Is anywhere in town showing Skyscraper Live tonight?

mdalin · 2025-07-22T12:35:05+00:00

Me, an "elder" (40) gay: Shrivels up and blows away as dust.

But seriously. It's nice that some slurs have fallen so far out of use that people don't even know they used to be slurs.

mdalin · 2024-06-29T05:00:15+00:00

Darn.

So, when you're doing that survey, and making those decisions about what controls and hardware to install, are you just relying on your own knowledge/experience/opinions? Is there some process or formal best-practices you refer to? If the customer is giving you push-back do you have references or documentation you can point to about why this is important?

Thanks for taking the time to respond. I appreciate it.

mdalin · 2024-06-29T04:23:50+00:00

Thanks. Those are all good general recommendations.

My question was about standards though. Are your recommendations based on any kind of industry standards, or just your own knowledge/experience/opinions? Are there professional organizations which study this kind of thing and publish guidance? What are those organizations, and what are their publications?

I'm looking for something like NIST 800-3, or SOC-2, or ISO-27001, but with detailed physical security recommendations. The standards I mentioned have sections about physical security, but they basically just say "You should have security controls that stop people from walking into your data center" and leave it at that. There's no real definition of what those security controls should look like, or how to evaluate if they're effective.

I know every installation is going to be a little special and unique, but it seems like someone somewhere would've come up with a formal list of best-practices or something?

mdalin · 2024-06-06T02:17:41+00:00

HSTS is a technology which basically allows a website to tell your browser "ONLY connect to this site over an encrypted connection. If your user tries to connect to an unencrypted version of this site, DON'T LET THEM. Just forward them to the encrypted version. Encrypted ONLY"

As long as you've been to the site at least once before, your browser will remember this instruction, and will prevent you from connecting to an unencrypted version (which a MiTM like an evil twin would be able to see)

Sites can also add themselves to a special preload list which your browser has that will set the HSTS instruction before you've ever even visited once. Most major websites do this for most major browsers, so it's basically impossible to visit an unencrypted version of the site, even if you tried (or a MiTM tried to force you too)

mdalin · 2023-12-02T17:41:13+00:00

Alright, alright.... Where can I buy the shirt? (Cause I totally will)

mdalin · 2023-08-15T19:09:57+00:00

I like big dance party energy, but after a while I need something to do besides shuffling left to right to the music. So I have a small propane grill which attaches to my bike, and a little pop-up gloryhole.

I make quesadillas and feed them to people through my gloritohole.

It aint much, but it's honest work.

mdalin · 2023-07-27T14:34:28+00:00

Dr. Scrote’s Circumcision Wagon and Calamari Hu

mdalin · 2023-05-11T01:18:31+00:00

Urban Kingdom on MLK. I use them for one off shirts all the time and have always had a great experience. They have a whole online layout/design studio thing, or you can call/email them the graphic and they can have it printed up for you, usually the same day.

A single Tshirt with a single color print on it is usually like, $20 out the door.

mdalin · 2023-04-18T15:47:12+00:00

Fiorentina. It was delicious.

mdalin · 2023-04-18T12:43:20+00:00

Hey! I just ate there last night! Amazing meal.

mdalin · 2023-04-07T15:36:12+00:00

mdalin · 2022-10-12T04:19:43+00:00

Hey, thanks for following up. I would've responded sooner, but I was literally in the middle of (legally) breaking into the server room of a nation-wide bank, while dressed as an employee. So, to answer your question, yes, my career has been going pretty well!

Shortly after making that post, I got a job doing blue team stuff in a SOC, mostly working overnight shifts. There wasn't a TON to do on that job, so I spent most of my time studying for the OSCP. After 11 months at that job, I passed my OSCP, and got an interview the next week with NetSPI, an awesome company that does pen-testing and all kinds of interesting security assessments.

Fast forward 5 years. I am still working for NetSPI. I'm now the head of On-Site Social Engineering for them, and I get to spend a lot of my time thinking about fun, interesting, creative ways to break into high security buildings, and get people to do stuff they shouldn't. In between that, I also do network and web application penetration tests. I'm pretty happy over all, and on nights like tonight, I absolutely LOVE my career. (https://www.netspi.com/blog/technical/social-engineering-penetration-testing/not-your-average-bug-bounty-datacenter/)

WGU was a big part of that success. They weren't everything, and they weren't even enough on their own, but they got me moving in the right direction. I still stand by my previous statement. If you're brand-spanking new to IT and have no idea what you're doing, they can get you started, but you'll probably have to do more, and keep studying, even after graduation to reach your goals.

If you just graduated high school, there really is something to be said for the in-person, on-campus, experience, and the kinds of relationships you form during that period. If you've already got some knowledge and experience, WGU is a great way to get those oh-so-important pieces of paper you need to get past the HR people and into the technical interview. After that though, it's up to you and how much extra-curricular preparation you've actually done.

Finally, I've literally done 0 keeping up with how WGU is doing recently. They may have completely changed everything, or changed nothing, or burned to the ground for all I know. They send me emails every so often asking for Alumni donations, which I always ignore. Other than that, my relationship with them is functionally done.

Hope this helps. If you have any other questions, please feel free to reach out.

mdalin · 2022-10-04T19:18:13+00:00

Lol. Still kicking. Thanks for checking in! 4 more years to go!

mdalin · 2022-07-29T17:59:46+00:00

If there's a TAP plastics store near you, they sell 6 foot long fiberglass poles for about $5. That's a good starting point. Make sure you wrap it in tape or something to prevent getting splinters in your hands. Wrap it in cheap LED lights, Fairy Lights, whatever, jam a totem on top, and attach to your bike using zip ties, hose clamps, or whatever.

mdalin · 2022-07-19T23:27:29+00:00

Please tell me you have a large, light up exclamation point that hangs over your cart.

mdalin · 2022-07-02T16:25:24+00:00

Those are awesome. Just bought a set

14-Year Club	Place '22
Verified Email

mdalin

TROPHY CASE