jacob

mekkaokereke, 23 days ago to random

This paper is trash. We do this every few years.

The conclusion is correct (graduate degree holding white men believe the most 'taboo' conspiracy theories), but the reasons it suggests why, are sociology-babble garbage. The real reason is:

• Racism is a lie. To believe in racism, you must believe a set of easily debunkable lies.
• Richer, whiter, maler, more educated populations are not less racist, despite attempts to twist stats to say this. They're more racist.

https://www.salon.com/2024/05/05/believes-the-most-taboo-conspiracy-theories-it-might-not-be-you-think/

1/N

raiderrobert, 26 days ago to random

Please do not roll your own:

• auth
• encryption
• credit card handling
• billing
• databases
• search engines
• file systems
• serialization formats
• date/time handling
• locationalization
• internationalization
• email parsing
• postal address parsing
• software version parsing
• csv parsing
• html parsing
• URL parsing
• ...just stay away from parsing
• floating point math

jacob, 26 days ago to random

Holy shit, 1Password is coming for Okta. Good luck y’all, competition is sorely needed in this space and I’d love to see y’all kick thier butts. https://1password.com/xam/extended-access-management

tilde, 28 days ago to random

My security friends keep asking me what it is that we actually do at Red Queen Dynamics. I just sent this pretty-concise explanation privately. I think it's a reasonably good summary for folks who aren't elbow-deep in this every day of the week.

Security and compliance are difficult. It's hard to understand because it's so convoluted, it's hard to know if you're doing the right thing, and often compliance especially is a big short-term push to get the thing done. We're trying to be an executive functioning prosthesis for this, taking away a bunch of the garbage work like unending spreadsheet checklists, and also the mental overhead of not knowing the right thing to do.

So we made a little app which contains all (most of) our knowledge about security and also maps that to a bajillion compliance frameworks like NIST's cybersecurity for SMB, the defense industrial base's CMMC, and the CIS controls, as well as a bunch of the underwriting checklists for cybersecurity insurance providers. We know that password managers, automatic updates, and phishing-resistant auth are important. Our clients know that they need (ex) CMMC self-attestation and cyber insurance. And we've built this kinda deduplicated knowledge graph of all of that.

We send a question or two a week to everyone in an organization. And those questions are mostly written by me and are human-readable. We ask some calibration questions to know who's who at the org and then send the right people the right questions to get a more-or-less comprehensive human-level understanding of the org's security/compliance posture.

Most people at the org just do this two-minute task a week, and the app compiles all that info, digesting it for their technical leaders or their MSP or whatever. It spits out insights for them like "You said you wanted to get cyber insurance, and here are the three things you can do to get guaranteed good rates and expedited processing." (with the knowledge that they are actually complying with the terms of the policy!), or "You said you wanted to be CMMC compliant, and you still need to make this technical change to get there.", or "You've reached compliance with CIS v8 IGA, would you like to print of a serious-looking PDF self-attestation document to show someone?", or "You said your business has a high ransomware risk, but your backups aren't really ready for that. Here's what to ask your MSP for." or whatnot.

In a nutshell, we've built something which takes like 60-80% of the general-purpose security/compliance expertise of someone like me or @Tarah (or the people who ask me this question), and we make it available to small businesses who absolutely could not afford a couple of hours of our consulting rates. And! We encourage small, consistent, incremental long-term improvement rather than rushed/hurried compliance cram-sessions.

And (mandatory self-promotion 😬) you can sign up today at signup.dynah.net/ or learn more at redqueendynamics.com

jacob, 28 days ago to random

They should have been heroes and announced this ten days ago

(But for serious - great news, finally!)

https://www.washingtonpost.com/health/2024/04/30/marijuana-restrictions-loosen/

jacob, 28 days ago to random

Hi friends, I'm looking for tooling recommendations for doing property testing and fuzz testing in: Ruby, JavaScript/TypeScript, Go, Rust.

In Python, I'd use Hypothesis and Atheris but what are the good tools in those other languages?

I know that AFL++ can be used with targets written in any language, and that's great, but I'm also interested in language-specific tooling, if/where it exists.

Especially interested in personal success — I can Google too but want to know what worked for you.

jacob, 1 month ago to random

Well, I definitely didn't have "nonprofits are bad actually" on my Mastodon Discorse bingo card

foosel, 1 month ago to random

Inspired by @stiftnuersel I decided to finally try to add book binding to my skill set and started with binding both books of 2D6 Dungeon (also a tip by @stiftnuersel).

Especially sewing the paper stacks was incredibly relaxing. I put an audio book on (going through The Stormlight Archive again) and just went for it.

Decided to go with a soft cover. The cardboard came from some deliveries and the fabric from the left overs of an old sewing project.

Quite happy with the result 😊

Template used for creating the sewing holes.
Finished book covered with a black structured fabric.
Leafing through the book.

mariatta, 1 month ago to random

Obvious things conference speakers should do:

• submit a talk proposal
• take a photo/selfie
• write up bio
• give the talk

Not obvious things conference speakers should do:

• update email filter so emails from conference organizers don't end up in spam
• when traveling, plan to arrive at Talk day - 2 days, in case of flight cancellations
• show up at least 30 minutes before the talk slot, not 5 minutes before
• use light mode presentation slides (light bg, dark text)

anything else?

glyph, 1 month ago to random

I saw someone ask the other day what the kernel panic screen looks like on Apple Silicon, and I realized that I wasn't sure I'd seen a panic at all on my M1; a far cry from my frequent acquaintance with the "You need to restart your computer" screen. Felt good, for a moment, about the improvements to reliability.

Today I achieved a kernel panic by accidentally appending to a BytesIO in Python unit test in a loop. (What this looks like is "full-screen magenta flash for one frame, then reboot.)

jacob, 1 month ago to random

Holy shit this is incredibly good news https://www.ftc.gov/news-events/news/press-releases/2024/04/ftc-announces-rule-banning-noncompetes

jacob, 1 month ago to random

This probably doesn’t mean anything but if it means something it means something HUGE (via r/dropout)

krusynth, 1 month ago to random

Working on a new t-shirt design. What do y'all think?

jacob, 1 month ago to random

Funny joke but also one of the most terrifying things to ever happen to be in the backcountry was getting chased by a swimming moose. She was way faster than we could possibly canoe, and if she hadn’t changed her mind and let us go things could have gone really bad
https://mastodon.world/@obtener/112321499081622273

jacob, 1 month ago to random

OH: "I wish it were easy to recruit, into nonprofit fundraising, people who are into FinDom”

jacob, 1 month ago to random

Holy shit, Conan O’Brian on Hot Ones was … holy shit what the hell was that. I don’t know what I was expecting but … holy shit! Talk about committing to the bit - Conan didn’t commit to the bit, he fucking pledged his immortal soul to the bit. I’ve never seen anything quite like that.

andybaio, 1 month ago to random

Today's my birthday, and all I want is YOUR CLIPBOARD! Hit reply and paste—NO EDITING! ✂️📋🎉

jacob, 1 month ago (edited 1 month ago) to random

Good analogy that came up in my team meeting today:

Buying security tooling is a bit like buying exercise equipment. The marketing hype is that simply buying the equipment will make you stronger, but of course that's not true. It could help, sure, but you still gotta put in the work.

llimllib, 1 month ago to random

When people named files "utils", or data types "data", I like to imagine that they twirled their snidely whiplash mustaches as they did it

bitprophet, 1 month ago (edited 1 month ago) to random

Auto insurance doubled vs last year for no apparent reason? WTAF.

A quick search finds that sure, things are "more expensive” and "rates are skyrocketing”…to the tune of “nearly 15-20% in some states!” OK, that's not 100 fucking percent, is it?

No other obvious reasons for rate hikes apply: same car, same state, same driver, no accidents, no DUIs, etc.

Agent chat time, I guess.

gvwilson, 1 month ago to random

A New Stack: https://third-bit.com/2024/04/18/a-new-stack/ (feedback is greatly appreciated. email is greatly preferred)