Sun is shining in the sky, there ain't a cloud in sight... I finally found a use for the .uk domain variant that Nominet's protection racket made me buy:
https://t.co/UrRpUF8iNv
@WestMidRailway I have an advance ticket for the 16:56 from Tamworth to Euston but won’t make it because the 15:48 Cross Country service from Burton has been cancelled. Can I use my ticket on a later train? If so, is it only WM trains or can I use it on @AvantiWestCoast as well?
@VirginAtlantic How early before the flight to Heathrow can you drop bags at Incheon airport?
Or, even better, is there any way to through-check bags between Korean Air and Virgin (separate bookings) so I don't have to go through immigration and wait landside to re-check my bag?
Inspired by @distributionat I tested the geolocation capabilities of gpt4o.
uhm, they are INSANE!!!!!!
here are examples. ALL CORRECT. These are all photos of mine, not in the public domain,
1. San Sebastian, Spain
2. Chalkida, Evoia, Greece
3. Koufonisia, Cyclades, Greece
4. Kedrodassos, Crete, Greece
You can buy two base model (16GB RAM / 256 GB SSD) Mac mini for the price it costs to upgrade a single Mac mini to 32GB RAM / 512GB SSD.
Their upgrade pricing has been extortionate for years, but this is getting literally insane.
@Kent_cc@StagecoachSE Is there a page missing from the new Dover Fastrack timetable? Surely you haven't spent £34 million pounds on a bus route that stops at 7:20pm, over 6 hours before the last train?
The decision to transfer the Chagos Islands to Mauritius will result in the loss of the .io top-level domain. As, once the treaty is signed, the British Indian Ocean Territory will cease to exist. https://t.co/qFyPkuG57y
Some of these Amazon Prime Day deals are questionable at best. Item was £89.99 yesterday with a 30% voucher available. Today it's showing as £99.99 RRP and has 24% off as a "Prime Day Deal". Net result a £13.50 increase for the privilege of buying on Prime Day.
It's CUPS.
"A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP URLs with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer)."
A 9.9 CVE has been announced for Linux 👀 Remote code execution. No details yet. Heartbleed was 7.5, for reference. This is one of the worst in history. All GNU/Linux systems impacted.
Please share this far and wide. As far and wide as you can. NIST Password Guidelines for 2024 are in the process of being updated.
This is a HUGE pet-peeve of mine (when vendors in particular are still operating like its 2017 and keep changing passwords every 60 days, STOP DOING THIS, it's outdated and has been shown to put you MORE at risk than less -- NIST explains why it does in this document, meticulously outlining user behavior**) so I'm sharing this in the hopes all of you will pass it along to your bosses.
The Special Publication series governing passwords is SP 800-63 "Digital Identity Guidelines".
The 2024 version is 800-63-4.
Here: https://t.co/oX8YEJHxXg
The companion docs are also on that link. They are 800-63A, 800-63B and 800-63C. These are different documents for different scenarios in play at your org.
The previous update was in2020.
The changes in the 2020 version from the 2017 version were numerous but one of them was that the password verification method should NO LONGER require passwords be changed at specific intervals (i.e. every 60 days) but in the following circumstances instead:
1. After a breach/compromise
2. User request
2024 repeats this and adds a bunch more guidlines but here is a screenshot of page 13 of the new 800-63-4 (note the # 4 after it) which outlines how your systems should now and moving forward, be handling passwords.
This goes for Active Directory, too. All your systems which have passwords should align with these guidelines provided there isn't another standard or framework you must adhere to which overrules this.
Most frameworks, however, have moved away from arbitrary password resets and complexity rules.
**We cybersec researchers and hackers use wordlists from breaches in a variety of different ways. Hackers use them in tooling to crack passwords whereas researchers use breach dumps to see the kinds of passwords users are creating and the psychology behind them.
Using complexity rules gets you the user psychology of:
Password1
Password2
and so on
Use phrasing instead and allow for spaces, which is important. Humans type phrases with spaces. They also mention phish-resistant methods and most vendors are on-board with MS going to be turning off all Legacy Auth next month, across all free accounts and tenancies.
I'm so excited for the new changes!
Ok I'm off my soapbox.
Share the love! Thank you!