Olivia
Online
Gah, @PrimeVideo why does prime video skip to the next season of a show, every time I'm 5 episodes from the end of the last season. Not. Cool.
SugarJar 2.0.2 is out!
`bclean` improvements, new `sync` cmd for keeping different workstations in sync, new cmds for remote branch cleanup & bugfixes.
Available on rubygems. New pkgs already submitted to Fedora and Homebrew and other distros coming.
https://t.co/rDkXi3sbw3
oss-stats v0.0.2
I've released oss-stats v0.0.2.
oss-stats is a suite of tools for reporting on the health of F/OSS Communities/Projects.
Please try it out!
https://t.co/Llp5M8aS9c
oss-stats 0.0.1 released!
I've released the very first version of oss-stats! It's actually been in use for months now, but it's now more ready for public consumption.
Measure and report on the health of F/OSS projects!
https://t.co/Llp5M8aS9c
Who to follow
Christopher Webber
@cwebber
Ride HEAD or die trying. Shaver of Yaks and lover of Ops. Dir Plat Eng, Formstack. Former Tenable, Chef, UCR. Rotarian. I speak for myself, not where I work.
Bearded Beauty aka [email protected] #opentowork
@gwaldo
Geek. Introvert. Public Speaker. Not quite certified organic. Often knows where his towel is. Wears cargo-shorts, uses Oxford commas. Lumber-snack.
Michael Hedgpeth 
@michaelhedgpeth
Founder and CTO working on the intersection of people and software engineering at https://t.co/JmnNKMTlF1 - married to @anniehedgie
Hey @buildkite - Can public pipelines please be accessible via the API even if you're not a member of the org? They're public, and I don't want to scrape the webUI just to get build stats. That'd be super helpful to the F/OSS community. <3
I'm really excited to finally have this revamped version of our annual diversity report published. Thanks to everyone who helped!
The Scale Divcersity team is pleased to publish an updated diversity report.
https://t.co/nA8oUe7Xww
For #VeteransDay...help us SHARE THIS positive veteran story.
Inspired by a true story. By a US Army vet filmmaker. About vets. Starring vets 🫡
@RottenTomatoes @morgan_freeman
.@FedExHelp your system doesn't recognize the doortag number you left, but your phone automation won't transfer to a human without a valid one. WTF.
The SCALE 22X CFP closes at the end of the month! Don't forget to submit your proposal!
FLOSS fanatics, time is running out, this is your moment! SCaLE 22x is looking for presenters with passion. Submit your talk by Nov 1st and leave your mark on the open-source world: https://t.co/IFvDadYfxa #SCaLE22x
Please share this far and wide. As far and wide as you can. NIST Password Guidelines for 2024 are in the process of being updated.
This is a HUGE pet-peeve of mine (when vendors in particular are still operating like its 2017 and keep changing passwords every 60 days, STOP DOING THIS, it's outdated and has been shown to put you MORE at risk than less -- NIST explains why it does in this document, meticulously outlining user behavior**) so I'm sharing this in the hopes all of you will pass it along to your bosses.
The Special Publication series governing passwords is SP 800-63 "Digital Identity Guidelines".
The 2024 version is 800-63-4.
Here: https://t.co/oX8YEJHxXg
The companion docs are also on that link. They are 800-63A, 800-63B and 800-63C. These are different documents for different scenarios in play at your org.
The previous update was in2020.
The changes in the 2020 version from the 2017 version were numerous but one of them was that the password verification method should NO LONGER require passwords be changed at specific intervals (i.e. every 60 days) but in the following circumstances instead:
1. After a breach/compromise
2. User request
2024 repeats this and adds a bunch more guidlines but here is a screenshot of page 13 of the new 800-63-4 (note the # 4 after it) which outlines how your systems should now and moving forward, be handling passwords.
This goes for Active Directory, too. All your systems which have passwords should align with these guidelines provided there isn't another standard or framework you must adhere to which overrules this.
Most frameworks, however, have moved away from arbitrary password resets and complexity rules.
**We cybersec researchers and hackers use wordlists from breaches in a variety of different ways. Hackers use them in tooling to crack passwords whereas researchers use breach dumps to see the kinds of passwords users are creating and the psychology behind them.
Using complexity rules gets you the user psychology of:
Password1
Password2
and so on
Use phrasing instead and allow for spaces, which is important. Humans type phrases with spaces. They also mention phish-resistant methods and most vendors are on-board with MS going to be turning off all Legacy Auth next month, across all free accounts and tenancies.
I'm so excited for the new changes!
Ok I'm off my soapbox.
Share the love! Thank you!
Everyone should read this thread. Long but worth it. If you have children, extra make sure you get to the end.
You may have heard the term “Project 2025” floating around, and you may even have cracked open the 900+ page document yourself, only to see a lot of kind of bland, policy-wonk text. So let me crack through the policy-speak and tell you WTF is in this document.
Version 1.1.2 of SugarJar is out!
Its coolest new features are 'subfeature's and Stacked PRs.
Full details here: https://t.co/wawOWyVG25
Will get to Fedora, Debian, Ubuntu, Homebrew, etc. in the coming days.
@HeyItsGilbertS I think that solves a different problem. It's also centralized as opposed to distributed. This fits well into a Chef model for example. Or a local debugging model.
I released setup-oob 0.0.3 today.
https://t.co/VpuVhgtMVn
This is a good article. It has a few gaps I wish were explored, but I think the gist is correct.
https://t.co/rvBeHhiDZO
I've released version 0.0.3 of `kubectl-daemons`, my kubectl plugin for dealing with daemonsets:
https://t.co/ovlnNgLDTD
@keithpitt @buildkite I think yaml is the right language. These days we're all just yaml engineers, anyway.
@CA_22562_AN Is there some context here? Is this just a thought for managing documentation generically and code repos? Why separate these out, docs should pair with code, thus, this could just be a pre-commit. Also, GH and others render MD well as HTML, no?
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.6M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.5M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.9M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.6M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers