Matt Hamilton (eriner) @[email protected]

ITM. For those graciously offering value-for-value for NAS:

While I have not accepted donations in the past, I will begin accepting donations (via PayPal) once I have all of the paperwork and bookkeeping in order. I anticipate this will take a few weeks. Between now and then I will establish crypto addresses for BTC, ETH, XMR, and SC.

I'll link a donation page when one is available.

Thank you all for your patience this weekend. I am humbled by your support.

Anyone on NAS have a business registered in the state of Wyoming?

Red book prediction: the US public discovers how many FTDs are floating in ex-clearing and DTCC, and that the SEC has failed in the duties provided by Congress to ensure "The prompt and accurate clearance and settlement of securities transactions". Closing delay is the only thing keeping this whole boat afloat. The revolving under-desk fellating will be brought to light, and the American people will pay the price. Again.

Oh yeah, there's no inflation by the way.

*this is not investment advice.

Can't stop, won't stop, GameStop.

Power to the players.

As PayPal, Stripe, etc. have refused service to "political undesirables" like Gab, Parler, etc., which payment processors have remained neutral?

ITM. For those graciously offering value-for-value for NAS:

While I have not accepted donations in the past, I will begin accepting donations (via PayPal) once I have all of the paperwork and bookkeeping in order. I anticipate this will take a few weeks. Between now and then I will establish crypto addresses for BTC, ETH, XMR, and SC.

I'll link a donation page when one is available.

Thank you all for your patience this weekend. I am humbled by your support.

Big upgrades to NAS performance today.

If you run Red Hat's Keycloak, update to the latest version. I found a bug that can DoS Keycloak installations with a cellular connection. https://www.soluble.ai/blog/keycloak-cve-2020-10758

Thank you, Centurylink.

New open source project, a kubectl plugin to deploy intercepting proxies for Kubernetes Services:
https://github.com/soluble-ai/kubetap

https://github.com/eriner/launchpad

Working on a Go API for the Launchpad X

If you use #kubernetes and ArgoCD, my latest research revealed five CVEs. Manual mitigations required if you're not using SSO: https://www.soluble.ai/blog/argo-cves-2020

It bothers me that Deborah Birx dresses exactly like space-lady UN Secretary Chrisjen Avasarala in The Expanse.

My latest security research is out:

https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day

@adam https://en.m.wikipedia.org/wiki/Stagefright_(bug)

"...sends specially crafted MMS messages to the victim device and in most cases requires no end-user actions upon message reception to succeed—the user doesn't have to do anything to 'accept' exploits using the bug; it happens in the background."

@adam just wanted to comment that counter to what John mentioned on the last show, it is certainly possible to execute code (on Android) by sending an MP4 without requiring any user interaction. This type of attack exploits the Android media framework. A big, well-known prior attack (StageFright vulnerability) demonstrates this.

I set up three syncthing.net relays on behalf of noagendasocial.com, value for value.

It's a real shame mastodon.social has blocked/silenced NAS. I'd love to be able to contact @Gargron to report a security issue rather than being forced to disclose it publicly on the issue tracker.

And yes, I've created an account there and sent him a direct message, however he's likely to ignore a message from a brand new account, writing it off as spam, which is not at all unreasonable.

Damn shame.