Patrick O'Doherty

Irishman in San Francisco. Amateur photographer, musician, artist and electronics tinkerer. Professional security computer comrade. Security @ Tailscale. Only together can we defeat the computers.

Patrick O'Doherty boosted:
2025-06-03

shot, chaser

The "Written using Claude" section of the readme at https://github.com/cloudflare/workers-oauth-provider/CVE-2025-4143 description with the highlighted text "Readers who are familiar with OAuth may recognize that failing to check redirect URIs against the allowed list is a well-known, basic mistake, covered extensively in the RFC and elsewhere. The author of this library would like everyone to know that he was, in fact, well-aware of this requirement, thought about it a lot while designing the library, and then, somehow, forgot to actually make sure the check was in the code. That is, it's not that he didn't know what he was doing, it's that he knew what he was doing but flubbed it."
Patrick O'Doherty boosted:
Coding Cottagecore Bogwitchforestpines@hachyderm.io
2025-05-08

As computer keyboards get smaller and smaller, I can't help thinking, that eventually we'll reach a point of no return

Patrick O'Doherty boosted:
💀 Fairchild 💀tankgrrl@hachyderm.io
2025-05-06

Anyone surprised by this has not been paying attention. Israel his routed Gaza, killing or displacing its residents in order to empty it and reduce resistance, and its intention all along was to use this as a pretense to seize the Gaza strip.

apnews.com/article/israel-pale

2025-04-15

was rummaging through my bookshelves for something and out pops a hand drawn postcard sent by a since deceased close friend of mine from secondary school. I thought I had lost it and I'm so glad that it is found. A perfect time capsule of their amazing presence and art in the world. We miss you Andy.

Patrick O'Doherty boosted:
2025-04-11

Yep. I saved hundreds or even thousands of dollars a month just from switching from Substack to self-hosted Ghost.

digiday.com/media/former-subst

I pay a roughly flat $85/month now (~$75 for mailsending, $10 for hosting), vs. 10% of all my subscription income.

Here’s some napkin math for how expensive Substack is compared to its competitors, assuming that roughly 7% of all subscribers will pay for their subscriptions, and that subscriptions cost $5/month.

Spreadsheet comparing pricing of newsletter platforms: 7% paid @ $5/mo							
	Substack	Ghost Pro	Self-hosted Ghost*	Beehiiv	Buttondown	Mailchimp**	
10 subscribers (1 paid)	$0.50	$9	$12	$43	$9	$20	
50 subscribers (4 paid)	$2	$9	$12	$43	$9	$20	
100 subscribers (7 paid)	$3.50	$9	$12	$43	$9	$20	
250 subscribers (18 paid)	$9	$9	$12	$43	$9	$20	
500 subscribers (35 paid)	$17.50	$9	$27	$43	$9	$20	
1,000 subscribers (70 paid)	$35	$15	$27	$43	$29	$45	
5,000 subscribers (350 paid)	$175	$65	$27	$78	$79	$100	
10,000 subscribers (700 paid)	$350	$99	$27	$96	$139	$135	
25,000 subscribers (1,750 paid)	$875	$165	$87	$149	$239	$310	
50,000 subscribers (3,500 paid)	$1,750	$315	$217	$219	$319	$450	
100,000 subscribers (7,000 paid)	$3,500	$565	$412	$290	-	$800	
							
							
* Assuming $12 hosting fees, but you can get this number down lower. Assumes ~weekly email sending.							
** There may be additional fees to monetize MailChimp newsletters since it’s not built-in. This also assumes ~weekly email sending.							
Flat fees calculated based on cheapest plans. Also calculated based on annual billing, if month-to-month amounts differ.
Patrick O'Doherty boosted:
2025-04-11

Could someone please help me understand why dpop (where every request requires its own signature) is preferable to mTLS (where multiple requests can be made in one authenticated channel) other than being able to implement it without having to engage with browser authors?

2025-04-08

Everyone should be so lucky as to have a colleague as wonderful as @creachadair whose code reviews are so educational and kind and have the rarest property of making me actually want to write _more_ software.

2025-03-31

Sufficient time has passed and I'm excited to share a demo and details of a CSRF vulnerability that I discovered in the popular gorilla/csrf library that has been present since its creation 😲 patrickod.com/csrf

Patrick O'Doherty boosted:
2025-03-06

Think we’ve forgotten about the time that Elon was booed so badly by fans of Dave Chapelle (of all people) that he locked himself in his office and Twitter employees considered calling the cops to do a wellness check.

What I’m saying is we can go harder.

mercurynews.com/2023/11/08/elo

screenshot that reads Elon Musk almost needed SFPD wellness check after ‘breakdown,’ getting booed at Dave Chappelle show ‘He got to a point where he locked himself in his office, was so upset’ that Twitter employees feared he would hurt himself, the author of a new book says about the billionaire
Patrick O'Doherty boosted:
mekka okereke :verified:mekkaokereke@hachyderm.io
2025-01-10

Sometimes when I talk to homeless people in the Bay Area, I ask them how they became homeless.

Sometimes, they say that they lost their homes in a wildfire.

More painful than seeing people lose their homes in a forest fire, is watching them lose their humanity, as our empathy for them evaporates.

redding.com/story/news/2019/06

In the immediate days after someone loses their home in a wildfire, our talk is full of empathy.

But as days turn to weeks and months, we stop caring *why* someone doesn't have a home, and only care *that* they don't have a home.

We start planning to throw away their remaining possessions.

calhealthreport.org/2022/08/03

Homeless people aren't different people than us. They are us.

Many homeless people just experienced a sequence of unfortunate events that led them to this place.

"No! They're drug addicts! They did this to themselves!"🤡

Again, ask people with addiction how they became addicted.

They'll tell you

sfcityattorney.org/2023/05/17/

There's a pervasive myth that people still believe about California homeless: that homeless people "come to California for the weather."

That's a lie that fortunate people 🙋🏿‍♂️ tell ourselves.

California homeless are almost all California residents (90%) who just had a bunch of bad luck in a row.

homelessness.ucsf.edu/our-impa

Anyway, I skipped the "burrito taxi" discourse, AKA the meal delivery discourse.

Because if tomorrow you lost your home and your job to wildfire, and only had your car and a few hastily gathered possessions, and you needed to earn some money?

Your car would become a burrito taxi too.

I don't care if you know how to cook food for yourself for cheap, or if you treat yourself by having burritos delivered to your house.

I care that we live in a country so cruel, that some people deliver food in the cars that they live in, while those receiving the food don't even know or care.

2024-12-12

@phire there's a spot in our neighborhood called “Jenny Burger" so my head immediately went to the simple "Jenny Bar” and I'd most def patronize such an establishment.

2024-12-12

@phire we've lost some choice spots in recent months in our neighborhood and surroundings also. suuucks

Patrick O'Doherty boosted:
2024-11-22

How do we get by with such a small infra team? Our tech lead explains how we use Tailscale while building Tailscale, which keeps her attention off finicky networking problems tailscale.com/blog/infra-team-

Patrick O'Doherty boosted:
2024-11-13

We are hiring (in the USA and Canada) for another Security Engineer to join my team at @tailscale job-boards.greenhouse.io/tails If you're a security generalist who likes solving intertwined security and product problems we'd love to hear from you. Happy to answer any questions about the role here or in DM 😄

Patrick O'Doherty boosted:
2024-10-30

got laid off in the big dropbox layoffs today.

if anybody is looking for a staff-level engineer who loves mentoring and who is an expert in web security, email security, TLS/PKI, key and secrets management, and general defense security stuff, please feel free to hit me up.

Patrick O'Doherty boosted:
2024-10-30

"This piece was originally commissioned by an editor at The Guardian, who asked me to write about the wave of retaliation and censorship of political expression in solidarity with Palestinians that we’ve seen in the past two weeks. Amid my work as an attorney on some of the resulting cases, I carved out some time to write the following. Minutes before it was supposed to be published, the head of the opinion desk wrote me an email that they were unable to run the piece. When I called her for an explanation she had none, and blamed an unnamed higher-up. That a piece on censorship would get killed in this way—without explanation, but plainly in the interest of political suppression—is, beyond the irony of the matter, a grave indictment of the media response to this critical moment in history. —Dylan Saba"

nplusonemag.com/online-only/on

#Palestine #media #propaganda #censorship #Gaza #PalestineUnderAttack #politics #democracy #hypocrisy #SupportPalestine #complicity

Patrick O'Doherty boosted:
2024-10-24

After I refused a bribe to remove a @web3isgreat post about alleged crypto pyramid scheme co-founder Roman Ziemian, I’ve now received a fraudulent copyright claim aimed at forcing me to take it down

DMCA Takedown Notice
Inbox

Michael Woods <legal.michaelwoods@gmail.com>
4:06 AM (4 hours ago)
to molly

Michael Woods
Address: 1693 Reynolds Alley
Los Angeles, California,90017
Phone Number: (408) 915-8288
Email:  legal.michaelwoods@gmail.com
Subject: DMCA Takedown Notice

I,  Michael Woods, would like to draw your attention towards I have one copyrighted content on your website https://www.web3isgoinggreat.com. This page content has been copied from our website !! Unfortunately, I didn't authorize or approve you to post them on your website.

Original Copyrighted  Work Content:
https://worldnewsmediaexpress.blogspot.com/2024/08/futurenet-founder-arrested-for-alleged.html
Published on 18 Aug 2024.

Unauthorized Infringing Content:
https://www.web3isgoinggreat.com/single/futurenet-founder-arrested
Published on 19 Aug 2024.
 
Kindly act expeditiously to remove this infringing or unauthorized content post from your website ASAP.

Under Section 512 of the Digital Millennium Copyright Act I want the article to be removed and the location of the infringing material.

I have a good faith belief that use of the copyrighted materials described above on the infringing web page is not authorized by the copyright owner, or its agent, or the law. I have taken fair use into consideration.

I declare, under penalty of perjury, that the information in this notification is accurate and that I
Patrick O'Doherty boosted:
2024-10-24

The BlogSpot website that is rehosting my post and claiming to be the original is full of other such posts from other websites, suggesting this is part of a wider campaign to scrub information about Ziemian.

2024-10-16

@neverpanic @tailscale We are also open to hiring in Canada but are not considering candidates outside of US/CA for this role at this time.

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst