Social Engineering for the Blue Team:

After I read, Chris Hadnagy’s book, Social Engineering: The Art of Human Hacking I realized that it’s more than just a red team activity. In fact Wikipedia has multiple entries on the topic. It’s not just security focused. It’s also political. Reading the book it’s even more than that. Sales and marketing people use social engineering. In fact, we all do it, to varying degrees. Some better than others. The book is focused on red teaming for social engineering. A lot of those concepts, though, I could easily apply and even provide examples of doing on a day-to-day basis.

(Via Timothy De Block)

This is the gist of Tim’s upcoming workshop, Social Engineering for the Blue Team, at Converge & Bsides Detroit May 10-12 2018. Give his post a read and provide him with your feedback. Tim’s a great presenter and speaker, so it is worth your time.

From nytimes.com:

Personal responsibility is, of course, not a binary construct. When we say unhealthy behavior — overeating, smoking, excessive alcohol use — is not your fault, we may rob people of the initiative to change it. When we say that same behavior is all your fault, we fail to recognize a more complex reality: Health is a product of genes, environment, work, education, family, medical care and many other factors.

Although it seems we should encourage personal responsibility, punishing the opposite may be heavy-handed and even counterproductive. Breaking down every factor that leads patients to develop cancer or heart disease or Alzheimer’s — and penalizing or rewarding them based on the share they could in theory control — seems a herculean and morally suspect task.

Personal responsibility is an attractive goal with deep roots in American culture. But if it’s too aggressively pursued, it may conflict with another worthy ideal: In a nation as wealthy as the United States, sick humans deserve health care — even if they can’t pay, and even if they’ve made some bad choices.

One eye opening experience was when I was climbing (really, walking up) a mountain in Nara, Japan. I kept passing the same guy. He was not quite my height but easily 30KG (about 66 pounds) lighter than me. Crazy hair, wispy beard, and a tan that identified him easily as a laborer.

I would pass him at the end of various legs of the journey. He would be at a waystation, puffing on a cigarette and drinking a Coke while munching down on some junk food. He would effortlessly pass me on each leg with a large bundle strapped to him, not seeming to break a sweat.

I don’t smoke. I don’t drink soda. And I don’t eat junk food.

But no one will convince me the fellow I crossed paths with so many times wasn’t healthier than me.

That health is a tapestry of “genes, environment, work, education, family, medical care, and many other factors” seems right to me.

In another anecdotal example, someone I know with similar habits to my own went on his “grind”, which basically means sudden excercise and dietary change largely focused on removing carbohydrates from his intake. He worked hard on his “grind” for several weeks to achieve a substantial weight loss. He admits the unlikelihood he will be able to maintain his current weight, and he was miserable while working toward it.

So when we talk about personal responsibility with health care, how do these two edge cases fit?

There needs to be an intelligent, nuanced, and scientifically-based discussion on how best to address Western (especially American) health in the immediate, short, and long terms. The current approaches seem inadequate.

Photo by Joseph Gonzalez on Unsplash

Docomo iPhone customers got a big update today, My Docomo v2 with a completely new design and iPad support. It’s now easier to see monthly data usage and buy more (naturally) if necessary, access plan options and d Points, finally there is much better integration of multiple device accounts. It used to be that Docomo branded Android phones had all the bells and whistles but those days are waning fast.

Unfortunately changing plan options still kicks you over to the My Docomo browser page forcing you do make changes there. I’d rather keep all my business in the app but I think Docomo will get there eventually.

via AtaDistance.

This will be news, maybe good news, to my Japanese friends. I still use Google Project Fi service here because of the global coverage and relatively fixed costs.

HomePod and the Apple Music Japanese Metadata Mess:

Japan is one of most profitable music markets after the US market. If Apple wants to sell HomePod in Japan at some point, they’ll have to get their Apple Music Japanese metadata problem sorted out first.

(Via Ata Distance)

Read the whole article for examples of how Apple Music/iCloud Music/iTunes Match is a “hot mess”.

Language/Editor Integration:

Articles about Org mode almost always make the point that Org documents are plain text and can be edited with any editor. That’s true and it’s part of what gives Org its power.

On the other hand, just because you can edit Org mode documents with any editor doesn’t mean you should or would. Who, other than in an emergency, would do such a thing1? One reason not to do so is, of course, that Org mode runs in the Emacs lisp interpreter so you can’t get agendas, generate reports, use the spreadsheet functionality, or a host of other things in other editors.

A more subtle reason, though, is that the Org language is integrated with the Emacs editor.

(Via Emacs – Irreal)

I agree … but …

I don’t have a universal Emacs device. I use Orgzly on Android [F-Droid & Google Play] and beorg on iOS for tasks and agenda stuff when I’m mobile which fill the gaps a bit. I use Termux on Android [F-Droid & Google Play] for a more full-featured Emacs experience. And of course I have Emacs on my MacBook Air, my MacMini, and my Surface Pro 4.

There is a capture gap that still needs addressing. Then, manipulating that which has been captured.

I don’t have a good solution, but I know that this is not (directly) an Emacs issue. And it should not be a Gnu Emacs issue, because RMS won’t let it be. Too many compromises would need to be made in order to facilitate an “official” macOS Share Sheet for Emacs, for example.