Cendyne @[email protected]

Blog https://cendyne.dev/System name YellowPronouns No third person pronouns for me please, just say Cendyne / you

#cryptography and cloud infrastructure naga #infosec #appsec
Not into internet fun money

Joined Dec 21, 2022

CendyneHi there, I'm Cendyne. While I go as a lugia snake online, I mostly write about security, cryptography, application design, cloud infrastructure, and soft skills around getting work done on my website.I've been a software developer for over a decade and now manage a small team for platform and security engineering at a small company. I welcome feedback on what I write.

deaterit took a really long time to get here but I finally have a proper Atari 2600 Myst cartridge...

CendyneYummyRecaptcha was broken on the latest iOS build released for no good reason, thankfully we had a client side flag sent from the server to disable it. And a corresponding server configuration to ignore its omission from iOS clients.Two weeks later, threat actors who think they are clever pretend to be an iOS client sending JSON with illegal characters scattered throughout while trying credentials for one email across tens of IPs. Sorry buds, that actually made it more visible.

CendyneI just heard "bathrooms in every apartment" called a "luxury amenity"

CendyneThat sure is a lot Though I do like the idea that if a password is sufficiently long, it does NOT have to be recycled every 60-90 days.

CendyneLove to find confidential documentation PDFs served over HTTP (not S) covering information not found on YouTube, stack overflow, or random blogs that use PHP to write device data streams.

CendyneI'm not sure who at spotify needs to know, but if you loop the same song over and over for 4+ hours, it starts looping ~20-40 seconds at random from the end instead of the start of the song.

CendyneToday I learned that ESC/POS page mode exists.Which can be used to define a buffer of data that can be drawn like a canvas, I guess.

CendyneAWS blocks people from using the Google Titan key and iCloud backed passkeys.WHY

CendyneI'm reading that <a href="https://portalanterior.ine.mx/archivos3/portal/historico/recursos/IFE-v2/DS/DS-GacetasElectorales/2014/gaceta-150/GE_150_021.pdf.pdf" target="_blank" rel="nofollow noopener noreferrer">Mexican INE IDs</a> use RSA 2048 signcryption You have to contact the government to get a public key to decrypt the content.That answers my core question: it is not AAMVA compliant. Some information is available if one has a key.It has publicly decryptable content and privately (symmetric key) decryptable content.

Cendyne> crosvm, a Rust-based Virtual Machine Manager (VMM), provides the glue between the hypervisor and the AVF frameworkAt first I was like "is this going for the rewrite in rust hype?"And then I remembered the host infecting tricks through the baseband controller as disclosed at DEF CON being written in C.Please, yes, more rust based low level components!

CendyneWhen is kubernetes coming to android??

CendyneIf you're wondering, how does the MRZ handle other languages? Not well, IMO, but that's what you get using <code>[A-Z0-9<]</code> in <a href="https://en.wikipedia.org/wiki/OCR-B" target="_blank" rel="nofollow noopener noreferrer">OCR-B</a> font.There's a translation process for Arabic names, to and from.Most others use <a href="https://en.wikipedia.org/wiki/Anglicisation_of_names" target="_blank" rel="nofollow noopener noreferrer">anglicized</a> into that limited charset. Japanese like ほのか becomes <code>HONOKA</code>.

CendyneIt looks like if you want, for what ever reason, to have both a PDF417 encoded license in the USA and a Machine Readable Zone (MRZ) on your license, then you need an "<a href="https://www.dhs.gov/enhanced-drivers-licenses-what-are-they" target="_blank" rel="nofollow noopener noreferrer">Enhanced Drivers License</a>".Only Michigan, Minnesota, New York, Vermont, and Washington offer this type of identification.

CendyneInstead, those in the USA and Canada have card using the <a href="https://www.aamva.org/getmedia/99ac7057-0f4d-4461-b0a2-3a5532e1b35c/AAMVA-2020-DLID-Card-Design-Standard.pdf" target="_blank" rel="nofollow noopener noreferrer">AAMVA DL/ID Card Standard</a>. This data is encoded in <a href="https://en.wikipedia.org/wiki/PDF417" target="_blank" rel="nofollow noopener noreferrer">PDF417</a> on the back.Some samples online appear to have a machine-readable zone too, I was not sure what contexts that was true for.

CendyneIn case anyone else wondered what was on their passport or ID card with a bunch of <code><<<<<</code> everywhere, it is called a "Machine Readable Zone" (MRZ)Which is documented in "<a href="https://www.icao.int/publications/pages/publication.aspx?docnum=9303" target="_blank" rel="nofollow noopener noreferrer">Doc 9303</a>".I was curious why my passport and passport card had this, but not my drivers license.

CendyneAnother day another time I curse the fact that l and I look the same unless you use a <code>monospace font</code>Transcribing passwords sucks

CendyneToday was my first day using an iCloud stored passkey through Chrome and I cried happily inside.

Cendyne boosted

Firefox support for #passkeys on macOS is in active development and coming along nicely!

CendyneSeeing <a href="https://meow.social/@adelair" class="u-url mention">@adelair</a> talk with a friend with a signing interpreter was really heartwarming at MFF

CendyneDoes anyone look forward to the day when brain implants are common, so anyone can broadcast their music like a Bluetooth speaker directly into your brain for being in their vicinity?It would be like perfume but for another sense. Ahh yiss I really want to hear Christmas music within your 3 meter radius.

CendyneThe sky walk at MFF is wobbling like a suspended bridge from a mere group of five people trotting inside. The reflection of Hyatt Regency can be seen tilting up and down.The convention center and hotels really are pushing that shared facility until it crumbles. It isn't normal to have a ~9000 ppm CO2 reading inside either.

Kelly ShortridgeI hate the gaslighting by modern e-commerce sites.You triple confirm you don’t check the “sign me up for marketing emails” box.Said emails inevitably arrive in your inbox.When you click unsubscribe, “I never signed up” isn’t even a reason you can select. At best, it’s “I don’t recall signing up.”The inability to say No feels like it’s trending towards ubiquity in tech and I am not here for it.

CendyneReally looking forward to the day when people spamming BLE adverts for fun stop doing it.

CendyneOn one hand, discovery is great.On the other hand, "the algorithm" might come next.

CendyneYou know an ebay listing is good when it is a screenshot of a facebook listing./s

ThePhDWe keep calling ourselves software engineers, but engineers elsewhere advance their industry by analyzing failures and building up tools to stop those and make them standard industry practice!But we'll just have the same 6 problems, on a regular spin cycle, for like 40 years.

CendyneHeading to Midwest FurFest!

CendyneSometimes, there is sufficient documentation, all embedded in one PDF (unlike AWS docs).Though, I ain't gonna read 1710 pages.

CendynePeak account recovery error messageReally gives confidence in their system.

Cendyne@[email protected] good to see you!

CendyneFinally! It only took reimplementing image codes 5 times because various documentations and example snippets in blogs swap information around and this printer doesn't support the most commonly documented one.BahTime for bed

CendyneIt might not look like much,But I just printed on thermal paper from a docker image over CUPS to another host with a thermal printer.I used raw as the type. Time to bang out some ESC / POS codes.

Large Heydon ColliderWell that's the best visual metaphor for "AI" I've seen.

keat 🗿🏳️‍🌈 :mlm:microsoft paid $13 billion for this technology

CendyneAll enabled by incentives that no longer match the world we are now in.Incentives that promote publication of any information.Even if it is wrong, untruthful, harmful, and leads to the health or financial ruin of thousands of people.All these little cuts will grow distrust in the systems around us.And isolate us as we vibrate in anxiety and worry and reach out to extreme groups to feel some sense of stability and source of reason in this world.

CendyneAnd so, Australia doesn't exist anymoreIt might be debatedIt might have a lot of conflicting news coming outAustralia might be contented for in his imaginary battle of facts and made up lies

CendyneIt is powerful, and it can be wrong, and now all the wrongness is compounding into search engines that don't know any better. They've never had such a malicious attack on information until now. It is at a scale literally incomprehensible to the layman.

CendyneAnd yet, I hear people are turning towards it, because suddenly it is so much more accurate, at times, than the Google we know now today. A Google that has optimized towards making so much money at satisfying more and more general queries that they've lost sight of and deprioritize the incentives of truthful, accurate, and informative material publication.Yes, people find a hallucinating machine more useful than Google at times.

CendyneOne might say, well ChatGPT didn't hurt the person, the person did it to themselves. It's just a machine, it can't be blamed. The terms and services offload that liability to the user. They should know this information might not be trusted.

@[email protected]

Cendyne @[email protected]

Recommend

Transport packages with one key stroke: install with TRM – Part 2

The growing abuse of QR codes in malware and payment scams prompts FTC warning

谷歌败诉！Epic Games反垄断案3年后迎来结局

Federal Gold Coin: A Game Changer in Trading and DeFi

System Email Notification Status Report

10家企业角逐，知名投资机构助阵，百度智能云千帆AI加速器Demo Day举办

故障频出后，互联网巨头要更重视“运维”作用

Creating a Happier Workplace Is Possible — and Worth It

巴黎欧莱雅携手巴黎时装周，零距离追踪值得美一场

Use Strategic Thinking to Create the Life You Want

About Joyk