A different take on the CISO / Cybersecurity Leader Job Description.

https://www.philvenables.com/post/ciso---cybersecurity-leader-job-description

I've heard of Pink Tax, but Linux Tax?
The free OS is $169 more than the "Pro" Proprietary OS.
#Linux #Dell

Bring Back The BIOS! (To UEFI Systems, That Is) https://hackaday.com/2025/05/29/bring-back-the-bios-to-uefi-systems-that-is/

"In writing, your audience is one single reader. I have found that sometimes it helps to pick out one person—a real person you know, or an imagined person and write to that one."

-- John Steinbeck
(via @adamshand)

TIL that Pure Storage issues YubiKeys branded with their logo!

(eBay, not my listing:)

https://www.ebay.com/itm/135898756327

Interesting: Just over the side of the logo, the phrase "NO NFC" is seen (not sure if an add-on label, or part of the logo). NFC-enabled keys ship with NFC disabled by default until first power-up (and can be re-disabled in ykman -R / --restrict option):

https://www.yubico.com/getting-started/

... so I'm not sure if this means NFC is permanently disabled, but it seems likely. Will update when I get one.

#YubiKey

@simon

Hey, I know that you recently introduced a "pay a little to get less" subscription model. I have a value-add suggestion (if it doesn't already exist?)

As I explore the LLM space, I often find myself asking "what would Simon use?" So if I had my druthers, your subscription would include a living, opinionated "best model / approach for X" table -- with diffs published as an RSS feed or a simple, dedicated repo -- that matches your current opinion as it evolves over time.

Ideally, this would be published live as it happens, rather than waiting until the end of the month.

And I understand that the table would need a few fields to capture the nuance, such as size of model, affordability, local vs remote, etc.

But boy howdy would I mash the subscribe button for that (if I wasn't already - I just fixed that gap -- and, dear other readers, if you want to efficiently grow your understanding of LLMs ... so should you!)

Projects left undone

What's the attainable, practical and generous thing you haven't done yet? What will it take for it to become a priority?

https://seths.blog/2025/05/projects-left-undone/

For my Security Fest talk next week I'll be releasing a new tool to help automate non-distributed hashcat workflows, allowing people to chain multiple attacks with no downtime.

Keep your eyes peeled!

“Stop trying to fix the user. It’s not the user’s fault if they click on a link and it infects their system. It’s not their fault if they plug in a strange USB drive or ignore a warning message that they can’t understand. It’s not even their fault if they get fooled by a look-alike bank website and lose their money. The problem is that we’ve designed these systems to be so insecure that regular, nontechnical people can’t use them with confidence. We’re using security awareness campaigns to cover up bad system design.”

https://www.schneier.com/blog/archives/2025/05/why-take9-wont-improve-cybersecurity.html

@Alice I feel like you are addressing the sharks, like some kind of aquatic Pied Piper. Maybe that's how Sharknado started?

The more mental energy you expend parsing a programming language's syntax, the less you have available for parsing a program's logic—or creating it yourself. This is why core fluency is so important; it frees up your own compute cycles for more important work.

It's also another reason why "vibe coding" is so toxic. It robs you of the opportunity to gain that fluency.

CMIYC (https://contest.korelogic.com/) will not make it to DEF CON this year. https://passwordvillage.org/ will be there! We intend to do a contest later this year.

@evedazzle Oh no!

Anyone know why Fakespot is shutting down? No mention on the main Mozilla blog.

https://www.fakespot.com/

Edit: I was wrong -- they just titled the post super vaguely.

https://blog.mozilla.org/en/mozilla/building-whats-next/

We acquired Fakespot in 2023 to help people navigate unreliable product reviews using AI and privacy-first tech. While the idea resonated, it didn’t fit a model we could sustain.

@RuthMalan reminds me of this Jens Rasmussen dynamic safety model diagram I’m always on about

@drahardja It's all about making leverage possible close to the receptacle!

@drahardja

This made me so mad that I came up with a way to unplug from inaccessible receptacles (but you have to have enough headroom/space for the unplugging to actually happen):

https://diy.stackexchange.com/questions/12339/what-are-some-tips-for-working-with-inaccessible-power-receptacles

Took some heat for it from the DIYers ("just disassembled the bookshelf noob") ... but it has saved my bacon a few times.

Massive lit review found these four affordances that help teams create long term achievement. This is developer thriving!
- learning culture
- sense of belonging
- self-efficacy and motivation
- sense of agency @grimalkina

@mhoye Single pass:

awk '{c[$0]++} END {for (line in c) print c[line], line}'

(well, at least one fewer pass)

@vees Miniflux featureset lists "Provides a regex filter to include or exclude articles based on specific patterns". In the Mastodon filter featureset, there are "filter action" options ""hide with a warning" or "hide completely". I assume that Miniflux implements regex as "hide completely"; does it support "hide with a warning" ?

@vees Intriguing. Does it support a "show why it was filtered, and optionally view it anyway" model, similar to Mastodon clients? Or is the filtering silent?