau #sandwich
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!