BEYOND proud to present "Beyond the Repository: Best practices for open source ecosystems researchers", a collaboration between myself, @amcasari, and @jlovato that was just published in the the @ACM Queue.

Please share with anyone who is doing research into open source!

#OpenSource #OSS #FOSS #SociotechnicalSystems #Research #BestPractices

https://queue.acm.org/detail.cfm?id=3595879

users of #microsoft #Edge browser that are worried about #CVE-2023-2033 (and you should be) it's easy to get version strings mixed up so in Edge (and presumably Brave and Vivalidi and any other Chrome-engine browser), make sure in `about://` that the chromium version is not older than 112.0.5615.121!

#infosec #bestPractices

every time i read a post or guide and it walks someone through creating an #openssh #keypair without a password on the private key i want to reach through my display and whack them upside the head and tell them to read the g-ddamned manpage for `ssh-agent` and `ssh-keygen` again.

i log this as a critical finding in my threat model workshops. using strong authentication in automation is a solved problem and has been before the first commit to openssh as far as i can remember.
#bestPractices

I have staged my #threatModel for tomorrow and I'm super excited to see this team in particular again! The best part about my job is meeting all the people that build marvelous things.

there's a woman in that team that was a contractor and i _loved_ her #SOP as #bestPractices to create separate accounts at Github.com/GitLab for each client which sure makes user access review easier and limits the blast radius.

i haven't investigated if my #yubikey using #webauthn in multiple IDs though.

@nathan
It's hard to get people on board when it cost them time or money. I mean look, world leaders can't even get it together on the #climate. I think the best thing we can do is spread the word to our fellow developers and clients. And also use #bestPractices ourselves.

huh my #iPadPro can use my type-C yubikey now. it didn't used to work but i got challenged at Github and said what the hell lets try and boom authenticated. (github lets you have a security key _AND_ a totp otp MFA option active at the same time \o/
#mfa #yubikey #bestPractices #infosec #github

i swapped out a 5.1 rig in my family room with a new #Atmos #soundbar to match a new Samsung Q-series TV. i have a real monster of a subwoofer that i can’t use with the ‘bar. the wireless subwoofer just doesn’t cut it even dialed up to +6.

#tip: go into the soundbar menus, drop levels of all channels _not_ your sub i.e. center, front, to -4, leave sub at +6.

still no BIG BOOMS but at least it feels more theatrical as intended.

#homeTheater #householdAV #tip #bestPractices