Josh Chessman
LightNews LightNews
beansb.bsky.social
Josh Chessman
@beansb.bsky.social
39 followers 34 following 410 posts
Technologist and lover of science (fiction and otherwise) https://www.linkedin.com/in/Josh-Chessman
www.linkedin.com
Posts Media Videos Starter Packs
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 5h
Shining light into dark areas is a great way to improve things. @Proton.me is shining a little more light with their Data Breach Observatory looking to expose organizations that don't acknowledge breaches. Will it make a difference? Only time will tell. #security #cybersecurity #infosec #breach
Proton Data Breach Observatory to expose infosec cover-ups
: Service will tell on compromised organizations, even if they didn't plan on doing so themselves
www.theregister.com
1
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 23h
I took an college accounting night class while in high school and one things the teacher told us was to always look at the footnotes when reading corporate reports because that's where accountants like to bury the good stuff. Sometimes you don't need to go that far.
#openai #loss #microsoft #ai
Microsoft earnings suggest $11.5B OpenAI quarterly loss
: Satya has also delivered Sam most of the cash he promised
www.theregister.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 1d
There is going to be a crash and it is going to be bad. Has anyone ever heard of the CEO of a company telling people their market is going to crash? Does that mean the market magically doesn't crash? #ai #bubble #crash #nvidia
Nvidia hits record $5 trillion mark as CEO dismisses AI bubble concerns
“I don’t believe we’re in an AI bubble,” says Huang after announcing $500B in orders.
arstechnica.com
1
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 1d
Upgrading systems is challenging. Planned and unplanned downtime, unexpected issues, crashes, etc are all likely during a major migration. But not migrating and running servers that lack support is even worse. @Microsoft.com should offer #security #patches longer but orgs should #upgrade as well.
9 in 10 Exchange servers in Germany are out of support
: Cybersecurity agency urges organizations to upgrade or risk total network compromise
www.theregister.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 3d
Some good news on the #ransomware front. Turns out if you don't pay breaching companies becomes less profitable. No indication if this will translate to less ransomware attacks (or perhaps more) but it is a step in the right direction.
#cybersecurity #security
Ransomware profits drop as victims stop paying hackers
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands.
www.bleepingcomputer.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 3d
I've read a good marketing technique is to pick a fight with a competitor. I've seen examples where it sort of worked but rarely do I see examples where it works spectacularly. Then there is the approach of picking a fight with a critic. #badidea #youtube #locks #lockpick #shimming #oops
10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea.
It’s still legal to pick locks, even when you swing your legs.
arstechnica.com
2 1
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 4d
Hey look, a new #phishing warning! While using death in a phishing attach is nothing new it is still sad to see how far bad actors will go to attempt to gain access to other people's credentials and #passkeys, for all their good, is going to make it worse. #lastpass #security #passwords
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 6d
So, it's okay for an AI to scrape someone else's website but if they start scraping my website then it's an issue I guess? #Google and #Reddit are accusing #Perplexity of scraping their results. Interesting.
Lawsuit: Reddit caught Perplexity “red-handed” stealing data from Google results
Scraper accused of stealing Reddit content “shocked” by lawsuit.
arstechnica.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 7d
I miss the ability to hibernate my laptop. Suspend-to-RAM is fine for short periods but being able to travel across country without shutting down would be great. Unfortunately, it just doesn't work most of the time but maybe there will be renewed interest. #linux #hibernate #suspend #fail
New Linux patch lets you cancel the hibernation process
: RFC proposes power-button interrupt – and highlights wider problems with sleep states
www.theregister.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 7d
I'm all in favor of stronger passwords and passphrases are a great option but the idea that they are some revelation in new tech is silly. So yes, swap your short password for a long passphrase (but make sure it fits in the password length requirements). #password #passphrase #security
Why You Should Swap Passwords for Passphrases
Passphrases boost security and usability by prioritizing length over complexity, aligning with NIST guidance.
thehackernews.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 8d
Curious why there is no #Gartner #MQ, #Forrester #Wave, or #IDC #Marketscape for new and hot markets? WIsh there were? Join Lionfish Tech Advisors upcoming webinar to find out about The #Pyramid!
Welcome! You are invited to join a webinar: A modern way to rate markets.... After registering, you will receive a confirmation email about joining the webinar.
Forrester has the Wave Gartner has the Magic Quadrant IDC has the Marketscape They are all old school thinking. It’s time for modern market analysis using the power of AI combined with Industry le...
us02web.zoom.us
1
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 8d
I wish I could say I believed this would change things but color me skeptical. If you are doing things that are arguable illegal anyway, why would a court order from one country change your approach elsewhere? Plus #Apple #MIE.
#nso #pegasus #spyware #whatsapp #meta
NSO permanently barred from targeting WhatsApp users with Pegasus spyware
Ruling holds that defeating end-to-end encryption in WhatsApp harms Meta’s business.
arstechnica.com
1
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 8d
I heard about United Airlines flight hit by a UFO recently. Fortunately it looks like it was a weather balloon, specifically from @windbornewx.bsky.social and nothing to worry about. Must have been exciting to be on the plane however.
#ufo #ual #weather #oops #notspace
It wasn’t space debris that struck a United Airlines plane—it was a weather balloon
WindBorne says its balloons are compliant with all applicable airspace regulations.
arstechnica.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 9d
I use @Signal.com for some of my communications and while I will not claim to understand everything they say in this blog post I do get gist. Good on them for moving security forward another major step. #security #encryption #quantum #signal
Signal Protocol and Post-Quantum Ratchets
We are excited to announce a significant advancement in the security of the Signal Protocol: the introduction of the Sparse Post Quantum Ratchet (SPQR). This new ratchet enhances the Signal…
signal.org
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 9d
The fact that it took #AWS so long to fully recover from this #outage is telling. So is this #analysis from Cory Quinn on what may have happened. Having been laid off from or left companies where I had significant institutional knowledge and seeing the results I would not be shocked if he is right.
Today is when Amazon brain drain finally caught up with AWS
column: When your best engineers log off for good, don’t be surprised when the cloud forgets how DNS works
www.theregister.com
1
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 10d
#Enshitification sucks and while things get better I'm not that optimistic. It's much cheaper to put out a crappy product than a good one especially once you have everyone locked in.
Yes, everything online sucks now—but it doesn’t have to
Ars chats with Cory Doctorow about his new book Enshittification.
arstechnica.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 10d
Looks like #Reddit is embracing #AI but not in a good way. Forcing your AI chatbot onto people is bad enough but having it provide inaccurate information in subs focused on stuff like medicine is really, really bad. Looks like Reddit is continuing down the #enshitification path. #fail #dangerous
Reddit Mod Warns 'Do Not Trust' AI-Powered 'Reddit Answers' After It Posts Dangerous Health Advice - Slashdot
In Reddit's "Family Medicine" subreddit, a moderator noticed earlier this week that the AI-powered "Reddit Answers" was automatically responding to posters, typically with "something related to what…
tech.slashdot.org
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 10d
I don't see how this could possibly go wrong. I think #AI has some really amazing uses (if anyone can ever figure out how to make it profitable) but I'm not sure this is one of them.
#chatgpt #erotica #whatcouldgowrong
ChatGPT erotica coming soon with age verification, CEO says
Sam Altman claims new tools can detect mental distress while relaxing limits for adults.
arstechnica.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 11d
I hate #BPF (Berkeley Packet Filter) but it's mostly unrelated cousin #eBPF is pretty cool. And now it has a new use - helping hide a #rootkit. Bad that #AWS infrastructure was hacked but silver lining that we discovered a new use for eBPF?
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
Synacktiv uncovered LinkPro, a Golang rootkit using eBPF hide/knock modules activated by TCP window 54321.
thehackernews.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 11d
#AI struggles to make money. Costs are high and it turns out that if you train people to expect things for free they expect things for free. If 95% of your customers don't pay the other 5% is going to have to pay a lot. Guess we will see how valuable AI really is. #openai #llm #genai #costs #free
ChatGPT: so popular, hardly anyone will pay for it
: If you build it, they will come and expect the service to be free
www.theregister.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 12d
I've expressed my opinions on Roku in the past and this isn't improving my feelings towards them. While I wish I believed it would make a difference I seriously doubt it. Whatever the punishment it won't be close to enough to stop the actions. #pii #underage #children #data #cutitout
Roku accused of selling children’s data to advertisers and brokers
Florida claims Roku ignored clear signs its users were minors, collecting and selling viewing habits, voice recordings and precise locations.
www.malwarebytes.com
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 12d
It seems so rare that bad actors are caught these days that it is heartening when it does happen. PowerSchool hacker Matthew Lane got 4 years in prison for the cyberattack in 2024. While deserved I do wish companies were better punished for their poor security as well. #security #cybersecurity
PowerSchool hacker gets sentenced to four years in prison
19-year-old college student Matthew D. Lane, from Worcester, Massachusetts, was sentenced to 4 years in prison for orchestrating a cyberattack on PowerSchool in December 2024 that resulted in a…
www.bleepingcomputer.com
1
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 13d
I dabble with #passkeys a bit but don't use them everywhere. While they offer improved security in many ways it is important to remember that they are not a panacea for security. There are still risks, especially as vendors have to deal with both #passwords and passkeys. #security #cybersecurity
How Attackers Bypass Synced Passkeys
Synced passkeys expose enterprises to cloud takeover, browser hijacks, and downgrade attacks.
thehackernews.com
1
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 13d
F5 is saying it isn't a big deal but I'd say a nation state getting access to your source code, undisclosed vulnerabilities, and more is a really, really, really big deal. No supply chain compromise has been identified (yet) but still concerning. #f5 #big-ip #hackers #security #cybersecurity
F5 says hackers stole undisclosed BIG-IP flaws, source code
U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.
www.bleepingcomputer.com
2
beansb.bsky.social
Josh Chessman @beansb.bsky.social · 14d
There is a reason I back haul all my Internet traffic over a VPN when I'm not at home and this is the reason. I'm not doing anything particularly interesting but I don't need everyone and their professor seeing my traffic. #vpn #security #encryption #unencrypted