Running a business is hard, but rewarding. Definitely not for everyone, but being true to yourself and holding everyone (yourself and clients) accountable is important.

Cleaned up the code and published the source for the Ollama Alt Txt Generator Chrome extension

It will not be published to the Chrome Web Store, so you'll need to load it as an unpacked extension.

https://codeberg.org/hrbrmstr/llamalt-txt

@sawaba congrats on finding a pack of TimTams in the US… sounds like you thoroughly deserve them 😀

We sponsored and printed out copies of @PagedOut #6 for SecurityFest and as I’m reading through it I’m not even mad about the messed up font, I just miss good old paper fanzines. PDFs are great but just don’t soothe my old soul the same way.

Found a version of Qwen 3 that had thinking off by default ( /no_think is wonky). Wired it up in my Ollama<->MCP side project & can now get output on-par w/commercial models.

It did a good job "catching me up" on 300 recent Bsky posts (attached), and no data left my abode.

https://rud.is/dl/ollama-mcp-qwen3-nothink-bsky-tool.md

One week until 0xCC 2025, we hope you're as excited as we are ✨

A huge shout out to Mel, Nae, Noushin, Negar, Shanna and Kinga for the huge amount of time and work they've put in!

Welcome @ieeespectrum to the #fediverse with this new account! A very worthwhile follow! #ieee cc: @fediversenews @fediversereport https://mastodon.social/@ieeespectrum/114580636498075304

I'm still looking for another person to call-in to my podcast tomorrow afternoon to ask a question or two about challenges with measuring their cybersecurity program. Is that you? Please reach out!
1/2

@richard An Aussie company that opened a UK branch is LegalVision… they’ve helped quite a bit with my legal documents over the years (the Australian arm of the business)

@hacks4pancakes In a highly competitive market, they don’t tell you and technically it’s prob illegal to rent auction, but if you offer a bit above the asking price you might get given the rental… or so I hear… I’ve never but I’ve been lucky in my rentals.

🔥 The clock can’t tick any faster! Less than 3 months away till DownUnderCTF happening this 18-20th July! Mark your calendars!🔥

The largest online Australia and Aotearoa (NZ) run Capture The Flag (CTF) competition is coming in HOT HOT HOT! Completely free online event open to all participants around the world! DownUnderCTF aims to up-skill the next generation of Cyber Security Professionals and to grow the CTF community in the AUNZ region.

With over 4600+ players and 2100+ teams in 2024 from complete beginners to seasoned CTF veterans, our diverse community is strong and we hope you can join us for 2025!

Show your interest here! https://ctftime.org/event/2669

Gotta yell this louder for the people in the back it seems these days.

I absolutely love OSS software & the people who contribute to it, and couldn’t imagine thinking the devs owe me anything. It’s literally free software, if you don’t like it:

- Fix it
- Fork it
- Don’t use it

democracy sausage day 🌭

@mttaggart just as good for avoiding network detection… base64 encode your payload, then add an odd number of letters at the front of the base64 string… maybe even a language word, that way when the network inspection tries to decode the base64 with an odd number of characters at the front, it will decide into junk and not show your payload. In your script that receives the payload over network, simply remove the lead characters and then base64 decode successfully et voila working payload.

@neurovagrant hi, once you find a good model to use locally on ollama and openwebui (I have an lxc on proxmox and pass through NVidia cuda from the host machine to the lxc so the model runs in the vram of the gpu through a chat interface of openwebui with ollama as the engine framework all located within the lxc. ( see https://community-scripts.github.io/ProxmoxVE/scripts?id=openwebui )

NB to get fast output tokens (words) per seconds you need to limit the model size that you use to fit into the vram of the gpu. Else you’re running on cpu and ram.

Next prompt engineering. The first thing I learnt at Google during My time with them post November 2022 (ChatGPT launch) is to “Pretext your Prompts”. Very very important to get usable output.

Eg if you ask a model for a mathematical equation answer it might give you the right answer but more likely it will give you the wrong answer as it works on advanced predictive text.

BUT if you pretext the same prompt with “I want you to imagine that you are an Mathematics Professor from MIT” and then ask your mathematical equation - your answer from the LLM will be orders of magnitude more likely to be correct.

Same with getting it to writing code… if you pretext it with “I want you to imagine you are a professor of computer science at MIT (or professional software engineer at Google) you are more likely to get less hallucinated code. Further you can follow it up with “and now I want you take this code follow secure coding practices” and you’ll get a slightly more secure code output.

Apologies for long rant, I’ve got some fun things working and wanted to share.

@neurovagrant Probably the most ethical approach is with ollama running small local models. This also gets you into model tuning for specific use cases.

#Windows #RDP lets you log in using revoked passwords. #Microsoft is OK with that.

Researchers say the behavior amounts to a persistent #backdoor.

In response, Microsoft said the behavior is a “a design decision (...) As such, Microsoft said the behavior doesn’t meet the definition of a #security #vulnerability, and company engineers have no plans to change it.

https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/

@JohnsNotHere that sounds like a similar story to me, helped to start a conference, that’s hard work, second year just went a different direction so I stepped back. Apart from that I met a good mate at a party at Defcon in 2018 and we caught up for a beer back in home city, that became a weekly drinks and is still going with the next generation of pen testers across different consultancies in the city coming together.

I know it’s hard but try something small, go out for a drink / soft drink with a couple of infosec consultants in your area and just shoot the breeze.

Worst case find your local startup founders groups and meet for coffee… it’s not the same as infosec but there’s something you can share with people.

@JohnsNotHere I know the feeling. I put my effort into creating a community within the local security consultants over the years

Boost if you want less generative AI in your tech in 2025.