Mr. Bitterness
LightNews LightNews
banner
wdormann.infosec.exchange.ap.brid.gy
Mr. Bitterness
@wdormann.infosec.exchange.ap.brid.gy
160 followers 4 following 460 posts
I play with vulnerabilities and exploits, but am forbidden to discuss such things publicly.
I used to be https://twitter.com/wdormann but Twitter has become […]

🌉 bridged from https://infosec.exchange/@wdormann on the fediverse by https://fed.brid.gy/
Posts Replies Media Videos
wdormann.infosec.exchange.ap.brid.gy
Apparently Gmail has a default-on setting that grants the permission to train their AI using your emails and attachments.

I'll file this as "expected".

The unexpected part?
When you toggle `Smart features` to turn it off, the pop-up says:
`Smart features turned **on**`
🤦‍♂️
November 21, 2025 at 12:27 AM
wdormann.infosec.exchange.ap.brid.gy
Twitter sure is something these days.
Photo of distorted Elon Musk and a follow up message of somebody asking Grok if it's real. Grok says that it's real.
November 15, 2025 at 5:22 PM
wdormann.infosec.exchange.ap.brid.gy
I have a UASP-using USB 3.2 thumb drive that works great on my Windows 11 host, but is virtually unusable (timeouts, errors, etc.) in a VMware Workstation or VirtualBox guest VM (Windows or Linux).

But this drive works fine in a VMware Fusion guest VM […]

[Original post on infosec.exchange]
dmesg output from a Linux VM I/O error, dev sdb, sector <number> op 0x0(READ) flags 0x80700 phys_seg <number> prio class 0
November 8, 2025 at 8:04 PM
wdormann.infosec.exchange.ap.brid.gy
For reasons, I happened to ponder the concept of 208V circuits in the US. And I saw a YouTube video that explained it well:
https://www.youtube.com/watch?v=xMZkKI5rleg

It's refreshing to every now and then see quality content, as opposed to slop created […]

[Original post on infosec.exchange]
Screenshot of YouTube video, showing whiteboard diagrams
November 6, 2025 at 9:43 PM
wdormann.infosec.exchange.ap.brid.gy
I've already come to terms with the fact that I don't use computers in the way that developers had considered, but every now and then I'm surprised by things.

With macOS, the manual DNS setting is **global**. Not per-configured-WiFi-network.

Scenario: I want to use my pihole when I'm on my […]
Original post on infosec.exchange
infosec.exchange
November 6, 2025 at 6:37 PM
wdormann.infosec.exchange.ap.brid.gy
There's a weird subculture on Youtube where occasionally I see that people post videos of themselves pointing, finger-wagging, and doing things that make absolutely no sense whatsoever.

Dare I ask why such things exist? Do people find such things […]

[Original post on infosec.exchange]
60 Year Old Plumber's Perfect Repair Method Revealed! You Will Be Shocked DIY Mastery 1.42k subscribers Video shows wires and a spring hand-wound around a spark plug
November 2, 2025 at 4:52 PM
wdormann.infosec.exchange.ap.brid.gy
Microsoft:

> As much as 30% of the company's code is written by AI.

Also Microsoft:
Somehow we managed to make it so that clicking the `x` in Task Manager doesn't close the app. Whoopsie daisy!
Process Explorer showing multiple Taskmgr.exe processes running on Windows 11 late October build
October 30, 2025 at 3:14 PM
wdormann.infosec.exchange.ap.brid.gy
Back when I first left the CERT/CC, I was unpersoned by the SEI pretty much right away. "Will Dormann" ? Never existed. All we have is `user-9a25e`.

Just recently, looking for a thing I had done in the past, I realized that the entire vuls.cert.org website […]

[Original post on infosec.exchange]
Screenshot of vuls.cert.org from 2023 "Finding Privilege Escalation Vulnerabilities in Windows using Process Monitor" blog post is attributed to user-9a25e instead of "Will Dormann"
October 29, 2025 at 3:02 PM
wdormann.infosec.exchange.ap.brid.gy
TFW ChatGPT tells you that it saved a script for you. Presumably server-side, as I obviously couldn't see it.

🤔
| saved an executable script for you at /mnt/data/find_retpoline_gadgets_auto.py . It will:
October 28, 2025 at 9:47 PM
wdormann.infosec.exchange.ap.brid.gy
I've noticed that Gmail is letting a pattern of spam messages through lately (maybe the past month or two?).

With the subject line of `Delivery Status Notification (Failure)` and then just a junk email body.

Just me? Is using a subject line of `Delivery […]

[Original post on infosec.exchange]
Screenshot of spam mail in Gmail. Subject: Delivery Status Notification (Failure) From: payment/declined@combattouring.com
October 28, 2025 at 6:48 PM
wdormann.infosec.exchange.ap.brid.gy
I suppose it's fried green tomato season.
Large bowl of green tomatoes from the garden
October 26, 2025 at 2:46 PM
wdormann.infosec.exchange.ap.brid.gy
TIL that I can take the part of my tomatoes that I'd otherwise throw away (the skins), throw them in a spice grinder, and you get delicious tomato powder!
`mindblown.gif`
Container of ground tomato powder from my garden tomato skins.
October 25, 2025 at 10:08 PM
wdormann.infosec.exchange.ap.brid.gy
If you have a long enough conversation with ChatGPT (I don't want to talk about it), your browser will start to go unresponsive.

Shouldn't all of the heavy lifting be happening, oh, I dunno... server side?
Page Unresponsive You can wait for it to become responsive or exit the page.
October 24, 2025 at 9:26 PM
wdormann.infosec.exchange.ap.brid.gy
Yay?
Unpin context menu for new Gemini icon in Chrome
October 24, 2025 at 12:57 PM
wdormann.infosec.exchange.ap.brid.gy
Never change, Linux.
10ct 21 15:14:24 ubufuzzb4 watchdog[1540]: This interval length (59) might reboot the system while the process sleeps! Try 59 or less
October 22, 2025 at 1:23 PM
wdormann.infosec.exchange.ap.brid.gy
Me, after buying some cheap computer item from China:
`SerialNumber: 235678C218CA` ... Hmm, that's suspicious.

Oh, it's googleable. A job done, China.
Google Search
www.google.com
October 22, 2025 at 12:27 AM
wdormann.infosec.exchange.ap.brid.gy
Do you or somebody you know have a Windows 10 that isn't fit for a Windows 11 upgrade? (e.g. no TPM)

1. Get a Windows 11 25H2 ISO
2. Run `setup /product server`

Enjoy your Windows 11 with no coerced Microsoft Account, TPM features, etc.
setup /product server being run on a Windows 10 system Windows 11 upgrade done. Local account. No TPM.
October 17, 2025 at 1:36 PM
wdormann.infosec.exchange.ap.brid.gy
VMware HGFS (host-guest filesystem) is an easy way of giving your guest VM access to files on your host. But I've noticed that it isn't terribly performant, using FUSE and who knows what to move bits around.

Surely it's faster than a CIFS connection to my […]

[Original post on infosec.exchange]
parse reindex log to get run time. webroot mounted as HGFS: 75:00 parse reindex log to get run time. webroot mounted as CIFS over an e1000: 29:05 parse reindex log to get run time. webroot mounted as CIFS over a vmxnet3: 24:30 Bar chart of results HGFS is 3x as large as CIFS over vmxnet3
October 16, 2025 at 7:32 PM
wdormann.infosec.exchange.ap.brid.gy
My new bus payment phone app says "Tap & Ride"

Oh, it must use RFID or something so that I tap my phone on the card reader, right?

No. It creates a "bar code" (QR code) that you optically scan on entering the bus.

I really need to readjust my expectations of the world.
"Tap &Ride" screen from phone app "Create a new barcode" screen from app, with a picture of a QR code
October 16, 2025 at 1:11 PM
wdormann.infosec.exchange.ap.brid.gy
https://my.f5.com/manage/s/article/K000154696

> These files contained some of our BIG-IP source code and information about undisclosed vulnerabilities we were working on in BIG-IP.
myF5
my.f5.com
October 15, 2025 at 1:01 PM
wdormann.infosec.exchange.ap.brid.gy
A person is running for mayor of my town.

Their last name only appears in their website in one image. Not in text form. Anywhere.
Someone searching for their name won't find the site as Googling for `site:<theirwebsite> lastname` produces zero hits.

Good luck?
October 15, 2025 at 12:47 PM
wdormann.infosec.exchange.ap.brid.gy
Me, foolishly: Here's a thing that can help Windows people.
Mastodon: This is silly. You should be running Linux.

Don't ever change, Mastodon. You're better than Twitter, but not by much.
October 8, 2025 at 11:34 PM
wdormann.infosec.exchange.ap.brid.gy
Hello, future black swallowtail butterfly!
Black swallowtail caterpillar Stock photo of black swallowtail butterfly
October 3, 2025 at 7:03 PM
wdormann.infosec.exchange.ap.brid.gy
Phase 1:
Wow. This replacement computer for my semi-old MythTV DVR is:

* Almost free (~$120)
* 1/3 the energy consumption of my old box.
* A tiny fraction of the size of my old box._Awesome!_

Phase 2:
Oh. Despite the firmware offering a CSM / […]

[Original post on infosec.exchange]
Picture of a full size desktop PC next to a new mini PC
October 2, 2025 at 4:33 AM
wdormann.infosec.exchange.ap.brid.gy
Dearest Google,
If I mark an email as spam, maybe don't suggest an "Are you sure you wouldn't prefer to confirm to the spammer that your email address is active instead?" option?

Signed,
Everyone on the planet
Gmail prompt on marking an email as spam: Report spam or unsubscribe? Gmail can unsubscribe you from the sender. If you didn't sign up to receive this message, Report spam instead to help protect all Gmail users from unwanted email. Learn more Report spam Unsubscribe
September 29, 2025 at 12:50 PM