I framed mine

I just found my todo list and half of it is irrelevant and half of it is done.

I even had a work todo list for my old job lol.

Fun fact: it is trivially easy and costs $0 to track an individual through their ad identifier. They’re not supposed to uniquely identify people, but you really just have to drill down like a dozen or so variables and you’ll uniquely identify just about anyone with a smart phone.

Hey, random person for whom this describes, are you

-Aged 30-34 -White -Male -Educated -Spends a lot of time near you work address -Spends a lot of time near you home address -Spends some time where you vacation the exact time you usually vacation there -Is a 49ers fan -Likes artisanal coffee -Android user -Listens to late 90s and early 00s metal -Wears pants size 38/32.

Guess what there’s like 3 of you in the world. And we can get all 3 ad ids in the real time bidding market and track all 3 of you until we deduce which one is you.

Now I know where any person for whom I perform these steps is located, basically in real time.

It’s that bad. It’s a well known issue with I guess too much money behind it to fix? Idk.

Yep.

It’s like they wanna get bought to compete with GitHub or something.

They’re moving fast and breaking things. And bloating their product in the process. In the last 24 months they paid over $1M to a single bug bounty hunter who basically took them to the cleaners.

But totally agree. It’s the best UX, best product for home lab or even small enterprise use if you’ve got someone to get it tuned appropriately.

While I agree, out of the box the configs ARE NOT for home lab use.

Tastes better and is cheaper.

Like unless your coffee drink is a children’s dessert beverage then I really have 0 idea why anyone goes.

Why this matters –

I’m gonna start a company that creates cheap life saving products called “Chris”

I know a guy who was holding onto basically every variation of [state][marijuana reference].[tld] back in like 2015. Guarantee he made bank on that investment.

Traefik’s configs are a little less cumbersome if you’re managing a lot of services.

If your product can’t enter my world without you paying millions of dollars to interrupt my good time, I am positive I do not need to know about your product.

My extended family has worked for companies in the Disney umbrella and as part of one’s retirement package, gets free admission to Disney parks for them and family members. They get half price hotels in the area.

My sister and brother in law make real good money. Over a third of a mil a year between the two of them. They said it was pretty much breaking the bank/almost out of reach. With all that saved, it was about $10k per person for the 5 day trip. $40k vacation. Coulda bought a car.

Not if you know JavaScript…

I have a .com for like $19.99 but pay to have my info redacted from whois stuff, an email address, all cones to like $42.99

I have a bullshit domain with some nonsense tld and domain name that I pay $0.99/yr for that’s on a vps I pay like $150/yr for all told (it’s doing stuff).

All told I keep it below $20/month.

I highly recommend it to anyone getting into self hosting, sysadmin stuff, cybersecurity, devops, etc.

It’s headaches, but once it’s working, you will have ridiculously valuable experience for any org.

I might be misunderstanding this concept but it seems like extra work, or a recipe for an insecure mess that could become difficult to maintain.

I run elk stack and log basically everything which has created a centralized point for observability. This lets me granularly investigate and thereby control the state of all of my networks services.

It’s a little ram hungry, but I’ve got some overhead.

https://crt.sh/

When a CA issues an SSL/TLS certificate, they’re required to submit it to public CT logs (append-only, cryptographically verifiable ledgers). This was designed to detect misissued or malicious certificates.

Red and Blue team alike use this resource (crt.sh) to enumerate subdomains.

Yeah… No

I didn’t mean RFC Base32.

I meant human-safe alphabets.

Base58 or Crockford Base32 that intentionally remove I, L, O, and 1 (which is distinct from “base 32”).

RFC Base32 still hits the exact problem I’m ranting about.

To be clear the (vanilla) base32 version of the aforementioned string:

“I dont fucking know lots of lllllIIIIIIlllIII etc”

Outputs:

“JEQGI33OOQQGM5LDNNUW4ZZANNXG65ZANRXXI4ZAN5TCA3DMNRWGYSKJJFEUSSLMNRWESSKJEBSXIYY=”

You can use cyberchef to check for yourself.

This does not solve the problem.

I meant what I’d said: base 58.

As a job title: sysadmin

Loathe.

Every now and then there crops up the situation where there is no copy/paste from host to host. And when that involves a fucking product key or some shit… Mother fuckers just base 58 that shit.

What would you rather read and type?

Product key: “I dont fucking know lots of lllllIIIIIIlllIII etc”

Or…

Product key: “CqiDNKttsj1NUubpbVJ2VJL9eMEpRvRFMV3hNPRxtUX7SMox5UQjeEZX3DqqHNAfkSE”

I rest my case.

Jfc you just do both at the same time.

“Hey, I’m reaching out with regard to ticket 27472. I’ll need to remote into your device. You’ll see a notification that it’s happening. I just wanted to give you a heads up that the notification is expected behavior. Let me know if you have any questions!”

One message.

Do work.

“Hey again, the .zip is benign. Thanks for reaching out! Feel free to open it.”

They respond “thanks sorry I was at lunch”

“👍”

Never speak again.