On day one, do one push up. Day two, two. Sounds a bit ridiculous, but it gradually builds difficulty.

Crucially, it is not all in one sitting. On day 10, if needed, do five when you wake up, and five before bed.

Break it up into something achievable. And if you miss a day, don’t sweat it. Again, the idea is to start to build, or rebuild strength and flexibility, the exercises themselves barely matter; you could do planks instead, for example.

So to correct one thing:

Poor posture is a symptom of poor core strength, particularly, your rhomboids and lower back. If your muscles are both stronger and more flexible, they will literally pull your bones into the correct alignment, without any conscious thought towards sitting straighter.

Start by taking a short walk once a day (free). A 100 day pushup challenge (free) or starting Yoga classes (can be free on YouTube, but in-person has several benefits, including having someone correcting your form, and some social structures to help provide extra motivation) would be a great next step. Longer term, maybe light weights and rows alongside using a treadmill or stationary bike.

If you choose to look into weight training, “Starting strength” is a decent program by Mark Rippetoe that I would recommend.

You know the Internet didn’t die, right?

Said it better than I could. Fair? Yes. Effective? No.

Even as a power user… You can’t.

And, in the 21st century, nothing on your computer is safe and private, least of all, browser extensions.

Even if an extension is safe today, with a tiny handful of notable exceptions, it will be”monetized”, or bought and sold to someone that will use it to install adware on your system, train their AI model, or steal your personal information.

There is no feasible defense to this for a layperson, other than absolute transparency in FOSS, and even that is under attack via flaws in the software supply chain.

The best a layperson can hope for is that major vendors care more about exclusivity and locking others out of their ecosystem, such that they are the only ones who have full control of your data (Apple, Google, Microsoft).

deleted by creator

It’s not like the malicious actors have stopped looking… If they are finding fewer vulnerabilities, it sounds to me they should be paying more.

Actively encouraging people to toss perfectly good hardware to fuel their subscription bullshit… and these guys weren’t even recently bought by a VC firm or anything?

That’s a penis dot gif

"My mother … would give us a hard time sometimes, and she would say to us, ‘I don’t know what’s wrong with you young people. You think you just fell out of a coconut tree?’ " Harris said with a laugh. “You exist in the context of all in which you live and what came before you.”

From my understanding, the impetus was that F5 submitted a CVE for a vulnerability, for an optional, “beta” feature that can be enabled. Dounin did not think a CVE should be submitted, since he did not considered it to be “production” feature.

That said, the vulnerability is in shipping code, regardless of whether it is optional or not, so per industry coding practices, it should either be patched or removed entirely in order to resolve the issue.

Authentication is, explicitly, the process of validating that you are who you say you are. Like biometrics, your username is part of your digital identity. So you are correct in arguing that biometrics alone is little stronger than a username, but by definition, both are part of authentication.

That said, to securely authenticate your identity, you need to use multiple factors.

Could you? Yes. But there really is no point— biometrics alone are only a single factor for authentication.

You should have at least two of the three— something you are (fingerprint, facial, or retinal recognition), something you have (badge, token, secure device), and something you know (passphrase).

1. From the title of your article and your executive summary, the premise of your paper is that CVSS is flawed, and CITE is your solution.
2. From the title of your article, and choice of name, “QHE CVSS Alternative; CITE”. CVSS is a VULNERABILITY Scoring System. CITE, as your propose, is a THREAT evaluation tool. You can see how one could have the impression that they were incorrectly being used interchangeably.

As you yourself stated, CVSS does exactly what it says on the box. It provides a singular rating for a software vulnerability, in a vacuum. It does not prescribe to do anything more, and it does a good job doing what it sets out to do (including specifically as an input to other quantitative risk calculations).

Compare what with attack?

Your methodology heavily relies on “the analysis of cybersecurity experts”, and in particular, frequently references “exploit chains”, mappings which are not clearly defined, and appears to rely on the knowledge of the individual practitioner, rather than existing open frameworks. MITRE ATT&CK and CAPEC already provide such a mapping, as well as a list of threat actor groups leveraging tactics, techniques, and procedures (e.g., exploitation of a given CVE). Here’s a good articlewhich maps similarly to how we operate our cybersecurity program.

I think there is a lot on the mark in your article about the issues with cybersecurity today, but again, I believe that your premise that CVSS needs replacing is flawed, and I don’t think you provided a compelling case to demonstrate how/why it is flawed. If anything, I think you would agree that if organizations are exclusively using CVSS scores to prioritize remediation, they’re doing it wrong, and fighting an impossible battle. But this means the organization’s approach is wrong, not CVSS itself.

Your article stands better alone as a proposal for a methodology for quantifying risk and threat to an organization (or society?), rather than as a takedown of CVSS.

You can always reflash it with your own if you hold that concern.

Glancing through your article, while you have correctly assessed the need for risk based prioritization of vulnerability remediation and mitigation, your central premise is flawed.

Vulnerability is not threat— CVSS is a scoring system for individual vulnerabilities, not exploit chains. For that, you’ll want to compare with ATT&CK or the legacy cyber kill chain.

Having just researched this, I purchased the Dynalink AX3600 (DL-WRX36). While it’s not as simple as a drop in firmware reflash, it offered the best speed and performance for not significantly more effort; Wifi 6, USB 3.0 ports, and full MIMO antenna support.

I also considered the following:

• Buffalo WXR-5950AX12
• Linksys E8450 (5GHz ax only)
• Netgear WAX202
• Xiami AX9000

https://openwrt.org/toh/views/toh_available_16128_ax-wifi

.(potksed ym rof) 68x naht rehto gnihtyna no swodniw nur reven ll’I ,epoN

.gnimoc eb lliw sehctap ytrap tsrif on os ,tsixe regnol on erawtfos taht etorw taht seinapmoc eht fo emos ,snur llits ti dna swodniw no (yllacipyt semag ro snigulp noitcudorp cisum rehtie) oga sedaced nettirw erawtfos pu llup yllanoisacco I tub ,krow rof PBM MRA ym htiw yppah yrev m’I

According to the Bureau Of Labor Statistics, the median salary for airline captains, first-officers, second-officers, and flight engineers in the United States is $203,010 as of 2021.

The big problem is actually in certifying people qualified to take those jobs, which takes additional time and money, mostly to pay for flight time for training. It can take a few grand for just a personal pilot license, but to fly an airline, you need instrument, commercial, and Airline Transport Pilot License (ATPL) certifications, plus increasingly expensive type ratings for the various aircraft you will be flying, a minimum of 1500 hours of flight time, and multiple years at the bottom working your way through smaller regional airlines and courier services.

You can get through the commercial licensing in 12-18 months and about $40k in flight time and insurance, but that is barely enough to get your foot in the door making $50k a year, and even then, you’re still not allowed to fly parcels or passengers for money. Getting those licenses will take another 18 months and another $40-80k, again, mostly in flight time.

That said, once you have ATPL, the company will start paying for your flight time, and you will be earning a 6 figure salary. After 5 years or so and about $100k investing in your training, you should be making over $200k, and can begin to recoup those costs.

Saying “Integrates with OpenAI” in 2023 is exactly equivalent to saying “uses Web 2.0” from 20 years ago. Buzzword trash that says absolutely about how the product uses said technology.