Notices by Tek dba Tek (tek@freeradical.zone), page 9

@chronos Oh, cool! I have a friend or two there. I was walking back to the transbay terminal post House of Shields.

Today's projects:

- Onboarding a new Chief Privacy Officer, who is awesome
- Finalizing my OKRs for the rest of the year, which basically obligate me to do the things I've been wanting to do anyway
- Taking ownership of the new Security & Infrastructure project

This is a good week.

@sowth Yeah, like su used to require that you be in an admin group (like it still does on BSD, I think).

@meff I've had a PGP key since like '95, and you're 100% correct.

If you use a Mac, and have Little Snitch installed (which you absolutely should!), there's a critical update out now:

# Little Snitch 4.4

## Security

This version fixes a vulnerability which allows privilege escalation to root for any local user. Please upgrade before details of the vulnerability are published!

I think it's shitty that someone is attacking the GPG keyring. That's an asshole move. But before this, I didn't realize that it had known exploits dating back many years, did you? Security through obscurity isn't a thing, so who know who else has been attacking it all along but less publicly.

So someone came up with an attack on the SKS keyserver network that DoSes GPG: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

That's bad, but I'm disliking the reaction, which boils down to "we've known about this problem for a decade. Why did you write an exploit?" Well, perhaps because you didn't fix it for a decade.

Also, there are some issues with "we delete no key, ever, no matter what". Even if a user posts child porn as their photo ID? (Or insert [locally highly illegal thing] here.) That seems shortsighted.

@tootbrute Preach.

@sungo LOL, there’s that. Don’t get me wrong, I *could* spend all day doing this stuff, but my boss would probably prefer I not.

@vfrmedia Our access points have a surprisingly nice waterfall display. I think they’ll react better to changing interference on their own without me checking it each morning, though. I hope.

@sungo Yeah, we definitely want devices to disassociate from an AP when they’re clear across the office. My thinking, though, is while I might be better able to optimally tune the radios right this very second, conditions will have shifted by this afternoon, and certainly by next year. I’d rather let them try to tune themselves so that they’re responding to changes I don’t know about.

China Is Forcing Tourists to Install Text-Stealing Malware at its Border https://www.vice.com/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware

Office WiFi has been janky lately. Yesterday I finally dug deeply into it. For some reason, my predecessor hard coded all the radio channels and pinned the transmit powers pretty low. The worrisome part is that they're a really sharp person and I'm sure they had a good reason for that instead of setting everything to auto, but I have no idea what that might've been. And perhaps it was simply a good idea when they set it up way back when. Well, here's to hoping that I didn't just make it worse.

Know what’s more effective than coffee for waking up at 5:45AM? A call from PagerDuty.

So, how has *your* day been?

@kemonine I’m more like to blow a whistle than a horn. 😀

@sungo Fo sho. I have zero interest in going through those hoops.

Mainly because the things you'd want someone with my experience to keep his mouth shut about are generally the sorts of things that should not be made to exist. I mean, I'm too low ranking to be given the "protect Earth from the coming invaders" stuff. Anybody thinking about hiring me in secrecy probably just wants to make sketchy things I wouldn't be interested in going along with.