Of course, we just adopted Material for MK Docs about 12 months ago.
I’ve been looking at Zensical https://zensical.org/ as a replacement, but I couldn’t fully reason why they went off and did their own thing. I wasn’t sure if it was a money grab or what their motivation was.
This article provided the context I needed to understand the why. We’re going to definitely give them a shot.
For me it is less about credit and more about access. Stack overflow is public and freely available - I’ll give answers for the benefit of the community. ChatGPT is a product, it’s locked behind accounts and limited unless you’re paying.
They changed the deal on their end? I’ll delete my posts.
But your answers will still be available on SO, unless you remove them. Your answers were free and publicly available until you removed them. Making them also available to paying customers of chat-gpt does not change that at all.
In fact, chat gpt will probably still be able to answer those questions, so you removing your answers actually only removes them from the public, thus forcing people to use a paid product instead.
You had one goal, and your actions achieved the opposite.
Siuan Sanche's law of unintended consequences ought to be taught in primary school. Unfortunately it isn't.
Even with controls on the device companies act in bad faith and take liberties with your privacy - I was going to the beach yesterday and my friend shared his location through messenger, to view it I had to share my precise location too - why? You can deny the permission all you want but that won’t stop them blocking features unless you tick the box, even if it is unrelated or not needed for the functionality.
That's a clear example of a bad technical control, whose fix can still be implemented in iOS without the App Store. It's pretty trivial to add a feature to iOS that allows you to fake your location - there was an Android fork that had that feature for a while a few years ago.
> You can deny the permission all you want but that won’t stop them blocking features unless you tick the box
Many permissions (camera, mic, location, etc.) are trivial for the OS to spoof and don't require app store vetting.
I think the archive of an article is more preservation of history and maintaining records of events which often disappear if not archived. The number of threads referencing articles which are defunct is always increasing. A book or movie or original content on the other hand will continue to hold its own commercial value so reproducing it is more akin to an actual loss for the license holder.
Definitely a grey area when that content is then used to train models though.
I would say 9 times out of 10 it's to get around the paywall and absolutely not some higher moralistic preservation of history.
And everything is a grey area, determining the line is the existential purpose of these court cases.
We've been here before with hyperlinking, then indexing and then linking with previews and the Canadian Facebook stuff but I think this has more standing.
If I buy a book, I get a work of literature. But if I buy a news subscription I get a series of facts riddled with advertisements. I accept the former, but I oppose the latter. I suspect I'm not the only one.
both are just the price you want to pay. There are various state news outlets that you're probably already paying for - npr, pbs, bbc, cncb depending on your region
There are no resources like this that exist in NZ. Bringing server hosting here is super important for data sovereignty and modernising our government tech, and makes it easier for overseas businesses to bring servers here. I’m excited for the possibility of game servers I’ll have less than 80ms to.
Really? I don’t think this is at all similar to a car safety recall. That’s more like trying to issue a recall for a car because people can smash it’s windows and break in.
yeah of course it's an analogy. But by adding liability we'll get more recalls (patches) done. Vendors will stop playing FUD and will focus on the real cost of their security flaws.
And yes some will still not do patches, just like some car vendors are considered less trustworthy.
But at least the risk of suit will loom over their heads.
But the parent's point is that's still putting the liability on the vendor rather than the actual criminal. Perhaps it's more like if a car is sold without an immobilizer or an alarm, holding the manufacturer liable if it's stolen. But if that kind of fails, because it's pretty simple to mandate a handful of security additions to cars, whereas software is orders of magnitude more varied and complex. It would be hard for any vendor, let alone small companies, to prove they'd followed every conceivable best practice. Might even be impossible, as some likely conflict. And if you try to codify exactly what security practices should be followed, what do you do when those practices become obsolete?
Yeah, I think it's just a fault in the analogy and in part demonstrating why reason from analogy is faulty.
My point is this If vendors were liable (at least in part) for security faults in their products, then they would be more diligent about closing those gaps.
Yeah, and in principle I agree. It's just tough to imagine how exactly you'd regulate that in practice without doing a lot of unintended harm along the way, especially to (potential) small vendors.
In terms of languages I'd echo the sibling comment, Ruby or python are likely to be good choices.
If you're looking for things to start getting into security type learning, you could do a lot worse than start with CTFs (https://ctftime.org/ctf-wtf/) Whilst they're not identical to what you'll face as a security tester, they cover a lot of similar skills. Also you'll likely meet people in the industry by doing them.
There's also sites like https://pentesterlab.com/ which have free examples of pentesting challenges.
Take a look at either Ruby or Python - both have huge userbases in general, but are also used regularly within the business.
A lot of quick scripts are written in Python - you may have noticed this in Kali.
Ruby is what metaspoilt in built upon, meaning a lot of the modules are also ruby.
Both are great languages. In regards to where to start with learning them, take a look at https://www.codecademy.com, both are featured there and give you a nice gentle introduction to their syntax and ways of workings.
For some interesting reading, go pick up a Kevin Mitnick book like Art of Intrusion. It's not a technical how-to but a collection of social engineering stories that are fun reads. Gives you a lot more insight into where the real vulnerabilities are.
If you're serious about infosec and not just want to run tools and call it a day, I suggest covering the basics first:
- programming: would be cool if you learn not only some language but programming “as art and mindset” in general. This includes your typical Computer Science courses, algorithms etc. Great if your school or university teaches those but you can always fall back to online education platforms.
When it comes to language, I'd recommend Python over Ruby. Granted, the latter powers Metasploit, but a lot more tools and wrappers around tools are written in Python. Once you know Python, creating Metasploit modules won't be a problem because a lot of things are handled by the Metasploit Framework.
Also, this comes from a highly subjective Python developer but suggest to learn Python 3, despite a lot of infosec tutorials and tools still using Python 2 (e.g. socket programming). It's easy to fall back to Py2 if you need but you'll have the power of latest and greatest if you go Py3 because not everything is backported. Most books contain a lot of useless material and are pretty slow-paced and I'm not a fan of “Learn Python The Hard Way” either. I personally started with “Learning Python” by Mark Lutz; after about a third into the book I ditched it and just went practicing and googling for answers. Cannot vouch for “Automate the boring stuff…”. You do you but in the end it all comes to practicing.
- networks: almost as important, if not more important than programming. Web pentesting, internal network pentesting, malware reversing, DFIR, even some part of exploit writing constantly interact with networks and analyze traffic.
- OS: for starters, tinkering will be enough. Familiarize yourself with Windows (console, registry) and some flavour of Linux (shell, permissions, important files etc.), preferably Debian-based because they are popular in CTFs and tutorials. Install and configure some software like web servers, databases, development environments to get the hang of it.
Where to learn:
Google, obviously.
https://pentesterlab.com/ is great for web pentesting. They have free tier with pretty okayish explanations and exercises. They also have “Bootcamp” section which covers some network, programming and Linux stuff.
LiveOverflow's Youtube channel has a playlist called “LiveOverflow Binary Hacking” which is a great primer into exploit development on Linux. For Windows, you should probably check Corelan series: https://www.corelan.be/index.php/articles/
https://www.vulnhub.com/ has machines for practice. Not all of them are great but you may learn a lot by reading writeups.
When it comes to certifications, they all serve their purpose, even CISSP and CEH. I did OSCP and while I won't call it “10 out of 10”, it's decent and probably the best one when it comes to skill practice and cost. It targets internal network pentesting, though, which might not be that useful if you choose other field.
