• Activity
  • Votes
  • Comments
  • New
  • All activity
    1. Friday Security Briefing

      Friday Security Briefing Hello there! I hope you're all looking forward to something this weekend. Today's briefing will cover a captivating tale of scheming against financial centers, woes of...

      Friday Security Briefing

      Hello there! I hope you're all looking forward to something this weekend. Today's briefing will cover a captivating tale of scheming against financial centers, woes of virtual networking, and the possibility of Russia behaving quite unnecessarily.

      "Listen, or your tongue will make you deaf." ~ Unattributed proverb


      Wall Street targeted by new Capital Call investment email scammers

      The tactic of exploiting enterprise email systems remains a successful and active attack vector for bad actors. The emerging development is the use of "capital call" style scam, wherein scammers pretend to have investor or insurance business with the business.

      "In an example shared by the researchers, the scam email attached a Capital Call Notice for US $970,357.00 to be deposited into a bank account under the fraudsters’ control."

      "If the targeted investor was duped into wiring the funds, then it is likely that money would be quickly moved into other accounts and withdrawn by mules to prevent the payment from being returned to the victim."

      The flexibility that cryptocurrencies provide to discreetly rearrange money may actually be disadvantageous for banks in certain situations.

      Source: Tripwire, Wall Street targeted by new Capital Call investment email scammers



      High severity Linux network security holes found, fixed

      (CVE-2021-26708) Alexander Popov of London has discovered five security holes in the Linux kernel's virtual socket implementation. This is concerning, my personal use of virtual networking systems could be a lot more thought out. I do tend to keep my use of libvirt to a minimum but ideally I would be running my virtualization workstation on a separate box optimized for safe practices.

      "These holes entered Linux when virtual socket multi-transport support was added. This networking transport facilitates communication between virtual machines (VM) and their host. It's commonly used by guest agents and hypervisor services that need a communications channel that is independent of the VM network configuration. As such, people who are running VMs on the cloud, which is pretty much everyone these days, are especially vulnerable."

      Source: ZDNet, High severity Linux network security holes found, fixed



      Ukraine: DDoS attacks on govt sites originated from Russia

      Ukraine is proposing that information on the threat actors responsible for a DDoS on Ukrainian government websites originated from Russian domains.

      However, they did not claim that the threat actors were affiliated with the Russian state.

      I am curious about the motivations if this was sanctioned by Russia. Are they testing their capabilities against a softer target in order to learn from the European and American Cyber-Defense response? Perhaps this was a way for Russia to demonstrate it's competency at cyber warfare.

      "The National Coordination Center for Cybersecurity (NCCC) at the NSDC states that these DDoS attacks have been massive and have targeted government websites in the defense and security sector."

      Possible retaliation?

      "Last week, news leaked that Ukrainian law enforcement, in cooperation with the US and French police, arrested alleged Egregor ransomware operation members.

      Three days later, the Security Service of Ukraine (SBU) issued a press release about the Egregor arrests and seizing the ransomware group's equipment."

      Source: Bleeping Computer, Ukraine: DDoS attacks on govt sites originated from Russia


      8 votes
    2. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      7 votes
    3. Fortnightly Programming Q&A Thread

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.

      Don't forget to format your code using the triple backticks or tildes:

      Here is my schema:
      
      ```sql
      CREATE TABLE article_to_warehouse (
        article_id   INTEGER
      , warehouse_id INTEGER
      )
      ;
      ```
      
      How do I add a `UNIQUE` constraint?
      
      6 votes
    4. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      8 votes
    5. What is the most difficult or complex thing you have programmed, created, or otherwise made?

      I'm mostly just curious what types of in-depth projects you all get up to. The weekly "what are you working on threads" are always full of cool things, so I am curious what people's self-rated...

      I'm mostly just curious what types of in-depth projects you all get up to. The weekly "what are you working on threads" are always full of cool things, so I am curious what people's self-rated most difficult or complex projects have been.

      26 votes
    6. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      9 votes
    7. Fortnightly Programming Q&A Thread

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.

      Don't forget to format your code using the triple backticks or tildes:

      Here is my schema:
      
      ```sql
      CREATE TABLE article_to_warehouse (
        article_id   INTEGER
      , warehouse_id INTEGER
      )
      ;
      ```
      
      How do I add a `UNIQUE` constraint?
      
      8 votes
    8. Input from a text file, pull from multiple APIs, formatting output, etc. in Python

      I don't need answers so much as an idea of where to start. Essentially, I have a Google Sheet that uses importjson.gs to pull from the following APIs OMDB (IMDB) TheMovieDB TVMaze I also use...

      I don't need answers so much as an idea of where to start.

      Essentially, I have a Google Sheet that uses importjson.gs to pull from the following APIs

      • OMDB (IMDB)
      • TheMovieDB
      • TVMaze

      I also use another script to scrape Letterboxd for ratings.

      This works well, but sometimes it'll time out or I'll hit urlFetch limits that Google has in place.

      Basically, I'd like to have a text file (input.txt) where I pop in a bunch of titles and year or IMDB IDs, then the script runs and pulls set endpoints from all of these, outputting everything on one line (a pipe as a delimiter.)

      My thinking is that I can then pull that info a sheet and run all of the formatting, basic math, and whatever else so it suits my Sheet.

      I have a feeling I'll be using requests for the JSON and beautifulsoup for letterboxd -- or maybe a module.

      Can anyone point me in the right direction? I don't think it'll be too difficult and should work well for a first python project.

      7 votes
    9. Help with Google accounts authentication on iOS/iPadOS

      Edit: This was resolved by @tomf (cf. this comment). Google’s account authentication appears to broken for me for some reason. I have several devices and several Google accounts accumulated over...

      Edit:

      This was resolved by @tomf (cf. this comment).


      Google’s account authentication appears to broken for me for some reason.

      I have several devices and several Google accounts accumulated over the years.

      Accounts:

      1. Work Google account (this was set up by IT staff at the company where I work as they are a paying enterprise Google services customer)
      2. Undergraduate University account (this was set up when I attended undergrad, where the University is a paying Google services customer)
      3. Graduate University account (this was set up when I attended for grad school, where the University is a paying Google services customer)
      4. Personal Google account (this was set up a long time ago, it’s just a non-paid, consumer Google account)

      Under iOS and iPad OS, Google apparently asks you to download the official Google app in order to sign in and “trust” devices, so that they can send you prompts to acknowledge when you sign in on other devices. There is also the Google Authenticator app that lets you do traditional 2FA.

      Further background, I got an iPhone 12 Pro circa October 2020. I gave my old iPhone handset to my dad (after signing out of everything and resetting it according to Apple’s instructions). Ever since, I’ve been having issues with logging into my Google accounts from the new iPhone, my iPad, and my Mac (provided by work). I’m actually afraid to log out of my work Google account on my work Mac, because I’m afraid I won’t be able to log in again, and that would prevent me from being able to get work done.

      For example, let me walk through the steps I would normally take to log in to my Undergraduate University Google account on my iPad:

      1. Open the Google app
      2. Tap user icon in top right corner
      3. From the modal menu, tap the downward chevron (circled in red)
      4. Tap “Add another account” (circled in red)
      5. Tap “Continue” on the confirmation widget when prompted
      6. Enter the Gmail address for the account in the provided “Email or phone” input box and tap “Next”
      7. At this point, I wait for the progress indicator (the blue bar with the red arrow pointing to it) to indefinitely traverse from left to right over and over again and I cannot progress further.

      Virtually the same steps can be reproduced from my iPhone by going to accounts.google.com from any browser (I’ve tried Safari and Chrome).

      The same sort of authentication redirect from accounts.google.com happens when trying to add my associated Gmail accounts to my iOS devices from the Settings > Mail > Accounts > Add Account, and similarly stalls at the same point.

      I’ve tried logging out of my accounts from my personal Mac where I can still log in from google.com, and also tried going into the security settings for the accounts and disabling, then re-enabling 2FA (I can receive the text message with the code to associate my iPhone as a second factor authenticator, so Google knows my phone number).

      Google’s support documents don’t provide any guidance on this situation where the accounts.google.com authentication hangs, and there seems to be no way to contact a human being at Google to provide technical support. I’ve searched their help portal/forums, and found nothing similar to my issue. They point me down a tree that ends here, which is not useful to me.

      If Google’s services don’t work for you, it seems to be your problem, not theirs. I get that I’m not paying for their services, so it is totally unreasonable for me to expect any sort of technical support from Google. But, at the same time, it seems very strange that I am alone in my use case of simply trying to log into my accounts that have worked for years in the past without issue.

      Anyone have advice on next steps?

      5 votes
    10. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      9 votes
    11. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      13 votes
    12. How do I give proper credits in a documentation site

      I'm currently working on a site for learning MonoGame: https://learn-monogame.github.io/. The front page alone is a collaboration between 3 people. Do you guys know of a good way to give credits...

      I'm currently working on a site for learning MonoGame: https://learn-monogame.github.io/. The front page alone is a collaboration between 3 people. Do you guys know of a good way to give credits for each page? Is that a good idea? I'm currently thinking of adding a section at the bottom of each page with categories like:

      • Written by
      • Edited by
      • Corrections by
      • Brainstormed with

      With a link to each contributor's preferred social medial. I'm not sure where to look for inspiration for giving credits in a documentation site.

      From a reader's point of view, I think it can be nice to get introduced to members of the MonoGame community. Perhaps check out their released games or the ones they are working on.

      5 votes
    13. Let's talk about computer algebra systems

      I'm vaguely in the "market" for a new computer algebra system (Mathematica, Maple, Sage, SymPy, etc etc) and I am curious what experience you all might have with these types of programs. In the...

      I'm vaguely in the "market" for a new computer algebra system (Mathematica, Maple, Sage, SymPy, etc etc) and I am curious what experience you all might have with these types of programs. In the past I've used Mathematica, and once you get over the odd aspects of the Language (and hefty license fee), it is a pretty great piece of software. Nonetheless, now that my old student license has expired and I would have to buy a new one (though through my school I can get it at a steep discount) I'm looking at some alternatives. Sage seems particularly appealing since it is open source and apparently well documented, and of course SymPy is powerful although that as stand-alone as these other choices.

      There are tons of other options as well, with a wide range of functionality (it really is amazing how much these things can do). My main use cases with these types of things are either: a) algebraic manipulation, b) linear algebra, c) visualization. For these three it does really seem that Mathematica is at the forefront, but I'm all ears for other opinions.

      I'm curious, if you have used any or all of these in the past, what were you using them for and what is your opinion?

      11 votes
    14. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      4 votes
    15. Fortnightly Programming Q&A Thread

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.

      Don't forget to format your code using the triple backticks or tildes:

      Here is my schema:
      
      ```sql
      CREATE TABLE article_to_warehouse (
        article_id   INTEGER
      , warehouse_id INTEGER
      )
      ;
      ```
      
      How do I add a `UNIQUE` constraint?
      
      5 votes
    16. What is the difference between Linux distros? Why do you use the one you use?

      I still mainly use Windows, although I've dual-booted Linux a few times and I have Linux Mint on an old laptop right now. One thing I've never understood about Linux is all the different...

      I still mainly use Windows, although I've dual-booted Linux a few times and I have Linux Mint on an old laptop right now. One thing I've never understood about Linux is all the different distributions - their different reputations and why they have them. What is the mechanical difference between using one distribution of Linux and another? Or are the differences usually not mechanical?

      For example, Ubuntu and Debian seem to be large families, meaning that a lot of other distributions are based on them (using packages built for them in their package managers at least) as well as being popular distros on their own. But what's different between the two of them, and between each and the other distros based on them? (and what's similar? I gather they all use the Linux kernel at least!)

      I also know that people are quite opinionated on their choice of distro, I wondered what reasons people had for their choice. What things are easier or harder for you in your distro of choice? Is it mainly day-to-day tasks that are important or more how the OS works underneath? How much difference does your preferred distro make?

      For myself, I've only used Kubuntu (though not much) and Linux Mint, which was mainly for UI reasons, and particularly for the latter, ease of use for someone used to Windows (at least that was what I found years ago when I first looked into it).

      Though I doubt I'll ever fully move away from Windows I would like / need to have access to a Linux OS, so maybe this will help me to know what is important to look for. But I also hope it'll be a useful and interesting discussion topic. Also, there are some previous discussions on the latter question so I'd be more interested in learning about the main topic.

      also, please do add more tags

      29 votes
    17. GitLab reshuffles its paid subscription plans, drops its Bronze/Starter tier

      Via email: Effective January 26, 2021, GitLab has phased out the GitLab Bronze/Starter subscription tier. Current Bronze/Starter customers have over a year to transition Transition discount offers...

      Via email:

      Effective January 26, 2021, GitLab has phased out the GitLab Bronze/Starter subscription tier.

      Current Bronze/Starter customers have over a year to transition
      Transition discount offers are available to current customers
      Over the last few years, GitLab has evolved into a complete DevOps platform. Many Bronze/Starter customers adopted GitLab just for source code management (SCM) or continuous integration (CI), but GitLab is now a robust DevOps platform that can replace entire toolchains. GitLab customers are achieving faster releases, lower toolchain costs and more productive developers.

      The Bronze/Starter tier does not meet the hurdle rate that GitLab expects from a tier and is limiting us from investing to improve GitLab for all customers. Ending availability of the Bronze/Starter tier will help us accelerate development on customers’ priority needs such as improving usability, availability and performance, and making sure that security and compliance are enterprise-grade.

      We understand that this change could be disruptive for our current Bronze/Starter customers, which is why GitLab is offering transition options and price discounts to ease your transition to Premium over the next three years.

      All Bronze/Starter customers can choose a free upgrade to GitLab Premium for the remainder of their subscription for the first 25 users.
      At your next renewal before January 26, 2022, all Bronze/Starter tier customers can choose to
      Either renew at the Bronze/Starter tier for US$ 4 per user per month for one additional year
      Or opt in for discounted GitLab Premium prices for the next three years. For customers with 25 users or less, your discounted transition prices (paid annually) are US$ 6, US$ 9, US$ 15 per user per month for your first, second and third renewals respectively.
      To claim this offer, please visit the GitLab Customer Portal.

      To learn more about this change, watch this video, visit our customer FAQ or contact GitLab Sales.

      To address your questions and feedback, we have created a space in the GitLab Community Forum, which is actively monitored by GitLab Team members involved with this change.

      Thank you for the trust you place in GitLab to help you deliver software faster and more efficiently. We appreciate your use of GitLab and look forward to delivering more value to you every month.

      10 votes
    18. Anyone using a lightweight browser with Linux?

      I've got a crappy Chromebook running GalliumOS (Xubuntu) and Chromium is slow as molasses. I tried a few other browsers like Otter and Falkon. They're alright for most sites -- not Tildes, but...

      I've got a crappy Chromebook running GalliumOS (Xubuntu) and Chromium is slow as molasses. I tried a few other browsers like Otter and Falkon. They're alright for most sites -- not Tildes, but this seems consistent with QT5 browsers.

      Anyway, outside of text browsers, anybody have any light weight browser suggestions?

      14 votes
    19. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      8 votes
    20. Fortnightly Programming Q&A Thread

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.

      Don't forget to format your code using the triple backticks or tildes:

      Here is my schema:
      
      ```sql
      CREATE TABLE article_to_warehouse (
        article_id   INTEGER
      , warehouse_id INTEGER
      )
      ;
      ```
      
      How do I add a `UNIQUE` constraint?
      
      5 votes