Philipp_CGN

@Kachelmann Wo ist das? Kahler Asten? Brocken?

Take that, voreiliger Laubbaum.

@AlpenHofnarr Die NSDAP selbst war doch zeitweise (1923 bis 1925) auch verboten, nicht nur SA und SS

@Maks_NAFO_FELLA What's an "Atmospheric Vacuum Tube" supposed to be? (apart from an oxymoron, as vacuum isn't atmospheric) A vacuum crude distillation unit?

🔥 (Atmospheric Vacuum Tube) installations at various refineries in Russia, - Dnipro Osint AVT is the “heart” of an oil refinery. If an AVT is disabled, the refinery either stops completely or loses significantly in volume. In general, according to our very rough calculations, as a result of these attacks, underprocessing would amount to approximately 1.5 million tons of oil. This is about 11 million barrels

@WalterFaber_57 @Inclutus Haben die denn überhaupt noch fahrtüchtige T-34? Oder sind die schon alle in der Ukraine zerstört worden?

@Inclutus Für den Fall, dass ein abtrünniger T-34 Fahrer die Tribüne ansteuert?

In Moskau ist man inzwischen so verunsichert, dass das Sicherungspersonal Panzerfäuste bei sich hatte.

@CinematicKink @alinavosss What brands/makes are that fucking machine and penalty buck?

- @alinavosss machine fucked in the penalty buck.

@unusual_whales If i tried to prohibit my boss from doing what he wants I'd get fired.

Trump has said that Israel is prohibited from bombing Lebanon.

@5percentrule @DeItaone Until Barron sells his Calls?

TALKS PROGRESS, STRIKES DELAYED Trump: “The United States and Iran have had productive discussions over the past two days toward fully resolving hostilities in the Middle East. As talks continue this week, I’ve ordered a five-day pause on any military strikes against Iranian energy infrastructure, contingent on progress. Thank you. —President Donald J. Trump”

@DeItaone TACO

*TRUMP: INSTRUCTED TO POSTPONE ALL STRIKES AGAINST IRAN

@greg16676935420 I usually use 3-4 sheets and fold them along these perforations

This might be a stupid question but why do they make the perforations so close to each other on toilet paper? No one is ever gonna use just a single sheet

@ericshayhoward @krassenstein That appearance is the greatest achievement in his life, understandable that he is worried about that.

@krassenstein Man, he gets big mad a lot. Is he worried his appearance in Home Alone 2 will be on a platform he doesn’t like?

BREAKING: Trump is now threatening Netflix of consequences if they don’t fire Susan Rice. Important context: Netflix is in a bidding war with Paramount for Warner Brothers. There are rumors that Trump may block the bid by Netflix. This is exactly how dictators act. How are Republicans OK with this?

@gothburz I love that tweet style, and hate how accurate that fictional company's behavior is to reality.

I built the login system in 2019. User IDs are sequential numbers. Starting at 1. If you were the 3,814th person to register, your user ID is 3814. The password is a default. The same default for every account. I set it at launch. I did not require users to change it. Most did not. I did not add rate limiting. I did not add multi-factor authentication. I did not add account lockout after failed attempts. I did not think we needed it. We insure divers. Who would target a diving insurer? I said this in a meeting once. Somebody wrote it down. It became our threat model. "Who would target a diving insurer?" That is not a threat model. That is a prayer. A security researcher answered the question in April 2025. He found the sequential IDs. He found the default password. He found that he could access any account by incrementing the number by one. Account 3814. Account 3815. Account 3816. All of them open. All of them protected by the same password I set six years ago. He found personal data. Addresses. Phone numbers. Medical records. Diving certifications. He found minors in the database. Children born in 2011. Their parents registered them for junior certifications. We stored everything. We protected it with a default password and an optimistic assumption about human nature. The researcher did the responsible thing. He contacted CSIRT Malta. The national cybersecurity incident response team. He filed a coordinated vulnerability disclosure. He gave us ninety days to fix it. Textbook. We responded with our own textbook. A legal one. Our Data Protection Officer received the disclosure. She did not forward it to engineering. She forwarded it to the law firm. The law firm sent the researcher a letter. The letter cited Maltese Criminal Code Article 337E. Unauthorized access to computer systems. Penalty: up to two years in prison. The researcher who told us our house had no locks was threatened with prosecution for trying the door. They also sent him an NDA. Same-day deadline. Sign by tonight. The NDA would prohibit him from discussing the vulnerability, the disclosure, the legal threats, or the company's response. Ever. He did not sign. We did not follow through. Quietly, months later, we fixed the password. Months. For a default password. You can change a default password during a coffee break. We took months. A journalist contacted us for comment. Our official statement — approved by legal, reviewed by the DPO, released publicly: "We contend it is the responsibility of users to change their own password." The password we set. The default we chose. The one we assigned to every account at creation. The one we never prompted anyone to change. The one that was identical across every account in the system. That password. Their responsibility. The story reached Hacker News. 636 points. 200 comments. The title was "I Found a Vulnerability. They Found a Lawyer." Most of the comments were about our legal strategy. A commenter calculated that the law firm's retainer probably exceeded the engineering cost of adding bcrypt and a password change prompt. He was right. But the law firm was already on retainer. The engineer was not. You go to war with the vendors you have. The researcher asked if we had notified affected users. We did not confirm. We did not deny. We said nothing. Silence is an underrated compliance strategy. If you don't say you didn't notify them, nobody can quote you not notifying them. That's not a loophole. That's the system. We are now rolling out two-factor authentication. I announced it at an all-hands meeting. I called it our "Security-First Initiative." I had a slide. The slide had a shield icon and the words "Protecting What Matters." What matters, in this context, is the company's reputation. Not the minors' data. The reputation. The initiative has three phases. Phase 1: Awareness. Phase 2: Implementation. Phase 3: Architectural Review. Phase 1 has been in progress for seven months. Phase 2 has no start date. Phase 3 has no start date. But all three phases are on the Confluence page. The Confluence page is on the roadmap. The roadmap is in the board deck. The board was impressed. I told them we had "proactively identified and remediated a critical authentication vulnerability through our coordinated disclosure program." "Proactively" means a stranger found it. "Coordinated" means we called a lawyer. "Remediated" means we eventually changed the password. "Our program" means we did not have one until after the lawsuit threat. I did not mention the legal letters. I did not mention the NDA. I did not mention Article 337E. I did not mention the minors' data. I mentioned "compliance posture." The board likes compliance posture. It means you're standing up straight while everything behind you is on fire. The DPO was promoted. She's now VP of Trust & Digital Safety. Trust. Digital. Safety. Three words, each individually real, together meaning nothing. But it has "VP" in front of it. That's what matters. I was promoted too. Chief Information Security Officer. CISO. A four-letter abbreviation. Even more serious than three. I oversee the security strategy for the company whose login system I built with sequential IDs and a default password in 2019. The sequential IDs are still sequential. We'll address that in Phase 3. Phase 3 still has no start date. The researcher who found the vulnerability received a legal threat, a criminal code citation, and a same-day NDA. I received a title, a budget, and a seat at the leadership table. He is considering whether to ever disclose a vulnerability again. I am presenting at a conference next quarter. The talk is called "Building a Culture of Security." I will not be taking questions.

@Kachelmann @fluglehrer_neu @twteraar Kommen die hohen Werte bei Rotterdam nicht durch die Erdölindustrie und Schifffahrt (Europoort und Botlek)?

@fluglehrer_neu Ja, natürlich, was sonst? @twteraar

Man sieht sofort, welches das Drecksland mit den geförderten Holz- und Pelletöfen ist.

@id_2346 @traderwhale69 @unusual_whales Trump always chickens out

The New York Times reported Trump has made $1.4 billion in his first year in office:

@lookner "No Truths to show". So the platform is obviously working as designed.

Seems like Truth Social might be down

@sashameetsrus Because you find out that the reality is far worse than the stereotypes?

Whenever a foreigner visits Russia, you can watch their stereotypes fall apart in real time.

@NATO_MARCOM Is that Tromsø? Great photos, and thank you for your service!

In the High North, NATO naval forces remain present, vigilant, and ready. ❄️ A persistent maritime presence strengthens deterrence, awareness & security in northern waters — every day, in all conditions. #WeAreNATO #HighNorth #MaritimeSecurity

@georgebernhard @SvenDotNet @maritafabeckcdu @TimurHusein Vielleicht ist er vom Namen "Grünflächenamt" verwirrt worden?

@SvenDotNet @maritafabeckcdu @TimurHusein Dass das eine strunzdumme Idee ist, ist klar, aber was hat das mit den Gruenen in Kreuzberg zu tun? Insoweit die BEW politischer Weisung unterstehen, unterstehen sie nicht dem Senat?

🔥 wenn die Grünen 🤢 im Berliner Bezirksamt Kreuzberg uns bitte mal erklären könnten, was am Verbrennen von Holz 🔥 klimafreundlich sein soll … @maritafabeckcdu @TimurHusein

@0xgaut I followed your advice and now the AI doesn't do anything anymore, thanks!

@Mrhankeyorigina @NickTimiraos You mean 5%, right?

@NickTimiraos JPow should push the committee for a 1% emergency rate hike Monday. He does have the bigger cajones end of day. Fuck Trump.

The Federal Reserve received grand jury subpoenas from the Justice Department on Friday that threaten a criminal indictment relating to Chair Jerome Powell’s testimony last summer about the central bank’s building renovation project Powell statement: federalreserve.gov/newsevents/spe…

@krassenstein Could be worse: They could send some Seals who then write sh**ty books about it

Tweet of the year