KNP's CISO

Dashes, of all kinds need to fucking die, die, die.
While not completely fair, my burning hatred of dashes comes for word processing applications automatically replacing hyphens and especially double hyphens in code with dashes. And this never gets caught until said code needs to be copy-pasted back into a functional application, and it fails. Sometimes in weird and horrible ways. So, while it's the auto-replace which causes the problem, the existence of dashes is proximate enough that they all need to be burned out of existence for all time.

If the murky depths of my memories of school is correct, the location of the period is dictated by whether or not it is part of the quote. So, if the quote should have a period at the end, it goes inside the quotation marks. If the quote does not include the period (e.g. you are quoting part of a sentence), but you are at the end of a sentence in your own prose, you put the period on the outside of the quotation marks.

While "broom the floor" isn't common, "sweep the floor" is. Of course, why we use the tool name as a verb in the case of "mop" or "vacuum", but not in the case of "broom", is another case of English being English. But, you shouldn't expect consistency out of English. It's not really a language, it's several languages dressed up in a trench-coat pretending to be one.

The aircraft landed safely and even taxied to a gate under it's own power:
https://www.latimes.com/california/story/2025-07-20/delta-plane-lands-safely-at-lax-after-engine-fire-caught-on-video

Redmond’s previous system relied on digital escorts — American employees with proper security clearances — to monitor the foreign engineers working on the systems. However, it’s been noted that some of these U.S. citizens weren’t knowledgeable enough to determine if the person they were monitoring was doing regular work or putting in a backdoor.

This is a problem all over the FedGov. I've been on both sides of this situation. I've been a contractor escorted into spaces I was not cleared to be in. And, I've escorted contractors in cleared spaces. I can kinda see how the situation developed. When I was a contractor being escorted, the folks escorting me were great folks, but most knew fuck all about computers. I could have been up to some pretty shady stuff, and they likely would not have recognized it. Also, as physical escorts who were comfortable with me, they weren't exactly monitoring the screens all that closely. Even when it was me escorting contractors, I wasn't always completely knowledgeable about their work. Sure, I might know more about computers than some folks, but I don't know everything about everything, and it's possible that they could have slipped one past me.

All that said, when I was doing this stuff, I was subject to background checks on the regular. While they didn't quite go to the level of stuffing a microscope up my arse, I wouldn't have been surprised if they asked about it. So, how the fuck did Microsoft end up with Chinese nationals working on DoD systems? While I'm sure there's some great IT folks over there who just do their jobs and wouldn't get involved in spying/sabotage, this is just plain stupid. We're putting systems for our military in the hands of folks under the direct influence of once of the US's main adversaries.

Default credentials in network infrastructure? What year is it?

What mobile provider are you using? I know that T-Mobile IP addresses tend to get me a lot of captchas. And that's related to their use of CGNAT, which means that the server sees many different identifying characteristics all coming from a single IP address. Also, geoip location of systems is really unreliable for T-Mobile IPs.

who was running the compromised infrastructure?

The DoD report doesn't get into it. It repeatedly references "a US state’s Army National Guard network". Which, is probably not the same network as the US Army's network. It's also likely to be an Unclassified network; so, it's not quite as bad as it could be. But also not great.

the US military doesn’t do its own IT anymore. It’s all outsourced to Microsoft and other cloud providers to the tune of tens of billions of dollars.

While some of it is on Microsoft's and other cloud providers, there is also a lot which isn't. On top of that, much of the stuff "in the cloud" is all IaaS or PaaS. So, while MS, et al. run the hardware, the operating systems and software is often run by the IT departments for the various branches and programs. These IT departments will be some mix of US Civilian State or Federal employees and then a lot of IT contractors. Generally, the people doing the actual IT work are contractors working for companies like Boeing or Booz-Allen-Hamilton.

I’d like to know which sloppy cloud contractor is responsible.

If you want to find the people responsible, find the managers who have programs on the "state’s Army National Guard network" (as the report puts it) and figure out which one of them either authorized some sort of "shadow IT" project, or just threw a hissy-fit every time the IT folks tried to roll out patches. That's often how these things go. The report mentions multiple CVEs which were exploited, and I'd place a pretty large bet that they were unpatched in the environment because some manager whined loud enough to get his assets exempted from patching. All too often these types of vulnerabilities hang out there far too long because some department wants high availability on their stuff, but aren't willing to pay for high availability. So, they bitch and moan that they should be exempt from regular patching. And upper management isn't willing to back IT and say, "no you aren't special, you get patched like everyone else".

If we could harness the energy of Regan spinning in his grave, we'd have a limitless supply of energy.
Imagine telling any conservative, during the Cold War era, that we could completely fuck Russia's military power and readiness, for years to come, by sending weapons to a relatively small country. They would be rushing to arm anyone and everyone they could, unintended consequences be damned. And yet, here we are with the GOP blocking exactly that sort of activity. And even better, there is a very real possibility that we aren't arming future terrorists this time around. Maybe that's the GOP's problem, Russia losing in Ukraine won't create an excuse in 20 years to kill more brown people.

Good. Tying aid to cuts in IRS funding was absolutely asinine. Failing to fund Ukraine, which is actually fighting for it's continued existence as a political entity is also asinine.

Yes, Hamas is a horrible organization; but, the Israeli Government isn't facing an existential threat and has not been an innocent actor in the situation in Gaza. Aid and support should come with strings attached to ensure the protection of civilians and property rights of the people being displaced.

Ford Motor Co.'s second-quarter profit more than tripled to $1.92 billion versus a year ago (source)
Revenue rose 12% to $44.95 billion

Kinda hard to drum up sympathy for the company when it's raking in almost $2 billion in profit per quarter. Yes, Ford is burning about $1billon per quarter on EVs right now. That's not something the workers should be financing. That's money the company is investing to be viable in the future. That sucks for the shareholders; but, they are the ones who will reap any benefits of that investment and they should be the ones eating the cost.