Category: Gripes

  • Netflix: Why People Are Leaving You… (The Unspoken Reason?)

    Netflix: Why People Are Leaving You… (The Unspoken Reason?)

    I can be long-winded in my blogs, I know, and there is a lot to unpack here. I’ll try to keep it brief. Famous last words =) Any Netflix engineers reading, it will be worth your time even if you skim fast. In the last month there has been global news coverage about Netflix losing […]

  • 2022 Cross-country Drive (Part 3: Lodging)

    2022 Cross-country Drive (Part 3: Lodging)

    For those who travel a lot, myself included a long while back, talking about lodging is not very interesting. Unless the room is spectacular or perhaps a grim experience, most of us have experienced average hotel rooms. The biggest fail here, in the context of my trip, is not taking pictures of the single worst […]

  • CVE ID Created Date != Much of Anything

    CVE ID Created Date != Much of Anything

    Yesterday, SanSec published a blog post discussing the recent Adobe Commerce / Magento Open Source vulnerability that was discovered being exploited in the wild. In the blog, they said: Adobe has been aware of the issue since at least January 27th but decided to issue a patch on Sunday, which is highly unusual. They draw […]

  • An 83 Word Excuse Instead of a 1 Character Fix (NCSC.nl)

    The National Cyber Security Center of the Netherlands (NCSC.nl) has a curious take on sharing security information. On October 25, 2021 I contacted them to inform them of a simple typo in one of their advisories. I send mails or Tweets like this several times a week to researchers, vendors, and news outlets as CVE […]

  • Redscan’s Curious Comments About Vulnerabilities

    As a connoisseur of vulnerability disclosures and avid vulnerability collector, I am always interested in analysis of the disclosure landscape. That typically comes in the form of reports that analyze a data set (e.g. CVE/NVD) and draw conclusions. This seems straight-forward but it isn’t. I have written about the varied problems with such analysis many […]

  • Search Speak for Automaton

    Search Speak for Automaton

    Alternate titles for this blog could be “Doodle Transition for Machina” perhaps! For at least a decade I have thought about just such an application and today I have Google Translate for Android. Load, aim, and it will process the text and translate on screen for you. Given the state of technology you would think […]

  • Twitter, Companies, and your Complaints

    The rise of social media has been interesting to say the least. Many on twitter have found it to give them a type of power as they can voice their complaints directly to a company that has wronged them. Everything from bad customer service, bad prices, minor inconvenience, or even perceived slights that likely never […]

  • How Many Trees Are You Celebrating @arborday?

    The Arbor Day Foundation is a 501c(3) nonprofit organization founded in 1972 that seeks to “inspire people to plant, nurture, and celebrate trees“. I received a “Colorado Tree Survey” from them today, part of what is a never-ending stream of snail-mail spam that I have written about before. For this envelope, the thing that caught […]

  • “The History of CVE” and A Couple of Objections

    I just read “The History of Common Vulnerabilities and Exposures (CVE)” by Ary Widdes from Tripwire and found it to be a great summary of the 20+ years of the program. I say that as an outspoken CVE and MITRE critic even! I do have a couple of objections however, with the conclusion, and then […]

  • Why @anacondainc Doesn’t Fully Understand CVEs

    It’s worrisome that in 2020 we still have people in influential technical roles that don’t understand CVE. A friend told me earlier this year he was in a meeting where someone said that CVE IDs are assigned in order, so CVE-2020-9500 meant there were 9500 vulns in 2020 so far. Of course that is not […]