elias_griffin

joined 1 year ago
[–] [email protected] 1 points 1 week ago

Plus, check this out. The platform says I have 12 followers but only 4 show up. Major problems over there.

[–] [email protected] 6 points 1 week ago

I think the author was too generous, the majority of signups are bots/AI mixed with super casual side accounts. 2.2 million Brazilians sign-up in a couple days? I call bullshit. Even if that were true, they signed-up and don't use it. Why do I believe that?

It's because the awesome account I follow Quanta Magazine gets 20 hearts/likes/whatever and often less than 10, with 0 or 1 comment. Super weak interaction across the whole platform if you check out accounts that should be popular.

[–] [email protected] 1 points 1 week ago

Great point, thought the same thing myself. The Athena repo works well on CachyOS for example. Thanks for the input.

[–] [email protected] 2 points 1 week ago

I think Debian was one of the first major Linux distros to fully implement full PIE and ASLR and is probably the most robust implementation. The only downside in my mind to Debian is the target size, opportunity gain, huge. Thanks for your comment.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago)

Whoa, the downvotes are real! I had to slice up that title text and render it to path for the 3D effect, took forever, was like 30 layers. It took forever to get it just right and replacing Mastodon with "Lemmy" was just too much work. Was that it? I don't get it ;)

 

I'm polling on disparate platforms and Mastodon has very healthy Cybersecurity Communities so that's why I'm posting that graphic.

Please comment with your daily driver host OS if you'd like and even better why you chose it. I'll add them all up and post the results back here.

If you'd like to vote on Mastodon the link is https://infosec.space/@wravoc/113411504241010388 with only two days left.

"Other" leads at 38% and I have a feeling it's all the Debian based distros, yeah? I did not have room on the don for Athena OS but I would have.

Expanded List:

  • Windows
  • Mac
  • Kali
  • Parrot
  • Fedora
  • Secureblue
  • Kicksecure
  • Whonix
  • Qubes
  • Alpine
  • OpenBSD
  • AthenaOS
  • Backbox
  • Black Arch
  • Tails
  • Pentoo
  • SigintOS
  • FreeBSD

And remember, Hackers aren't Crackers!

[–] [email protected] 2 points 4 months ago

If you'd like real knowledge, insights, and explanations of the Spy game, one of the best ever imo and so little have seen it, an NSA Signals Intelligence Analyst gave a talk at a conference about the German v Russian Spying during the Cold War from his experience.

That NSA Analysist is named Bill Scannell because, well, it's a circus. https://www.youtube.com/watch?v=8x_yL12dJjI

[–] [email protected] 1 points 4 months ago (1 children)

Hah! I took that in two meanings one of which is in the John le Carré sense, "The Circus" being the nickname for MI6. It always seemed to stick in my mind though that the whole Nation-State Intellgence Spycraft Game is a Circus, full of theater and dangerous clowns. He even said something akin to that in The Secret Pilgrim (1990) which although not as entertaining as Tinker Tailor Soldier Spy (1974) it is much more revealing about Spycraft...if any of it true.

He did say it was "Fiction from start to finish" but also he worked at MI5 and MI6 and you'd expect him to say that.

What Spies Really Think About John le Carré

The British novelist didn’t just write about the world of intelligence. He changed it forever.

[–] [email protected] 3 points 4 months ago* (last edited 4 months ago) (2 children)

I just happened upon this thread and security of all types is my specialty so I just wanted to say that nothing here is personal. I'm trying to be helpful giving folks "actual security" as in not "better than putting passwords in plain text files". Lazy idiots will be lazy idiots with Keepass as well. I can't tell you how many stories I've heard from colleagues that those people aforementioned just put the main Keepass password in a plain text file.

I upvoted the OP and your reply for bringing TM novelty and awareness.

I do see what you're going for, but the mitigations you wrote can be found everywhere on the Internet for over a decade. It's average commodity information combined with that fact that we are not more secure these days, but less secure in 2024 that ever.

In the case of password databases, this is de facto less secure than paper and pencil, which is not extreme by any measure and actually takes little effort.

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (5 children)

Quadhelion Engineering Corrected Mitigation Strategies:

  • Never use an electronic password manager, use index cards and an art quality graphite pencil instead
  • The loss, hack, crack, or malfunction of a MFA device can be absolutely devastating. Use with caution and sync three of them, 1 of them kept in a firesafe at all times
  • Never regurlarly update all software and devices, choose your updates and choose your timing depending on your environment and posture instead
  • Never be reliant upon an electronic home security system and lock devices (if they get that far, major damage has occured), use a Rottwieller, Great Dane, Mastiff, German Shepard, or Akita (never Pitbulls or Dobermans) alongside yourself with non-lethal weapons until lethal force is used upon you, instead

You asked and the Non-lethal (Less-Lethal) Weapons Industry has delivered. Pepper ball guns, Radically Improved Tasers, Electrical Stun Devices, Batons, Kubatons, Pellet Guns, ColdSteel Brooklyn Smasher, Slings, and also you may not think unless you played, Paintball Guns, big nasty bruises at medium range if only wearing a T-Shirt.

[–] [email protected] -4 points 4 months ago* (last edited 4 months ago)

The Kremlin is obviously a Mosque. Pooty-poo's BFF and primary assassin (word origin, Muslim) is Kadyrov, a Muslim. St. Petersburg at one time held the highest Jewish metropolitan population in the world. It says it's Christian but Patriarch Kirill likes to wear Rolex and is covered in tattoos.

Russia has had uninterrupted continuous control of the North Pole, the geographic center of Nation State power (Northern Hemisphere), probably since 900, and brags about this fact and the fact they can destroy the whole world with nuclear technology making it the primary terrorist, by definition, in the world.

Russia invented the modern prison industrial complex, the Gulag. Russia invented Nation-State PyOps. Russia had for nearly a century or more, total control of Afghanistan, the first place where Marijjuana was cultivated, same parallel/latitude as Humbolt County California. Afghanistan, also one of the first places were Poppy Fields were cultivated en-masse. Academic Historians will say Russia failed there, I say the opposite.

Now here is something wierd and fun to investiage for internet slueths!

If you are an internet afficionado you've noticed over two decades that Google and nearly all other search engines routed all conspiracy theories to really one place, Godlikeproductions. In this place, this forum, run out of the island Nation of Jersey, which is self governing....you cannot post two words, "Tavistock", the British The Tavistock Institute and "Bolshevik" as in Revoluion. Don't believe me, try it yourself.

Spending a couple hours reading that legendary conspiracy forum you'll notice two things: It loves Trump and Russia. If you go against either of those things there, your logical argument will be minimzed/trivialized, your life threatened, and reputation ridiculted, sometimes with very personal insults. You can just read/lurk and see how many times a life threat is made in one day on that site.

If nothing else, it's a fantastic study in psychology as it's visited daily by people all over the world. Try to see how many other words are banned!

P.S. I was one of the people responsible for the Call of Duty: Know Your History, Commercial

;)

[–] [email protected] 0 points 4 months ago

In fact just the other day information wanted a ham sandwhich before I set it free so it could find more people not on an empty stomach :/

[–] [email protected] -1 points 4 months ago* (last edited 4 months ago) (2 children)

Copyright Infringment strawman argument. When considering AI, we are not talking legal copyright infringement in the relationship between humans vs AI. Humans are mostly concerned with being obsoleted by Big Tech so the real issue is Intellectual Property Theft.

artificial INTELLIGENCE stole our Intellectual Property

Do you see it now?

78
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/[email protected]
 

I used to be the Security Team Lead for Web Applications at one of the largest government data centers in the world but now I do mostly "source available" security mainly focusing on BSD. I'm on GitHub but I run a self-hosted Gogs (which gitea came from) git repo at Quadhelion Engineering Dev.

Well, on that server I tried to deny AI with Suricata, robots.txt, "NO AI" Licenses, Human Intelligence (HI) License links in the software, "NO AI" comments in posts everywhere on the Internet where my software was posted. Here is what I found today after having correlated all my logs of git clones or scrapes and traced them all back to IP/Company/Server.

Formerly having been loathe to even give my thinking pattern to a potential enemy I asked Perplexity AI questions specifically about BSD security, a very niche topic. Although there is a huge data pool here in general over many decades, my type of software is pretty unique, is buried as it does not come up on a GitHub search for BSD Security for two pages which is all most users will click, is very recent comparitively to the "dead pool" of old knowledge, and is fairly well recieved, yet not generally popular so GitHub Traffic Analysis is very useful.

The traceback and AI result analysis shows the following:

  1. GitHub cloning vs visitor activity in the Traffic tab DOES NOT MATCH any useful pattern for me the Engineer. Likelyhood of AI training rough estimate of my own repositories: 60% of clones are AI/Automata
  2. GitHub README.md is not licensable material and is a public document able to be trained on no matter what the software license, copyright, statements, or any technical measures used to dissuade/defeat it. a. I'm trying to see if tracking down whether any README.md no matter what the context is trainable; is a solvable engineering project considering my life constraints.
  3. Plagarisation of technical writing: Probable
  4. Theft of programming "snippets" or perhaps "single lines of code" and overall logic design pattern for that solution: Probable
  5. Supremely interesting choice of datasets used vs available, in summary use, but also checking for validation against other software and weighted upon reputation factors with "Coq" like proofing, GitHub "Stars", Employer History?
  6. Even though I can see my own writing and formatting right out of my README.md the citation was to "Phoronix Forum" but that isn't true. That's like saying your post is "Tick Tock" said. I wrote that, a real flesh and blood human being took comparitvely massive amounts of time to do that. My birthname is there in the post 2 times [EDIT: post signature with my name no longer? Name not in "about" either hmm], in the repo, in the comments, all over the Internet.

[EDIT continued] Did it choose the Phoronix vector to that information because it was less attributable? It found my other repos in other ways. My Phoronix handle is the same name as GitHub username, where my handl is my name, easily inferable in any, as well as a biography link with my fullname in the about.[EDIT cont end]

You should test this out for yourself as I'm not going to take days or a week making a great presentation of a technical case. Check your own niche code, a specific code question of application, or make a mock repo with super niche stuff with lots of code in the README.md and then check it against AI every day until you see it.

P.S. I pulled up TabNine and tried to write Ruby so complicated and magically mashed, AI could offer me nothing, just as an AI obsucation/smartness test. You should try something similar to see what results you get.

 

I revised the title many times. Am I giving the impact breadth of what it could be without veering into click-bait?

Bluetooth Low Energy MESH Network, it is built into the OS without any noted country exemption. Although there be will many air gaps, that is not what I mean.

https://www.apple.com/newsroom/2024/05/apple-and-google-deliver-support-for-unwanted-tracking-alerts-in-ios-and-android/

Some questions that came to mind reading it?

  • Can China even pull it out of the OS for good measure, hack it?
  • Even with topology of some enable, others disable, others wanting security will be reading bluetooth MAC addresses of un-consenting, disabled, for tracking of others whom have enabled, even if they are not being targeted. See below screenshots from the Internet Engineering Task Force presentation.
  • Is the Bluetooth freqz and combinatory fields bio-active in any regard of it's function? Do plants stay healthy around "high intake" Bluetooth whatever that may be?
  • They mentioned other devices and Industry being involved, how many devices to we expect to also use this protocol in the future?
  • If we mapped it out, all of these devices thus operating, mapped out of the whole network with a Supercomputer, real-time, how much energy do you think it would be? How many BLE pulses per second, in a busy metropolitan area?
  • Who pushed for this TRACKING NETWORK I will be partcipating in whether I like or NOT (uptake)?
  • Where was the pre-planning market and socio-economic research on this presented beforehand?
  • If entities very intent on tracking you, will just disable/refuse the protcol, then why instead would Apple and Alphabet whom introduced the vulnerability, just ...make thier own implementation secure?

So we're going to skip this useless marketing-speak on 9to5 Mac - Here’s how the new Cross-Platform Tracking Detection works in iOS 17.5

As far as I can tell, there is nothing that says it doesn't perform assessment of the MAC address in range, all of them, for "your" security of course. In fact, it seems in line with what they want to accomplish: Track all the trackers? Later safeguard them with a "Safefilter" online database check when Phone starts?

Did I get it wrong?

 

I was a big Markdown fan. I think what finally broke me out was list formatting of mixed types, differences in formats across my repo servers, TOC generation software I was using broke, and no good editors suitable for my tastes for asciidoc that are available on BSD or Alpine Linux.

However, I found out that gedit natively supports adoc and even colors the admonitions. Excellent!

All the guides seem to be too skimpy, not robust enough, or out of order. I like to create as I read.

  • Comes with the adoc used to generate the guide and a PDF version.
  • Recommends editors with native asiidoc support.
  • Gives a comprehensive header "template".
  • Enables experimental features, admonition icons, and code highlighting.
  • Shows the best read/write table syntax missing from the official guide.
  • Corrects two errors in the official guide.

Did you know Asciidoc has a counter increment function?

Although it gives a warning saying not to use if possible, I found it works well for simple tasks.

Enjoy.

https://www.quadhelion.engineering/guides/AsciiDocCheatSheet.html

 

Science is what is, which requires nor benefits from belief. Adding a belief layer is interpreting, exploitable, and leads to believing untrue things as true (Science).

Reduced Logical Form: I believe what is (true) = Oxymoron

Oxymoron: A rhetorical figure in which incongruous or contradictory terms are combined

Explainer: It is impossible to believe what is true.


---Highly Related---


Question: 1 - Is it true or false?

Hint: Is/must/can the number/digit/integer 1 (one) be boolean in [all] cases? What are the conditions in which 1 is false?

Test from OCaml: if 1 then true else false;;

Theorem Pseudocode: if (1 = true) && (2 = 1 + 1) && (2 = true && true) then [true +& true +& ...] = true else nothing else matters

Note my recursive application to all other numbers/physics and inference that if 1 is not true, nothing is true

Postulation: All positive integers are true

8
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

This post with embedded music/videos in one blog page

Groking

White Hat

Frida - I Know There's Something Going On, Bladerunner Mix https://soundcloud.com/thebladerunners/frida-i-know-theres-something

Black Hat

VLF Electro https://soundcloud.com/microdosepromotions/sets/wook-chamers

Gray Hat

Dark + Light Electro https://soundcloud.com/xenondream/do-it-to-it-xenondreamix

Battle

CISA NCISS CODE BLACK – 12 minutes until people die https://soundcloud.com/lil-chromosome-unofficial/andrew-hulshult-davoth-doom-eternal-the-ancient-gods-part-2-extended-gamerip

CISA NCISS CODE RED - 11 minutes, 11 seconds until people lose it https://www.youtube.com/watch?v=vwUejFGol9E

Aftermath

A. Against all odds, you WON in near perfection, and you knew you would; Let us bask in your glow. https://www.youtube.com/watch?v=lEr8Gfa-hsk

B. Against all odds, you WON utilizing any/all available means, and it was chaos the entire time; Let us be in awe of you. https://www.youtube.com/watch?v=_PlSTjgcpa8

Apologies for music that could only be found on YT

✳️ Add your music+-scenario! ✳️

 

Related:

Major cyber attack could cost the world $3.5 trillion - Power Grid, Internet Outage

The one database/file/zip to save humanity, what is it?

Show Lemmy the downloadable URL of a Database or AI you know of so we can have a local backup copy that will improve the resilience and availability of Human Knowledge.

Given the state of AI being Corporatized I think we could definitely use links for whatever comes closest to a fully usable Open Source, fully self-contained downloadable AI.

Starter Pack:

★ Lemmy List

Databases

AI

 

I'm personally motivated in a non-commercial way to supply everyone with as much cybersecurity as possible in the interests of civlization, especially now. I've just finished what I wanted to releae as "set" 2 days ago and it's time to announce them.

I'm the former Web Application Security Team Lead for the National Computer Center, Research Triangle Park, having been contracted to the EPA by the now defunct Computer Sciences Corporation.

If you have some extra hardware not really being used I would suggest perhaps a great use of it would be to create yourself a hardened platform, just in case, to protect your sensitive data on an emminently stable platform going forward.

Maybe you've always wanted to try a BSD, well now is a great time to do that. They are super stable, super reliable, community drive, and you are in control of everything.

I would also like to mention that if you'd like to go extra hard consider Hardened BSD. Another alternative is using grsecurity/PaX kernel patched Alpine Linux as a Desktop choosing crypt full disk encryption during setup + AppArmor.

Just as an example you can get your hands on a $250 Thinkpad T495 and installing GhostBSD on it is as simple to setup as Linux Mint and runs as fast as a brand new 2023 Windows laptop. If you choose Dragonfly BSD, the fastest BSD, on a T495 (the lastest year fully BSD compatible laptop), my repo will completely configure it for you, complete with all applications needed for a professional developer.

In addition to that I've created a Network Based Firefox hardening solution that wipes the extremely profitable, For-Profit, Mozilla Corporation off your Internet and easily combines with Arkenfox. It removes Mozilla servers from being contacted by any application or service on your machine and does not interfere with web page rendering.

I've created my own Git Repository using Gogs (which Gitea is based on) where you can get all the goods here:

Latest Software

https://quadhelion.dev

Main Website

https://www.quadhelion.engineering

About

https://www.quadhelion.engineering/about.html

Backup GitHub

https://github.com/wravoc

Backup BitBucket

https://bitbucket.org/quadhelion-engineering/workspace/repositories/

 

Hello everyone!

Former Security Team Lead at the National Computer Center here. I'm a Security Professional with decades of experience in most Operating Systems and Web Applications.

Recently I've gotten weary of the Global Mega-Corp $100 Billion Linux Eco-System, which still manages to provide an unstable OS experience. I've turned my attention to the rock solid and predictable BSD/Unix world whenever I can use them.

I've created security hardending scripts for most BSDs except for NetBSD which is next in line. What would normally take an experienced SysAdmin an hour to complete, covering kernel mitigations, file system permission, daemon permissions, password encryption, etc can be done in seonds by a new user, with conf file verifications, backups, logging, and pretty printing the output to console.

  • FreeBSD
  • GhostBSD
  • DragonflyBSD
  • OpenBSD

For Dragonfly BSD, the fastest BSD, with a filesystem in the news lately that recovers itself and provides automatic snapshots down to the file level, I went ever further and created a rice for it using AwesomeWM. You are in luck if you have a Thinkpad T495 because I also wrote a full installation script for it for DF!

In addition to that I did it right and got explicit permission for Logo use or attained sponsorship and included the Wallpaper+Icon pack you see above.

You grab it all for my free on my self-hosted git repo for free at: https://quadhelion.dev/

Although I use a custom License which is somewhere between copyleft and copyright, it is generous enough to allow you to accomplish whatever task you wish and provide protections for my work and future oppourtunities for me.

I'm not liking the direction GitHub is going but you can find my work there: https://github.com/wravoc

I hope you find it useful and you are free to ping me here or write to my email listed on the main website page with any concerns.

Thanks,

  • Elias
  • @wravoc
  • @erogravity
view more: next ›