BC TECH
Saved by @zmbnski

Just published 15,000+ words on security keys. 🔐📱💻

With SIM attacks at their highest, now is a great time to take a closer look at your online security.

Removing SMS from your two-factor auth is a start, but authenticator apps have downsides too...

https://t.co/Dk0MPJHL2V

 Just look at these headlines from recent SIM swap and port attacks.

It's all too established for attackers to find ways to socially engineer control of your phone number and start gaining control of your accounts.

I first talk about some general security tips.
Unfortunately not all websites let you remove your phone number from accounts.

You may consider migrating your phone carrier to @googlefi , which requires email account access to do anything (and can be locked down with security keys and even Advanced Protection)
Beyond SMS, I talk about issues that TOTP authenticator apps (the code generators) have as a form of two-factor auth. They're so, so much better than relying on SMS for your second factor but they still have issues like utilizing shared secrets and lacking phishing prevention.
Enter security keys!

Utilizing public key cryptography they don't have any shared secret between the client and the server. They prevent phishing by taking the website domain into account.

Even if you get tricked by a clone phishing website, your key won't.
Keys have been around for a while under various names and technologies. Recently it was FIDO U2F + CTAP1 but now we have FIDO2 WebAuthn with CTAP2..

It's all very confusing...
Security keys are great for two-factor auth but FIDO2 has a vision for more: support for platform authenticators (like fingerprint readers and other biometrics) as well as being able to use them for "passwordless" authentication. https://t.co/qHI8n8x8m6
But this area is still nascent. Plagued by years of sub-par security key support across browsers. Things have been getting better in recent years with recently updated NFC support on iOS 13 but it's still a waiting game until things are made easier.
Which brings the question.. Why must I carry around an extra device just to be safe online?

You shouldn't. WebAuthn aims to change that.

But for now, security keys—combined with strong online security best practices—are a great way to fortify your regular online activities.
This article was so long (like all of mine) that I took the time to build this little fly-out table of contents browser 🤣
I also went out of my way to design these little security key icons in figma while I was writing this 😍 cc @Yubico

More from Tech

Antonio Garc\xeda Mart\xednez
Antonio García Martíne...
@antoniogm
Observing the public conversation around FB, and the private ones happening among techies and ex-FBers, I think the mutual misunderstanding is worse than when I set out two years (and 500 pages) ago to (in a small way) bridge that gulf.

We're basically fucked.

The tech world has gotten so huge, self-reinforcing, and insulated from reality they can no longer even vaguely look at themselves (and their actions) as others do. They just live on a different planet than most people.

Conversely, the average tech consumer doesn't understand the technology that has slowly taken over their lives, and their designated emissaries to figure it out--politicians, pundits, regulators, journalists--understand it barely better than they do, and have their own agendas.

To say more than generalities for a moment, here's what I think is likely the core problem.

Techies take weird, improbable visions, and make them realities: some BS pitch deck to a VC, mixed with money and people, really does turn into some novel thing.

Most people work inside a legacy industry that's evolved that way over time (usually for good reasons), and they think about the future via some analogy with their present (which is a function of a long-ago past). The interruption that tech will introduce is often hard to grasp.
TECH
Alex Stamos
Alex Stamos
@alexstamos
The entire discussion around Facebook’s disclosures of what happened in 2016 is very frustrating. No exec stopped any investigations, but there were a lot of heated discussions about what to publish and when.


In the spring and summer of 2016, as reported by the Times, activity we traced to GRU was reported to the FBI. This was the standard model of interaction companies used for nation-state attacks against likely US targeted.

In the Spring of 2017, after a deep dive into the Fake News phenomena, the security team wanted to publish an update that covered what we had learned. At this point, we didn’t have any advertising content or the big IRA cluster, but we did know about the GRU model.

This report when through dozens of edits as different equities were represented. I did not have any meetings with Sheryl on the paper, but I can’t speak to whether she was in the loop with my higher-ups.

In the end, the difficult question of attribution was settled by us pointing to the DNI report instead of saying Russia or GRU directly. In my pre-briefs with members of Congress, I made it clear that we believed this action was GRU.
TECH
Advertisement
Caleb Porzio
Caleb Porzio
@calebporzio
🎉🎉 PHP 7.3 is here!

Here are the things I'm excited about.

🚂 Trailing commas in function/method calls!

This will certainly be a required styling choice for me. Same delightful benefits of trailing comma in multi-line PHP arrays, and JavaScript objects.


🧵 Less disgusting heredoc syntax!

Inlining heredoc strings in any way right now is grrrosssss. Now we get sensible capabilities. Everything that was wrong with it is now fixed!

(Ignore the bad syntax highlighting)


☠️ Finally, not-so-silent json_decode error detection!

This really sucked before, now it just sucks a bit less (who wants to pass a 4th param and pass 2 default params first? (helper function anybody?)


📜 Not horrible functions for getting the first and last item (or key) from an array!

Before you either strung a bunch of functions together or messed with internal array pointers. This is a much-needed improvement.
TECH
Resist the Hologram - Stu Cvrk
Resist the Hologram - ...
@STUinSD
Thread – Dump the Legacy Media; Turn to These News Sources

A. We all need sources less tainted by the Big Tech/globalist narratives that are echoed repeatedly throughout the legacy media. My brother sent me a list of alternatives from the Noq report.
TECH
Pete Savin
Pete Savin
@pete_savin
Wellcome to our virtual walk from Ambleside to Howtown on Lake Ullswater. I’ve based the route on #HadriansHighWay by @fellranger1 which he uses a variant to the main route. Books can be bought direct or through @VindolandaTrust


A view of #Ambleside from Wansfell our starting point in the heart of the #LakeDistrict @CumbriaMagazine


We can start at the roman fort at the edge of #Windermere. The Romans stated to push into the lakes in the early 90’s AD, this fort dates to the rebuild in Hadrian’s Reign possibly after warfare which brought about #HadriansWall #Ambleside


The #Ambleside posting wasn’t always a peaceful one as the gravestone in the @ArmittMuseum shows one man was killed “in the fort”


Time to leave and head out of town passing this scale model of the famous Bridge House in #Ambleside #virtualwalk
TECH

You May Also Like

Jonathan Ware
Jonathan Ware
@ReassessHistory
So when it first appeared in Normandy, the Sherman Firefly and it's meaty 17 pounder represented an ideal combo of reliable chassis, great gun and devastating firepower right?

Ummm...

Truth is a bit more complex. /1
#WW2 #SWW #History


Deliveries of Firefly to units only commenced in April 1944,
just a few weeks before Overlord & left minimal time for familiarisation.

Armoured Regiments mostly utilised Fireflies on a basis of 1 per troop of 4 tanks. /2


Finally each armoured regiment troop had access to integral, meaty, anti-tank firepower capable of dealing serious damage to any German AFV likely to be encountered. /3


The dual purpose 75mm gun was quite capable of laying down a reasonable HE shell or AP round for dealing with Panzer III or IV.

Firefly's 17 Pounder had.... problems with HE, but excelled at tank killing. So Tigers and Panthers would need to be wary. /4


Firefly's design history dated back to March 1943 when the General Staff published "Policy on Tanks" which effectively stated the majority of tanks should have a good HE weapon and...

[See image below] /5
HISTORY
ArmaniTalks \U0001f399\U0001f525
ArmaniTalks 🎙🔥...
@ArmaniTalks
Manipulation Sign:

If you are compromising too much, there is a chance that you are getting manipulated.

Why are you the one that's always compromising?

How come the other person always gets their way?

Be more curious.

If something seems off, stick up for yourself.

'Wait, you sure I am being manipulated?'

I have no clue, that is only something that you can decide for yourself.

'Dang is there anything I need to look out for?'

Plenty..

But let me give you a few things to look out for.

👇

I see manipulation as skillfully controlling someone's behavior for egotistical or unethical purposes.

'How come people don't leave when it's happening to them?'

Because most people have 0 clue that they are being manipulated.

1. Guilt Trip

You ever made a mistake around someone, only for them to hold it over your head?

The will always bring up the mistake when you 2 are not seeing eye to eye.

These people will use that mistake as leverage to get what they want from you in the future.

Look out.

2. The Rationalizer

This person will commit the worst acts & find a way to rationalize it.

Example: cheaters when they get caught.

They have every excuse in the book for why they did it.

Heck, they are so good at rationalizing, they will make it seem like your fault.
LIFE
Advertisement
Kevin Murphy
Kevin Murphy
@kwmurphy
Okay look - I didn’t grow up with comic books. But I read stacks of science fiction digests and I kit-bashed model cars into fantasy rods, and just tried to maintain a low profile until I could get out of the house. So you could say I’m a distant cousin of the comic book fan. /1

And sometimes one’s childhood passion follows them into adulthood, sometimes not, sometimes as an adult one finds a passion they never had as a child and embraces it. For me, that must include getting involved with a puppet show at the age of thirty. /2

So who’s to say whose passion’s legitimate and whose is bogus? Nobody. Someone might indict your passion but they have no ground to stand on and should be dismissed out of hand. /3

Maybe they’re envious that you have a passion, maybe they think that their passion is cooler than yours, or maybe they’re just insecure, who knows. Doesn’t matter. /4

What matters is that if something gives you joy, and in the process doesn’t hurt others, then by all means follow it. It’s how we explore our secret hopes, our shadow sides, our inner character. /5
CULTURE
Simon DeDeo
Simon DeDeo
@SimonDeDeo
So, today, for the first time in 25 (!) years of Apple, I downgraded. From the 2016 MacBook Pro to my 2013, which I had kept in a drawer...


It was pretty simple to do—Apple Time Machine backups let me do it with one click.

That first tweet captures, in two pictures, how badly Apple has “lost the plot” (to quote @wylieprof). On the right is the Apple MagSafe adapter, from 2013. On the left, what I had “upgraded” to.

Thanks, Apple! I really was nostalgic for worrying about yanking my computer off the table.

Oh and I really appreciated not knowing if my computer was charging. What was great was the little whoop sound you used, so that the speaker before me could be informed I was charging my laptop.
TECH
Aditya Todmal
Aditya Todmal
@AdityaTodmal
MASTER THREAD on Short Strangles.

Curated the best tweets from the best traders who are exceptional at managing strangles.

• Positional Strangles
• Intraday Strangles
• Position Sizing
• How to do Adjustments
• Plenty of Examples
• When to avoid
• Exit Criteria

How to sell Strangles in weekly expiry as explained by boss himself. @Mitesh_Engr

• When to sell
• How to do Adjustments
• Exit


Beautiful explanation on positional option selling by @Mitesh_Engr
Sir on how to sell low premium strangles yourself without paying anyone. This is a free mini course in


1st Live example of managing a strangle by Mitesh Sir. @Mitesh_Engr

• Sold Strangles 20% cap used
• Added 20% cap more when in profit
• Booked profitable leg and rolled up
• Kept rolling up profitable leg
• Booked loss in calls
• Sold only


2nd example by @Mitesh_Engr Sir on converting a directional trade into strangles. Option Sellers can use this for consistent profit.

• Identified a reversal and sold puts

• Puts decayed a lot

• When achieved 2% profit through puts then sold
OPTIONSLEARNINGS , ALL , OPTIONS STRATEGY