When—in 2018—I find a CV written in #LaTeX, I think "here's a geek." Only a PhD considers doing a commercial CV in LaTeX.
This documentary, entitled “How the #Internet Works”, is surprisingly accurate. https://video.twimg.com/ext_tw_video/1068883106126618624/pu/pl/S2Kg9NxpEj57b_lj.m3u8
When I read a report like this on the deceptive design practices, the constant nagging for location access, etc. I sorta shrug. It's obvious to me. But then I have to ask WHY do we allow this? We, who know better, don't advocate on behalf of those who don't know better. How do we fight this business model? How do we fight and prevent this being the norm? https://www.forbrukerradet.no/side/google-manipulates-users-into-constant-tracking
@feld If you're interested in virtualisation and side-channel attacks and all, you're probably interested in Firecracker too. Just announced yesterday: https://aws.amazon.com/blogs/aws/firecracker-lightweight-virtualization-for-serverless-computing/
For those of you interested in #cloud #security, you no longer need to go to the FUD and magic 1U box shows on the US West Coast. #AWS has announced its own security conference "Re:Inforce". First one will be in the end of June 2019 in Boston. https://aws.amazon.com/blogs/security/announcing-the-first-aws-security-conference-aws-reinforce-2019/
If you find an #infosec absolutist who thinks dogmatic things, point them to this twitter exchange between a math prof talking about abstract cylinders in calculus, and a cat food company who has to manufacture cans of cat food and sell them
If you're trying to do digital #forensics in the #cloud on #AWS, there's a really good PDF on this web page that lays out high level principles. https://aws.amazon.com/mp/scenarios/security/forensics/. It's also worth it to go take a look at https://threatresponse.cloud/ for a lot of free tools.
Gotta admit this script was useful. I had a couple big pig memory programs on an ubuntu linux instance. This listed all the running processes and how much RAM they were using. Totally fingered the culprit and made my life easier.
If the possibility #AWS public #S3 buckets kept you awake at night (despite all the blogs and code that's been released to prevent/manage them), you finally have a single, account-wide kill switch. https://aws.amazon.com/blogs/aws/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets/
Japan cyber security minister admits he has never used a computer. More secure than any of us!
This is a brilliant metaphor for CORS. https://dev.to/dougblackjr/cors-in-a-way-i-can-understand-501d
Unbelievable. If your domain name has the letter ‘d’ in it, homographic punycode attacks would work. But only on Mac/iOS! https://xlab.tencent.com/en/2018/11/13/cve-2018-4277/