Practical Security Strategist, Engineer, Architect and Technical Debt Advisor.
Interested in effective cybersecurity. No snake oil. No checkbox security.
To make a mistake is human but to really fuck things up you need a computer.
AI is making us write more code. That's the problem.
I analyzed research papers on AI-generated code quality. The findings:
→ 1.7x more issues than human-written code
→ 30-41% increase in technical debt
→ 39% increase in cognitive complexity
→ Initial speed gains disappear within a few months
We're building the wrong thing faster and calling it productivity.
@tante the boosters do not care. I had a coworker tell me to my face yesterday that we need to stop relying on "internal expertise" at our company, and instead hand that off to LLMs to write tests to validate everything. This was after I pointed out to him that the majority of tests the LLM wrote for him were fake, and tested nothing. You could write code that severely broke what the LLM has written for him and the tests would have continued to pass. How can we give up on the expertise we have, and give up on further building that expertise, if the tools aren't capable of doing the work? If you can't validate the output then you're guaranteed to create a catastrophic failure in the future.
Sometimes figuring out whats happening over time in the Mikrotik changelogs isn't as easy as it should be..... I made a tool to display changelog entries and data in different ways, as well as searching all changelogs for keywords. (MLAG for instance is a good search keyword).
This is still in really early public availability, but its been useful for 2 out of 2 people I shared it with and so I expect it will be useful for a wider audience.
When countries get hooked on US tech, their governments are constrained in reining in tech’s harms while most of the economic benefits accrue to the United States.
It’s time to break out of that trap — but that means challenging the Silicon Valley model, not creating our own digital colonizers.
https://disconnect.blog/escaping-the-trap-of-us-tech-dependence/
@zrail Yeah it's a shame that the RB5009 doesn't have a serial port. Almost a perfect device.
hey fellow #MikroTik enthusiasts,
Lately i have consolidated some network infrastructure. Mainly removing dedicated firewall systems where they did not much more than filtering traffic. A task a RouterOS system can do with ease. But when it comes to High-Availability setups there is a caveat: the old systems kept ruleset, VRRP interfaces, virtual IPs, etc. in-sync. Using a more flexible system, like RouterOS, it's up to YOU to keep the configurations working with each other.
To tackle this challenge I’ve created MikroSync - https://codeberg.org/securitym0nkey/MikroSync
- a tool to synchronize RouterOS configurations
- can run directly on the Router (as a container)
- OpenSource - MIT license
Consider #MikroSync early beta - though I’ve started to use it in a simple production environment.
Happy for any feedback and contributions.
Das hatte ich noch nie. Ein Post auf LinkedIn erreicht nur eine Person – nämlich mich selbst. Liegt es möglicherweise daran, dass ich die Abhängigkeit von US-amerikanischen sozialen #Netzwerken kritisiert und Mastodon als Alternative empfohlen habe? Werden Inhalte zurückgehalten, und wenn ja, warum? Könnte künftig sogar die US-Regierung Einfluss auf Inhalte und #Meinungsbildung nehmen? Wir brauchen in #Europa digitale #Souveränität, bevor es zu spät ist. 🇪🇺
I do appreciate all the work the EU has done with regulatory work around data sovereignty and the DMA. But they would still be gigafucked if the US ordered Amazon, Google, and Microsoft to cut them off. They may not even have the encryption keys accessible entirely in the EU. The fact that their data physically resides in Europe don't mean shit if a US corp can kill their whole infrastructure with a single command to lock their accounts.
You don't want to make Sloppy sad, do you? Look at that happy face ready to help you vibe some slop.
:schenklradio: Ein Spiegel-Artikel: Es geht auch ohne Microsoft
:loading:
Die Office-Software von Microsoft schien lange Zeit unumgänglich, doch insbesondere Behörden wagen nun mehr digitale Souveränität. Eine Zwischenbilanz zeigt: Die Umstellung ist nicht einfach. Zurück will jedoch niemand.
Software as Fast Fashion
Clothes have never been cheaper. These days a t-shirt is often cheaper than a decent cup of tea in a cafe. The wonders of capitalism. At least that is how it is often described. And when you point at the underpaid, gruesome labor that people in poorer regions of the planet have to do to make this possible the answer tends to be: "Well, they are having jobs and can provide for their families now, so it's reducing poverty." Now of course the situation is a bit more complex, has more angles. […]
Technical Debt as a Service
Bundesinnenminister Dobrindt zeigt erneut: Politischer Wille fehlt und mündet in Populismus und Scheintätigkeiten.
Was wir bräuchten: Das von der EU für spätestens 2024 umzusetzende Kritis-Dachgesetz mit echten Inhalten. Im aktuellen Entwurf werden Maßnahmen erst 2035-2040 wirken, Staat und Verwaltung sind fast komplett außen vor und müssen keine Notfallkonzepte haben (sehen wir ja in Berlin) und Sanktionen sind bei max. 200.000 € und...
https://www.n-tv.de/politik/Dobrindt-will-Infrastruktur-mit-Massnahmenpaket-vor-Anschlaegen-schuetzen-id30226228.html
Der Microsoft CEO findet es respektlos den generative KI Schrott als Slop zu bezeichnen?
Respektlos ist solche Massen an Ressourcen zu verschwenden und gesellschaftliche Probleme die Microsoft mitverursacht hat auf den Nutzer und die Politik abzuwälzen.
A few days ago, a client’s data center (well, actually a server room) "vanished" overnight. My monitoring showed that all devices were unreachable. Not even the ISP routers responded, so I assumed a sudden connectivity drop. The strange part? Not even via 4G.
I then suspected a power failure, but the UPS should have sent an alert.
The office was closed for the holidays, but I contacted the IT manager anyway. He was home sick with a serious family issue, but he got moving.
To make a long story short: the company deals in gold and precious metals. They have an underground bunker with two-meter thick walls. They were targeted by a professional gang. They used a tactic seen in similar hits: they identify the main power line, tamper with it at night, and send a massive voltage spike through it.
The goal is to fry all alarm and surveillance systems. Even if battery-backed, they rarely survive a surge like that. Thieves count on the fact that during holidays, owners are away and fried systems can't send alerts. Monitoring companies often have reduced staff and might not notice the "silence" immediately.
That is exactly what happened here. But there is a "but": they didn't account for my Uptime Kuma instance monitoring their MikroTik router, installed just weeks ago. Since it is an external check, it flagged the lack of response from all IPs without needing an internal alert to be triggered from the inside.
The team rushed to the site and found the mess. Luckily, they found an emergency electrical crew to bypass the damage and restore the cameras and alarms. They swapped the fried server UPS with a spare and everything came back up.
The police warned that the chances of the crew returning the next night to "finish" the job were high, though seeing the systems back online would likely make them move on. They also warned that thieves sometimes break in just to destroy servers to wipe any video evidence.
Nothing happened in the end. But in the meantime, I had to sync all their data off-site (thankfully they have dual 1Gbps FTTH), set up an emergency cluster, and ensure everything was redundant.
Never rely only on internal monitoring. Never.
And again a really nice episode. Recommend to all my fellow #blueteamers
Blueprint: Build the Best in Cyber Defense: Infiltration Alert! How to Catch Fake IT Employees in Your Network with Zak Stufflebeam
Webseite der Episode: https://www.sans.org/podcasts/blueprint/
Periodic reminder to boost the posts you like to keep the Fediverse alive.
WE are the algorithm here :boost_ok:
RE: https://dice.camp/@johnzajac/115845954658479816
Having spent all my career in preventative security I know the feeling.
