# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 137
# self = https://watcher.sour.is?uri=https://twtxt.net/user/screem/twtxt.txt&offset=137
# prev = https://watcher.sour.is?uri=https://twtxt.net/user/screem/twtxt.txt&offset=37
@prologic wow…
I really don’t see the train of thought of making something so simple to implement (specifically SSO) a paid “enterprise” feature to justify a price point.
Hell, I could probably implement the feature in a couple of hours and I have very limited development experience 😅
They could also re-evaluate the price point then add more features to the paid plan (that ideally add much more value than SSO) and then raising the price when it makes sense to. So many companies do this right now anyway.
On the whole paid features for self-hosting, I ran into this issue myself when implementing a SIEM on my network. I initially implemented the Elastic stack (Elasticsearch, Logstash, Kibana) but then they go ahead and lock things like creating detection rules and sending alerts via anything other than email a paid feature 🫠
I’d be much happier if the industry switched to a one time self-hosting service with no support, with the option to purchase support licenses at a monthly cost.
Big win today!
I've only been exposed to using Kusto Query Language (KQL) at work for a month and a half, but I was able to edit a query to include a datatable (essentially a table that's created in memory when you run the query and is only used for that query) to replace any IDs listed in it with the proper name of the service!
Baby steps :)
@prologic Congrats! 🥳 FTTP has really been night and day in terms of speed since moving over to the East.
@prologic @eldersnake ah yes, the old anal beads cheating then defecating in a bathtub. A classic, really 😂
@prologic I was thinking of doing this with a getaway drive on standby. It’s a long elevator ride down though 😂
Anyone have a good way of sneaking out 2 server racks, one with 2x 1U servers, out of work?! Asking for a friend 😆
On a serious note: I need to find out who to ask about abandoned server racks and servers at work. No ones used them in upwards of 6 months and I’m the only person with access to the room they’re stored in 🤔
@prologic Thanks mate! You too! Hope the family has a great Xmas as well
👋 Happy Holidays from above the clouds!
When you see a domain admin account signed into an iPad for a client and it’s out of scope to mention to them 🫠
@prologic damn, that’s rough. Was trying to get zs and my yarn node up and running on my vultr VPS last night.
Oh well! Hope you holiday was fun anyways!
Well, that’s a wrap! Officially finished my last day of cyber security governance, risk management and compliance!
Ready to get started on the blue team next week!!!
@prologic I really like the framework, especially the repair and upgradability of them. A tad out of my price range but I’ll ask the accountant if an exception can be made 😉
Otherwise I’ll go for the PineBook. Thank you for all the suggestions!
Anyone know of any good, cheap laptops to use for just day-to-day activities (web surfing, sysadmin, web design, etc) that’s not a Chromebook? My Microsoft Surface Go I got some years ago blue screens when I plug it into my dock.
Open to refurbished as well
@prologic @shreyan this is part of my frustration with the regulatory conversation around TikTok right now. Sure, ban an app for “national security” reasons but US companies that harvest all data from everyone is totally fine.
The only compromise is to regulate all tracking and data harvesting.
Welp, it’s official. Moving to a more technical role than I’m currently in, in a couple of weeks, in a Security Operations capacity
@prologic yeah, I also did consider Docker. No real good reason not to. I’ll test this out tonight
Been trying to get a vultr.com VPS up and running to host production websites on using zs.
The default Debian and Ubuntu headless offerings come with a very unfamiliar shell that I, for some reason, can’t properly install zs on so will need to explore options for custom ISOs of a Debian/Ubuntu distro to use. Probably the latest LTS versions, I’m thinking.
@prologic ooooo I really like this update! I’ll have to update on my end and rollback my .anchor {
display: none;
}
@prologic Haha that would’ve have been worse! Honestly, it wasn’t easy at all. I was SUPER nervous and anxious throughout but I’ve had a lot of feedback that I came across as confident, relaxed, funny and felt natural. So there’s that 🤷😂
Last Friday, I had my first public speaking appearance, albeit internal but still spoke in front of 60+ people.
I thought I would crash and burn or run through this too quickly, but the audience made everything super easy. Never thought that public speaking would actually be somewhat of a strength of mine 😳
Moral of the story: get out of your comfort zone, you might discover something you’re good at and enjoy!
@abucci But it has a 4 at the end, so _surely_ it’s better than 3, right?!
@prologic Yarn bucks coming? Truely decentralised money to bring competition to banking? 😉😂
Morning yarn: I certainly enjoy putting together a body of work to teach Govt. the advantages and disadvantages of on-prem, Anything-as-a-Service and Managed Services 🙃
@prologic yeah, I can understand that. I was more thinking from the POV of lightening the load of the operators in terms of support and potential account removals without having full blown operator permissions, but I can understand if that’s not the intention of the use of yarn
@prologic could be interesting food for thought down the track if a pod grows big enough
Side note: the iOS app doesn’t auto capitalise at the start of a twt or after a full stop (period for you Americans out there)
Today was an interesting day. Following a suggestion (based on my skills and want to move to a more technical role) my leadership is now chasing a SOC analyst role for me. Bonus: the Director of our SOC wants me in there and they’re super nice 😊
@prologic funnily enough, I was going to ask about support for moderator roles a while ago…then I forgot 😂
@darch oh my, I didn't even see this as a question to me for some reason :S
No solid plans for now, but will have a better think when I get to it :P This will be for the web version
Thoughts on the filter menu being in this position? Other idea I had was along side the search field at the top.
@prologic Renting still. Will at minimum need to wait for the market to come down to buy haha
Got an open home today, for 15 mins. Should be fun 😅
Moving by the end of the month to much nicer house (not a townhouse, hooray!), so very excited for that.
Goals for this weekend:
- Stand up a Parrot OS Architect VM.
- Create a dev environment of yarn.
- Commence actual work on new filter option.
- Finish my future-state home network diagram (for when I move in 20 days)
Should be a productive weekend 😁
@lyse thanks! It’s fun to think outside of the box sometimes 😉
@prologic bit of an edge case but depending on the number of emails you’re getting for a password reset, they could be doing a widespread attack to cause notification fatigue for when they send out mass phishing emails.
In reality, this attack would look like:
Attacker uses a script to cycle password resets -> user gets fatigued due to number of password reset emails -> phishing email sent -> user uses malicious link and form to provide the attacker with their credentials.
If you’re only getting a couple of these, probably not but could also be spread across weeks or months of 1 per day. I personally haven’t seen this attack in practice, but could be a possibility
@prologic I wonder if the MPA is just mad at Paramount and is being petty by taking down services that make it easier to find shows and tv shows.
@prologic 😂 I will. I’m needing to add html as well because it’s a full re-design and doing that all in browser is proving to be a pain (work effectively can’t be saved)
@stigatle Just further learning for my desired job (DFIR role). Learning some python so I can provide more value for clients 😊
Target acquired!
Oof. I would usually go straight to sleep after putting the little one to sleep but here I am, awake and twting. Time to do one of the many things on my list to make me feel like I’m accomplishing something with my spare time
@prologic Hopefully not just work related 😆 My weekends have been packed recently. Looking forward to just relaxing
Resurfacing after being enthralled in games for a while. How’s everything going?
@jlj all hail the motherland 🫡
Congrats! The Kingdom welcomes you with open arms!!!
@prologic sounds like we need to…captcha the bots 😅
@eldersnake a button having a default type of “button”?! That’s insanity!!!! What next, <a> having the default behaviour of a link?! /s
At least it’s good to know that buttons have a default type of submit, even if it’s a dumb decision
@prologic thanks!
Update: went pretty well, just mostly small adjustments and a re-review by the manager, then it’s off to the Director for round 2 of 3 internal review rounds
Submitting a client document, that I worked on by myself, for first internal review today. Wish me luck 🤞😬
@prologic I’ll scope out MithrilJS and reach out if I need any help (my JS skills aren’t anything special 😂)
@prologic Hmmm, once I finalise the filter menu, I think I have my next project: try to design and nice UI/UX. I haven’t really done anything to the scale before but I’m keen to have a go!
My view is, if we ever get to a point that a true “AI” can be created, something that can entirely learn new concepts by itself and exponentially expand it’s own knowledge base without being told to do so (basically what I would consider sentient at that point), humans won’t know about it until it’s significantly too late to stop it. I think that’s where the general hysteria comes from, but for now I’ll use these LLMs to spit out lists of cyber security controls to make my work _that_ little bit easier
@eldersnake @prologic I’ve personally been using screen for the better part of 5 years. I tried to get into tmux shortly before that, but didn’t quite understand it (to be fair, I never really put the effort in)
Is tmux worth potentially switching?
@prologic I got you! I’ll only be able to attend the 0500 UTC one though
I should be available to attend at 0500 UTC! That would be 3pm AEST, correct?
Also, for those who can’t attend, is there a view to take and provide minutes? If no, I’d be more than happy to do so (75% of my job in meetings at work 😂)
@bender Oh no, the whole preferred shell thing is a plus, but I split them into 2 different applications: Windows for gaming and Parrot OS for everything else.
Recently, for the first time ever, I decided to give dual booting a try. It’s actually been working really well. I use Parrot OS (Home Edition) for daily use and Windows 11 for all of my gaming needs. Eventually, I’d like to back up just my games and format all of my storage so I can start those off fresh.
I must say, using a Linux OS as my daily driver OS has been super fun and useful, considering I don’t have to spin up a VM or WLS whenever I want to do some form of sysadmin work (I’m much more comfortable in a Unix terminal than Windows 😅)
@prologic 😆it’s only early days. Maybe you’re view will change over time! /s
The spaces are definitely too much for me to realistically use. A cool thought exercise around accessibility features for websites though!
Side note: a cool little connection between this and a govt. org. My brother-in-law actually works for a govt. org that audits Australian websites for accessibility and assigns then a score 😄
@prologic how’s the readability, minus the issues with spacing? Genuinely interested to see if this is a meaningful improvement on current fonts
@prologic Glad you like it. I’ll refine the look and feel of it tomorrow morning then 😊
@bender thanks for the perspective 😀
I’m usually a big fan of the fly in/out but perhaps the duration is too long, or not even necessary for good web design 🤔
Out of interest, anyone use a secure IRC client for iOS? Ideally E2EE, but open to suggestions. I figure just going to the App Store and finding the first client may be…risky
@prologic agreed! I’m 100% keen for this. Will need to link up over Signal to discuss details.
Consulting life certainly is tougher and more cut throat than I initially expected 😅
👋 Sheesh! I’ve been gone for a good while. Lots of stuff going on between work, new sleep schedule for the kiddo and other personal things. How’s everyone going over here?
@prologic and people are trying to push for health care information on the blockchain in the form of NFTs. They truely don’t see how much of an awful idea this is
@prologic needlessly complicated and still has the exact same security vulnerabilities as web2 and it’s own security quirks that never seem to be front of mind 😅
@mckinley this is my main issue with a lot of applications of cryptocurrency. This would work just as well with traditional payment methods. I feel a lot of these applications are in effect to just avoid taxes, launder money or wash dirty money. Happy to be proven wrong
@mckinley I think that’s a fair assessment. Apart from the very top level, I feel there are a lot of good people with a lot of good intentions. I do agree that it will inevitably cross the line but it’ll be the kind of thing where a lot of politicians probably won’t care because they won’t be alive long enough to see extreme abuse of their policies and laws, which we already see with climate change inaction from the Australian Liberal Party.
Also brings up the old point of if they take away our privacy, what else would they be willing to take from us. Seems like a net negative all around to punish the majority over the actions of the minority
@prologic that’s a fair point. My thinking is really geared towards children that don’t have parents that care what happens to them, which is also an entirely different root cause. I’m still swayed in the same direction as you though
Persoanlly, I of course want CSAM to be reduced to the point of becoming non-existent, however I do hold the right to privacy, whether exercised or not, very high on my priority list these days. It’s a tough dilemma for me, that’s for sure 🤔
Interesting and tough moral dilemma: is it appropriate for Government to strip privacy away from all citizens in favour for the safety of children online to avoid the production and distribution of CSAM? I ask because there’s a podcast from the Australian Federal Police around CSAM in Australia and there was a statement that effectively the prevention of CSAM needs to take a priority over privacy.
also very telling that the old CISO left Optus 3 weeks prior to the breach. Sounds like some very shitty decisions from the top.
@prologic I’ve been learning very fast that mostly investing further money into the already barebones budget IT/Security is usually seen as a poor Return On Investment. I’m sure you know from your Facebook days, but even AU companies would rather pay massive fines every 5-10 years than focusing on security. I think part of the issue is the high prices currently put on security solutions but a huge component is compliance > competence.
It’s rumoured that the attacker(s) were able to access an API that linked to a test environment that didn’t require authentication. This environment had access to Optus’ production customer databases.
For those abroad who aren’t familiar with this, Optus (an ISP) has suffered a data breach. Data that has been exposed are: full name, date of birth, address and potentially government documents such as driver’s licence, passport and Medicare number (public health care number). There’s evidence of 55 Medicare numbers being exposed in the first batch of 10,000 records that have been released today.
If so, keep an eye out on haveibeenpwned.com over the coming days. 10,000 records are being released for the next 4 days until Optus pays the extortion fee. I don’t think this is likely considering they’ve already engaged the AFP (Australian Federal Police).
For my fellow Australians, I hope none of you use Optus for any ISP services 😬
@prologic Wow! You really have one hell of a representative in your area. She’s a shining example of what most should be. It’s a similar internet situation in WA, where I was FTTN with 3KMs of copper and paying for 100MBps. I truely feel your pain 😔
@tkanos Thank you! Now to catch up on a bit of a knowledge gap! I’m undertaking my CISSP soon, curtesy of work 😉
@prologic huh, this looks super intriguing to me. I’d be happy to test this out, so I can sandbox some things on my Rpi (been slacking on that a bit 😅)
@prologic thanks! A lot of stress off our minds. Now we’re here to stay in Brisbane for a while 😏
Since it’s official, I’m now permanent in my role at work! My probation ended early due to the quality of work and willingness to do anything I’ve been tasked with 🥳
The part that surprises me is their advice to people running accounts that are supposed to not show their identity is pretty baffling. "Don't use a publicly known email or phone number" seems like a but of a "victim blame" for Twitter accepting risk that has now exposed the information of millions of accounts.
@prologic Sounds like a plan! See you then! 😊
@prologic I may need your help with this whole Vultr yarnd install, if you have time over the next few days. Work has picked up again so won't have time during the day 🤣
@prologic Very nice graphic. I wonder who owns that one offline Pod 🤔🤣
@prologic Will have time tonight around 8.30-9 :)
