Sign Up Now!

Sign up and get personalized intelligence briefing delivered daily.


Sign Up

Articles related to "hacker-news"


microsoft/ApplicationInspector

  • Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the software is or what it does.
  • Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more.
  • Application Inspector can help identify feature deltas or changes between component versions which can be critical for detecting injection of backdoors.
  • Basically, we created Application Inspector to help us identify risky third party software components based on their specific features, but the tool is helpful in many non-security contexts as well.

save | comments | report | share on


Huawei set for limited role in UK 5G networks

  • The Chinese firm will be banned from supplying kit to "sensitive parts" of the network, known as the core.
  • A document published by the National Cyber Security Centre indicates that the UK's networks would have three years to comply with the caps on the use of Huawei's equipment.
  • Three out of four of the UK's mobile networks had already decided to use and deploy Huawei's 5G products outside the core in the "periphery".
  • The government has also said the UK needs to "improve the diversity in the supply of equipment" to the country's telecom networks.
  • The theory is that by limiting Huawei to the RAN but banning it from the core, the authorities make the risk of its involvement more "manageable".

save | comments | report | share on


Curl to shell isn’t so bad (2019)

  • Piping curl to s(hell) claims that using curl example.com/install.sh | sh to install software is a “glaring security vulnerability”.
  • It’s worth pointing out that the install scripts for all the cited examples are in source control[2], and subjected to the same kind of auditing as the software itself.
  • Package managers are more secure due to checksums, signing, and auditing.[3] You should use a package if available (often it’s not, hence these scripts).
  • In the end it’s still just running code you didn’t personally audit on your computer, and a matter of trust.
  • As with the previous issue: you’re already trusting the vendor and site, and you’re already going to run the software that install.sh downloads.
  • It’s fine to not like these scripts, but that doesn’t make them “glaring security vulnerability” or “malpractice”.

save | comments | report | share on


Anatomy of a Scam Pitch Deck

  • Also interesting is how many other people have exactly that same combination of educational background: Anselm Hannemann/Peter Stumbles (that page is full of gems), Marko Dugonjić/Peter Stumbles (coincidentially, same phone number!),Clark Roberts (note how Clark Roberts does not appear on the team page itself, just on his own profile page), Veerle Pieters (who changes names and gender several times on the same page, and last (but not least) A lady called Mary Spencer, only she went three times to Rotterdam and twice to Denmark.
  • Confer with your colleague investors, assume that if it is too good to be true that it probably isn’t, and that the other side is willing to invest a lot of time and effort into looking credible, they assume that you will do no background checks at all.

save | comments | report | share on


My 2020 Hackintosh Hardware Spec — Core i9-9900K & Aorus Master Z390 on OpenCore

  • Since Apple recently updated their iMac with Core i9s and skipped the T2, this is probably the last time I’m building this sort of computer, before MacOS is locked down forever.
  • I don’t want to mess with MacOS and I need this to be a stable platform for the years to come.
  • Apple Broadcom BCM94360CD – 802.11 a/b/g/n/ac with Bluetooth 4.0 (connectivity) — This add-in card supplies the hackintosh with Bluetooth and Wi-Fi, it works OOTB with MacOS, and allows for native support for iMessage, Hand-off, Continuity, etc.
  • It runs like a charm, and is up to six (!) times faster during 3D renders than my previous i7-4770K hackintosh.
  • MacOS is fully functional, including iMessages, sleep/wake, Hand-off, Continuity, and Sidecar should work fine once I upgrade to Catalina.

save | comments | report | share on


The Oldest Living Civilization (1944)

  • Until the Opium War of 1840–42 the European merchants and voyagers who reached the distant land of China had looked upon the Chinese with a good deal of awe as a people of superior culture.
  • Chinese civilization as we know it first developed along the great bend of the Yellow River, where the earth was soft and easily worked by the crude tools of China’s Stone Age men who lived before 3000 B.C. From the Yellow River the Chinese spread north, east, and south, sometimes absorbing aboriginal tribes, until by the time of Confucius (500 B.C.) they occupied most of the coun­try between the Yangtze River and the Great Wall, and had developed from primitive Stone Age men to men who could domesticate animals, irrigate land, make beautiful bronze weapons and utensils, build walled cities, and produce great philosophers like Confucius.

save | comments | report | share on


Where International Communities Cluster

  • The 2018 release of IPUMS data was the bedrock of this project (Steven Ruggles, Sarah Flood, Ronald Goeken, Josiah Grover, Erin Meyer, Jose Pacas and Matthew Sobek.
  • Specifically, we selected the following variables from the IPUMS data: YEAR (Census year), SAMPLE (IPUMS sample identifier), SERIAL (Household serial number), CBSERIAL (Original Census Bureau household serial number), HHWT (Household weight), CLUSTER (Household cluster for variance estimation), STATEFIP (State (FIPS code)), PUMA (Public Use Microdata Area), STRATA (Household strata for variance estimation), GQ (Group quarters status), PERNUM (Person number in sample unit), PERWT (Person weight), BPL (Birthplace [general version]), and BPLD (Birthplace [detailed version]).
  • For each PUMA, we calculated the percentage of each foreign-born population (e.g., for Brazil, Canada, Nigeria, etc.).
  • We then examined each foreign-born population, and found the PUMA that contained its highest percentage, using this as a proxy of diaspora presence.
  • Additionally, because this measure exclusively focuses on foreign-born individuals, second- and third-generation communities are less likely to be represented in our research.

save | comments | report | share on


Practice Fusion to pay $145M settlement for taking kickbacks aimed at increasing opioid prescriptions

  • Web-based electronic health record company Practice Fusion will pay $145 million to resolve criminal and civil charges it engaged in a kickback scheme aimed at increasing opioid prescriptions, federal prosecutors in Vermont said Monday.
  • Federal prosecutors allege that Practice Fusion extracted unlawful kickbacks from pharmaceutical companies, including a payment of nearly $1 million from an unnamed opioid company, in exchange for implementing clinical decision support (CDS) alerts in its EHR software designed to increase prescriptions for their drug products.
  • In separate civil settlements, Practice Fusion has agreed to pay approximately $118.6 million to the federal government and states to resolve allegations that it accepted kickbacks from the opioid company and other pharmaceutical companies and also caused its users to submit false claims for federal incentive payments by misrepresenting the capabilities of its EHR software.

save | comments | report | share on


Mamba Mentality | By Kobe Bryant

  • I was so enamored with the ball that I didn’t actually want to bounce it or use it, because I didn’t want to ruin the pebbled leather grains or the perfect grooves.
  • When Allen was covering me, I’d receive the ball in favorable locations, in attacking positions like the mid-post, because he couldn’t stop me from catching a pass.
  • I chose not to catch the ball in the post, because the Sixers would have just fronted and trapped me.
  • By catching it on the elbow or mid-wing, I mitigate all of these schemes, because they couldn’t front me on the pass and I didn’t need to dribble to get an open look over the top of him.
  • I came into the locker room at half-time and asked the guys—in a less PG manner—what in the hell we were doing.

save | comments | report | share on


Grindr and OKCupid Sell Your Data, but Twitter’s MoPub Is the Real Problem

  • On January 15, a Norweigian Consumer Council (NCC) investigative report exposed the ways that Grindr, OKCupid, and eight other apps are collecting and sharing extremely sensitive personal data.
  • It built a platform that encourages people to be exceptionally open with sensitive, potentially dangerous personal information, then it invited third-party advertisers to harvest and share much of that data with impunity.
  • When we formulate policy responses to the privacy violations exposed by the NCC report, we need to focus on the adtech systems like MoPub that enable companies like Grindr.
  • MoPub operates in the vast, convoluted, opaque ecosystem of personal data collection and sharing that powers modern adtech.
  • After some initial configuration, Grindr leaves the details of sharing data and serving ads up to MoPub. A diagram from MoPub’s website showing a simplified view of the real-time bidding process.

save | comments | report | share on