This is the story of D3f4ult from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made.
I've heard #cybersecurity experts often say that passwords are more secure than #biometrics, one of the reasons being that you can change your #passwords if it ever gets leaked but you can't change your biometrics. However one of the major downsides of using a password/pin for your lockscreen is that someone could simply look over your sholder to figure out your #password. These so called over-the-shoulder attacks are more common than you may think and the presence of #surveillance cameras everywhere makes the situation worse because now you could be recorded typing in your password!
So because of all these reasons I had mixed feelings about using a password/pin and tent to use biometrics whenever possible. But my opinion about passwords changed entirely after watching this 9 year ol
... show more
I've heard #cybersecurity experts often say that passwords are more secure than #biometrics, one of the reasons being that you can change your #passwords if it ever gets leaked but you can't change your biometrics. However one of the major downsides of using a password/pin for your lockscreen is that someone could simply look over your sholder to figure out your #password. These so called over-the-shoulder attacks are more common than you may think and the presence of #surveillance cameras everywhere makes the situation worse because now you could be recorded typing in your password!
So because of all these reasons I had mixed feelings about using a password/pin and tent to use biometrics whenever possible. But my opinion about passwords changed entirely after watching this 9 year old video on YouTube showing how to use the "picture password" feature on a #BlackBerry device - The ingenuity of this system not only prevents over-the-shoulder attacks but is also fast & easy to use! I'm actually quite surprised that this never caught on to other devices because it really seems like a smart and easy solution to a common problem. Thanks to @Surveillance Report for mentioning this on your #podcast or else I would've never known about this technique.
in the end, that all depends on your threat model, as always. Biometrics have again and again proven to be easy to circumvent, even just from public images: youtube.com/watch?v=VVxL9ymiyA… And depending on where you live, the police might be able to force you to give them your fingerprints, but not a password. But I fully agree that scrambled PIN pads should be more common, that helps a lot against someone just glancing over.
http://media.ccc.de/browse/congress/2014/31c3_-_6450_-_de_-_saal_1_-_201412272030_-_ich_sehe_also_bin_ich_du_-_starbug.htmlBei der Passworteingabe über die S...
@thasl P.S. I very much agree that it comes down to your own personal threat model. E.g. I haven't bothered having a password lock on my phone since the dawn of smart phones, and very grateful for all the time and hassle that saves me. But then I hardly ever use a phone, and don't have anything critical like email connected to it, so the risks involved are rather less that for most people
Interesting idea thanks. Though it looks like that depending on the choice of image used, it could be even more susceptible to an over-the-shoulder attack. In the final orientation she is entering as the combination at 2:14, the number 5 stands out as the only number that is centred to a specific element in the picture. For a young person doing it quickly it may well be difficult to spot, but what about for someone with failing eyesight carefully and slowly lining it up for you?
It seems only somewhat more secure than gesture unlock.
It might trip-up video analyzis or surveillance unfamiliar with it, but two captures seem like enough to have a very high probability of identifying the commonality. Depending on user behavior, a single observation could be enough.
The best option, I think, would be some HMD as the sole active display.
very interesting idea, I like it. It is not as convenient as fingerpring sure, but having it as a second option (instead of pattern or pin) would certainly be great. I wonder though, how many videos would be enough to crack your number and location down. Maybe even as low as two, if you overlap the pictures and see where are the numbers right before unlocking...
Yeah if you got recorded on video and there are multiple instances of it then you might be doomed. Randomly spacing the numbers each time could make it harder maybe, but IDK..... It's not perfect for sure.....
The AOSP-based custom OS GrapheneOS has PIN scrambling, which makes these attacks a bit harder and also improved fingerprint unlock security.
Highly recommend looking into the project because it has many amazing security features on top of AOSP, and is one of the few custom OSes with actual security researchers developing significant improvements.
I used it with a lot of pleasure and - not being anybody important enough to have my gestures recorded many times- I always felt safe using it. I don't think it is easy to crack. I miss #BlackBerry solutions every day but I'm happy not all of them got copied. BlackBerry was unique.
> A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world.
Listening to this episode opened my eyes about the crazy world of cyber mercenaries, a part of the #MilitaryIndustrialComplex profiting off of wars.
A new type of mercenary spyware came on the radar called Predator. It'll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world.
Do you remember hearing the news of #Google trying to enable #telemetry by default in the #Go programming language? Apparently they've been doing the same with their #Flutter UI toolkit all this time 😐 Their docs also mention that "By downloading or using the Flutter SDK you agree to the Google Terms of Service." - linking to Google's general terms and service policy at policies.google.com/terms
This is a github issue requesting Flutter to make their #analytics opt-in for complying with EU/ECC laws (#GDPR).
... show more
Do you remember hearing the news of #Google trying to enable #telemetry by default in the #Go programming language? Apparently they've been doing the same with their #Flutter UI toolkit all this time 😐 Their docs also mention that "By downloading or using the Flutter SDK you agree to the Google Terms of Service." - linking to Google's general terms and service policy at policies.google.com/terms
This is a github issue requesting Flutter to make their #analytics opt-in for complying with EU/ECC laws (#GDPR). That issue was closed in 2021, now three years later and the telemetry is still there enabled by default. And even if you try to opt-out they'll still ping Google's servers to let them know you've opted out, as per their docs.
When Google tried to add telemetry to the Go language last year it made news and there was significant backlash from the community, enough for them to reverse course and make their telemetry opt-in rather than turning data collection on by default - theregister.com/2023/05/17/goo… Unfortunately the same didn't happen with Dart/Flutter so far, which means you're likely to face more data collection there by default.
My mind is blown away by this video! 🤯 I wouldn't have believed if someone told me they made this shit work today, let alone in 1910. Sometimes the ingenuity of humans is unbelievable!
So-called "free returns” aren’t free at all. In this video, I share the surprising truth about the lies corporations tell you to make you buy more, and what ...
@AntennaPod surprised me with this cool feature today!
I think Spotify had a similar feature for the songs you listen to, but I haven't been on Spotify for a long time so I don't know what it's called now. But it's cool to see this on a FOSS podcast app like #AntennaPod, and the amazing thing is that they generate it locally on your device so it's privacy friendly 🙂
I feel like the statistics is a bit skewed here because I've put some podcasts under a custom tag named "Bookmarks" and excluded them from my inbox, I certainly can't listen to 48 podcasts at once, lol 😂
If the #AntennaPod team is reading this, having a default built-in bookmarking feature in the app would be useful because sometimes you wanna keep an eye on some podcasts without actually subscribing to them and having all their episodes show up on your inbox. Just a suggestion 🙂
TBH I've probably used AntennaPod for a bit longer because I've my switched phone once and started fresh. But yeah I've never really had any reason to change the app since then, this has always been my favorite FOSS podcast app 🙂 Thanks to the #AntennaPod team and all the wonderful people contributing to this project!
1. Stuff you should know is an educational podcast where the 2 hosts talk about a different topic in each episode, the topics can literally be anything from science to nature to history or various cultural elements of our time. It's pretty easy for me to listen to and they release a lot of episodes, so I'm not surprised to see it's the one I've listened to the most.
2. This American Life is a podcast that's mostly focused on storytelling, sometimes fictional but mostly real stories told by real people. The stories can be funny, strange/surprising, emotional or enlightening depending on which episode you're listening. It's hard for me to put this one into words but you'll have to listen to a couple of episodes to get the hang of it. Definitely one of my favorite podcasts, and a shout out to my friend @frankie for introducing me to it 🙂
3. Radiolab is also one of those educational/storytelling type podcasts, you'll learn about something new in every episode and it's fun to listen to.
4. CrowdScience is a podcast which, like the name suggests, is mostly about science. On each episode they try to find the answer to a listener question, people from all around the world have called in to ask different questions and they reach out to the experts from various fields to answer those questions.
5. Science Vs is a podcast trying to separate out the science from all of the misinformation and exaggerations we're bombarded with these days. This is the first podcast I've ever listened to and it's still one of my favorites. Science Vs is probably one of the most scientifically rigorous podcasts I know of and they provide transcripts for all their episodes with lots of citations so that you can verify the information they present and/or to just learn more about the subject.
I feel like the puzzles are getting a bit too hard for me on #AdventOfCode, so I'll probably be slacking off from now on. Solving last day's 2D pipe maze with a loop was hard enough, and today's puzzle seem to be of a similar kind so I'll probably skip - I feel like these puzzles have more to do with math and geometry than programming itself
> I feel like these puzzles have more to do with math and geometry than programming itself
I think that's accurate, and I see it resulting from the attempt to make a puzzle that works for *any* programming language a contestant might use.
If they can't assume any particular library or framework, they're left with puzzles that require only the fundamentals of computing and data processing. That doesn't leave much outside of text, data structures, and mathematics.
@bignose I can't summon up much enthusiasm for AoC this year. I don't need to:
* Learn a new language * Learn to program * Write yet more string parsing code * Wrestle with algorithms that are vanishingly rare in the real world * Prove anything, to myself or others * Invest time/energy I could usefully spend elsewhere
But I'm delighted others enjoy it at least as much as I've enjoyed it in the past. Plus it's a great spectator sport.
This was actually my first year trying out AoC, as a beginner to programming it was kind of a fun learning experience, but being a beginner also means I'll have to stop sometime as the puzzles get harder. Last day's puzzle was a bit too hard for me, maybe today's is better I might give it a try but I certainly won't put any pressure on myself 😄
haha, i also though like this at the beginning, though i thankfully didn't go down that road, but i also spaced out on a silly mistake returning 0 instead of the last value in a utility function…
At least part 2 was trivial from my part 1 solution.
I thought my code is never going to terminate, but after around an hour or so it did, LMAO 🤣
Because I had to refactor the code many times for this one my current iteration doesn't make much sense, so I'll publish it later maybe after doing some cleanup, IDK...... It's all spaghetti code anyway
Well, after timing it I see it's not as bad as an hour, but 12 minutes is still too long for a program to finish running - in my mind it felt like an hour. Also note that this is a compiled language, LMAO 🤣
Update: I've made the code a lot more faster by following a tip by @sotolf. Basically now the program is doing a reverse brute-force by starting at the end point and working its way upwards. So now the code finishes running in about 2 minutes, but if you use the --opt:speed compiler flag in #Nim then it can finish in 20 seconds! For comparison, my previous code took 12 minutes to finish even with the compiler flag on!
I was watching this video by @emilymbender and she made a lot of great points there, highly recommend watching it if you're curious about #AI and the hype around it. I was a bit surprised when she brought up magic 8 ball because I've been jokingly calling chatGPT magic ball in my friend circles, but it's such a great analogy tho 😄
On Thursday 9/28, I had the opportunity to speak at a virtual roundtable convened by Congressman Bobby Scott on "AI in the Workplace: New Crisis or Longstand...
I'll take a look at this, I'm interested in seeing different people's solutions even tho I may not fully understand the language they use, most programming languages tent to have some familiarity with each other so you can make a pretty good guess.
@sotolf helped me learn custom types in Nim and so far it has been very useful in solving these puzzles and keeping my code more neat and organized in general.
@amin ah, there you hid your code, personally I would have defined types and parsed it into that first, and then work on that instead of crunching everything ito one omnifunction ;)
Yeah I'm not familiar with using custom types or objects because my experience with programming so far had been writing shell scripts on Linux - which doesn't support either of those, lol 😅 So yeah, I'll probably need some practice before I can get into the Nim way of thinking. Thanks for your suggestions BTW 🙂
@amin Yeah, it's really worth doing, using object makes your code readable and a lot easier to deal with for yourself as well, I have some examples from my older advent of code that is in nim if you are interested too :)
Some other folks have also shared their Nim code for this year's AoC so that's gonna come handy - forum.nim-lang.org/t/10717
This might sound like a stupid question, but I'm a bit confused between objects and custom types in Nim - do I actually need to use an object here or would a custom type with named tuples be enough?
Wow your code looks much better and well structured than mine. I still find it a bit hard to wrap my head around these custom types and things but I understand why it can be beneficial - it feels like the initial part of your code that defines all the custom types and the procedures used to parse them provides a sort of scaffolding that makes the rest of the code more easy to manage, I also like how modular everything is compared to my "omnifunction" 😄
@amin yeah, that's exactly how I'm thinking how can I represent the data, and then how can I get closer to what I want, or functions I need to do what I need. My way is just one way to do it, but it's the one I find the easiest to work with :)
Types are a bit daunting in the beginning but when you do they really help you think, and let's the compiler help you not do a quite big group of errors :)
I think I also learned some new Nim features from your code, for example I was surprised to see how you defined the CubeSet type on line 13 - is Nim using the Color enum for indexing its arrays?! I had no idea this was possible!
Checkout our sponsor, BetterHelp, for 10% off your first month: https://www.betterhelp.com/actionlabShop the Action Lab Science Gear here: https://theactionl...
One fascinating fact I heard on this #podcast episode:
> If everyone in the country use their phone one year longer on average, it'd be the same as taking 636,000 gasoline powered cars off the road.
The episode mainly talks about the precious minerals in our phones and how they're extracted from rocks formed millions of years ago, not only do we have a limited supply of these minerals but it also can't be recycled properly.
Cellphones put the power of the world at our fingertips. With the touch of a finger, you can instantly connect with your doctor, have food delivered to your office or simply obliterate your niece at Words with Friends.
In 1994, Masahiro Hara got tired of having to scan six or seven barcodes on every box of Toyota car-parts that zoomed past him on the assembly line. He wondered why the standard barcode from the 70s was still used...Why couldn’t someone invent a barcode that used two dimensions instead of one that could work from any angle or distance, even even if it got smudged or torn?
And so, studying a game of "Go", he dreamed up what we now know as the QR Code — the square barcode you scan with your phone. It shows up on restaurant menus, billboards, magazine ads — even tattoos and gravestones. But even that, says Hara-san, is only the beginning.
Today the Netherlands has a reputation as a kind of bicycling paradise. Dutch people own more bicycles per capita than any other place in the world. The country has more than 20,000 miles of dedicated cycling paths. International policymakers make pilgrimages to the Netherlands to learn how to create good bike infrastructure.
But none of that was inevitable. It wasn't something that magically emerged from Dutch culture.
In fact, in the 1960s and 70s, it looked like the Netherlands would follow the same path as the United States. The Dutch had fallen in love with cars and they were rebuilding their cities to make room for them. It was only because of a multi-decade pro-cycling movement that cars didn't take over the country entirely.
Can researchers decipher what people are thinking about just by looking at brain scans? With AI, they're getting closer. How far can they go, and what does it mean for privacy?
I Volunteered for 25 Projects. Here's What I've Learned
In this video I am showing 9 things which I've realized by volunteering for 25 projects. Most of them were about nature and wildlife protection and restoration.
00:00 Intro 00:23 Skills 01:27 Funding 02:27 Compassion 03:16 Other People 04:23 Enthusiasm 06:03 Time Waste 07:14 You Will Lose Money 08:08 Experience 08:54 Never The Same
The story of #SciHub and its founder Alexandra Elbakyan in her fight against the global network of academic journals that underlie published scientific research.
They’re phishing, hacking, and password-cracking to steal personal and research data from the world’s academic institutions. Andrew Pitts takes a hard look at Sci-Hub as, “Corrupt cybercriminals, not Robin Hood.”
PDF files can contain malware in them which is why you should never open them if you get a spam email or something with an attached PDF. However I'd be very surprised if SciHub contains any malware like this person says because it's generally considered as a trusted source of information, without providing a valid source for that claim I can only take it as rumor or propaganda at best.
BTW, you can also use tools like @dangerzone to safely open potentially harmful PDFs - it's made for people like journalists who may need to open many PDFs as part of their work.
Nils
in reply to Rokosun • • •And depending on where you live, the police might be able to force you to give them your fingerprints, but not a password.
But I fully agree that scrambled PIN pads should be more common, that helps a lot against someone just glancing over.
starbug: Ich sehe, also bin ich ... Du (english translation)
YouTubeRokosun likes this.
BB
in reply to Nils • • •P.S. I very much agree that it comes down to your own personal threat model. E.g. I haven't bothered having a password lock on my phone since the dawn of smart phones, and very grateful for all the time and hassle that saves me. But then I hardly ever use a phone, and don't have anything critical like email connected to it, so the risks involved are rather less that for most people
Rokosun likes this.
BB
in reply to Rokosun • • •Rokosun likes this.
LisPi
in reply to Rokosun • • •It seems only somewhat more secure than gesture unlock.
It might trip-up video analyzis or surveillance unfamiliar with it, but two captures seem like enough to have a very high probability of identifying the commonality. Depending on user behavior, a single observation could be enough.
The best option, I think, would be some HMD as the sole active display.
Rokosun likes this.
dieTasse
in reply to Rokosun • • •I wonder though, how many videos would be enough to crack your number and location down. Maybe even as low as two, if you overlap the pictures and see where are the numbers right before unlocking...
Rokosun likes this.
Rokosun
in reply to dieTasse • •@dieTasse @Surveillance Report
Yeah if you got recorded on video and there are multiple instances of it then you might be doomed. Randomly spacing the numbers each time could make it harder maybe, but IDK..... It's not perfect for sure.....
dieTasse likes this.
Scorpion8741
in reply to Rokosun • • •The AOSP-based custom OS GrapheneOS has PIN scrambling, which makes these attacks a bit harder and also improved fingerprint unlock security.
Highly recommend looking into the project because it has many amazing security features on top of AOSP, and is one of the few custom OSes with actual security researchers developing significant improvements.
grapheneos.org/features
GrapheneOS features overview
GrapheneOSRokosun likes this.
Rokosun
in reply to Scorpion8741 • •@Scorpion8741 @Surveillance Report
I'm aware of GrapheneOS, and I'd definitely try it out if I can get my hands on a pixel 🙃
Scorpion8741 likes this.
Surveillance Report
in reply to Rokosun • • •Rokosun likes this.
Erien
in reply to Rokosun • • •Rokosun likes this.