Elias Griffin

@[email protected]
1 Followers
0 Following
0 Posts

Desert Nomad, First Responder, Reverend, Intelligence Analyst, Computer Expert, Cowboy, Sorcerer, Metaphysician, Polymath.

Show threadElias GriffinNov 8, 2024
Whoa, the downvotes are real! I had to slice up that title text and render it to path for the 3D effect, took forever, was like 30 layers. It took forever to get it just right and replacing Mastodon with “Lemmy” was just too much work. Was that it? I don’t get it ;)
Elias GriffinNov 7, 2024

Cybersecurity, Ethical Hacker Operating System Poll

https://lemmy.world/post/21715891

Cybersecurity, Ethical Hacker Operating System Poll - Lemmy.World

I’m polling on disparate platforms and Mastodon has very healthy Cybersecurity Communities so that’s why I’m posting that graphic. Please comment with your daily driver host OS if you’d like and even better why you chose it. I’ll add them all up and post the results back here. If you’d like to vote on Mastodon the link is https://infosec.space/@wravoc/113411504241010388 [https://infosec.space/@wravoc/113411504241010388] with only two days left. “Other” leads at 38% and I have a feeling it’s all the Debian based distros, yeah? I did not have room on the don for Athena OS [https://athenaos.org/] but I would have. Expanded List: * Windows * Mac * Kali * Parrot * Fedora * Secureblue * Kicksecure * Whonix * Qubes * Alpine * OpenBSD * AthenaOS * Backbox * Black Arch * Tails * Pentoo * SigintOS * FreeBSD And remember, Hackers aren’t Crackers!

Show threadElias GriffinJun 16, 2024

Thanks for all the comments affirming my hard working planned 6 month AI honeypot endeavouring to be a threat to anything that even remotely has the possibility of becoming anti-human. It was in my capability and interest to do, so I did it. This phase may pass and we won’t have to worry, but we aren’t there yet, I believe.

I did some more digging in Perplexity on niche security but this is tangential and speculative un-like my previous evidenced analysis, but I do think I’m on to something and maybe others can help me crack it.

I wrote this nice article www.quadhelion.engineering/…/freebsd-synfin.html about FreeBSD syscontrols tunables, dropping SYN FIN and it’s performance impact on webhosting and security, so I searched for that. There are many conf files out there containing this directive and performance in aggregate but I couldn’t find any specific data on a controlled test of just that tunable, so I tested it months ago.

Searched for it Perplexity:

  • It gave me a contradictorily worded and badly explained answer with the correct conclusion as from two different people
  • None of the sources it claimed said anything* about it’s performance trade-off
  • The answers change daily
  • One answer one day gave an identical fork of a gist with the authors name in comments in the second line. I went on GitHub and notified the original author. gist.github.com/clemensg/8828061?permalink_commen… Then I went to go back and take a screenshot I would say, maybe 5-10 minutes later and I could not recreate that gist as a source anymore. I figured it would be consistent so I didn’t need to take a screenshot right then!

The forked gist was: gist.github.com/…/ac748b77fa3c001ef3791478815f7b6…

[Contradiction over time] The impact was none, negligible, trivial, improve

[Errors] Corrected after yesterday, and in following with my comments on the web that it actually improves performance as in my months old article

  • It is not minimal -> trivial, it’s a huge decision that has definite and measurable impact on todays web stacks. This is an obvious duh moment once you realize you are changing the TCP stacks and that is hardly ever negligible, certainly never none.
  • drop_synfin is mainly mitigating fingerprinting, not DOS/DDoS, that’s a SYN flood it’s meaning, but I also tested this in my article!

    • Anyone feel like an experiment here in this thread and ask ChatGPT the same question for me/us?

    Quadhelion Engineering FreeBSD Cybersecurity Research

    System of Systems Engineering

    Show threadElias GriffinJun 16, 2024

    I also just realized why I’m getting heat here, lawsuits.

    I just gave legal cause that practice was not properly disclosed by Microsoft, abused by OpenAI, a legal grounds as a README.markdown containg code as being software, not speech, integral to licensed software, which is covered by said license.

    If an entity does find out like me your technical writing or code is in AI from a README, they are perhaps liable?

    Show threadElias GriffinJun 16, 2024

    It all started with this today:

    Perplexity AI Is Lying about Their User Agent rknight.me/…/perplexity-ai-is-lying-about-its-use…

    Perplexity AI Is Lying about Their User Agent

    Perplexity AI claims it sends a user agent and respects robots.txt but it absolutely does not

    Show threadElias GriffinJun 16, 2024

    The comments so far aren’t real people posting how they really feel. An agenda or automata. Does that tell you I’m over the target or what?

    Look my post is doing really well on the cyberescurity exchanges. So to all real developers and program managers out there:

    Recommend the removal of any “primary logic” functional code examples out of your README.md, that’s it.

    PSA, Here to help, Elias

    Show threadElias GriffinJun 16, 2024

    Discussion Primer: From my perspective and potential millions of others, the readme is part of the software, it is delivered with the software whether zip, tar, git. Itself, Markdown is a specifiction and can be consider the document as software.

    In fact README is so integral to the software you cannot run the software without it.

    Conclusion: I think we all think of readme, especially ones with examples of your code in your readme, as code. I have evidence AI trains on your README even if you tell it specifally not to use readme, block readme, block markdowns, it still goes after it. Kinda scary?

    I want everyone else to have the evidence I have, Science.

    Elias GriffinJun 15, 2024

    AI Loophole #1; Your GitHub README.md

    https://lemmy.world/post/16572074

    AI Loophole #1; Your GitHub README.md - Lemmy.World

    I used to be the Security Team Lead for Web Applications at one of the largest government data centers in the world but now I do mostly “source available” security mainly focusing on BSD. I’m on GitHub but I run a self-hosted Gogs (which gitea came from) git repo at Quadhelion Engineering Dev [https://quadhelion.dev]. Well, on that server I tried to deny AI with Suricata, robots.txt, “NO AI” Licenses, Human Intelligence (HI) License links in the software, “NO AI” comments in posts everywhere on the Internet where my software was posted. Here is what I found today after having correlated all my logs of git clones or scrapes and traced them all back to IP/Company/Server. Formerly having been loathe to even give my thinking pattern to a potential enemy I asked Perplexity AI questions specifically about BSD security, a very niche topic. Although there is a huge data pool here in general over many decades, my type of software is pretty unique, is buried as it does not come up on a GitHub search [https://github.com/search?q=bsd%20security&type=repositories] for BSD Security for two pages which is all most users will click, is very recent comparitively to the “dead pool” of old knowledge, and is fairly well recieved, yet not generally popular so GitHub Traffic Analysis is very useful. The traceback and AI result analysis shows the following: 1. GitHub cloning vs visitor activity in the Traffic tab DOES NOT MATCH any useful pattern for me the Engineer. Likelyhood of AI training rough estimate of my own repositories: 60% of clones are AI/Automata 2. GitHub README.md [http://README.md] is not licensable material and is a public document able to be trained on no matter what the software license, copyright, statements, or any technical measures used to dissuade/defeat it. a. I’m trying to see if tracking down whether any README.md [http://README.md] no matter what the context is trainable; is a solvable engineering project considering my life constraints. 3. Plagarisation of technical writing: Probable 4. Theft of programming “snippets” or perhaps “single lines of code” and overall logic design pattern for that solution: Probable 5. Supremely interesting choice of datasets used vs available, in summary use, but also checking for validation against other software and weighted upon reputation factors with “Coq” like proofing, GitHub “Stars”, Employer History? 6. Even though I can see my own writing and formatting right out of my README.md [http://README.md] the citation was to “Phoronix Forum” but that isn’t true. That’s like saying your post is “Tick Tock” said. I wrote that, a real flesh and blood human being took comparitvely massive amounts of time to do that. My birthname is there in the post 2 times, in the repo, in the comments, all over the Internet. You should test this out for yourself as I’m not going to take days or a week making a great presentation of a technical case. Check your own niche code, a specific code question of application, or make a mock repo with super niche stuff with lots of code in the README.md [http://README.md] and then check it against AI every day until you see it. P.S. I pulled up TabNine and tried to write Ruby so complicated and magically mashed, AI could offer me nothing, just as an AI obsucation/smartness test. You should try something similar to see what results you get.

    Elias GriffinMay 16, 2024

    Apple, Android, IETF, Launch New Network Around The World.

    https://lemmy.world/post/15450941

    Apple, Android, IETF, Launch New Network Around The World. - Lemmy.World

    I revised the title many times. Am I giving the impact breadth of what it could be without veering into click-bait? Bluetooth Low Energy MESH Network, it is built into the OS without any noted country exemption. Although there be will many air gaps, that is not what I mean. https://www.apple.com/newsroom/2024/05/apple-and-google-deliver-support-for-unwanted-tracking-alerts-in-ios-and-android/ [https://www.apple.com/newsroom/2024/05/apple-and-google-deliver-support-for-unwanted-tracking-alerts-in-ios-and-android/] Some questions that came to mind reading it? * Can China even pull it out of the OS for good measure, disable it, hack it? * Even with topology of some enable, others disable, others wanting security will be reading bluetooth MAC addresses of un-consenting, disabled, for tracking of others whom have enabled, even if they are not being targeted. See below screenshots from the Internet Engineering Task Force presentation [https://www.ietf.org/live/ietf119-dult/]. * Is the Bluetooth freqz and combinatory fields bio-active in any regard of it’s function? Do plants stay healthy around “high intake” Bluetooth whatever that may be? * They mentioned other devices and Industry being involved, how many devices to we expect to also use this protocol in the future? * If we mapped it out, all of these devices thus operating, mapped out of the whole network with a Supercomputer, real-time, how much energy do you think it would be? How many BLE pulses per second, in a busy metropolitan area? * Who pushed for this TRACKING NETWORK I will be partcipating in whether I like or NOT (uptake)? * Where was the pre-planning market and socio-economic research on this presented beforehand? So we’re going to skip this useless marketing-speak on 9to5 Mac - Here’s how the new Cross-Platform Tracking Detection works in iOS 17.5 [https://9to5mac.com/2024/05/13/cross-platform-tracking-detection-ios-17-5/] As far as I can tell, there is nothing that says it doesn’t perform assessment of the MAC address in range, all of them, for “your” security of course. In fact, it seems in line with what they want to accomplish: Track all the trackers? Later safeguard them with a “Safefilter” online database check when Phone starts? Did I get it wrong?

    Elias GriffinJan 25, 2024

    I made an Advanced Asciidoc Cheatsheet

    https://lemmy.world/post/11152809

    I made an Advanced Asciidoc Cheatsheet - Lemmy.World

    I was a big Markdown fan. I think what finally broke me out was list formatting of mixed types, differences in formats across my repo servers, TOC generation software I was using broke, and no good editors suitable for my tastes for asciidoc that are available on BSD or Alpine Linux. However, I found out that gedit natively supports adoc and even colors the admonitions. Excellent! All the guides seem to be too skimpy, not robust enough, or out of order. I like to create as I read. * Comes with the adoc used to generate the guide and a PDF version. * Recommends editors with native asiidoc support. * Gives a comprehensive header “template”. * Enables experimental features, admonition icons, and code highlighting. * Shows the best read/write table syntax missing from the official guide. * Corrects two errors in the official guide. Did you know Asciidoc has a counter increment function? Although it gives a warning saying not to use if possible, I found it works well for simple tasks. Enjoy. https://www.quadhelion.engineering/guides/AsciiDocCheatSheet.html [https://www.quadhelion.engineering/guides/AsciiDocCheatSheet.html]