Easy to say in hindsight.
Hindsight's how we all learn. Doing it over again, I'm sure those guys would have done things differently. Any team would be crazy today to not be more prudent in how they operate.
Readit Newsaksss commented on County pays $600k to pentesters it arrested for assessing courthouse security arstechnica.com/security/... · Posted by u/MBCook
I might be mistaken, but it sounds like these guys showed up at a facility and did the classical "breaking and entering" thing. The onsite (terrified) staff called 911, the police showed up and arrested them. The perps said that they were hired to do this (they were), but nobody told the Sheriffs office or the staff about it.
So yeah, it sucks for these guys' reputations and criminal histories, but... what? The onsite staff didn't know what was going on, the Sheriffs didn't know what was going on.
The county basically said: "We want you to go try to break into this government building. We aren't going to tell the staff or the local police about it. Tell us what you find."
Definitely some things could have been done a bit differently. I get that they want to keep staff in the dark, and even beat cops, but it seems reasonable and prudent to have the highest level of local law enforcement brought into the loop in planning red team exercises. The likelihood is high that the team will interface with law enforcement. The escalation path within the enforcement side of the state regulatory machine should be cleared in advance.
I think the takeaway for security teams is that you shouldn't let the customer "authorize" what is otherwise criminal activity warranting a police response without getting some air cover from the enforcement side. Coordinating that is the customer's burden to bear and that cover should be secured before letting them hand-wave away the risks with a "just have the police call me and I'll clear it all up". In hindsight only, when you look at it like that, the security team was not covering their ass appropriately. In a perfect world, you'd assume there's some better planning and communication going on behind the curtain. In the real world, you need more than the flimsy "guarantee" of calling a guy who knows a guy in the middle of the night. At the very least, that get out of jail free card should have had as signatories judiciary representation and enforcement representation (e.g. sheriff).
Not public.
Check behind your kid's stereo - what's that? Oh, it's a PGP key and gram of meth!
The US is allied with Russia, and doesn't even bother to hide it anymore.
Been saying this since Agent Orange got elected
A reduction in appetite to fund European social programs under our security umbrella is not the same as being "allied" with Russia. They're big boys and girls and coming on a hundred years after their disastrous warring, it's about time their federated economy step in/up. Can the alliance not survive without our patronage?
aksss commented on No more O'Reilly subscriptions for me zerokspot.com/weblog/2025... · Posted by u/speckx
Weird, I have honestly never walked into a Barnes and Noble and had satisfaction with any of their technical content on the shelf. That pleasure died when we lost Borders.
*Edit: spell correct kills me!
Yeah, peak experience for me was when our town had both a Borders and B&N offering huge tech book sections. Then Borders closed. Then B&N became a toy store.
aksss commented on What is better: a lookup table or an enum type? cybertec-postgresql.com/e... · Posted by u/todsacerdoti
Table with a thread-safe read-through cache in code, imo. But there are places where enums make sense. For instance, things that are specifically in the code's domain.
aksss commented on We're committing $6.25B to give 25M children a financial head start onedell.com/investamerica... · Posted by u/duck
$250 per child, at 5% interest rate, compounded in 18 years, you'd get $601.65.
Even in today's money, I wouldn't call it a "head start"
If that’s all that’s ever added, but keep in mind the idea is to provide the foundation for making easy, low-drag contributions going forward.
Dead Comment
Let me go find my collection of floppy disks, then I'll need a 32 pin connection adapter for the drive. I remember U7 was my favorite game for a long time. I received U7 Serpent Isle as a gift, but at least one of 15 of the 3.5" disks was corrupted, ordering a replacement disks cost $14 dollars per disk, and I wasn't sure how many disks might be corrupted. I gave up on the game. I should just buy it on GoG.
Serpent Isle was fantastic.