EndianShade
@endianshade.bsky.social
Infosec software developer, hacker, Pokemon trainer, F1 fan, snare drummer
He/him 🇨🇦
He/him 🇨🇦
Pinned
EndianShade
@endianshade.bsky.social
· Nov 11
I was hoping my posts so far would appease the algorithm, but none of them are bangers. Here’s some stuff I like:
Software development
Python
Kernel drivers
Infosec
Hacking
Vulnerability research
Exploits
Detection engineering
Distributed systems
Scalability
Cloud
Kubernetes
Docker
Android
Pokemon
Software development
Python
Kernel drivers
Infosec
Hacking
Vulnerability research
Exploits
Detection engineering
Distributed systems
Scalability
Cloud
Kubernetes
Docker
Android
Pokemon
Reposted by EndianShade
TIL that "My" in MySQL is not a possessive adjective but the name of the daughter of the main author of the database Michael Widenius.
November 5, 2025 at 3:14 PM
TIL that "My" in MySQL is not a possessive adjective but the name of the daughter of the main author of the database Michael Widenius.
I was working on this Python pickle escape challenge but I wasn’t fast enough. iyehuda.substack.com/p/follow-up-...
Follow-Up: What 200+ Researchers Taught Us in the Pickle Escape Challenge
Recap, four escape methods, fixes, and updates
iyehuda.substack.com
November 5, 2025 at 12:59 AM
I was working on this Python pickle escape challenge but I wasn’t fast enough. iyehuda.substack.com/p/follow-up-...
Reposted by EndianShade
Hosting a site with no public IP and minimal attack surface.
No open ports. No brute-force noise. No drama.
@cloudflare.social Tunnel for the win :)
clarkee.co.uk/hosting-a-st...
No open ports. No brute-force noise. No drama.
@cloudflare.social Tunnel for the win :)
clarkee.co.uk/hosting-a-st...
Publishing a Website With No Public IP (And No Attack Surface)
Recently, I needed to publish a simple website for a small community, nothing fancy, but I didn’t want to open any unnecessary holes. I wanted it secure. I also wanted caching to save bandwidth and CP...
clarkee.co.uk
October 31, 2025 at 3:01 PM
Hosting a site with no public IP and minimal attack surface.
No open ports. No brute-force noise. No drama.
@cloudflare.social Tunnel for the win :)
clarkee.co.uk/hosting-a-st...
No open ports. No brute-force noise. No drama.
@cloudflare.social Tunnel for the win :)
clarkee.co.uk/hosting-a-st...
I ran out of rage and my fix still isn’t working
Theres annoyed, there’s perturbed, there’s angry, there’s raging, and then there’s being so mad that you fix a ticket on an open source project that has been open for five years with no fix.
October 30, 2025 at 1:22 AM
I ran out of rage and my fix still isn’t working
Kubernetes scheduling pods but it’s the Sorting Hat:
“Difficult. Very difficult. Plenty of CPU requests, I see. Not a bad image size either. There’s affinity, oh my goodness, yes - and a thirst to process your workload. Better be…. AKS-NODEPOOL-ZERO-ZERO-ZERO-ZERO-J!”
*applause*
“Difficult. Very difficult. Plenty of CPU requests, I see. Not a bad image size either. There’s affinity, oh my goodness, yes - and a thirst to process your workload. Better be…. AKS-NODEPOOL-ZERO-ZERO-ZERO-ZERO-J!”
*applause*
October 30, 2025 at 12:44 AM
Kubernetes scheduling pods but it’s the Sorting Hat:
“Difficult. Very difficult. Plenty of CPU requests, I see. Not a bad image size either. There’s affinity, oh my goodness, yes - and a thirst to process your workload. Better be…. AKS-NODEPOOL-ZERO-ZERO-ZERO-ZERO-J!”
*applause*
“Difficult. Very difficult. Plenty of CPU requests, I see. Not a bad image size either. There’s affinity, oh my goodness, yes - and a thirst to process your workload. Better be…. AKS-NODEPOOL-ZERO-ZERO-ZERO-ZERO-J!”
*applause*
PitchCom is unhackable, you say… 🤔
October 29, 2025 at 1:22 AM
PitchCom is unhackable, you say… 🤔
Theres annoyed, there’s perturbed, there’s angry, there’s raging, and then there’s being so mad that you fix a ticket on an open source project that has been open for five years with no fix.
October 29, 2025 at 12:21 AM
Theres annoyed, there’s perturbed, there’s angry, there’s raging, and then there’s being so mad that you fix a ticket on an open source project that has been open for five years with no fix.
Screw Zodiac sign, what’s your favourite ancient text protocol? My current favourite is HURDAT from 1984, complete with Fortran example code:
www.aoml.noaa.gov/hrd/data_sub...
www.aoml.noaa.gov/hrd/data_sub...
HURDAT format
www.aoml.noaa.gov
October 28, 2025 at 12:34 AM
Screw Zodiac sign, what’s your favourite ancient text protocol? My current favourite is HURDAT from 1984, complete with Fortran example code:
www.aoml.noaa.gov/hrd/data_sub...
www.aoml.noaa.gov/hrd/data_sub...
Reposted by EndianShade
📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).
It’s also concerning. 1/
It’s also concerning. 1/
PSA: we're aware that Signal is down for some people. This appears to be related to a major AWS outage. Stand by.
October 27, 2025 at 10:38 AM
📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).
It’s also concerning. 1/
It’s also concerning. 1/
Reposted by EndianShade
TLDR; The PSF has made the decision to put our community and our shared diversity, equity, and inclusion values ahead of seeking $1.5M in new revenue. Please read and share. pyfound.blogspot.com/2025/10/NSF-...
🧵
🧵
The official home of the Python Programming Language
www.python.org
October 27, 2025 at 2:47 PM
TLDR; The PSF has made the decision to put our community and our shared diversity, equity, and inclusion values ahead of seeking $1.5M in new revenue. Please read and share. pyfound.blogspot.com/2025/10/NSF-...
🧵
🧵
Reposted by EndianShade
This remains the funniest way to hear about an internet outage, though.
October 20, 2025 at 8:41 AM
This remains the funniest way to hear about an internet outage, though.
Reposted by EndianShade
NOW: US court permanently bans Pegasus spyware maker from hacking WhatsApp.
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
October 17, 2025 at 11:37 PM
NOW: US court permanently bans Pegasus spyware maker from hacking WhatsApp.
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.
Bad news for NSO. Huge competitive disadvantage for the notorious company.
Big additional win for WhatsApp 1 /
When you ‘kubectl logs’ and it just starts scrolling like mad, you know this pod is going *through it* right now
October 15, 2025 at 2:30 PM
When you ‘kubectl logs’ and it just starts scrolling like mad, you know this pod is going *through it* right now
Reposted by EndianShade
y2038 progress retr0.id/stuff/2038/
October 13, 2025 at 11:12 PM
y2038 progress retr0.id/stuff/2038/
Why yes Amazon, I’d love to see how my new Intel Core Ultra 7 265K would look in my room. It really brings the room together.
October 10, 2025 at 5:28 AM
Why yes Amazon, I’d love to see how my new Intel Core Ultra 7 265K would look in my room. It really brings the room together.
Why did I never dig into Parquet files until now? They’re a database! But they’re not! Too neat
September 26, 2025 at 5:13 AM
Why did I never dig into Parquet files until now? They’re a database! But they’re not! Too neat
I was trying to google search “F1 Azerbaijan 2025 Piastri free practice” and Google shows me qualifying spoilers. Absolute garbage search engine.
September 20, 2025 at 3:17 PM
I was trying to google search “F1 Azerbaijan 2025 Piastri free practice” and Google shows me qualifying spoilers. Absolute garbage search engine.
Insane Entra vulnerability dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 20, 2025 at 5:14 AM
Insane Entra vulnerability dirkjanm.io/obtaining-gl...
Can I just say, clicking links on Bluesky opens your mobile browser app instead of an in-app browser window and that’s such a breath of fresh air
September 19, 2025 at 8:28 PM
Can I just say, clicking links on Bluesky opens your mobile browser app instead of an in-app browser window and that’s such a breath of fresh air
Reposted by EndianShade
Did you know your MacBook has a sensor that knows the exact angle of the screen hinge?
It’s not exposed as a public API, but I figured out a way to read it and make it sound like an old wooden door.
It’s not exposed as a public API, but I figured out a way to read it and make it sound like an old wooden door.
September 6, 2025 at 8:44 PM
Did you know your MacBook has a sensor that knows the exact angle of the screen hinge?
It’s not exposed as a public API, but I figured out a way to read it and make it sound like an old wooden door.
It’s not exposed as a public API, but I figured out a way to read it and make it sound like an old wooden door.
Name something more classic than falling for false hope half way through a Beaverton headline
Carney cancels invite for Project 2025 mastermind, wants fascist takeover of Canada to be more of a surprise
Carney cancels invite for Project 2025 mastermind, wants fascist takeover of Canada to be more of a surprise
OTTAWA - A planned reception for the architect of Project 2025 - the infamous policy blueprint for the Trump Administration - has been cancelled because Mark Carney wants the planned far-right authori...
www.thebeaverton.com
September 4, 2025 at 11:19 PM
Name something more classic than falling for false hope half way through a Beaverton headline
Does this mean all the DoD-specific services that Microsoft offers will be renamed to DoW services?
September 4, 2025 at 11:16 PM
Does this mean all the DoD-specific services that Microsoft offers will be renamed to DoW services?
Reposted by EndianShade
✍️New Post ✍️
Python's async support is 10 years old this year. Python 3.14 has "proper" parallelism now -- free-threading and subinterpreter pool workers, so does that make async redundant? I look into the use cases and challenges of asyncio.
tonybaloney.github.io/posts/why-is...
Python's async support is 10 years old this year. Python 3.14 has "proper" parallelism now -- free-threading and subinterpreter pool workers, so does that make async redundant? I look into the use cases and challenges of asyncio.
tonybaloney.github.io/posts/why-is...
Python has had async for 10 years -- why isn't it more popular?
A deep-dive into the challenges and misconceptions surrounding async programming in Python
tonybaloney.github.io
September 2, 2025 at 6:41 AM
✍️New Post ✍️
Python's async support is 10 years old this year. Python 3.14 has "proper" parallelism now -- free-threading and subinterpreter pool workers, so does that make async redundant? I look into the use cases and challenges of asyncio.
tonybaloney.github.io/posts/why-is...
Python's async support is 10 years old this year. Python 3.14 has "proper" parallelism now -- free-threading and subinterpreter pool workers, so does that make async redundant? I look into the use cases and challenges of asyncio.
tonybaloney.github.io/posts/why-is...