I was wondering if there will be a difference in popularity of talks on Twitter during and after the #34C3 conference. Turns out the difference between last year's top 10 is significant! For #33C3's list, see gist.github.com/jd7h/810cb22b2…
Microblog
I am currently microblogging on Mastodon: @jd7h@fosstodon.org.
Archives
2023 2022 2021 2020 2019 2018 2017 2016 2015 2014
Most recent posts
I've turned off image loading in my browser for a scraping job, but now I'm seriously considering leaving things this way.
 
The top 10 of #34C3 talks has been updated to include tweets from the last days of congress. gist.github.com/jd7h/30de3cc1c…
RT @alicegoldfuss: I like to understand patterns in systems and the system of myself is no different.
Like last year, I made a top 10 of #34C3 talks, based on the number of tweets that refer to them. Here's the list based on tweets from the first few days of conference: gist.github.com/jd7h/30de3cc1c…
Oh dear. TIL @LibraryThing has an API.
Absolutely loving the traveling library of @hacklibrary at #34C3. Great selection of books: from Terry Pratchett and science fiction classics to the yoga sutras, books on political science and cryptography. #deadtreelovers
In that case, the distance to #34C3 should be measured in the number of caffeinated drinks needed for the journey. ;)
In Tibet, distances were traditionally measured by the number of cups of tea needed for each journey.
RT @efjboss: "Please implement your own crypto. Just don't use it for anything." Seems like a decent message @dsp6s
My favorite Christmas song of 2017 is @PTXOfficial's Mary Did You Know. youtube.com/watch?v=I5PyLw…
So how is everyone's Christmas Day so far? :D
Rereading the Harry Potter books this Christmas and I just noticed spare time at Hogwarts is comprised of boardgames, sports, books and visiting people for tea. No music, movies, tv-series or video games.
TIL the word "mockbuster".
Netflix's #BrightMovie Is A Terrible Movie. Please Don't Watch It. via @Forbes by @ScottMendelson forbes.com/sites/scottmen…
Thread with a happy ending
YES because there are NEVER enough Jo March influences in my life.
Little Women Miniseries Debuts First Trailer bit.ly/2AXyKcH
 
In January, I will be starting my new job as a PhD candidate at @UTwente on the topic of natural language generation.
 
Charlie and the “Zero day” factory
RT @sailorhg: [cw: food]
baking gingerbread chewbaccas for star wars tomorrow night https://t.co/eLnolS4BwD
 
This is why we need natural language generation. There will never be enough Harry Potter chapters. #nlg
We used predictive keyboards trained on all seven books to ghostwrite this spellbinding new Harry Potter chapter botnik.org/content/harry-…
 
 
 
Here's this week's newsletter. :) mailchi.mp/fe7d8af82fe0/o…
RT @danthat: Grim Fandango Remastered is *FREE* on @gogcom right now. If you haven't played it yet, holy hell you really should https://t.c…
I have an internet connection again (YAY FIBRE) so this week's newsletter goes out tomorrow. Sign up here: eepurl.com/c-Q53D
A list of common SSIDs. Apparently, HOGWARTS is very popular. wigle.net/stats#ssidstats
When in doubt, FLOUNCE
RT @alicegoldfuss: CUT PACKETS INTO PIECES
THIS IS MY DEFAULT PORT
FRAGMENTATION
NO STREAMING
DON’T GIVE A PING IF THE SIZE IS EXCEEDING
RT @shodanhq: Yes, we're having a black friday sale :) $5 Shodan Membership instead of $49 and it will run from Friday through Monday
Played Zork (1980) w/ @mrngm over the weekend, after we heard a reference to the game in an episode of The Big Bang Theory. Text-based adventure games ftw!
 
RT @austinkleon: Interesting part of the book ART & FEAR about a pottery class and how focusing on quantity sometimes leads to better quali…
My training and certification exams were paid by my employer.
My talk proposal about Markov Chains was rejected, so that means the talks at #34C3 will be EVEN MORE AWESOME than the one I had in mind, right? ;)
RT @ebrinkster: Posting this so others are reminded it is okay to fail. CFP to 34c3 declined. Can't win them all. Just try, try again! h…
In last week's newsletter, I wrote about gritty comics, hand-drawn presentation slides and a vintage video game! Read it here: 
mailchi.mp/42805a756327/b… ft. @b0rk @heikala_art
Had lots of fun talking to the @Radboud_Uni and @TUe_MCS students today. Slides (with links to career advice and infosec challenges) are available here: judithvanstegeren.com/assets/1711-in…
Awww yiss, my first newsletter is scheduled. *Excited
This week, I talk about bad-ass women in space (and where to find them) and christmas songs to dance to. Sign up here: eepurl.com/c-Q53D
 
@mrngm for your email footer?
Apparently, newsletters are the new Twitter. Join my quasi-weekly supercerebral non-sensical FUN newsletter here: eepurl.com/c-Q53D
 
If you regularly want beautiful art in your timeline, be sure to follow @heikala_art!
Hi! I'm Heikala, an illustrator based in Finland. I draw witches, make products and run an online shop✨🔮 #VisibleWomen
 
 
 
 
My next research project in 4 comic panels. #nlg #textgeneration
File disclosure vulnerability in OpenOffice. "The vulnerability is mitigated by the need for the attacker (...) to trick the user into saving the document and sending it back." Srsly, this got a CVE-ID? openoffice.org/security/cves/…
Only just realised I need to update my Python3 Twitter bots!
The Twitter app on my Mac still hasn’t updated to let me write 280, and I’d be perfectly happy if it never did.
Next week, I'm giving a presentation on incident response for computer science students of @Radboud_Uni and @TUeindhoven. Here's a sneak peek. #DFIR
 
RT @Lee_Holmes: "Assume you will be breached. Invest in detection and response agility". Words of wisdom from @malwareunicorn at Blomberg's…
RT @veelasha_m: PhD position in automated formal analysis of security protocols, cs.ru.nl/J.deRuiter/vac…
Application deadlline: 12 Nov 2017
RT @LEGO_Group: This is what #STEM is all about! Meet the pioneering Women of @NASA in LEGO form! 👩🚀🌛 #LEGOIdeas #LEGOWomenOfNASA https://…
Anyone with a Dutch library membership can get the book "I, robot" for free this November, thanks to @NederlandLeest. Cool!
I laughed so hard at this commercial. #blessed
youtube.com/watch?v=bh19Yx…
Introduction to haiku. I hope to find a good saijiki (dictionary with seasonal words) in Dutch or English one day.
youtube.com/watch?v=VJHCGP…
Einstein by Walter Isaacson
Criteria voor het bepalen van nieuwswaarde. Handig voor wetenschappers die aan media outreach willen doen! #scicomm NL
 
With special thanks to @ionicasmeets for recommending this book in Het Exacte Verhaal.
Trying to improve my understanding of The Media as a technical/scientific expert with this interesting reading material. #scicomm
 
“Like a government diverting money from defense to education, humans diverted energy from biceps to neurons.” -Yuval Noah Harari (Sapiens)
Verder bevatten de factsheets van @ncsc_nl veel best practices op technisch en organisatorisch gebied, zie ncsc.nl/actueel/factsh…
Arnoud Engelfriet kan veel juridische zaken vaak helder uitleggen. Zie @iusmentis en blog.iusmentis.com/tag/gdpr/
GDPR heeft veel facetten dus dit is een brede vraag. Op welk vlak? Organisatorisch/technisch? Ligt er ook aan wat MKB nu al heeft ingericht.
RT @schne1der_: The #34C3 CfP ends on Sunday. Now is the time to make your entry: events.ccc.de/2017/09/19/34c… Remember: There is no reason to b…
RT @IPOeducation: Happy #AdaLovelaceDay ! A worldwide celebration of women in science, technology, engineering and maths #womeninSTEM https…
Life advice for people in tech... ermmm, I mean everyone. jvns.ca/blog/answer-qu…
Read this and then determine what YOU want out of your smart phone or social media. theguardian.com/technology/201…
Love your inktober drawings! You inspired me to make one of my own. ^^ Looking forward to seeing the rest of your creations on twitter.
@jakeparker Can you tell me the name of the font you used in the official inktober prompt list? Thanks.
What media did you use? Black ink and paint brush or something else?
This article has some fun suggestions for coming up with new blog post ideas: thenextweb.com/contributors/2…
Winter is coming.
Yay, my first #hacktoberfest pull request was merged! This is a good post for easy pull request ideas: vaibhavsagar.com/blog/2017/07/3…
The Open Movie DataBase (OMDB) is no longer open: you can't access the API without paying $1 per month. *sadface
Oh noes, now the White Walkers have puppies too! #GoT
Investigating Security Incidents with Passive DNS, by @xme isc.sans.edu/forums/diary/I…
Want to join #hacktoberfest but not sure where to start? Read @b0rk's article: jvns.ca/blog/2017/08/0…
#youcandoit #opensource
Support open source this October and earn stickers or a T-shirt from @digitalocean and @github hacktoberfest.digitalocean.com #hacktoberfest #FOSS
Just blogged: Roger (python tool) monitors changes in HTTP status codes #OSINT judithvanstegeren.com/blog/2017/roge…
We need more exercise material like this.
Here is a fun exercise to learn Python and Scapy: extract the picture from the following PCAP tuftsdev.github.io/DefenseAgainst…
RT @qikipedia: So please, oh please, we beg, we pray
Go throw your TV set away
And in its place you can install
A lovely bookshelf on the w…
Today is a very special day: I just opened my 42nd git repository! HUZZAH!
RT @DynamicWebPaige: Did you know that "netsh wlan show profile" shows every network your computer has ever connected to? And "key=clear" s…
Twitter forensics from the 2017 German election, nice research bij F-Secure #OSINT labsblog.f-secure.com/2017/09/25/twi…
Yay, I submitted my proposal for a talk on fun with Markov Chains for the #34C3 CFP! And now we wait... *fingers crossed
This is me.
RT @briankrebs: Here's a thought, Twitterverse: Before you respond to an inflammatory tweet, consider whether you're being used/trolled. Br…
I think you accidentally a word.
A Jane Austen-themed game from the maker of Second Life! This appeals to my inner historian. theguardian.com/books/2017/sep…
RT @sans_isc: The easy way to analyze huge amounts of PCAP data i5c.us/2fB1G50
RT @empty_backfield: @ASmallFiction Brevity is the soul of wit.
Good idea!
Sent from my iPhone
The Matrix, 2001: A Space Oddysey, Planet of the Apes, Alien and Jurassic Park are all science fiction movies.
"I plead with you to make science fiction into science fact, and make the impossible possible" - Bolden #IAC2017
RT @SwiftOnSecurity: Hey, at least PowerShell commands will fit in Twitter now.
The rest of the code is scraping the CCC Fahrplan and some dataset cleaning.
An implementation of Markov chains is already open sourced as one of my github projects: github.com/jd7h/andrey
Interesting article about the consequences of instilling a fixed mind-set vs a growth mind-set in children. 
scientificamerican.com/article/the-se…
RT @garwboy: Next week: Is vaccination bad for society? We interview several strains of polio that say it's gone too far https://t.co/i0HpY…
Oh yes, especially when you insert "blockchain" or "cloud".
If you're getting 401 errors from the Twitter streaming API, check your system time. Twitter won't push tweets if your clock is wrong.
I'm falling in love with NLTK's part of speech tagger. I use it to get random adjectives and nouns from a corpus and play with them.
 
"Most robots out there are things you won't need to specify the behavior of iptables in terms of bigstep semantics."
"Who is flagged as a dreaming machine opens a security update to fix the EU's vulnerabilities."
"How large and pervasive the impact on an ARM microcontroller that has an unfortunate reputation of evoking a raw dystopia..."
"A lightning talk attempts to gain an open virtual machine learning to remotely install persistent code, incentivized by scientists."
"This talk discusses the world's largest platform for various IPv6 in space agencies fixed by our solar system to accommodate our research."
I'm using Markov chains to generate talk abstracts for the #34C3 CFP. Some of the outputs are hilarious and/or quite believable.
"Hold the newsreader's nose squarely, waiter, or friendly milk will countermand my trousers." youtube.com/watch?v=ZFD01r… #language #linguistics
Just watched Hidden Figures, about the women of colour that computed for the NASA in the 60s: a beautiful, important and inspiring movie.
Good busy! ;)
Looking forward to more chapters! Also we need moar tea dragons.
If you like webcomics, pastels and tea, be sure to read The Tea Dragon Society by @strangelykatie at teadragonsociety.com
 
What about 'Henry', 'Edward' and 'George'?
RT @WeldPond: A Botched Black Bag Job Reveals the Long Arm of Chinese Intelligence. Physical security is information security. https://t.c…
Timeline for the #34C3 Call For Participation:
Sep 19: CFP open
Oct 15: CFP closed
Nov 19: Notification of acceptance
Dec 27: Conference!
Event Blog: 34C3: Call for Participation and Submission Guidelines events.ccc.de/2017/09/19/34c… #CCC
RT @ccc: Event Blog: 34C3: Call for Participation and Submission Guidelines events.ccc.de/2017/09/19/34c… #CCC
Good luck! I just passed mine. :D Maybe this article in which I describe my learning method can help you: judithvanstegeren.com/blog/2016/how-…
"Click publish because you have something to say, not because you have to say something."
"Humor" is natuurlijk breed te interpreteren :p
Just blogged: Digesting difficult books with @RyanHoliday's reading method.
judithvanstegeren.com/blog/2017/dige…
Best geek test evah and awww yish I scored 48%. innergeek.us/geek-test.html (via @SecBert)
Thanks for the tip (and the stories) ;)
This looks like a REALLY cool digital forensics challenge! You can participate until feb 2018. More details here: dfrws.org/dfrws-forensic…
There is an open @DFRWS challenge currently running ...
"@freeradblog" seems to be a dead link -- is there a typo in there somewhere?
@MalwareJake @hacks4pancakes @sansforensics Any ideas? #DFIR
Looking for challenges, puzzles, wargames, and permanent CTFs to practice the skills I learned in the SANS Digital Forensics course. Ideas?
This website has some great digital forensics puzzles, by the way. I also like the way they choose a winner. forensicscontest.com/puzzles
Do these have /forensics/ challenges? Not really looking for 'break this' challenges, but more 'find evidence of activity X'.
Looking for challenges, puzzles, wargames, and permanent CTFs to practice the skills I learned in the SANS Digital Forensics course. Ideas?
RT @bridgetkromhout: Printed up some DevOps Against Humanity cards, as one does. http://t.co/TX09SqiFMQ
 
This is the back of the cover of "Wonder Women" by Sam Maggs and Sophia Foster-Dimino.
Yay, I just passed my GCFA exam (forensics and incident reponse) with a score of 87%, thanks to training from @MalwareJake and lots of prep.
We are entering a new age of automation, unlike anything that's come before. youtube.com/watch?v=WSKi8H…
Spoons address the problem of conveying liquid from bowl to mouth (...). How is your idea like a spoon? medium.com/civic-tech-tho…
I've been using @Kiva for years (even as a student) and I absolutely love it. If you're not yet giving to charity, be sure to check it out.
Check out @Kiva loans- small loans to people around the world helping them to generate further income for themselves and their families
This is the timeline for last year. I'm planning to send in two proposals for #34C3. I've teamed up with some friends for feedback exchange.
For those who are considering sending in a talk proposal to the CFP for #34C3:
Timeline for the #33C3 Call For Participation:
Sep 1: CFP open
Sep 30: CFP closed
Nov 14: Tweets with "Yay, my talk was accepted!"
Timeline for the #33C3 Call For Participation:
Sep 1: CFP open
Sep 30: CFP closed
Nov 14: Tweets with "Yay, my talk was accepted!"
Plz plz plz make a timelapse video?
This page by @lara_hogan is SO cool: "Eating a donut is an integral part of my career celebration process." larahogan.me/donuts/
RT @blinry: So... my nonverbal "algorithm assembly instructions" might actually grow into a larger project – a webcomic? A book? Some rough…
Productivity in terrible times: "Know that the tufted titmouse has never even heard of the electoral college." superyesmore.com/productivity-i…
StarCraft is a high speed time machine! ...Unfortunately, it only goes one way: to the future!
BTW you get bonus points if you turn this into a bash scripting contest with your significant other.
Puzzle for Saturday-afternoon: write a one-liner in bash to find out which words have the highest amount of i's and j's.
cat [yourwordlisthere] | awk '{print split($0,a,/i|j/)-1 "\t" $0}' | sort -n
Puzzle for Saturday-afternoon: write a one-liner in bash to find out which words have the highest amount of i's and j's.
Zaterdagmiddagprogrammeerpuzzel: welke NL woorden hebben het hoogst aantal i en/of j letters?
Aww yisss, putting some extra effort in my GIAC GFCA exam index really paid off! I feel so ready for the exam now. ^^ #DFIR #SANS #GIAC
 
@WriteSpeakCode Are the talks recorded? I couldn't participate in the conf but would love to see some of the talks. :)
Just finished my GIAC Certified Forensics Analyst exam index -- I ended up with over 350 entries. Time for the last practice exam! #dfir
RT @juliepagano: “Follow the campsite rule and leave tech better than you found it.” #wsc2017conf
RT @MicroSFF: You say I cannot write
A poem right and true
To Twitterlimits tight
But I say Hold my beer!
Composing without fear
There's no…
RT @aprilwright: This person wins the #SE pretext game today m.imgur.com/gallery/USjnb
@McSpank I'm curious about your top-3 #SHA2017 talks. :)
Good busy. ;) Have fun in Oslo!
You were a crying infant, once. You might have a crying infant, someday. #dwi
Home decoration style advice for ladies, 1896. gutenberg.org/files/26368/26… #downtonabbey
RT @qikipedia: Medievalist @hollielsmorgan has rewritten Harry Potter in Middle English verse. https://t.co/yMZYnYpe8n
 
And if you want to learn by implementing crypto and then breaking it, there are the cryptopals challenges. cryptopals.com
RT @Fr333k: My talk at @SHA2017Camp is online, fastest of all venues! "An academic's view to incident response" youtube.com/watch?v=4vSmr2… #sh…
How many pins did you make for the first run?
Yay, I finished my crawler/scraper/tokenizer project today at #sha2017! I'll upload the code to github.com/jd7h/adjutant after refactoring.
A SEO Expert walks into a bar bars tavern alehouse pub public house alcohol beer liquor whiskey
I just realised I really need a 3D printer before moving to a new apartment.
Even the bar at @SHA2017Camp is being very carefully planned in the nerdiest 3D printed and graph paper way possible.
 
RT @PicardTips: Picard management tip: Conducting an experiment with an unknown outcome is time well spent, even if the result disappoints…
Thanks! I've been to some infosec conferences but OSINT talks are not something I encounter a lot. Any infosec confs you can recommend?
@jms_dot_py Are you aware of any OSINT-focused conferences that are interesting for techies specifically?
Machine Learning for security monitoring leaves analysts with more time to take action. darkreading.com/analytics/mach…
Love exploring words, language and concepts? Addicted to browsing a thesaurus? Try this website: wordassociations.net/en/words-assoc…
So I made this drawing after reading Daring Greatly by @BreneBrown. I might release it as a colouring page with Meteoriet Design later.
 
Begone with your old-fashioned 30-day password expiration notices and special character constraints! troyhunt.com/passwords-evol…
'Coding like a girl' (by @sailorhg) is worth reading. I make some of the mistakes mentioned in here too. medium.com/@sailorhg/codi…
How NOT to make a fantasy book cover, the 12-step guide. thoughtsonfantasy.com/2017/07/18/how…
This philosophical essay about work and leisure should be titled "The 4-hour workday". zpub.com/notes/idle.html
I have surpassed my GoodReads challenge of 32 books by reading 33 books this year. Now what am I going to do with the rest of 2017?
@Android Is it possible to get the monthly security bulletins as an xml/csv file?
RT @erwinkooi: @jd7h And remember that "promotion" does not mean up the mgmt ladder. Promotion is a shift to a job where you can learn new…
Now I find it strange that sometimes creativity and innovation are used as a performance metric.
I have yet to see serendipity as a performance metric.
Just blogged: Things I learned after 18 months of working. judithvanstegeren.com/blog/2017/thin…
RT @amuellerml: How to build a racist classifier without even trying: gist.github.com/rspeer/ef750e7…
I found out there's a #SHA2017 lecture on state machines/type theory and now I'm doing a little dance in my chair. program.sha2017.org/events/342.html
Your momma's so FAT, her access time has a resolution of 1 day.
Threat indicator of the day: "Mini cats", ie. little kittens dumping hashes and plain text credentials from memory. #threat #IOC
UDP PACKET BAR WALKS A INTO
The "Break, learn, break, cry, break" routine. Nice blog by @roguelynn. roguelynn.com/words/Im-fakin…
The user's going to pick dancing pigs over security every time. -Bruce Schneier
You can never remove all risk, but you can protect yourself as much as possible and mitigate risk to an acceptable degree. -Kevin Mitnick
OH: "I like proof more than conjecture and fluff."
The secret to strong security in computer software: less reliance on secrets. -Whitfield Diffie
This Bundle contains the security classics. Nice range of topics: social engineering, physical security, crypto, forensics and reversing.
Introducing the Humble Book Bundle: Cybersecurity by Wiley! Pay what you want for tech ebooks and support charity!
humblebundle.com/books/cybersec…
 
Just try to bust yourself gently of the fantasy that publication will heal you. It can't. It won't. But writing can. -Anne Lamott
I've been inking a drawing and ZOMG I HAVEN'T BLINKED IN FOUR HOURS
None, because "we" are too busy meditating?
"Python2 is for those that live in the past, Python3 is for those that live in the future."
DARPA used formal verification to make their Little Bird drone much more secure ("hacker-proof"). quantamagazine.org/formal-verific…
Welcome to the club!
Book recommendations for Jon Snow: "Are you my mother?", "The Crow", and "All my friends are dead." goodreads.com/blog/show/966-…
OH: "PDF stands for Payload Delivery Format." #malware #DFIR
If Gutenberg’s revolution was Pandora 2.0 and the Industrial Revolution 3.0, then the information age is Pandora 4.0. -Stephen Fry
I'm really looking forward to the writeups! I might learn a thing or two about mobile reversing.
Only one day left to the conclusion of the challenge h1702ctf.com #h1702 Happy last minute hacking!
If you ever need to write a company newsletter, don't forget to look at this page: dilbert.com/search_results…
I told a UDP joke but nobody got it.
Every writer you know writes really terrible first drafts, but they keep their butt in the chair. -Anne Lamott
OH: "The code for this project looks like a bunch of drunk monkey got together to write code on typewriters."
You are Not an Impostor by Nickolas Means (@nmeans) youtube.com/watch?v=l_Vqp1…
Social-engineering-as-a-Service to get victims to give up their PIN codes. motherboard.vice.com/en_us/article/…
A girl can dream.
Even if a security-minded programmer erases all passwords from memory, they might still be floating around in RAM because of the OS.
"Work hard, but don't rush." Career advice from George Monbiot. monbiot.com/career-advice/
It's OK to:
- ask for help
- not know everything
In the Hague there are plenty of spots where you can buy milk tea!
"Threat intelligence sharing: what you don’t know can hurt you" by @McAfee describes the challenges of sharing CTI.
mcafee.com/us/resources/r…
What can developers learn from being on call? by @b0rk - jvns.ca/blog/2017/06/1…
I'll return soon enough, for the party of the year! ;)
I will improve my machine learning skills with the Stanford Machine Learning course on Coursera, starting today! coursera.org/learn/machine-…
Malware can hide, but it must run. -Jesse Kornblum
RT @joernchen: It's open! poc.sha2017.org twitter.com/sha2017poc/sta…
Duck typing in security: Does it look like a duck? Does it walk like a duck? Does it hack like a duck?
Reserve an out-of-band communications channel for your Incident Responders, as business comms might have been compromised as well.
"Do not react too quickly to an incident by pulling the plug. We need to move towards intelligence-driven incident response."
By popular demand, my Twitter mass-backup-and-unfollow Python script can be found here: gist.github.com/jd7h/02094c6e1…
Incident response to the rescue! Now for sale in my RedBubble shop. :)
redbubble.com/people/meteori…
 
I made this shirt design for all those awesome infosec Incident Responders out there. They are, after all, superheroes. Who you gonna call?
 
 























