Desert Nomad, First Responder, Reverend, Intelligence Analyst, Computer Expert, Cowboy, Sorcerer, Metaphysician, Polymath.

  • 1 Post
  • 46 Comments
Joined 1 year ago
cake
Cake day: October 4th, 2023

help-circle
  • Elias Griffin@lemmy.worldtoPrivacy@lemmy.mlThreat Modelling 101
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    4 months ago

    I just happened upon this thread and security of all types is my specialty so I just wanted to say that nothing here is personal. I’m trying to be helpful giving folks “actual security” as in not “better than putting passwords in plain text files”. Lazy idiots will be lazy idiots with Keepass as well. I can’t tell you how many stories I’ve heard from colleagues that those people aforementioned just put the main Keepass password in a plain text file.

    I upvoted the OP and your reply for bringing TM novelty and awareness.

    I do see what you’re going for, but the mitigations you wrote can be found everywhere on the Internet for over a decade. It’s average commodity information combined with that fact that we are not more secure these days, but less secure in 2024 that ever.

    In the case of password databases, this is de facto less secure than paper and pencil, which is not extreme by any measure and actually takes little effort.


  • Elias Griffin@lemmy.worldtoPrivacy@lemmy.mlThreat Modelling 101
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    4 months ago

    Quadhelion Engineering Corrected Mitigation Strategies:

    • Never use an electronic password manager, use index cards and an art quality graphite pencil instead
    • The loss, hack, crack, or malfunction of a MFA device can be absolutely devastating. Use with caution and sync three of them, 1 of them kept in a firesafe at all times
    • Never regurlarly update all software and devices, choose your updates and choose your timing depending on your environment and posture instead
    • Never be reliant upon an electronic home security system and lock devices (if they get that far, major damage has occured), use a Rottwieller, Great Dane, Mastiff, German Shepard, or Akita (never Pitbulls or Dobermans) alongside yourself with non-lethal weapons until lethal force is used upon you, instead

    You asked and the Non-lethal (Less-Lethal) Weapons Industry has delivered. Pepper ball guns, Radically Improved Tasers, Electrical Stun Devices, Batons, Kubatons, Pellet Guns, ColdSteel Brooklyn Smasher, Slings, and also you may not think unless you played, Paintball Guns, big nasty bruises at medium range if only wearing a T-Shirt.



    • Women hide thier skin, lips, and age
    • Men hide thier jawline with beards and their insecurities are buried so well, they forget it themselves as a defense mechanism hoping the mental/emotional weakness will “heal” by next confrontation
    • Humans hide thier weakness,
    • Thier competitive business plans
    • Patents until they are published
    • Who are you falling in love with at the start
    • Exactly how much you are attracted to a person
    • Who you have a crush on
    • Your answer to a $10,000 competition
    • Your lottery ticket
    • The location of your gold and gun
    • The location of your child when allowed online
    • Whether someone is away from home for extended periods of time, you leave the lights and TV on.
    • Inventions until it’s marketed
    • Science Fair Project until it’s unvieled
    • Presents until they are opened
    • Your private parts
    • Your private thoughts on your marriage

    Have you ever grabbed a childs private parts? NO of course not, because you INNATELY UNDERSTAND even though you are not a parent and don’t remember being one yourself. In fact you understand it so well that if you were to do so publcally, you’re putting your life at risk.

    CONCLUSION: Privacy is natural and helps give confidence and security to an individual but they want access to your weaknesses and privates anyway.

    EVIDENCE: Privacy Violation is a specific tactic meant to break people …IN PRISON…since they begining of time, Gulags.

    P.S. Stop showing nude baby pictures at reunions to those that did not raise or grow up with the child in the family who already saw them naked, and only while they are still a child and not a teenager, otherwise that is a serious privacy violation. In fact, just don’t take the picture, where did you even get that you lazy lubricated louse.



  • Elias Griffin@lemmy.worldOPtoTechnology@lemmy.worldAI Loophole #1; Your GitHub README.md
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    5 months ago

    Thanks for all the comments affirming my hard working planned 6 month AI honeypot endeavouring to be a threat to anything that even remotely has the possibility of becoming anti-human. It was in my capability and interest to do, so I did it. This phase may pass and we won’t have to worry, but we aren’t there yet, I believe.

    I did some more digging in Perplexity on niche security but this is tangential and speculative un-like my previous evidenced analysis, but I do think I’m on to something and maybe others can help me crack it.

    I wrote this nice article https://www.quadhelion.engineering/articles/freebsd-synfin.html about FreeBSD syscontrols tunables, dropping SYN FIN and it’s performance impact on webhosting and security, so I searched for that. There are many conf files out there containing this directive and performance in aggregate but I couldn’t find any specific data on a controlled test of just that tunable, so I tested it months ago.

    Searched for it Perplexity:

    • It gave me a contradictorily worded and badly explained answer with the correct conclusion as from two different people
    • None of the sources it claimed said anything* about it’s performance trade-off
    • The answers change daily
    • One answer one day gave an identical fork of a gist with the authors name in comments in the second line. I went on GitHub and notified the original author. https://gist.github.com/clemensg/8828061?permalink_comment_id=5090233#gistcomment-5090233 Then I went to go back and take a screenshot I would say, maybe 5-10 minutes later and I could not recreate that gist as a source anymore. I figured it would be consistent so I didn’t need to take a screenshot right then!

    The forked gist was: https://gist.github.com/gspu/ac748b77fa3c001ef3791478815f7b6a

    [Contradiction over time] The impact was none, negligible, trivial, improve

    [Errors] Corrected after yesterday, and in following with my comments on the web that it actually improves performance as in my months old article

    1. It is not minimal -> trivial, it’s a huge decision that has definite and measurable impact on todays web stacks. This is an obvious duh moment once you realize you are changing the TCP stacks and that is hardly ever negligible, certainly never none.
    2. drop_synfin is mainly mitigating fingerprinting, not DOS/DDoS, that’s a SYN flood it’s meaning, but I also tested this in my article!

    Anyone feel like an experiment here in this thread and ask ChatGPT the same question for me/us?


  • Elias Griffin@lemmy.worldOPtoTechnology@lemmy.worldAI Loophole #1; Your GitHub README.md
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    5 months ago

    Your rapacious backwards insult of caring is gross and obvious. You called me “my dude” like a teenger whose chill, and calm, and correct, but just …a child and wrong in the end. How old are you child? My Lemmy profile is my name with my Seal naturally born March 4th, 1974 as Elias Christopher Griffin. I’ve done more in my life than most people do in 10. My mental health is top 3% as is my intellect.

    You are an un-named rando lemmy account named “catloaf” who averages 16 posts a day for the past 4 months with no original posts of your own because you aren’t original.

    I make only original posts. You seem nothing like a real person. Want to tell us who you are? What makes you special, outside of the mandated counseling you recieve or data models you intake?

    You know what, no one takes what you say seriously loaf of cat, I certainly didn’t, don’t, and won’t. Here is space for your next hairball



  • I also just realized why I’m getting heat here, lawsuits.

    I just gave legal cause that practice was not properly disclosed by Microsoft, abused by OpenAI, a legal grounds as a README.markdown containg code as being software, not speech, integral to licensed software, which is covered by said license.

    If an entity does find out like me your technical writing or code is in AI from a README, they are perhaps liable?



  • Elias Griffin@lemmy.worldOPtoTechnology@lemmy.worldAI Loophole #1; Your GitHub README.md
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    5 months ago

    The comments so far aren’t real people posting how they really feel. An agenda or automata. Does that tell you I’m over the target or what?

    Look my post is doing really well on the cyberescurity exchanges. So to all real developers and program managers out there:

    Recommend the removal of any “primary logic” functional code examples out of your README.md, that’s it.

    PSA, Here to help, Elias



  • Discussion Primer: From my perspective and potential millions of others, the readme is part of the software, it is delivered with the software whether zip, tar, git. Itself, Markdown is a specifiction and can be consider the document as software.

    In fact README is so integral to the software you cannot run the software without it.

    Conclusion: I think we all think of readme, especially ones with examples of your code in your readme, as code. I have evidence AI trains on your README even if you tell it specifally not to use readme, block readme, block markdowns, it still goes after it. Kinda scary?

    I want everyone else to have the evidence I have, Science.









  • Microsoft and Apple pervasively install thier entire platform in their Operating Systems so you can’t just have what you need to have on one of their computers, you have the buy the whole platform.

    The Linux Eco-system is valued at $100 Billion, has nearly 40 million LoC, and is now Global Mega-Corp Consortium Funded. Link to Linux Foundation Financial Report 2022, “Read The Report”, Page 13.

    Top Sponsors:

    • Microsoft
    • Meta
    • Intel
    • Oracle
    • Tencent
    • Huawei
    • Fujitsu
    • Hitachi
    • Ericsson
    • Samsung
    • NEC
    • Qualcomm
    • VMWare (Now Broadcom)

    Notable Second Tier Sponsors:

    • Blackrock
    • WeBank (Facial Recognition only Chinese Bank)
    • Google
    • Alibaba Cloud

    Notable Third Tier Sponsors:

    • Apple

    If we are headed for a global AI monolith or Bladerunner type future, it will surely run on Linux! It’s everywhere and Linux will never again be steered by the community.

    Instead use and help make successful any Indie Operating System like Haiku, Aero, or Minix3 instead of literally working as the tinniest cog ever for a Global Mega-Corp Consortium.

    You can also just use GhostBSD which is a superb Desktop BSD experience based off of stable FreeBSD that installs and works like Mint. Control your own kernel and everything about your BSD with NetBSD. Now is a great time to get into BSD with NetBSD 10 RC1. Learn it now and you’ll have an OS that when released does only what you want it to do.

    Finally there is the fastest BSD, Dragonfly. I made a Dragonfly BSD setup script that will turn a $250 2019 Thinkpad T495 into a lightning fast programmer workstation that does only what you want it to, and hardened. It never even makes one call out to the internet unless you typed the command in or allowed it beforehand.

    If you insist on using Linux, then use a distro with an independent kernel that let’s them know you would not like the Linux kernel which has been badly managed by the Dictator Linus, globally taken over.

    1. Chimera
    2. Void
    3. Alpine (Works excellent as a Desktop)