Some developer named Bob who wants to write in the Indieweb and the Fediverse, and therefore has a blog that supports both ActivityPub and Webmentions.
My original content is unless otherwise specified, or unless derived from incompatibly licensed works.
- Matrix
- Keybase
My Twitter account had been locked for something like 2 years.
It is now gone.
And aside from the occasional in-video references to it, the links have been removed from my YouTube channel.
FYI, I've been keeping a list of the papers I see that demonstrate the most to me that COVID-19 is not something to be sneezed at. In fact, it should be avoided as much as possible.
If you're searching for an article to demonstrate that COVID-19 is bad for a particular part of your body, or that a particular protective measure is actually useful, this list may help:
Ok, here's the deal on the "YubiKey cloning attack" stuff:
Yes, a way to recover private keys from #YubiKey 5 has been found by researchers.
But the attack *requires*:
👉 *physically opening the YubiKey enclosure*
👉 physical access to the YubiKey *while it is authenticating*
👉 non-trivial electronics lab equipment
I cannot stress this enough:
✨ In basically every possible scenario you are safer using a YubiKey or a similar device, than not using one. ✨
@tess Yuuuup. I had this actual convo.
ME: So we shouldn't worry about Skynet?
MY FRIEND THE ALGO EXPERT: (laughs) No.
ME: But we should worry that an insurance algorithm might kill someone by denying them care.
MY FRIEND: (instantly serious) Oh yeah. That is definitely already happening.
I propose: pw;dr to mean “paywall, didn’t read”
It's time! @BSidesNYC 2024 is happening, and so is Pros V Joes! We are going to be onsite, it's going to be awesome, and we want YOU to sign up as a Joe or a Pro!!
Apply here!! Apply now!!
Pro reg: https://forms.gle/68pwNwQARzPMuMjY7
Joe reg: https://forms.gle/MaHcxPg9nZPDv98X9
We asked 1,000+ attendees to mask indoors this weekend, and everyone just did. I didn’t have to stop and remind a single person the entire 3 days.
There were definitely gaps in the policy, the risk wasn’t reduced to zero, but if anyone is wondering if it’s possible for events and large gatherings to make reasonable accommodations to reduce the risk of spreading COVID, it absolutely is, we proved it, and your event should be doing it too.
I just got this answer from Google AI. This isn’t a photoshop or a joke. This is a product being offered by one of the biggest and most influential companies in the world, demonstrating this paradigm-shatteringly important new technology. 🤦♀️ #mazeldon
The advent of LLMs masquerading as artificial intelligence has made the notion of an absurdly powerful computer, constructed at great expense, and given unseemly resources to answer a meaningful question, only to return the answer “42”, feel more and more prophetic.
I'm going to prove a point and you're going to help me.
If you're a member of the information security and/or cybersecurity profession, and you have clicked on a phish in the last, say, five years, share this post. If you have not, star this post.
Someone's trying to say that you can punish people out of clicking on scam links and I say that not only can you NOT prevent phishing by punishing people, but the most skilled #infosec and #cybersecurity people in the world can and do get phished as well.
One thing I'll say as far as switching to Linux... It's been a while since I did a Windows setup, and man are the two utterly different worlds.
Linux: "Hey, should we do third party drivers?"
Windows: "Hey, can I use your location data? What about stuff for advertising? What about your browser history? You know this would be more useful if we had your Microsoft login. Hey can we grab your browser history from Google?"
Dude.
how to browse the web in 2024
1. open site
2. close email subscription pop up
3. close push notifications
4. dismiss cookies pop up
5. dismiss the request for your location
6. close the "did you find what your were looking for?" dialog
7. apologize to those around you for the loud swearing
8. try to remember why you opened the site in the first place
A thought that has occurred to me, as I head to bed a few hours later than I should have:
There was probably a period of time after I had some interest in cryptography and before they were discontinued in 2018 during which, if it had occurred to me, I would have bought a pack of Certs mints because of the name. There are enough people in the world that I might not be the only one.
On the Polyfill supply-chain attack:
Interestingly, whoever controls the official Polyfill Twitter account claims defamation - but their "we have no supply chain risks because all content is statically cached" seems like wilfull misunderstanding of the question.
https://x.com/Polyfill_Global/status/1805923380857897277
This does appear to be the official Twitter account, since they commited this validation link to their GitHub README a few hours ago (well, or at least the same entity has current control of both):
https://github.com/polyfillpolyfill/polyfill-service/commit/41a4cfc259d371ce8055d3e0702f230019bc7731
The original breakdown looks pretty incriminating:
https://sansec.io/research/polyfill-supply-chain-attack
@simon has great coverage here, including noting that the original author said months ago that people should move off it immediately, that that author works at Fastly, and that they have a drop-in replacement:
https://simonwillison.net/2024/Jun/25/polyfill-supply-chain-attack/
May have been traced to a single actor across multiple platforms:
Namecheap suspended their domain, but they have returned as .com (but may have also then been taken down):
https://www.theregister.com/2024/06/28/polyfillio_cloudflare_malware/
News coverage:
- https://thehackernews.com/2024/06/over-110000-websites-affected-by.html
- https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-websites-all-you-need-to-know
- https://cyberinsider.com/polyfill-js-supply-chain-attack-affects-over-100000-websites/
- https://news.ycombinator.com/item?id=40791829
- https://www.bleepingcomputer.com/news/security/polyfillio-javascript-supply-chain-attack-impacts-over-100k-sites/
- https://www.theregister.com/2024/06/25/polyfillio_china_crisis/
- https://www.bleepingcomputer.com/news/security/cloudflare-we-never-authorized-polyfillio-to-use-our-name/
- https://www.veracode.com/blog/security-news/polyfill-supply-chain-attack-what-it-and-how-know-if-youre-affected
- https://www.bleepingcomputer.com/news/security/polyfill-claims-it-has-been-defamed-returns-after-domain-shut-down/
- https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet
- https://blog.qualys.com/vulnerabilities-threat-research/2024/06/28/polyfill-io-supply-chain-attack
- https://www.securityweek.com/polyfill-domain-shut-down-as-owner-disputes-accusations-of-malicious-activity/
- https://www.theregister.com/2024/06/28/polyfillio_cloudflare_malware/
If you have symptoms, stay home. Then test two days later.
“If a person with #COVID19 tests immediately with a rapid test when symptoms emerge, they receive a false negative as much as 92% of the time. Waiting two days after symptoms brings that rate down to 70%… Our symptoms are happening sooner, but it takes longer to reach enough virus in your body for it to be detectable.”