George Mari @GeorgeMari@qoto.org

Notorious crooks broke into a company network in 48 minutes. Here’s how.
Report sheds new light on the tactics allowing attackers to move at breakneck speed.
https://arstechnica.com/security/2025/02/notorious-crooks-broke-into-a-company-network-in-48-minutes-heres-how/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Adam Tooze, on the Ones and Tooze podcast, gives an excellent layperson-friendly explanation of why there is no way Elon's goons can operate safely and competently in the Treasury's COBOL code base.

#doge #cobol

After much trial and tribulation, we managed to convince Buffalo to hire in PL this year! It's late, but if anyone is on the market, please apply here: https://www.ubjobs.buffalo.edu/postings/55929

Well #FediHire, I'm on the market again! 25 year #Ruby / #Rails (and more!) powerhouse looking for employment. Reached 3rd highest contributor at my last gig despite 200k+ commits, 15+ years, and hundreds of developers. Have ~100 gems w/ ~2 billion downloads. You know me.

Loves: languages / runtimes, profiling & optimization, debugging, testing, OSS, etc.

https://www.zenspider.com/ryan/Resume.html

please #boost

The Google Threat Intelligence Group (GTIG) says it has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services.

"The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app's legitimate "linked devices" feature that enables Signal to be used on multiple devices concurrently. Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim's account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victim's secure conversations without the need for full-device compromise."

"In remote phishing operations observed to date, malicious QR codes have frequently been masked as legitimate Signal resources, such as group invites, security alerts, or as legitimate device pairing instructions from the Signal website."

"In more tailored remote phishing operations, malicious device-linking QR codes have been embedded in phishing pages crafted to appear as specialized applications used by the Ukrainian military."

"Beyond remote phishing and malware delivery operations, we have also seen malicious QR codes being used in close-access operations. APT44 (aka Sandworm or Seashell Blizzard, a threat actor attributed by multiple governments to the Main Centre for Special Technologies (GTsST) within Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU), known commonly as the GRU) has worked to enable forward-deployed Russian military forces to link Signal accounts on devices captured on the battlefield back to actor-controlled infrastructure for follow-on exploitation."

Google says Signal, in collaboration with GTIG, has released updates for Android and iOS to mitigate these attacks. Users should update their apps immediately.

https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

I am old enough to remember being warned that you can't trust Wikipedia and now it is the very last thing I still trust to accurately reflect a consensus reality.

I've been laid off.

If somebody needs a person with almost 13 years in IT, knowing PHP (7 y.), JavaScript/jQuery (5+ y.), HTML5+CSS3, SQL, slight knowledge of Python and React and experience in fields like 2D design or sound production, please tell me. I've worked with SCADAs, CMMSs, corporate travel and congress management, e-commerce, food and industrial sectors. Business proficiency in English; can speak Catalan.

I can learn quick. Either on-site work in Valencia, Spain, or remote from anywhere in the EU. Inclusive company is a must. Can provide CV in English.

#FediHire #HireMe #employment

A postdoctoral position is available at the Computer Science and Engineering department of Chalmers University of Technology, Gothenburg, Sweden. This position is to develop a language for the pulse schedules sent to a quantum computer, as part of a project to create a compiler for the quantum computer. Applications are welcome from people who know about type theory and/or category theory and are willing to learn about quantum computing (or vice versa).

The application deadline is 15 March 2025.
https://www.chalmers.se/en/about-chalmers/work-with-us/vacancies/?rmpage=job&rmjob=13706&rmlang=UK

I love that I've been on Mastodon more than 2 years now as my one and only social media platform (apart from LinkedIn, sorta), and I can say with some confidence that most of the accounts I'm interacting with are not bots, but instead are real live human beings with fascinating lives and interests. Thanks again everyone, and may we continue to enjoy this remarkable achievement for a long time to come.

I am still looking for work.

I am open to contracting or full-time remote positions. I am in the US, ET.

Tech skills with lots of FOSS stuff: Python, PHP, JS. 25 years building the web.

I also can consult on Team building and Communications, and find out how to really help your developers be productive and happy.

Hit me up!

#FediHire

If you are staying on a corporate
social media platform because the people you follow are still there, consider others are also staying there because you are still there.

Someone needs to start the move.
Be that person.

Leave X for good.
Leave Facebook forever.
Remember blue skies eventually turn grey.

Embrace the social media that cannot get sold to a billionaire. Embrace the Fediverse

#X #Facebook #Instagram #Threads #HelloQuitX #DeleteFacebook #DeleteTwitter #Mastodon #Fediverse

If you know of or are involved with an organization that helps people in a way that the #TrumpAdministration doesn't approve of, and the org is worried about continuing to do their work while protecting their employees, volunteers, and clients, I am happy to meet for free with the org to work through with them what their threat model is and how they can improve their security posture. They can reach out to me on Signal at jik.87. Please for reach.
#politics #USPol #resist #infosec

Vim After Bram: A Core Maintainer on How They’ve Kept It Going Vim After Bram: A Core Maintainer on How They’ve Kept It Going: What happens when the chief maintainer of an open source project dies. Maintaining VIM turned out to be a full time job, though the community has stepped in to help. https://thenewstack.io/vim-after-bram-a-core-maintainer-on-how-theyve-kept-it-going/

#vim #unix #linux #goodreads

Women are being -erased- in America #resist https://www.reddit.com/r/optimistsunitenonazis/s/FvYzm4erhn

Originally posted by @karlykingsley.bsky.social and updated with alt text:

Correct. If the birthdate field contains corrupt or mismatched data, it defaults to 1875-05-20, which serves as a flag. May 20, 1875, is the day the international standards and metrics treaty was signed. Everything is a conspiracy when you don’t know how anything works.

By Portuguese editorial cartoonist Zez Vaz, via https://bsky.app/profile/mweinstock.bsky.social

Hi, I'm Sharon and I care about de-shitting the world. My contribution to that effort: my anti-racism newsletter where I share my experiences of racism around the globe and platform Black founders and activists trying to redress inequality. I'm a former trade journalist, journalism lecturer and freelance writer. I have lived and worked in many places, and am currently in Barbados. I love reading (and no, it doesn't have to be highbrow), words, Star Trek and learning new things. #introduction

#Firstpost #Writer #writingcommunity Hi, everyone, I was born in England & live in Bangkok, Thailand. This is my first post on here. I'm an indie author of 19 ebooks across multi-genres, see my bio when you've a moment for more information. I hope to interact with & support fellow writers & creatives, but as I do on Twitter, Blue Sky & Linkedin, I'll also be posting a mix of content. I do have many interests, as will be reflected in my posts. Please feel free to follow.Thanks! #Boost

In the interests of transparency, here is a listing of some of the
@Doge
"lieutenants" currently rifling through government files & databases without much oversight. (We've sorted by gender and age, just for the fun of it.)

F 33 Katie Miller
F 33 Rachel Riley
F 34 Amanda Scales
F 43 Stephanie Holmes
M 19 Edward Coristine
M 21 Akash Bobba
M 23 Luke Farritor
M 24 Gautier "Cole" Killian
M 25 Gavin Kliger
M 25 Marko Elez
M 28 Nate Cavanaugh
M 28 Thomas Shedd
M 30 Nikhil Rajpal

[cont'd]

Are you an atmospheric scientist with advanced atmosphere modeling experience? Then consider coming to work with us in a world-leading institute on Potsdam's wonderful historic science campus!
https://potsdam.pi-asp.de/bewerber-web/?xsrf=720D757D974088DC45E0BDFD8ECC67EF&company=PIK-FIRMA-ID&tenant=&lang=E&jobdesign=#position,id=350a197c-ad49-43a9-9e36-aaaeb535bcd0,popup=y