infosex.exchange <3

I recently posted about looking for an artist and got a bunch of replies.

Problem is 1) there are many obvious bots 2) those who are likely not bots also seem to use LLM/templates to communicate, making them look like bots.

If you don't want to get reported, use your own voice!

#fedihire

this post | permalink

@boblord That'd make sense, but unfortunately I don't know of any resources I could recommend (in part because of the reasons Hacklore exists...). I keep this in mind though and let you know if I find anything!

this post | permalink

@boblord I agree with your post and also that scanning QRs is not the problem (as stated on Hacklore).

Now that I look more into it, I think I found what's been bugging me about this point. It seems that QR is the only part where Hacklore expects extra work from the user:

"which is mitigated by existing browser and OS protections, and by **being cautious** about the information you give"

... but the recommendations don't say anything about how to "be cautious", while scams initiated via untrustworthy channels are a very real problem.

I think this should deserve a recommendation bulletpoint with at least some rules of thumb. I'm thinking along the lines of:

"If you are contacted via $untrused_comms to give out $sensitive_data, reject the request and initiate the contact yourself via $known_good" (may be simple enough to work if phrased carefully?)

this post | permalink

@boblord Wow that was quick, glad I could help!

I've been doing infosec for ~20 years but I only realized recently we communicate wrong after some relatives fell for QR-based scams and had to walk them through what happened.

I agree that determining risk is incredibly hard in this case and TBH I think "don't trust QRs" may be more effective than trying to teach everyone URLs, DNS and PKI...

this post | permalink

@boblord Great initiative, saved and shared!

One suggestion re: "QR codes are simply a way to open a URL" -> users have no clue what URLs are or how to interpret them. Even if you assume they can parse out the true domain (major if!), they don't know which domains are trustworthy. On top of this mobile browsers make it esp. hard to inspect URLs. We need to come up with better advice for site verification!

this post | permalink

I updated the structure of the #Ghidra documentation that I host so now you can access the latest of both version 11.x and 12.x:

https://scrapco.de/ghidra_docs/

I'm still looking for the docs of the new features in 12. If you think something is missing from the web that is available in the source lmk!

this post | permalink

GitHub Actions Has a Package Manager, and It Might Be the Worst

https://nesbitt.io/2025/12/06/github-actions-package-manager.html

this post | permalink

@mttaggart No worries, SpaceX can put your telescopes to space cheaply so you can avoid Starlink satellites!

this post | permalink

@alphaville @pancake as I understand it's not "function" register but "special function" register. RISC-V CSRs are provided as specific example:

https://book.rvemu.app/hardware-components/03-csrs.html

this post | permalink

@zcutlip I pulled my hair a lot because of that pile of shit until I found this article and while the tech remained the same, at least I started to understand the idea behind it:

"makes perfect sense when you are in the business of breaking stuff so people have to pay you for fixing it."

https://dzone.com/articles/why-you-should-avoid-jsf

this post | permalink