Given all the science denying, I mean "vaccine debates," I wanted to come clean about something:
At the beginning of the pandemic, I told my own daughter if they developed a vaccine in less than 12 months I'd be highly skeptical and probably wouldn't take it.
I regret that. 1/
A vaccine *was* developed rapidly and after looking at the science, it was undeniably safer than risking even an asymptomatic COVID case. Before anyone says "bah, you don't know the long-term risks of the vaccine" you're 100% right. Nobody does. 2/
But I'll counter that you don't know the long term risks of (even asymptomatic) COVID. I've looked at the science on both. On the vaccine front, there's nothing but anecdotes and fear.
But on the COVID front? There's a LOT there. Brain swelling is never good. Ever. 3/
Brain swelling may not happen in 100% of cases, but we don't know because we aren't giving most asymptomatic people brain MRIs.
Same with lung issues. I talked to an ER doc who discovered multiple COVID cases when looking at chest x-rays of patients injured in MVAs. 4/
These are people who believed they were healthy and by all accounts were asymptomatic until being injured in a car crash. When receiving a chest x-ray to check for trauma (e.g. broken ribs), the doc said the lungs were so bad, they'd have been admitted for that alone. 5/
So yeah, the vaccine was rapidly developed. Yes, the government and pharmaceutical companies have lied to us in the past. They might be lying now. But to what end?
The reality is that you can concede the vaccine represents some risk (it does) and still get vaccinated. 6/
Anyone who works in infosec knows the this is about *managing* risk, not eliminating it. If your standard for the vaccine is "100% safe or I won't take it," you're already operating in a reality distortion field.
Evaluate risk models and decide "does vaccination mitigate?" 7/
In the end, I did everything short of fraud to get it as quick as possible. Luckily, I live in GA where there's lower demand, so it was relatively easy.
Many of my overseas friends are fighting to get the same lifesaving vaccine (former) friends here won't even consider. /FIN
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Interview advice: if your Zoom/email/whatever avatar is any derivative of the Punisher logo, you're making a horrific* first impression. Even if the hiring manager doesn't care, they know others likely will. 1/
*unless you are interviewing for a job as a vigilante
This goes for all sorts of logos/backgrounds/whatever. But know that anything depicting skulls/death/violence is especially triggering for some folks. It's not for me, but I'm always thinking "will this potentially offend a customer?" If yes, you're fighting uphill... 2/
Feel free to explain why I shouldn't care, then go start your own business and connect back with me in a few years.
But forget the business side, think about people. You aren't likely to be more considerate to customers than a hiring manager. Hiring managers know this. 3/
If @GitHub (Microsoft) truly believes copilot isn't infringing on anyone's work, I want to offer them a chance to prove it: I'll donate $50k to a charity of their choice (or @EFF if we can't agree) if they release a Copilot version trained solely on Windows kernel source. 1/
This isn't a joke. It would be amazingly helpful for device driver developers. This in turn would ostensibly benefit Windows users through fewer BSODs. Add the charity money in and there's literally NO REASON not to do it. 2/
So let's set some ground rules:
Independent verification that the newly released model is only trained on kernel source
It's the full kernel source, from all versions (leave Win2k out if you want due to that pesky Java thing)
All kernel drivers owned by MSFT are included too 3/
If you're forcing someone to print and sign a document, understand that you're hurting the underprivileged who don't own or have easy access to a printer. I'm traveling this week and HAD to print something. My friend's printer is broken. This was the cost for ONE PAGE. 1/
Now that's not hurting me a bit, but also recognize it's not the total cost. The nearest place advertising self service printing was Staples, and thankfully I have a car. I'm still out just over an hour + gas costs all in. With public transit, double that (or more). 2/
The money doesn't matter. The time does though. And while my time is more valuable (measured by hourly rate), the time impact to someone underprivileged is much higher. "Pull yourself up by your bootstraps" only works if you don't rob them of time. /3
These newly disclosed vulnerabilities in tcpip.sys are a really interesting case study in why holistic security matters. Sure you should still be patching, but are your firewalls and IPs systems properly configured? If so, these probably aren't an issue 1/ msrc-blog.microsoft.com/2021/02/09/mul…
First, let's look at CVE-2021-24094/24086. Both involve the reassembly of packet fragments. If you've never dealt with issues IP fragmentation and never had to worry about the MTU across the network path, that's okay. It was a common thing many moons ago, but not much today. 2/
In IPv4 there are lots of variations in how fragments are handled, particularly for out of order delivery. It turns out the original standards weren't very clear on this so everybody did what was easy. But as IPv6 was being built, the standard is clear: no overlaps. 3/
As I continue to interact with folks dealing with the aftermath of the NYT JetBrains story, I'm calling it - the story was irresponsibly released.
The story lacks any actionable details and has collectively cost overworked security teams *thousands* of hours in response. 1/4
One defender I know called it "the NYT denial of service." I'm sorry if that hurts the author's feelings, but perspective and all...
"Officials are investigating" is hardly enough with something this big. The impact of speculation like this is HUGE for network defenders. 2/4
I get why executives are hammering security teams for assessments though.
Look at the wording used. We pivot from "officials are investigating" to "the company is unaware of any investigation/compromise" to "officials are not certain how THE compromise" (as if confirmed). 3/4