SwiftOnSecurity Profile picture
computer security person. former helpdesk. Microsoft MVP in Security 2018-2023.
82 subscribers
Jan 11 13 tweets 5 min read
==Training Lesson==
INVESTIGATION NARRATIVE: SSH Kill la Killed 🧵

My job is to solve the Weird Problems as the Final escalation tier. I do this with generalist knowledge and practical experience.

New InfoSec/IT entrants often ask what this looks like in practice. Follow below. Image NOTE: You can mute this thread if not interested it will be long.

I have a seedbox in Europe to coalesse torrent downloads from other servers at 10gbe uplink to many other similar colocated servers hosting the content. I then collect finished over SSH file copy at my leisure.
Jan 5 6 tweets 2 min read
In 2009, I got on a helicopter piloted by my friend. We lifted off with careless abandon, in the online mode of Grand Theft Auto 4, for the first time. We were normally talkative, but we both fell into wordlessness as we flew at night through this impossible city. And I realized. Every story can be told here. Labor of untold people who toiled to Truman Show you made a city we flew by with only glance. On the streets, raced-by. There are innumerable conceits, things started and never finished. Left over from dreams aborted. But someone made this. For what?
Dec 7, 2024 7 tweets 2 min read
So my outsider impression is all cloud AI services have essentially nuked themselves in endless layers of safety and political conformance, while also desperately trying to save on compute. If you've watched o1 work it has layers of reasoning for "safety" before it answers. And that cloud AI is essentially in a death spiral of mainstreaming concerns instead of delivering. Yes you've created a corpus of the sins of humanity and you're not remotely brave enough to just be a fucking adult about what your API returns.
Nov 16, 2024 5 tweets 1 min read
The fact is as an American with raw exposure to efficient manufacturing buy-in I can easily justify a new comb, new socks, 20 plastic straws, every single day of my life. And basically none of it ends-up in the ocean. Give it to poor in Oceania it does. Perfect moral incongruity. This isn't remotely fair. And it doesn't capture other pollutants nor plastic effuse from manufacturing. But I'm not killing turtles with plastic. My straws have never touched salt water. It was imaginary. Which nonetheless we were somehow convicted under because of vibes.
Nov 3, 2024 4 tweets 2 min read
Modern mass-storage calculus is so interesting for home labs. You don't need striping for performance use NVMe. You don't need drive pooling you've got 12TB+ disks. Okay you've got a 6 drive 48TB RAID6 that could just be two 24TB you back up. You're pantomiming enterprise. There was a time you had to have immense calculations and trade-offs. Tranches of 73GB 15k RPM disks you pooled together for screaming speed, now blown away in actual cosmic magnitudes by a $40 SATA SSD. Racks of millions of dollars now in a disposable chip held by children.
Oct 24, 2024 6 tweets 1 min read
It's legit crazy how open the US military is on medical and tactics stuff. You should strongly consider their public materials especially on field treatment for SHTF. They are literally saying any challenger's logistics are so shit it doesn't even matter the plans here's our PDF. All the tactics and training of US ground troops – you can just read online it's not secret. Fuck you, you can't do this anyway, we're not going to try to pretend you can't find a copy on Limewire. Good luck dumbass.
Oct 13, 2024 4 tweets 4 min read
I cannot recommend @Examinecom highly enough if you care about supplements and medical interventions. They have expert staff that go through and monitor all published studies and give an expert breakdowns, as well as focus on specific topics and feed of research+their analysis. Image
Image
Image
Image
It's most often used by medical professionals and universities, but I pay $19 a month to get similar access and have for about a year.
So much supplement information is just not based on massive review and compromised by conflict of interest. They don't even recommend products. Image
Image
Image
Image
Oct 10, 2024 5 tweets 2 min read
Everything fucked up with latter GenZ is from not having to read Hatchet. They're soft and weak, oblivious to the world's axioms. That is not their fault, but it is to their detriment. If you know what I say is true, it should compel tears. They were never allowed to succeed. 😔 Image It is a public good to have common cultural touchstones and shared experiences that bind us in mutual endurance of their unfolding premise. Where we control cadence, and in that, saturate our mind in blood squeezed from its medium. To abandon stories in whole is doom wrought.
Oct 5, 2024 6 tweets 2 min read
When you make a lot of money you quickly learn how easy it is to waste that kind of money and realize these people are just fucking morons Lifestyle inflation isn't even the only problem it's cumulative "not needing to find out why the water bill is so high every month" except for everything
Oct 2, 2024 9 tweets 2 min read
Unfortunately the way the average citizen models the government as essentially a dictatorship where a singular figure controls everything. Has some point in executive staffing and judicial, but even then they're blamed for the legislature's dysfunction, state and federal. It kind of speaks to the difficulty of our Democratic system that people don't actually seem to want it. Hell the Supreme Court has been picking up the pieces of cultural pressure relief for decades now, that's why I understood why conservatives wanted it. They're right about it.
Sep 27, 2024 7 tweets 2 min read
I spent a lot of my early years making objective arguments. I argued about AD schema and naming conventions for shared folders and their corresponding access rights. And the most important thing I gained was understanding that assent was the only metric. Adoption. Not technicals. In my early years in my career, I tried making pronouncements as if law. As if you can speak into the world and make fact. Yes the fact that law is fake, is technically true. But it's the bodies and guns that make that argument irrelevant. All you have in compliance, is assent.
Aug 15, 2024 6 tweets 3 min read
I was among the first in world to have a laptop/tablet at school, due to an accommodation IEP... and living in Silicon Valley. It was a Toshiba Portege 3500 I got ~2005. I was the literal first wave of the populace to do this. These are my thoughts on its impacts, looking back.🧵

Image
Image
Giving students electronics is generally not a good idea. It is not a replacement for books. I've looked in despair as this has happened. I loved my machine, it helped. But I had my Windows XP Tablet before schools had WiFi. Before there were online apps. I used OneNote offline.
Aug 13, 2024 5 tweets 1 min read
There is just a level of destiny, of purpose, seemingly not appreciated at-large. The US and its allies built weapons of war for a single purpose. An opponent of doom, under auspices of preventing the greatest calamity in the history of Man.
And now its void-fillers are target. Generations of technology earnestly endeavored under cause of never succumbing to invasion – and thus preventing it. All that purpose, imbued into stored product. Mislaid but appreciated by soldiers of another worldly action. Now, returned to the chance of original fulfillment.
Aug 12, 2024 8 tweets 2 min read
I imagine it can be hard to start with nothing to do, but learning to endlessly optimize and improve in small ways showed me how much time I could free up. Went from 14 Helpdesk ppl 10 years later to ~5. And so I had free time to run this account too. That work made me who I am. Note the downsizings were not my idea and would have mostly happened regardless, the point is I increased free time as resources shrank. That's the dumb business assumption of how it's supposed to work but rarely actually does. But you can do it for yourself. For your career.
Jul 30, 2024 5 tweets 1 min read
Free advice, worth what you paid, for reasons I won't convey: Confident incorrectness is very dangerous in high-level work. It's been made clear to me if I don't know something for a fact as of today and the CISO asks, you go check first. You are not here to bullshit visibility. Something time in IT and Cyber teaches you is the sheer monumental weight that "incorrect assumptions" and "configuration drift" cause. It's basically everything. You're getting paid to find out how your system is configured RIGHT NOW, not HOW YOU CONFIGURED IT YESTERDAY.
Jul 27, 2024 8 tweets 2 min read
wtf Temu's email unsubscribe link goes to a webpage that says your WiFi is disconnected Image Here's the link, stripped of my identifying information. If you click unsubscribe on Temu the website says your WiFi is disconnected. Over HTTPS.
temu.com/bgms_unsubscri…
Image
Jul 25, 2024 4 tweets 1 min read
I have C-suite asking for how we and our vendors are planning to avoid a Crowdstrike scenario. If you're a security vendor you need to document this right now and also get on improving it. There's discussions about risk reductions. Crowdstrike situation is putting a very firm pressure on removing software agents without mandatory need, especially kernel-mode. This is real I'm in the middle of it.
Jul 22, 2024 6 tweets 2 min read
Something really undersold in the Taylor Swift discourse is how fundamentally she has altered the discussions and power of musicians in licensing deals. She's a star even to stars, with enormous cachet amongst peers. Her maneuvering is just all-encompassing in strategy to win. You'll hear from people even early in Taylor Swift's career how much she did not want to be simply managed, she wanted to know the business and how to rise. Her positioning as a teen girl darling completely obscures her machinations. Which were shunted, then rose like a phoenix.
Jul 20, 2024 6 tweets 2 min read
The correct answer is a fully validated and controlled execution environment needing no antivirus but we've made an industry of bandaids for a fundamental error in our approach. I could heartily debate this position, but it is worthy questioning the fundamentals of our assumptions.
Jul 19, 2024 5 tweets 2 min read
Note this will not work if your machine is bitlocker encrypted without getting the recovery key for each machine... You could build a PXE boot WIM file and have it execute a fix script but that will require telling everyone how to boot over the network. Very few have this skillset though and will likely require reconfiguring every network to do DHCP relay and won't work if machine locked down.
Jul 17, 2024 11 tweets 3 min read
Story time on having a criminal history: In my first job they needed help with a surge of laptop replacements and new hires, we were getting pallets of 50 laptops delivered and deployed. They brought someone on light on experience, but decided to give him a chance as a temp.🧵 He was 95% cool but there were these rare weird moments where you weren’t sure, then it passed. Anyway I also had come from getting a chance taken on me, so whatever. We work together a few months, he handles a lot of the laptop swaps. Then a coworker goes to the IT storage room.