Sergey Shkundaleu @archit3ct@social.ssbx.dev

Been experimenting with ESP8266 NodeMCU. Apparently using D8 for input puts is a bad idea, back to drawing board to resolder some components.

Sometimes ignorance of manufacturers is astonishing, and being Linux user you have to fight through that ignorance every day. So I am glad to announce that I completed quest of connecting those headphones to my laptop. Those won't pair, for no reason, so as a work around I had to trust that device in bluetoothctl then I removed device from BT setting and then :) I was finally able to pair. Beats decided to ignore part of the market, for no reason, but sounds is comparable to my Sennheiser.

Feeling lucky, got that prize at #CSC9 as usual really awesome conference put together by NTXISSA

Awesome, we are getting schooled on what you should not do as you deliver presentations. Basically master class on how you can take very interesting subject and ruin it by delivery, I am debating with myself on whether I should jump in front of the audience and offer to deliver presentation off of his slides. Unfortunate anomaly at the really awesome conference. #CSC9

It's a most wonderful time of the year: CSC9 conference. It's been virtual last year, good to be back in person. Also nice opportunity to earn some CPE. #CSC9

If you run GitLab you probably want to update your servers ASAP. Looks like things being exploited and turned into botnet to launch DDoS attacks. https://therecord.media/gitlab-servers-are-being-exploited-in-ddos-attacks-in-excess-of-1-tbps/

For those who follows development around CMMC model it seems there are some very significant changes coming with 2.0 version. Those of us who has been in software development long enough would feel dejavu moment and certainly recall Angular 2.0 release. Here is the link you can start your deciphering journey https://www.acq.osd.mil/cmmc/assessments.html #CMMC #cybersecurity

Security is a complex exercise, and there could not be any rush in protecting sensitive data. Aside of fact that vaccine passports are infringement on people freedom, governments should have asked themselves is this information that can be handled by startup. Unfortunately we see an opposite, governments around the world buying those type of apps from startups who are in gold rush mode to deliver, because window of opportunity to get their hands on budget money is short.
https://blog.malwarebytes.com/privacy-2/2021/09/vaccine-passport-app-leaks-users-personal-data/

Cloud providers came together with set of Trusted Cloud Principles. You may ask what's wrong with this, looks like really nice initiative. However if you look closer, it's skewed towards cloud providers ability to access/store your data. One very important piece is missing in that initiative is ethical behavior of those providers and equal opportunities for legal expression. In other words there is nothing about those providers censoring you when you view is different. https://trustedcloudprinciples.com/

Another day another rootkit. There was an interesting exploit made public couple days ago, that allows attacker to stay hidden from view point of Windows subsystems in charge of security while having quite a bit of an access to that PC and of course company that identified ability to exploit offering their services to protect PC's ... quite suspicious ... https://thehackernews.com/2021/09/a-new-bug-in-microsoft-windows-could.html

If anyone still had an illusion that social media platforms are about purpose, social good, here is article for you. They only care about ways to exploit networking effect for as long as it increases their bottom line, thus people with large audience, politicians and etc are exempts from rules defined by platforms. Rules are for regular people and people are just a product being packaged and sold to advertisers. Ethiork helps you break free of those giants. https://www.wsj.com/articles/facebook-files-xcheck-zuckerberg-elite-rules-11631541353?st=g3pys94rcdk8h9r&reflink=share_mobilewebshare

#privacy

Microsoft disclosed Zero-Day vulnerability 2 days ago about remote code execution that is exploited through specially crafted MS Office documents. Please be careful and better refrain from opening any docs from untrusted sources. It sounds like actively exploited targeted attack. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444