-
3 votes
-
Stop worrying about upper-class suburbanites
14 votes -
The mutated coronavirus is a ticking time bomb
10 votes -
Stamp The Wax - Diggers Directory: Nabihah Iqbal (2020)
2 votes -
Google employees form union
42 votes -
The most expensive books and manuscripts in history
4 votes -
Fortnightly Programming Q&A Thread
General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...
General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.
Don't forget to format your code using the triple backticks or tildes:
Here is my schema: ```sql CREATE TABLE article_to_warehouse ( article_id INTEGER , warehouse_id INTEGER ) ; ``` How do I add a `UNIQUE` constraint?
4 votes -
The man who invented more than eight hundred iconic toys and games
6 votes -
Seven smokable plants you can grow that aren’t marijuana
10 votes -
Inside the US Army’s warehouse full of Nazi art
10 votes -
Electric cars rise to record 54% market share in Norway – Nordic country becomes first in the world where electric car sales outstrip those powered by other means
12 votes -
Alexi Laiho, frontman for Finnish metal giants Children of Bodom, dead at 41
7 votes -
Randy Resnick - Cartoon Orchestra (2021)
3 votes -
Crying in H Mart: Sobbing near the dry goods, I ask myself, “Am I even Korean anymore if there’s no one left in my life to call and ask which brand of seaweed we used to buy?"
11 votes -
Both sides claim victory in massive EVE Online battle
17 votes -
Julian Assange extradition judgement
9 votes -
Neofeudalism and the digital manor
14 votes -
Gwynne Shotwell talks about selling flight-proven rockets, Starship
8 votes -
Ticketmaster admits it hacked rival company before it went out of business
17 votes -
Do you love me?
29 votes -
LinkLonk - A link aggregator with a trust system
I built a link sharing website where you connect to users that share your interests. When you upvote a link - you connect to other users who upvoted that link and LinkLonk shows you what else...
I built a link sharing website where you connect to users that share your interests. When you upvote a link - you connect to other users who upvoted that link and LinkLonk shows you what else these users upvoted.
The more in common you have with another user the more prominently their other recommendations appear on your list.
The intuition is that the more useful your past recommendations have been for me, the more I can trust your future recommendations.
This is how trust works in meatspace - we keep track of how positive our experiences have been with other people and use that track record to decide who we can trust in the future.
Except that mechanism does not work online. It just does not scale to the numbers of users we interact with. We can remember around 150 other people (the Dunbar number). Beyond that our builtin trust mechanism breaks down. We revert to more coarse and primitive trust mechanisms such as tribalism and mistrust in everyone.
While we cannot personally keep track of every user on a platform - that is what computers are good at.
That is the idea behind LinkLonk. You don't need to remember the names of users who you can trust (in fact there are no usernames on LinkLonk). You simply upvote content that was useful to you and LinkLonk constantly keeps track of how useful every other user has been and ranks new content accordingly.
Another important part of trust is that if you misplace your trust in someone and they let you down then you need a mechanism to stop trusting them.
This is what the downvote button is used for: when you downvote an item, LinkLonk reduces your “trust” in other users that upvoted it. As a result, you will see less content from those users.
The above describes the basic idea. There are a couple more concepts:
- You start off weakly connected to all users, which means that at first you see content sorted by popularity. Rate something and refresh the page - the ranking will change.
- You are not limited to a single persona/interest. If you have multiple interests then you can create a separate collection for each of your interests. When you upvote a link you can choose what collection it belongs to. For example, if you are interested in woodworking and music then you can create two collections and put woodworking links into one and music links into the other. Then other people who liked your woodworking recommendations will only see your other recommendations from the same collection and will not get your music. This is mostly a way for you to help other users find relevant content. It’s optional. You can put everything into the “default” collection if you don’t feel like organizing.
- LinkLonk has another source of recommendations - RSS feeds. When you upvote a blog post LinkLonk connects to the RSS feed of that blog - as if it was another user. LinkLonk pulls updates from the feed and shows you the new entries using the same ranking algorithm: the more you upvote items from the feed the higher the other items from the feed are ranked. You can submit any RSS url and LinkLonk will connect (subscribe) you to it. My hope is that in the early days when we don't have many users you would find LinkLonk useful as a sort of an RSS reader.
- Moderation. When you downvote an item then you get connected to other users who also downvoted that same item. In other words, you will trust their other downvotes. If they downvote something then that item will rank lower for you.
Give it a try at: https://linklonk.com/register with 'tildes' as the invitation code. The invitation code can be used multiple times and I will keep it active for a few days. After that please DM me to get a fresh code.
I’m posting this on Tildes in part because I like the group of people that Tildes has attracted. And I also feel the topics of trust systems, content curation and moderation are relevant to Tildes and to its users (see: https://docs.tildes.net/future-plans#trustreputation-system-for-moderation).
What do you think?
27 votes -
What did you do this weekend?
As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at...
As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their weekend. Did you make any plans? Take a trip? Do nothing at all? Tell us about it!
8 votes -
Developer of over thirty macOS ports on why they are discontinuing future macOS ports in favor of Linux
22 votes -
Chelsea Wolfe: NPR Music Tiny Desk Concert (2016)
5 votes -
Jack Ma disappears from his own talent show
13 votes -
David Lynch has a YouTube channel on which, each day, he gives a weather report and picks a number from a jar
15 votes -
Tips to use NixOS on a server?
I see some people using NixOs on their servers. I would like to try it out to self host some services and learn about NixOs. I use hetzner and they have an NixOs iso available so I can just use...
I see some people using NixOs on their servers. I would like to try it out to self host some services and learn about NixOs.
I use hetzner and they have an NixOs iso available so I can just use that to install NixOs. But how do people manage remote instances of NixOs? They would just use ansible or something like it, to run nix on the host, or is there a better way?
Thanks
11 votes -
What games have you been playing, and what's your opinion on them?
What have you been playing lately? Discussion about video games and board games are both welcome. Please don't just make a list of titles, give some thoughts about the game(s) as well.
17 votes -
Fitness Weekly Discussion
What have you been doing lately for your own fitness? Try out any new programs or exercises? Have any questions for others about your training? Want to vent about poor behavior in the gym? Started...
What have you been doing lately for your own fitness? Try out any new programs or exercises? Have any questions for others about your training? Want to vent about poor behavior in the gym? Started a new diet or have a new recipe you want to share? Anything else health and wellness related?
5 votes -
"I can't believe it's not optical!"—How satellites use synthetic aperture radar to see more than they otherwise should
12 votes -
New 2021 GPS accuracy issue impacting some Garmin, Suunto, other GPS devices
12 votes -
Bets, bonds, and kindergarteners
5 votes -
Sunday Security Brief
Sunday Security Brief This brief covered a unique attack vector, information on a broad campaign using DNS attacks, a case relating to technology law, and a few advisories that either stuck me as...
Sunday Security Brief
This brief covered a unique attack vector, information on a broad campaign using DNS attacks, a case relating to technology law, and a few advisories that either stuck me as important or curious.
What happened last night can happen again ~ fortune
Topics:
- IDN Homograph Attack
- A Deep Dive on DNS Hijacking Attacks
- Law enforcement has seized the domains and infrastructure of three VPN services being used for cybercrime
- Advisories
IDN Homograph Attack
This particular exploit is interesting. It takes advantage of the fact that many different characters look alike to mislead people from their desired domain to a malicious one. I wonder what practices could help avoid this issue. The obvious step is to be concious of limiting the links that you click on from websites like Tildes, Hacker News, Reddit, or where anywhere can share a link with you via text. For example, if you see a Reddit thread about PayPal where someone includes a link to the PayPal Customer Service Center... Don't click it, just Google "PayPal Customer Service". This will be far safer in ensuring that you're going to the domain that you meant to!
Another thing to note is the importance of realizing how your trust online and how that changes your behavior. I know that I have a general sense of trust for people here that removes a lot of doubt when it comes to clicking random stuff you all share here. That trust could potentially work against you.
"The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike"
"The registration of homographic domain names is akin to typosquatting ~ Wikipedia, in that both forms of attacks use a similar-looking name to a more established domain to fool a user. The major difference is that in typosquatting the perpetrator attracts victims by relying on natural typographical errors commonly made when manually entering a URL, while in homograph spoofing the perpetrator deceives the victims by presenting visually indistinguishable hyperlinks."
IDN homograph attack ~ Wikipedia
A Deep Dive on DNS Hijacking Attacks
The article covered is a few months old, but still relavant as ever. The U.S. government alongside private security personnel issued information of a complex system that allowed suspected Iranian hackers to obtain a huge amount of email credentials, sensitive government and corporate information. The specifics of how this attack occured are not publicly available but Cisco's Talos research has a write up of how DNS Attacks work, the relavant snippets are below.
"Talos said the perpetrators of DNSpionage were able to steal email and other login credentials from a number of government and private sector entities in Lebanon and the United Arab Emirates by hijacking the DNS servers for these targets, so that all email and virtual private networking (VPN) traffic was redirected to an Internet address controlled by the attackers."
"Talos reported that these DNS hijacks also paved the way for the attackers to obtain SSL encryption certificates for the targeted domains (e.g. webmail.finance.gov.lb), which allowed them to decrypt the intercepted email and VPN credentials and view them in plain text."
"A Deep Dive on the Recent Widespread DNS Hijacking Attacks" ~ Krebs on Security
Law enforcement has seized the domains and infrastructure of three VPN services being used for cybercrime
The balance between allowing autonomy and protecting our collective interests comes to my mind. This seems like a worthy example of when stopping people from victimizing others overshadows the benefits of free action.
"Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims."
"... described the three as "bulletproof hosting services," a term typically used to describe web companies that don't take down criminal content, despite repeated requests."
"According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep."
Law enforcement take down three bulletproof VPN providers ~ Zdnet
Advisories
-
Debian, DSA-4824-1 chromium security update. Source
-
Arch, CVE-2020-25637 libvirt. Source
-
CentOS, CESA-2020-5437, Important CentOS 7 kernel. Source
-
RedHat, RHSA-2020:5665, Important: mariadb:10.3 security, bug fix, and enhancement update. Source
-
Windows, If you know of a good tracker for Windows securities advisories, please let me know. I was considering just drawing from the Microsoft Security Response Center Blog.
11 votes -
Weekly coronavirus-related chat, questions, and minor updates - week of December 28
This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the...
This thread is posted weekly, and is intended as a place for more-casual discussion of the coronavirus and questions/updates that may not warrant their own dedicated topics. Tell us about what the situation is like where you live!
10 votes -
Plan to straighten out entire life during weeklong vacation yields mixed results
36 votes -
Saturday Security Brief
Saturday Security Brief Topics: Attack Surface Management, Active iMessage exploit targetting journalists, Academic research on unique EM attack vectors for air-gapped systems. Any feedback or...
Saturday Security Brief
Topics: Attack Surface Management, Active iMessage exploit targetting journalists, Academic research on unique EM attack vectors for air-gapped systems.
Any feedback or thoughts on the experience of receiving and discussing news through this brief or in general are welcome. I'm curious about this form of staying informed so I want to experiment. (Thanks again for the suggestion to post the topics as comments.)
Attack Surface Management
This concept is about ensuring that your network is equipped to handle the many issues that arise from accommodating various "Servers, IoT devices, old VPSs, forgotten environments, misconfigured services and unknown exposed assets" with an enterprise environment. Some of the wisdom here can be applied better think about protecting our personal networks as well. Outdated phones, computers, wifi extenders, and more can be a foothold for outside attackers to retain persistant access. Consider taking steps to migigate and avoid potential harm from untamed devices.
Consider putting certain devices on the guest network if your router supports doing so and has extra rules for devices on that network so they can't cause damage to your other devices directly.
"A report from 2016 predicted that 30% of all data breaches by 2020 will be the result of shadow IT resources: systems, devices, software, apps and services that aren’t approved, and in use without the organization’s security team’s knowledge. But shadow IT isn’t the only area where security and IT teams face issues with tracking and visibility."
Attack Surface Management: You Can’t Secure What You Can’t See ~ Security Trails
Multiple Journalists Hacked with ‘Zero-Click’ iMessage Exploit
Mobile spyware is continuing to evolve and tend towards professional solutions. Recently this technology has been abused to conduct espionage on journalists of major networks. Where once these exploits typically required some mistaken click from the user, new developments are allowing their activities without any trace or requiring interaction from the target.
"NSO Group’s Pegasus spyware is a mobile phone surveillance solution that enables customers to remotely exploit and monitor devices. The company is a prolific seller of surveillance technology to governments around the world, and its products have been regularly linked to surveillance abuses."
"In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked."
"The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates."
"More recently, NSO Group is shifting towards zero-click exploits and network-based attacks that allow its government clients to break into phones without any interaction from the target, and without leaving any visible traces."
Security researchers exfiltrate data from air-gapped systems by measuring the vibrations made by PC fans.
Besides this potential exploit the article mentions past research done by Guri and his team which is worth checking out, like:
-
LED-it-Go - exfiltrate data from air-gapped systems via an HDD's activity LED
-
AirHopper - use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data
-
MAGNETO & ODINI - steal data from Faraday cage-protected systems
-
PowerHammer - steal data from air-gapped systems using power lines
-
BRIGHTNESS - steal data from air-gapped systems using screen brightness variations
"Academics from an Israeli university have proven the feasibility of using fans installed inside a computer to create controlled vibrations that can be used to steal data from air-gapped systems."
Academics steal data from air-gapped systems using PC fan vibrations ~ Zdnet
Good Practices
"Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident."
16 votes -
-
The Steam Awards
10 votes -
Some educated guesses about the companies, products, and services that are facing down a terrible 2021
9 votes -
What were/are your favorite flash/browser games?
Flash is gonna die for good in a few days (dec 31st) so I felt this is a good time to ask this question. (Although obviously, there have been large efforts to preserve these when the developers...
Flash is gonna die for good in a few days (dec 31st) so I felt this is a good time to ask this question. (Although obviously, there have been large efforts to preserve these when the developers did not. And even then, HTML5 means browser games will continue to exist, even though mobile games have mostly replaced browser games anyway.)
Mine personally were (taking away some of the more well-known ones):
Basically a game of celestial golfball. Had a level editor, which was quite fun.
Bonk.io (although this one has a sequel that's not in flash)
Pretty popular for a flash game made in 2016. Basically a game where balls need to "bonk" eachother out of the playing field.
Effing meteors (Definitely one of the games that I probably remember being better than it is.)
Basically a game where you clump up small meteors into bigger meteors to destroy stuff.
A game where a rabbit and frog are fused together and need to bounce like a pogo to the end.
A mountain climbing platforming game.
A game where you need to eat sushis quickly. Also has cutscenes.
An aesthetic racing game? Not entirely sure.
A game where you drill through the planet enough times to move to the next level (man, I had some weird gameplay preferences.)
A game where you need to time your descents to pick up speed in the hills and fly.
An 8 bit game where you as a dinosaur need to outrun extinction.
A power-up racing game I remember playing quite a bit. Definitely designed for children, even if that's not very surprising.
17 votes -
Who named the United States and what alternatives gained the most traction?
5 votes -
How were you as a child/young-person?
Did you obey your parents? Tortured small animals? Did we’ll school? Popular or outcast? Bully our bullied?
10 votes -
How human activity threatens the world’s carbon-rich peatlands
2 votes -
Amid warnings of surging worldwide poverty, planet's 500 richest people added $1.8 trillion to combined wealth in 2020
9 votes -
Hi, how are you? Mental health support and discussion thread (January 2021)
This is a monthly thread for those who need it. Vent, share your experiences, ask for advice, talk about how you are doing. Let's make this a compassionate space for all who may need one.
18 votes -
A monster wind turbine is upending an industry
30 votes -
I spent a year deleting my address online, then it popped up on Bing
20 votes -
WakaTime 2020 Programming Stats
4 votes -
US passes ‘historic’ anti-corruption law that effectively bans anonymous shell companies
26 votes -
The illusion only some can see
12 votes -
New type of atomic clock keeps time even more precisely: The design, which uses entangled atoms, could help scientists detect dark matter and study gravity's effect on time
13 votes