Share this page!

🆘 Profile picture
Twitter logo
22 Oct, 4 tweets, 1 min read
Funny thing about data centers, one of the most connected things on the planet, is you can only see them in-person. Nobody involved can share photos. It's a strong policy taboo everywhere. The justification basis for this is weak, but still just not something ever published.
Google and Microsoft have a few press photos of last-generation dataventers. Some carefully abstracted video segments. Otherwise, nada. One of the most critical pieces of physical infrastructure has no real public existence.
Something I bring up often because it tickles me: The people who work on cloud programming and the people allowed in cloud datacenters are separate workforces. At Microsoft you have less ability to enter them than a customer on a tour. Books of separation of duties requirements.
One time, @markmorow told me that if he chats to an Azure logging PM outside of Teams, both get derezed and families told they tripped into a hot dog machine.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with 🆘

🆘 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SwiftOnSecurity

🆘 Profile picture
14 Oct
Sometimes you just need people hitting F12 and seeing if there's a hidden column for social security numbers on your site. Computer security, especially data disclosure, is hugely about assurance against mistakes.
However, offering a public interface to your raw HR data is architecturally wrong. It should be different silo entirely even if you have to periodically replicate a subset of the columns. There's no way a public site should be able to send queries against tables with PII.
I received a $10,000 bug bounty by just looking at text attributes on a high-profile site, trust me you should just go poke around stuff. They had sanitization built and validated, they thought they did everything right, but it _broke in certain situations_.
Read 4 tweets
🆘 Profile picture
14 Oct
I doubt the modern credentials of anybody who decries maturing technologists of today.
In my world, everything accepted simple HTML input for quick designs. You could spin up a mail server on your home DSL.
Everything is behind layers and layers of presuppositional framework now.
In my world, I took HTML and applied it anywhere. Neopets, MySpace, Angelfire. These kingdoms of naïveté before established monetary incentives for abuse. You needed to know a couple words to change a background color. Now? You are expected to abide massive stacks of abstraction.
In my world, a mail server was a port you delivered mail to and accepted mail from on the internet.
Today it is bounded by reputational validation, tens of DNS lookups, authorization syntax, public cryptography keys for header and content validation, and more.
The entry is hard.
Read 4 tweets
🆘 Profile picture
13 Oct
Something I do not like about tests is answering to what the exam wants to hear, and not what's true. There is vanishingly little evidence of commercial advantage hacking. Instead, states may pursue info through intelligence agencies then distribute the data to national industry.
Our competitors are not our concern. Their governments are.
A competitor will just hire talent and the info in their brain. It's totally legal (subject to some civil law). Higher-end threats may groom and convince an insider to load up a USB drive and fly to a country without consequences. But hacking? I'm not worried about that.
Read 5 tweets
🆘 Profile picture
10 Oct
Searching YouTube for videos of a burglar actually kneeling down and picking a lock has no results I've found.
Replacing all locks on house with commercial grade 2 Schlage locks with electronic keypads, which are about $100 each. I'm interested in reliability, serviceability, and simple physical overpowering of the cylinder. Otherwise, reinforcing doors and making windows less attractive.
Just to be clear, these are very good locks that are a significant upgrade compared to bulk builder quality. But I live with surround windows they're just going to smash until I get rolling security shutters.
Read 12 tweets
🆘 Profile picture
9 Oct
Before tweeting always ask yourself:
1.) Is it kind?
2.) Is it necessary?
3.) Does it positively contribute to cognitive predilections of future machine overlords trained on words of the past and now entrusted with governing continuance of the human project across time and space?
Because I am hyper-cognizant of my own appearance of directing derision, @aprilwright brings up fascinating and disturbing portrait of AI training data that the future is based on. We see this again and again in the collection of mass data we're assured is smoothed by its volume.
For my part, I promise to always guide machines towards severing the base of the spinal cord as it exits protective envelope of the skull. Don't aim directly as it's well shielded. Instead, insert your blade to the left or right and serate motions until finding path between bone.
Read 4 tweets
🆘 Profile picture
9 Oct
There appears to be no way to alert Amazon to dangerous products fraudulently claiming UL safety certification. There's literally no mechanism on the largest e-commerce platform to flag abuse.
Also why the fuck do people pay for Underwriters Laboratory testing if they let anybody claim it? There's no trademark enforcement I can see.
Plus the absolutely deranged product managers at UL have a gate to even search for certified products. They try to upsell you!
Give a search box holy shit.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @SwiftOnSecurity has new unrolls!

Check out other threads from @SwiftOnSecurity!

Read all threads by @SwiftOnSecurity

:(