BC INTERNET
Saved by @Alex1Powell

Information Security Framework, Pt I: the Basics:

Let's start with the simple things.

1. Keeping up-to-date on all things software-related on the machine should be paramount.

Not just operating system updates though.

 Software updates for things like word processing programs, music players, email clients, etc.

Kernel and BIOS updates for the machine itself.
If you want to check for the newest BIOS update, look at your computer hardware, visit the vendor's site, and they will have BIOS downloads available, as well as the date they became available.

Keep in mind, some updates on the BIOS itself aren't always necessary.
If the vendor recommends "Not updating if stability isn't a problem, then don't do it"

2. Next, let's talk about things that may communicate over the local network or within a short proximity, such as Bluetooth, airdrop, etc.

If you're not using them, turn them off.
Airdrop is especially troublesome because often I'll be at an airport and see dozens of individuals who have airdrop enabled. I recommend setting it to 'Contacts only' unless you're intending to pass a file to someone close to you.
3. Next, let's talk passwords. This one is extremely troublesome for a good portion of the population anywhere. Often we see people that include names of people they're close to, with a couple numbers of interest.
The number could be their birth year, the year they graduated high school/college, or an event of significance in their life.

Regardless of what it is, these passwords should be complex enough for an automated brute force-like password attack or dictionary attack.
Dictionary attacks leverage a text file of common dictionary words to run the attack. It is typically quicker if the password isn't expected to contain combinations of numbers and special characters. It can be quicker only for the lowest hanging fruit.
Brute force simply runs a number of permutations per second until it finds the password of interest. While it's slower, it eventually breaks a password if it's too short or simplistic.
Due to the concept of Moore's law, we have technology now that can run brute force attacks much quicker, although to be honest there are easier ways to retrieve passwords. More on that later.

The next issue people tend to have is using the same password for most accounts.
BIG mistake. Here's why:

IF an APT (Advanced Persistent threat) is ran on a large company, such as things we've seen in the last five years, they may be able to retrieve the email AND password of that account.
Since many people use identical passwords across the board, this can cause a domino effect across the board.

If they know your email and a common password you use, they can start trying it across the board, going to common sites where folks do business at.
Whether that be Amazon, Gmail, Ebay, etc, it doesn't matter.

By taking advantage of this opening, they could gather even more info on you, whether that be addresses, birth dates, or even connections to other accounts with significant PII (Personally Identifiable Information).
So how do you manage remembering different passwords for different accounts?

Simple. Use a password manager.
Here's how it works: You create a database of passwords, label what site they're for, URLs for the site of interest, email it's linked to, and other additional details in a notes section (For additional details we'll cover later).
You can also specify expiration times for the password. While simple accounts that don't contain much sensitive information won't need their passwords changed often, it'd be prudent to change passwords of finance-related services at least a few times a year.
Same goes with cloud storage, email, etc.

There are two good options: Keepass and Bitwarden.

Bitwarden is cloud-based, Keepass is not. I personally prefer Keepass as the cloud is a risky place for anything, regardless of how 'secure' they claim they are.
To each their own. Keepass is only available on Windows, but KeepassXC is well maintained for other platforms.

So here's the recommendation: Generate a 20-character password, including special characters and numbers.
Some sites don't like certain special characters allowed in the password, so take note of which ones they allow when creating a password.

Update accounts with sensitive info every six months MINIMUM.

More from Internet

words are weapons \u26a1
words are weapons ⚡...
@vimoh
I have been a Substack and Patreon user for a few years now. And though more than one social media giant has, in recent months, expressed the desire to help writers and journalists monetise their audience, there are very good reasons to take these SOPs with a pinch of salt.

Because the reason Patreon and Substack came into existence was not the need for a new business model. It was as a cure for the old business model - an algorithm-driven ad revenue system that powered the attention economy. The attention economy turned audiences into scrollers...

...who were in it for the next viral hit. Quality of information suffered, the nature of discourse suffered, and as a result, democracy itself suffered. Much of this was enabled by the social media giants who are trying to copy the Substack and Patreon model right now in an...

...attempt to "put creators first". But what we must not lose sight of is that the Substack / Patreon model only emerged as a result of the bad practices the social media giants enabled. The algorithm made a toxic internet possible and they were what hit back. Today, multiple...

...podcasting tools video streaming services have donation buttons built in. But it was not always so. I applaud all attempts that anyone makes to help independent media not have to rely on ad money, but I am not going to ever be able to see Facebook's newsletter tool as a...
INTERNET
\U0001f1fa\U0001f1f8\u2694\ufe0f\u03b1\u0432\u0455\u03c3\u2113\u03c5\u0442\u0454\xa2\u03c3\u03b7\u03bd\u03b9\xa2\u0442\u03b9\u03c3\u03b7\u2694\ufe0f\U0001f1fa\U0001f1f8
🇺🇸⚔️αвѕσℓυтє¢σηνι¢тιση...
@Absolute1776
(1) Let’s get one thing straight right now;

I was a mod on r/watchpeopledie.

Ive taken part in uncovering evidence of p3d0’s to reveal to LEO.

I have seen some *dark* sh*t in my day.

Unless you are used to it; you will NOT be able to handle “seeing the truth”. I promise ➡️
INTERNET
Advertisement
Elky
Elky
@Elky_Style
Company
Permanent suspension of @realDonaldTrump
By Twitter Inc.
Friday, 8 January 2021
After close review of recent Tweets from the @realDonaldTrump account and the context around them — specifically how they are being received and interpreted on and off Twitter —


we have permanently suspended the account due to the risk of further incitement of violence. 

In the context of horrific events this week, we made it clear on Wednesday that additional violations of the Twitter Rules would potentially result in this very course of action.

Our public interest framework exists to enable the public to hear from elected officials and world leaders directly. It is built on a principle that the people have a right to hold power to account in the open. 

However, we made it clear going back years that these accounts are

not above our rules entirely and cannot use Twitter to incite violence, among other things. We will continue to be transparent around our policies and their enforcement. 

The below is a comprehensive analysis of our policy enforcement approach in this case.

Overview

On January 8, 2021, President Donald J. Trump Tweeted:

“The 75,000,000 great American Patriots who voted for me, AMERICA FIRST, and MAKE AMERICA GREAT AGAIN, will have a GIANT VOICE long into the future. They will not be disrespected or treated unfairly in any way, shape or form
INTERNET
David Kaplan
David Kaplan
@depletionmode
Linux code injection paint-by-numbers.

Can we launch a process that looks one way to (superficial) auditors but is, in fact, entirely different? (Think process hollowing and the like on Windows).

Firstly, how are processes created and what does related auditing look like?

The most common pattern is fork() → execve(). Where the fork() syscall create a duplicate of the running process context and execve() overlays a copy of the target program onto that context.

After calling fork(), we’ll have two processes, the original one and a new - duplicated - one (with a new pid).

Control will return from fork() to both process instances. In the child process, the return value will simply by 0, in the parent it will hold the pid of the child.

Thus we can determine whether we are running in the child context and call execv() accordingly, while allowing the parent to continue.


Now, let’s take a look at where the auditing hooks lie. From calling execve(), we’ll eventually land up in exec_binrpm().
INTERNET
Madhu Menon
Madhu Menon
@madmanweb
The Internet and mobile phones have taken over our lives. But it comes with increasing security concerns. Website data breaches, phishing attacks, and other online scams are commonplace. Here's a thread for regular people on how to increase your security online.
#StaySafeOnline

#1
Go to your Google account settings. Revoke permissions from all the apps you don't use: https://t.co/cMGgSgtRTI

Also check if any app has access to your contacts or - gasp! - your entire email. Strongly reconsider both, especially access to your email.

Giving access to your contacts lets companies spam those people.

Giving access to your email - email organising apps, for instance - renders your online security meaningless. Password resets are often done with email, and if an external entity can access that, game over!

#2
Go to your Twitter account settings and revoke permissions from all the apps you don't use or trust:
https://t.co/lXxCgdnaXH

Online quizzes and such sites often ask for permission to post tweets for you, read your tweets, and even your DMs!.

People click "OK" without reading the fine print.

But imagine the security and privacy risk with having some unknown entity be able to post tweets and read your private DMs just to post the results of what Game of Thrones character you are.
INTERNET

You May Also Like

Delilah S. Dawson
Delilah S. Dawson
@DelilahSDawson
So here is a secret: Not everything I write goes anywhere. I have at least 4 books completely written and edited that never went on submission. I have books that stalled out at 20k. I have docs on my computer with opening paragraphs I don't remember writing. But! 1/

Every now and then an idea sticks with me like that corner of tortilla chip that just won't go down your throat. It happened with SPARROWHAWK, which began as 40k of a YA story, died, and was reborn as a comic, thanks to @christopher_j_r and @boomstudios. And now... 2/

It's happening with THE WILLOWS, a short story that you'll see in @UncannyMagazine next year. This Southern Gothic horror story began as an attempt to sell my next Romance to @AbZurdity after the Blud books in 2014 or so. And she didn't buy it. Guess why? 3/

Turns out, it wasn't a Romance! It was Southern Gothic Horror. Even the bones of it screamed strangeness, not sexiness. I loved the taste of the world, but I hadn't found the right story yet. Tried to write it 2 more times and failed. Until I finally understood what it was. 4/

So I took the 50 pages I'd written and cut half of them, twisting the story around from a gothy Romance inspired by the band the Civil Wars and turned it into a spooky descent into madness. And it looked back at me from the abyss as if to say, DUH. Sometimes... 5/
WRITING
Joey Tawadrous \U0001f1ee\U0001f1ea
Joey Tawadrous 🇮🇪...
@joeytawadrous
1) Core attributes of a promising founder worth following:
- Progress/trajectory over time
- How well they lead a team &
- Make the vision happen
- Most impressed when someone is way ahead of where you thought they would be when you check up/see them a few months later.

2) Indie Makers have such a benefit of being small, fast, nimble workers in comparison to big companies.

We can easily pivot and vastly change a project of ours. We can change as we learn more about our users.

Big companies can take months/years for even the smallest of pivots.

3) Before you find a product market you can pivot your project as many times as necessary until you find something that works.

Then you only have one thing to do: scale, scale, scale.

4) Be obsessed with the little details.
- listen to every single person who uses your product
- reply to every single person who emails you about your product
- ask them what they like and do not like
- iterate your product, make changes, pivot if necessary

5) Paul Graham's (@paulg) name came up with a feeling of great admiration! Naturally! It was Paul who said:

In the early stages of a company just;
- write code
- talk/sell to customers to stress test your idea

Nothing else.
STARTUPS
Advertisement
Roger Grosse
Roger Grosse
@RogerGrosse
Important paper from Google on large batch optimization. They do impressively careful experiments measuring # iterations needed to achieve target validation error at various batch sizes. The main "surprise" is the lack of surprises. [thread]

https://t.co/7QIx5CFdfJ


The paper is a good example of lots of elements of good experimental design. They validate their metric by showing lots of variants give consistent results. They tune hyperparamters separately for each condition, check that optimum isn't at the endpoints, and measure sensitivity.

They have separate experiments where the hold fixed # iterations and # epochs, which (as they explain) measure very different things. They avoid confounds, such as batch norm's artificial dependence between batch size and regularization strength.

When the experiments are done carefully enough, the results are remarkably consistent between different datasets and architectures. Qualitatively, MNIST behaves just like ImageNet.

Importantly, they don't find any evidence for a "sharp/flat optima" effect whereby better optimization leads to worse final results. They have a good discussion of experimental artifacts/confounds in past papers where such effects were reported.
MACHINE LEARNING
Learning @ Prakash
Learning @ Prakash
@Prakashplutus
My simple Approach towards Breakout trading :

1. Scan stocks on the basis of FTDB Scanner.

2. Buy stocks with EMA-9> EMA-21> EMA-63 > EMA 200 & Volume 200% up

3. maximum SL of 1.25X ( ATR )

4. I do breakout trading only in Nifty -500 stocks

#StockMarket
#trading
#Nifty
SCREENERS
Enigma
Enigma
@ainittomai
The Eye of Horus. 1/*


I believe that @ripple_crippler and @looP_rM311_7211 are the same person. I know, nobody believes that. 2/*

Today I want to prove that Mr Pool smile faces mean XRP and price increase. In Ripple_Crippler, previous to Mr Pool existence, smile faces were frequent. They were very similar to the ones Mr Pool posts. The eyes also were usually a couple of "x", in fact, XRP logo. 3/*


The smile XRP-eyed face also appears related to the Moon. XRP going to the Moon. 4/*


And smile XRP-eyed faces also appear related to Egypt. In particular, to the Eye of Horus. https://t.co/i4rRzuQ0gZ 5/*
CULTURE