FoxQuirk 🦊 @quirk@computerfairi.es

well my direct manager has scheduled a meeting with my team later today about a return to office plan, so I guess it's time to make a #fedihired post again

I've got a few years of DFIR consulting experience at my previous job with a big 4, I have a few years in this role as a CSOC IR Lead at a large (10K+ employees) company, I have my GREM certification, and I'm Canadian and live in Canada and want to continue to work from Canada (just remote). I've got some devops experience with my personal projects (like my twitch bots and this Mastodon instance) and I am not a programmer but I can program in... a few languages (I like Rust a lot, but also Python, and C#, and I'd love to learn Go or Zig or something). I'm also pretty happy to just sit down with Excel and a plaso timeline and scroll through it to find evil.

If you've got any leads or connections to a full time remote-only job in or adjacent to security that could use my skills, please hit me up--my DMs should be open, as should my email (demize[@]unstable.systems, though I'll use a different one in your HR system). Just make sure it's open to Canadians!

Gonna bump my #fedihired post again. I’m now much more urgently looking to move on from my current job, and would appreciate any leads (either Toronto-based or remote and willing to hire Canadians. Might be open to relocation if necessary.)

people bragging about how many hours they work smh

That video also referenced at the end another really good video I can recommend:

The World is Not Ending by Sophie From Mars
https://www.youtube.com/watch?v=DalnJ-isI5A

Watched a really good video, give it a watch!

Art in the Pre-Apocalypse by Jacob Geller
https://www.youtube.com/watch?v=O9N7Awpk9lE

can't stop thinking about this more perfect union video about how much public money is wasted on ivy league schools where they argue for forcing princeton and harvard to enroll more students. no, let them stay exclusive clubs! just take away their money, nationalize the university rating system, and increase funding to public universities instead. i don't want more people to get an ivy league education i want "an ivy league education" to be a relic of the past we've long since outgrown

‪real talk, the gameplay loop of hitman is great if you struggle with social situations, in particular if tiny things you did or say haunt you later because they're embarrassing. in the world of hitman, the timeline ends the moment you walk out the door. there are no regrets!‬

hitman is a fantasy game. you get to embody an attractive guy in an incredibly well-fitting suit and glide effortlessly through the world, complimented but not remembered wherever you go, and get away with terrible violence :)

I have a friend who’s really into lossless audio.

I give her a lot of FLAC for it.

​

I walked down a street where the houses were numbered 64K, 128K, 256K, 512K and 1MB. It was a trip down memory lane.

"Why are you working on C?"

I wrote this in an e-mail to people, but I figured I'd copy part of the response here since people keep asking.

…

     We have people writing critical software. They are not migrating to new software anytime soon (modulo regulation-based incentives). But they have serious problems. Everything from vulnerabilities that are used by nation-state actors to quell dissidents, to not being able to change a typedef like intmax_t because the functions tied to it are baked into specific named symbols in an invisible way (ABI), to constantly seeing people's names getting butchered by Airlines, Databases, and Governments because they're using software that relies on the C locale and mangles names.

     These are C problems. Not C++ problems. Not Java problems. Not Rust problems.

     C problems.

     My job is to solve C problems. That's the motivation. That's the coherent plan. When we stop having long-term, 20-to-40+ year problems, with 30+-year implemented existing practice that we never standardize despite it solving a wide variety of problems, that's when I'll stop writing C proposals.

"A security researcher uncovered a Twitter vulnerability in its link shortener. The vulnerability allowed an attacker to craft a malicious URL that, if a user clicked on it, would grant the attacker access to the user's account. The researcher reported the vulnerability to Twitter's bug bounty program, which closed the report as not worthy of a bug bounty. So the researcher published the vulnerability. Immediately Twitter takes its link shortener offline for hours while they fix it.But the press is only reporting on an hours-long X/Twitter link shortener outage, and has completely missed the security issues that led to it.Molly White's coverage of the vulnerability (sorry for the Xitter link but that's just the problem, literally no one else is covering this): https://twitter.com/molly0xFFF/status/1734965774517768471 "

Disclosure: https://x.com/shoucccc/status/1734802168723734764?s=20

(All quoting a friend on a private slack)

Nest