Toots for Lee_Holmes@infosec.exchange account

Written by Lee Holmes :donor: on 2025-01-30 at 15:00

Amazing, turns out that even the DeepSeek vulns can be self-hosted for like 1/10th the cost of a traditional large database.

Zero of the Clickhouse "Getting Started" documentation talks about security or authentication: https://clickhouse.com/docs/en/getting-started/quick-start

=> View attached media | View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-29 at 16:47

Here's what's super exciting about DeepSeek: if you can vastly improve results with 10% of the compute resources, this will continue to scale when you have 100% of the compute resources.

Even in the most naive implementation, you can use these optimizations to get results that are 10x fresher.

These are exciting times.

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-28 at 01:29

Pebble Watches are coming back! https://ericmigi.com/blog/why-were-bringing-pebble-back

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-27 at 21:43

If you think quantum computing is complicated, try writing automation to escalate action items in a big company while trying to have the system preserve some degree of emotional intelligence in the act :)

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-27 at 16:48

Horsehead Nebula and Flame Nebula, directly off of the Dwarf 2 last night. 999 exposures of 15 seconds, gain @ 80.

Seattle + Clear Skies = 💖

=> View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-24 at 23:58

Had an interesting situation where AI coding helped make something more secure.

I was writing a tool to connect to Azure AI, which requires an auth key. Some example code had this coming from an environment variable, which is a super common practice. So I asked AI if there was a way to make this more secure.

I was using Cursor, so it recommended (and implemented) a version where it securely prompted for the string at first launch and then stored the secret via keyring (Credential Manager on Windows).

Storing in keyring is far more secure, but realistically most people wouldn't do it by hand because the environment variable approach is "good enough." But because AI made it so easy, it actually got done.

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-22 at 00:11

Surprised to see the amount of concern about Signal "leaking" rough regional location due to CDN caching.

There are still major email providers including your IP address (possibly even the machine name and IP address within your local LAN) in email headers.

Yes, I'm aware that some greybeards thought this was OK in the early 80s. It's not.

https://www.leeholmes.com/client-ip-address-disclosure-in-smtp-gmail-com/

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-21 at 22:06

Got a picture of the Rosette Nebula this weekend with some finally clear skies in Seattle and the Dwarf 2.

=> View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-17 at 23:15

Hmm, hybrid-analysis at some point reported on AMSI events (super cool!) https://www.hybrid-analysis.com/release-notes/6435736c80fa708351052637

But now seems not to - perhaps after moving to Falcon Sandbox. Anybody have any context?

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-16 at 20:56

Wonder how many sites out there offering a thin web UI over nmap realize they have an RCE risk? Wonder how many companies monitor nmap with the care that they might monitor other dynamic runtimes like Python / Perl / Ruby etc.?

https://nmap.org/book/man-nse.html

=> View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-10 at 22:15

I know AI doomerism is fun and calling LLMs stupid autocomplete is fun. But damn, was this easier than typing it in all by hand.

=> View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-10 at 21:58

Took Project Farm's capacity testing of AA batteries along with the best deals I could find for large quantities (Harbor Freight, Costco, Amazon) to find the batteries that give you the most capacity per dollar. Contrary to the video's findings, AA in bulk is still better than AA Lithium.

Varta or Amazon basics win at 8048 and 7568 mAh per dollar.

https://www.youtube.com/watch?v=efDTP5SEdlo

=> View attached media | View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-10 at 19:34

Yay! I have the world's most complicated console screensaver!

=> View attached media | View attached media | View attached media | View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-09 at 16:31

Console user and have an Azure subscription? Give this a go. Having ai.exe in the console rather than locked behind a web app opens up incredible opportunities.

https://github.com/LeeHolmes/ai

=> View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-09 at 01:22

LOL, can always depend on cool calculated AI to point out something nobody else has the courage to say.

=> View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-09 at 00:46

Sorry for the ridiculous amount of redaction, but holy cow is it powerful to have AI / Chat GPT at the command line.

=> View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-06 at 18:44

Did some traditional mig welding techniques but on plastic with a 3d pen. Good news is that these generally make truly structural welds, where the weld is not what breaks under stress!

Last picture: actual welding to prove I know what I'm talking about :)

=> View attached media | View attached media | View attached media | View attached media

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2025-01-06 at 16:40

Had a discussion with a youngish somebody over the holidays who had taken an engineering course in school where they designed parts in Solidworks.

They were at my house and looked at my 3d printer in amazement of how cool 3d printing was - having never seen one work before.!!

How did the teachers at their previous school drop the ball SO HARD that they had kids designing parts in Solidworks but never took them across the finish line to make it magical and have them 3d print those parts!

I'm just amazed. This is like teaching somebody color theory without ever letting them make a painting.

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2024-12-20 at 19:23

Here's your chance to practice some PowerShell reverse engineering:

https://www.leeholmes.com/an-exercise-in-de-obfuscation/

=> More informations about this toot | View the thread

Written by Lee Holmes :donor: on 2024-12-13 at 22:16

How is it that there are at least half a dozen really good and free 3d slicer programs for 3d printing, but crickets for the CAM part of CNC?

=> More informations about this toot | View the thread

=> This profile with reblog | Go to Lee_Holmes@infosec.exchange account