Brendan Ribera
@brendan.threebrothers.org
Christian. Cyclist, hacker, startup grunt, Melville fanatic, math geek. 4 kids. Married. e^(iπ)+1=0
"Yet is there hope. Time and tide flow wide."
"Yet is there hope. Time and tide flow wide."
That thing where you mill flour to bake sourdough (and corn bread) to make the best homemade stuffing ever…
… and your teenage daughter dubs you a Trad Husband 😂.
I’m doing something right here.
… and your teenage daughter dubs you a Trad Husband 😂.
I’m doing something right here.
November 28, 2025 at 4:08 AM
That thing where you mill flour to bake sourdough (and corn bread) to make the best homemade stuffing ever…
… and your teenage daughter dubs you a Trad Husband 😂.
I’m doing something right here.
… and your teenage daughter dubs you a Trad Husband 😂.
I’m doing something right here.
Today's "apish swiping confuses iOS keyboard" headlines feature the word "levain."
It seems Apple have taken upon themselves to name my sourdough starter, and I now have a recurring reminder to "feed Dietrich." 🤌 🥐
It seems Apple have taken upon themselves to name my sourdough starter, and I now have a recurring reminder to "feed Dietrich." 🤌 🥐
November 6, 2025 at 5:19 PM
Today's "apish swiping confuses iOS keyboard" headlines feature the word "levain."
It seems Apple have taken upon themselves to name my sourdough starter, and I now have a recurring reminder to "feed Dietrich." 🤌 🥐
It seems Apple have taken upon themselves to name my sourdough starter, and I now have a recurring reminder to "feed Dietrich." 🤌 🥐
At the risk of failing to learn lessons 8, 9 & 14, I'll share these words. There is wisdom here.
scholars.org/contribution...
scholars.org/contribution...
Twenty Lessons on Fighting Tyranny from the Twentieth Century
Americans are no wiser than the Europeans who saw democracy yield to fascism, Nazism or communism. Our one advantage is that we might learn from their experience. Now is a good time to do so. From acr...
scholars.org
October 28, 2025 at 4:53 PM
At the risk of failing to learn lessons 8, 9 & 14, I'll share these words. There is wisdom here.
scholars.org/contribution...
scholars.org/contribution...
“Always be comic in a tragedy. What the deuce else can you do?”
August 1, 2025 at 8:47 PM
“Always be comic in a tragedy. What the deuce else can you do?”
Reposted by Brendan Ribera
The existence of Norway implies the existence of Nandway.
May 24, 2025 at 6:18 PM
The existence of Norway implies the existence of Nandway.
Reposted by Brendan Ribera
All the news is bad
Is there any other kind?
Is there any other kind?
Talking At The Same Time
YouTube video by Tom Waits - Topic
www.youtube.com
March 12, 2025 at 9:42 PM
All the news is bad
Is there any other kind?
Is there any other kind?
Reposted by Brendan Ribera
It should be PHYSICALLY IMPOSSIBLE to drive this fast on city streets.
January 29, 2025 at 6:19 PM
It should be PHYSICALLY IMPOSSIBLE to drive this fast on city streets.
Reposted by Brendan Ribera
Security flaws in a Subaru web portal let hackers unlock, start ignition or access a year of detailed location history for millions of cars.
The flaws are now patched. But they revealed powerful tracking abilities that Subaru employees can still access. www.wired.com/story/subaru...
The flaws are now patched. But they revealed powerful tracking abilities that Subaru employees can still access. www.wired.com/story/subaru...
Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
Now-fixed web bugs allowed hackers to remotely unlock and start millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still ca...
www.wired.com
January 23, 2025 at 1:04 PM
Security flaws in a Subaru web portal let hackers unlock, start ignition or access a year of detailed location history for millions of cars.
The flaws are now patched. But they revealed powerful tracking abilities that Subaru employees can still access. www.wired.com/story/subaru...
The flaws are now patched. But they revealed powerful tracking abilities that Subaru employees can still access. www.wired.com/story/subaru...
Ugh.
In December, Google made a major announcement: they're ending their ban on device fingerprinting.
This could dramatically reshape the future of web tracking and could have dire consequences on user privacy and your ability to stay safe online.
https://pvcy.org/YVOAFu
This could dramatically reshape the future of web tracking and could have dire consequences on user privacy and your ability to stay safe online.
https://pvcy.org/YVOAFu
January 10, 2025 at 3:31 PM
Ugh.
Reposted by Brendan Ribera
Mister Rogers never misses
January 2, 2025 at 8:38 PM
Mister Rogers never misses
10 years ago I was posting vines and bitly links via Twitter. Two of these things are completely broken now. Open web standards, portable data, etc - please!
October 23, 2024 at 6:27 PM
10 years ago I was posting vines and bitly links via Twitter. Two of these things are completely broken now. Open web standards, portable data, etc - please!
"On two occasions I have been asked,—'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' [...] I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."
www.gutenberg.org/files/57532/...
www.gutenberg.org/files/57532/...
Passages from the Life of a Philosopher;
by Charles Babbage;
a Project Gutenberg ebook.
www.gutenberg.org
October 8, 2024 at 4:21 PM
"On two occasions I have been asked,—'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' [...] I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."
www.gutenberg.org/files/57532/...
www.gutenberg.org/files/57532/...
I'm late to the party, and probably also alone there, but: Ubuntu making its TPM-backed FDE compatible require snapd / not work through debs is... hot garbage.
ubuntu.com/blog/tpm-bac...
ubuntu.com/blog/tpm-bac...
TPM-backed Full Disk Encryption is coming to Ubuntu | Ubuntu
Discover Ubuntu’s latest security enhancement: TPM-backed Full Disk Encryption (FDE). This experimental feature in Ubuntu 23.10 offers improved data protection without the need for passphrases […]
ubuntu.com
October 5, 2024 at 12:13 AM
I'm late to the party, and probably also alone there, but: Ubuntu making its TPM-backed FDE compatible require snapd / not work through debs is... hot garbage.
ubuntu.com/blog/tpm-bac...
ubuntu.com/blog/tpm-bac...
I just received a Very Serious political email reminding me that Seattle treats its middle-class voters like "an ATM machine."
a blonde woman is sitting in a kitchen with the words `` sure , jan . '' written on her face .
ALT: a blonde woman is sitting in a kitchen with the words `` sure , jan . '' written on her face .
media.tenor.com
September 9, 2024 at 8:07 PM
I just received a Very Serious political email reminding me that Seattle treats its middle-class voters like "an ATM machine."
That thing when `do-release-upgrade` kills sshd / restarts and you're stuck in a reentry blackout, wondering if and when your system will come back.
September 3, 2024 at 7:14 PM
That thing when `do-release-upgrade` kills sshd / restarts and you're stuck in a reentry blackout, wondering if and when your system will come back.
How you can tell that maybe, just maybe, your kids are logged in to your Google account.
June 27, 2024 at 11:32 PM
How you can tell that maybe, just maybe, your kids are logged in to your Google account.
Reposted by Brendan Ribera
[aesop rock voice] frog lots in illiopolis
June 25, 2024 at 8:58 PM
[aesop rock voice] frog lots in illiopolis
Reposted by Brendan Ribera
Okay, Taylor. It’s either HIM or ME.
June 2, 2024 at 5:41 AM
Okay, Taylor. It’s either HIM or ME.
Ah, May. When the Federal government finally repays the interest-free loan they've insisted I give them each year.
May 2, 2024 at 2:10 AM
Ah, May. When the Federal government finally repays the interest-free loan they've insisted I give them each year.
Reposted by Brendan Ribera
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Woah. Backdoor in liblzma targeting ssh servers.
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
March 30, 2024 at 5:13 PM
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.