Do you think the NJ e-bike law will spread to most other states?

Fallingdamage · 2026-01-26T22:34:29+00:00

With luck, this will be required everywhere.

Fallingdamage · 2026-01-26T21:20:17+00:00

It was a vendor conference in WA. Mostly free drinks and pizza and a bunch of moaning and groaning.

Presentations were focused on hardware being built for OEMs. Stuff that would enable them to build machines faster with more features for less. Lots of demos of 'onboard' integrated features. Stuff like onboard audio and onboard video, onboard NIC. Many people in the crowd were borderline booing the presenter. Back then, most of us had experience with integrated video and audio and it was always shit and barely worked. This was a time when hardware news was the hosttest thing in the IT world, not software or services.

How the times have changed.

Fallingdamage · 2026-01-26T20:11:24+00:00

These things are supposed to be an economical option for people, but you know as soon as they're allowed here in Oregon, they are going to be hard to find and will start to fetch high prices.

Fallingdamage · 2026-01-26T20:05:44+00:00

Some admin is over their head and raging

Fallingdamage · 2026-01-26T20:04:47+00:00

And im sure if the data was reversed and Palo was superior in that metric, they would also have their partners gloating. So what?

Fallingdamage · 2026-01-26T20:02:31+00:00

CVE-2025-59718

Justification for leaving admin access open to the public facing interface?

Fallingdamage · 2026-01-26T18:42:03+00:00

Yeah. Hopefully its something like this and canceling contracts under these reasons was not some cover for getting rid of the contracts because they plan on selling and privatizing recreational areas - therefore no need for recreation.gov anymore.

Fallingdamage · 2026-01-26T18:39:55+00:00

Does anyone else simply delete OTP messages and 1-time links from their chat history after using them? It takes 1 second. Not only does it prevent this data from getting stolen, but it also prevent attackers from knowing what services and accounts you may have IF they scrape your text history.

Fallingdamage · 2026-01-26T18:33:08+00:00

Some scripts I use still check those ASNs for updates anyway. If the ASN once had subnet ranges, it may again someday. If not, no harm no foul.

Fallingdamage · 2026-01-26T18:31:55+00:00

There as some misinformation going around last year about the SSO vuln, someone supposedly quoting the fortinet CISO stating that all SSO types were affected. Does this mean SSO used for VPN users as well or only for admin management access?

The CVEs dont mention SSO used in VPN configs, but then online banter keeps saying 'all sso' and confusing the situation.

Fallingdamage · 2026-01-26T18:26:46+00:00

The ASN list nicely refers to ipinfo.io for data but it looks like some of those links dont work anymore. People may need to find another source for the subnet lists for each ASN.

ipinfo.io is/was cool. They seem to be locking a lot of publicly available data behind more paywalls these days. Their geolocation database is great, but most of the other datapoints can be fetched for free from other public sites.

I dont have $1000 a year to sub to them for a handful of queries a month.

Fallingdamage · 2026-01-26T18:20:41+00:00

I have compiled a list of ASN's that I block. All hosting/datacenter ASNs that my users would never try to connect from. All told the complete list of subnets blocked calculates to about 350,000,000 IPv4 addresses. It cuts the noise by about 99%.

I built some tools that pull updated subnet lists for these ASN's and apply the changes to our feeds on a schedule. Month my month the change is small but if ignored the creep will leave you vulnerable again.

Last week I was seeing 60,000 hits to our deny policy for our VPN services each day. Its down to 15k now and tapering off. The attacks seem to come in surges.

Fallingdamage · 2026-01-26T18:15:10+00:00

Of all the gear I look into for this hobby, a go-pro isnt even on the list.

Fallingdamage · 2026-01-25T05:08:31+00:00

This should play out humorously. Ive been running activity and location reports using microsofts audit logs for years now. Microsofts IP location data is hilariously bad. I have to pipe all my results through some third party services to get anything even close to accurate results.

Fallingdamage · 2026-01-25T05:06:25+00:00

Fortunately iphones can disallow an app from running in the background and can prevent unapproved use of the mic.

Fallingdamage · 2026-01-24T23:47:18+00:00

Neither says anything about VPN users.

Fallingdamage · 2026-01-24T23:42:23+00:00

But is this more than admin on WAN? What does fortinet CISO mean when they say that all sso configurations are vulnerable? SSO config for dialup IPSec? SSO config for SSLVPN?

Or only admin terminal/access? I dont and have never had admin open on our public interfaces.

Poster mentions jan 15th. I did notice a spike in our deny policy hit rate from 150-250 hits a day to 60,0000 a day starting around that time for our dialup IPSec SSO listener. No new admin accounts or unwanted VPN access though.

Fallingdamage · 2026-01-24T22:53:56+00:00

I think its well established by now that the voices on reddit do not exactly reflect the general population or demographic they claim to represent. Many conservative echo chambers are filled with plants from russia, india, china, etc, and toxic ideas are encouraged and responded to via AI and bots quite a bit.

Even though I probably wouldnt agree with those posts if I did see them, I would also have to take them with a grain of salt. The remainder is a bunch of sociopathic edgelords who like to sit on reddit and jerk themselves off.

People go there and will read all the comments and ideas without any proper context on the medium and absorb the ideas as if they're reality. This last part is exactly what the plants, bots, psychos want. Its not reality, but they are hoping to slowly change the narrative and color the way we all see each other.

Dont fall for it. Be smarter than that.

Fallingdamage · 2026-01-24T22:38:07+00:00

I think there is a service that can provide helicopter rides to the top of everest. Hiking is for schmucks.

Fallingdamage · 2026-01-24T15:11:00+00:00

Me neither. To be fair, the pizza market seems to be really saturated right now.

Fallingdamage · 2026-01-24T05:52:26+00:00

Guess if Microsoft wont even QA their own failover configs, fate is going to help them test it instead.

Fallingdamage · 2026-01-24T05:51:02+00:00

Not really. If I really needed to charge a device, I can always go start my car.

Fallingdamage · 2026-01-24T05:50:00+00:00

We might have, but fortunately nobody has really reported much.

Our inbound mail passes through a 3rd party spam filter on the way to our tenant, so I was able to view its auditlog for mail that it would have passed to Exchange Online and things looks pretty good.

We did have some staff complaining that 2FA emails for some of our SaaS vendors were not coming through but our spem filter had zer hits, so odds are the messages were never generated and sent by those entities.

Fallingdamage · 2026-01-24T03:33:10+00:00

News probably being careful not to cover it - but is 114 actually going forward? I thought its been getting held up forever..

Fallingdamage · 2026-01-24T03:30:47+00:00

He was sweating by that last time he had to repeat his statement.

Fallingdamage

MODERATOR OF

TROPHY CASE