# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 137
# self = https://watcher.sour.is?uri=https://twtxt.net/user/screem/twtxt.txt&offset=137
# prev = https://watcher.sour.is?uri=https://twtxt.net/user/screem/twtxt.txt&offset=37
I really don’t see the train of thought of making something so simple to implement (specifically SSO) a paid “enterprise” feature to justify a price point.
Hell, I could probably implement the feature in a couple of hours and I have very limited development experience 😅
They could also re-evaluate the price point then add more features to the paid plan (that ideally add much more value than SSO) and then raising the price when it makes sense to. So many companies do this right now anyway.
On the whole paid features for self-hosting, I ran into this issue myself when implementing a SIEM on my network. I initially implemented the Elastic stack (Elasticsearch, Logstash, Kibana) but then they go ahead and lock things like creating detection rules and sending alerts via anything other than email a paid feature 🫠
I’d be much happier if the industry switched to a one time self-hosting service with no support, with the option to purchase support licenses at a monthly cost.
I've only been exposed to using Kusto Query Language (KQL) at work for a month and a half, but I was able to edit a query to include a datatable (essentially a table that's created in memory when you run the query and is only used for that query) to replace any IDs listed in it with the proper name of the service!
Anyone have a good way of sneaking out 2 server racks, one with 2x 1U servers, out of work?! Asking for a friend 😆
On a serious note: I need to find out who to ask about abandoned server racks and servers at work. No ones used them in upwards of 6 months and I’m the only person with access to the room they’re stored in 🤔
@prologic I really like the framework, especially the repair and upgradability of them. A tad out of my price range but I’ll ask the accountant if an exception can be made 😉
Otherwise I’ll go for the PineBook. Thank you for all the suggestions!
Anyone know of any good, cheap laptops to use for just day-to-day activities (web surfing, sysadmin, web design, etc) that’s not a Chromebook? My Microsoft Surface Go I got some years ago blue screens when I plug it into my dock.
@prologic@shreyan this is part of my frustration with the regulatory conversation around TikTok right now. Sure, ban an app for “national security” reasons but US companies that harvest all data from everyone is totally fine.
The only compromise is to regulate all tracking and data harvesting.
Been trying to get a vultr.com VPS up and running to host production websites on using zs.
The default Debian and Ubuntu headless offerings come with a very unfamiliar shell that I, for some reason, can’t properly install zs on so will need to explore options for custom ISOs of a Debian/Ubuntu distro to use. Probably the latest LTS versions, I’m thinking.
@prologic Haha that would’ve have been worse! Honestly, it wasn’t easy at all. I was SUPER nervous and anxious throughout but I’ve had a lot of feedback that I came across as confident, relaxed, funny and felt natural. So there’s that 🤷😂
Last Friday, I had my first public speaking appearance, albeit internal but still spoke in front of 60+ people.
I thought I would crash and burn or run through this too quickly, but the audience made everything super easy. Never thought that public speaking would actually be somewhat of a strength of mine 😳
Moral of the story: get out of your comfort zone, you might discover something you’re good at and enjoy!
Morning yarn: I certainly enjoy putting together a body of work to teach Govt. the advantages and disadvantages of on-prem, Anything-as-a-Service and Managed Services 🙃
@prologic yeah, I can understand that. I was more thinking from the POV of lightening the load of the operators in terms of support and potential account removals without having full blown operator permissions, but I can understand if that’s not the intention of the use of yarn
Today was an interesting day. Following a suggestion (based on my skills and want to move to a more technical role) my leadership is now chasing a SOC analyst role for me. Bonus: the Director of our SOC wants me in there and they’re super nice 😊
Goals for this weekend: - Stand up a Parrot OS Architect VM. - Create a dev environment of yarn. - Commence actual work on new filter option. - Finish my future-state home network diagram (for when I move in 20 days)
@prologic bit of an edge case but depending on the number of emails you’re getting for a password reset, they could be doing a widespread attack to cause notification fatigue for when they send out mass phishing emails.
In reality, this attack would look like: Attacker uses a script to cycle password resets -> user gets fatigued due to number of password reset emails -> phishing email sent -> user uses malicious link and form to provide the attacker with their credentials.
If you’re only getting a couple of these, probably not but could also be spread across weeks or months of 1 per day. I personally haven’t seen this attack in practice, but could be a possibility
@prologic 😂 I will. I’m needing to add html as well because it’s a full re-design and doing that all in browser is proving to be a pain (work effectively can’t be saved)
Oof. I would usually go straight to sleep after putting the little one to sleep but here I am, awake and twting. Time to do one of the many things on my list to make me feel like I’m accomplishing something with my spare time
Update: went pretty well, just mostly small adjustments and a re-review by the manager, then it’s off to the Director for round 2 of 3 internal review rounds
@prologic Hmmm, once I finalise the filter menu, I think I have my next project: try to design and nice UI/UX. I haven’t really done anything to the scale before but I’m keen to have a go!
My view is, if we ever get to a point that a true “AI” can be created, something that can entirely learn new concepts by itself and exponentially expand it’s own knowledge base without being told to do so (basically what I would consider sentient at that point), humans won’t know about it until it’s significantly too late to stop it. I think that’s where the general hysteria comes from, but for now I’ll use these LLMs to spit out lists of cyber security controls to make my work _that_ little bit easier
@eldersnake@prologic I’ve personally been using screen for the better part of 5 years. I tried to get into tmux shortly before that, but didn’t quite understand it (to be fair, I never really put the effort in)
I should be available to attend at 0500 UTC! That would be 3pm AEST, correct?
Also, for those who can’t attend, is there a view to take and provide minutes? If no, I’d be more than happy to do so (75% of my job in meetings at work 😂)
@bender Oh no, the whole preferred shell thing is a plus, but I split them into 2 different applications: Windows for gaming and Parrot OS for everything else.
Recently, for the first time ever, I decided to give dual booting a try. It’s actually been working really well. I use Parrot OS (Home Edition) for daily use and Windows 11 for all of my gaming needs. Eventually, I’d like to back up just my games and format all of my storage so I can start those off fresh.
I must say, using a Linux OS as my daily driver OS has been super fun and useful, considering I don’t have to spin up a VM or WLS whenever I want to do some form of sysadmin work (I’m much more comfortable in a Unix terminal than Windows 😅)
@prologic 😆it’s only early days. Maybe you’re view will change over time! /s
The spaces are definitely too much for me to realistically use. A cool thought exercise around accessibility features for websites though!
Side note: a cool little connection between this and a govt. org. My brother-in-law actually works for a govt. org that audits Australian websites for accessibility and assigns then a score 😄
Out of interest, anyone use a secure IRC client for iOS? Ideally E2EE, but open to suggestions. I figure just going to the App Store and finding the first client may be…risky
👋 Sheesh! I’ve been gone for a good while. Lots of stuff going on between work, new sleep schedule for the kiddo and other personal things. How’s everyone going over here?
@prologic and people are trying to push for health care information on the blockchain in the form of NFTs. They truely don’t see how much of an awful idea this is
@prologic needlessly complicated and still has the exact same security vulnerabilities as web2 and it’s own security quirks that never seem to be front of mind 😅
@mckinley this is my main issue with a lot of applications of cryptocurrency. This would work just as well with traditional payment methods. I feel a lot of these applications are in effect to just avoid taxes, launder money or wash dirty money. Happy to be proven wrong
@mckinley I think that’s a fair assessment. Apart from the very top level, I feel there are a lot of good people with a lot of good intentions. I do agree that it will inevitably cross the line but it’ll be the kind of thing where a lot of politicians probably won’t care because they won’t be alive long enough to see extreme abuse of their policies and laws, which we already see with climate change inaction from the Australian Liberal Party.
Also brings up the old point of if they take away our privacy, what else would they be willing to take from us. Seems like a net negative all around to punish the majority over the actions of the minority
@prologic that’s a fair point. My thinking is really geared towards children that don’t have parents that care what happens to them, which is also an entirely different root cause. I’m still swayed in the same direction as you though
Persoanlly, I of course want CSAM to be reduced to the point of becoming non-existent, however I do hold the right to privacy, whether exercised or not, very high on my priority list these days. It’s a tough dilemma for me, that’s for sure 🤔
Interesting and tough moral dilemma: is it appropriate for Government to strip privacy away from all citizens in favour for the safety of children online to avoid the production and distribution of CSAM? I ask because there’s a podcast from the Australian Federal Police around CSAM in Australia and there was a statement that effectively the prevention of CSAM needs to take a priority over privacy.
@prologic I’ve been learning very fast that mostly investing further money into the already barebones budget IT/Security is usually seen as a poor Return On Investment. I’m sure you know from your Facebook days, but even AU companies would rather pay massive fines every 5-10 years than focusing on security. I think part of the issue is the high prices currently put on security solutions but a huge component is compliance > competence.
It’s rumoured that the attacker(s) were able to access an API that linked to a test environment that didn’t require authentication. This environment had access to Optus’ production customer databases.
For those abroad who aren’t familiar with this, Optus (an ISP) has suffered a data breach. Data that has been exposed are: full name, date of birth, address and potentially government documents such as driver’s licence, passport and Medicare number (public health care number). There’s evidence of 55 Medicare numbers being exposed in the first batch of 10,000 records that have been released today.
If so, keep an eye out on haveibeenpwned.com over the coming days. 10,000 records are being released for the next 4 days until Optus pays the extortion fee. I don’t think this is likely considering they’ve already engaged the AFP (Australian Federal Police).
@prologic Wow! You really have one hell of a representative in your area. She’s a shining example of what most should be. It’s a similar internet situation in WA, where I was FTTN with 3KMs of copper and paying for 100MBps. I truely feel your pain 😔
@prologic huh, this looks super intriguing to me. I’d be happy to test this out, so I can sandbox some things on my Rpi (been slacking on that a bit 😅)
Since it’s official, I’m now permanent in my role at work! My probation ended early due to the quality of work and willingness to do anything I’ve been tasked with 🥳
The part that surprises me is their advice to people running accounts that are supposed to not show their identity is pretty baffling. "Don't use a publicly known email or phone number" seems like a but of a "victim blame" for Twitter accepting risk that has now exposed the information of millions of accounts.
@prologic I may need your help with this whole Vultr yarnd install, if you have time over the next few days. Work has picked up again so won't have time during the day 🤣
