taftster (u/taftster)

taftster commented on How did Windows 95 get permission to put Weezer video 'Buddy Holly' on the CD? devblogs.microsoft.com/ol... · Posted by u/ingve

jader201 · 2 days ago

The ad, for the curious:

https://m.youtube.com/watch?v=P0AJM6HMYjM

taftster · 2 days ago

I'm so grateful for flat LCD screens. Man, all those CRT boxes. Yikes.

The rest of this video, it doesn't look like the world has changed all that much since 1995. Computing just kind of looks the same. I guess minus the lack of phones in everyone's hands.

taftster commented on The Day the Telnet Died labs.greynoise.io/grimoir... · Posted by u/pjf

roywiggins · 2 days ago

The rest of it seems to be substantially edited by an LLM too, or at least it's composed much like LLM outputs often are these days: “not a gradual decline, not scanner attrition, not a data pipeline problem, but a step function.”

"Not X, not Y, not Z" is a common LLM tic, and there's a few more like it in there.

taftster · 2 days ago

I mean, that's fair. I guess I just wanted to put my old man hat on. The song is a tribute to an era of lost innocence. Which I think is quite apropos to the current situation surrounding telnet. Vestiges of the days of the early internet continue to disappear, almost like an endangered species. Old/obsolete protocols, like telnet, are pined for by old guys like me.

taftster commented on The Day the Telnet Died labs.greynoise.io/grimoir... · Posted by u/pjf

jwpapi · 2 days ago

it was just ai written thats why.. unexpectedly so from greynoise.

taftster · 2 days ago

Well, I mean, the first part is a song by Don McLean called American Pie. You might know that, unsure that everyone will pick it out though.

One of the most famous play choices at karaoke bars these days too. I think because the song is a long story, of sorts? But it's a terribly long song and I will leave to take a smoke break anytime it gets chosen. You're going to be there for a good 10 minutes before it concludes.

So maybe the AI prompt was something like, "take CVE-2026-24061 and compose a song lyric in the style of American Pie by Don Mclean". I wonder if you would get similar results with that prompt.

taftster commented on The Day the Telnet Died labs.greynoise.io/grimoir... · Posted by u/pjf

0xbadcafebee · 2 days ago

Telnet is used in legacy, IoT, embedded, and low-level industrial hardware. It's also intentionally enabled on devices where automation was written for telnet and it wasn't easy to switch to ssh.

If you investigate most commercial uses of ssh, the security is disabled or ignored. Nobody verifies host keys, and with automation where hosts cycle, you basically have to disable verification as there's no easy way around the host keys constantly changing. Without host key verification, there's kinda no point to the rest.

Even assuming the host keys were verified, the popular ssh conventions are to use either long-lived static keys (and almost nobody puts a password on theirs), or a password. Very few people use SSH with 2FA, and almost no-one uses ephemeral keys (OIDC) or certificates (which many people screw up).

So in terms of how people actually use it, SSH is one of the least secure transport methods. You'd be much more secure by using telnet over an HTTPS websocket with OAuth for login.

taftster · 2 days ago

How do you automate, for example, "HTTPS over websocket with OAuth", without providing some kind of hard-coded, static or otherwise persistent authentication credentials to the calling system in some form (either certificate based auth, OAuth credentials, etc.)?

The problem with IoT and embedded secrets isn't really a solved problem, from what I can tell. I'm not sure that OAuth exactly solves the problem here. Though all your comments about SSH (especially host verification) holds true.

Just honestly trying to understand the possible solution space to the IoT problem and automated (non-human) authorization.

taftster commented on Pg-dev-container is a ready-to-run VS Code development container for PostgreSQL github.com/jnidzwetzki/pg... · Posted by u/mariuz

rapfaria · 3 days ago

You can set it up with docker compose and put the container on the same network of your dev env, and you are good to go.

What I'd really like is an image that mirrors extensions available on AWS Aurora. Supabase's is the only that has some parity as far as I know

taftster · 2 days ago

Makes good sense, thanks for the tip.

taftster commented on Pg-dev-container is a ready-to-run VS Code development container for PostgreSQL github.com/jnidzwetzki/pg... · Posted by u/mariuz

stackskipton · 3 days ago

I tend to use dev containers with docker compose.

So if I'm building Python application with Prometheus/RabbitMQ/PostGres that's used as part of my application, My docker compose has network, those 3 services + Python Dev Container and I just reference the hostname of the service in my Python application config (ENV VARS).

taftster · 2 days ago

OK yeah, that totally makes sense. Thank you.

taftster commented on Pg-dev-container is a ready-to-run VS Code development container for PostgreSQL github.com/jnidzwetzki/pg... · Posted by u/mariuz

stackskipton · 3 days ago

To help out everyone else, this is designed for those working on PostgreSQL development. For anyone who is just using PostGres as part of their application, use normal PostGreSQL container.

taftster · 3 days ago

Honest question. Do you recommend a "devcontainer" for this? Like a Docker image that maybe has both postgres and your development environment preinstalled inside? Or do you generally like to use and reference an external docker container instance (with postgres installed) and connect to it from your devcontainer instance?

taftster commented on What's up with all those equals signs anyway? lars.ingebrigtsen.no/2026... · Posted by u/todsacerdoti

somat · 9 days ago

The thing is, even when parsing html "correctly" (whatever that is) regexes will still be used. Sure, There will be a bunch of additional structures and mechanisms involved, but you will be identifying tokens via a bunch of regexes.

So yes, while it is an inspired comidic genius of a rant, and sort of informative in that it opens your eyes to the limitations of regexes, it sort of brushes under the rug all the places that those poor maligned regular expressions will be used when parsing html.

taftster · 9 days ago

This is a pragmatic answer. While yes, regex is not proven to be the Most Correct Solution for a generalized parse, when you are sitting down with some data in front of you and you can grab the needed bits with a regex group, why not exactly use this. It might be part of a bigger parsing strategy, sure. But if it gets the job on, that means you can move on to the next thing.

taftster commented on Notepad++ supply chain attack breakdown securelist.com/notepad-su... · Posted by u/natebc

troad · 9 days ago

It now seems to be best practice to simultaneously keep things updated (to avoid newly discovered vulnerabilities), but also not update them too much (to avoid supply chain attacks). Honestly not sure how I'm meant to action those at the same time.

taftster · 9 days ago

In the early days, updates quite often made systems less stable, by a demonstrable margin. My dad once turned off all updates on his Windows machine, with the ensuing peril that you can imagine.

Sadly, it feels like Microsoft updates lately have trended back towards being unreliable and even user hostile. It's messed up if you update and can't boot your machine afterwards, but here we are. People are going to turn off automatic updates again.

taftster commented on Notepad++ supply chain attack breakdown securelist.com/notepad-su... · Posted by u/natebc

ashishb · 9 days ago

I am running a lot of tools inside sandbox now for exactly this reason. The damage is confined to the directory I'm running that tool in.

There is no reason for a tool to implicitly access my mounted cloud drive directory and browser cookies data.

taftster · 9 days ago

I almost feel like this should just be the default action for all applications. I don't need them to escape out of a defined root. It's almost like your documents and application are effectively locked together. You have to give permissions for an app to extra data from outside of the sandbox.

Linux has this capability, of course. And it seems like MacOS prompts me a lot for "such and such application wants to access this or that". But I think it could be a lot more fine-grained, personally.