Profile cover photo
Profile photo
Luisa Lu
Luisa's posts

Post has attachment
#AlphaGo   #HikaruNoGo  

Found these comments in

"Google found an old blood-stained goban in a Japanese flea market and just now encapsulated Fujiwara-no-Sai’s essence inside a “neural net” computer… just saying!"

"SAI = Simply Artificial Inteligence.
And he has learned modern joseki 😉"

Post has attachment
This is really cool. Be sure to watch the behind the scenes video too.

Post has shared content
PSA: read if you use firefox.
Given today's Firefox vulnerability (allowing arbitrary sites to read arbitrary files off your local disk, with no trace that it ever happened), I tried to make a list of things Firefox users should do now to protect themselves in case they've already been compromised. The list got long quickly, and I don't think it's even complete. Here's what I have so far. What else should I add?

1. Update:
- Update to Firefox 39.0.3, or uninstall Firefox entirely.
- If using Debian, update Iceweasel to 38.1.1esr-1 or 39.0.3-1; unfortunately, these packages are still in the queue currently:

2. Rotate SSH keys:
- Generate a new key.
- Update Github to the new SSH key.
- Update ~/.ssh/authorized_keys on all servers you access via SSH. The most important thing is to make sure old keys are removed from this file.
- Delete the old key from your system -- note that this step in itself doesn't stop any attacks, but it helps ensure that you don't accidentally use this key again in the future.

3. Rotate secrets found in .bash_history.
- Search for "user:pass@": grep '[a-zA-Z0-9_]:[^@ ]*@'~/.bash_history
- Try to remember other secrets that might be in .bash_history. :[

4. Look for files whose names contain "pass" or "access" and might contain secrets, and rotate those.
- locate -b pass
- locate -b access

5. Review other files mentioned on the Mozilla blog. ( .mysql_history, .pgsql_history, configs for subversion, S3, Filezilla, .purple, Psi+, remmina

6. Although not targeted by the known exploit, consider changing any passwords that might be stored in your Chrome password manager, which is stored totally unencrypted. Also any passwords in your Firefox password manager if you do not use a master password in Firefox.

7. Although the known exploit does not appear to target cookie jars, consider refreshing all your browser cookies by logging out and back in of each important service. Also try to figure out how to tell the service to log out your sessions on other machines. Note that 2-factor authentication does NOT defend against cookie-stealing. Tips:
- Log out and back in of Sandstorm Alpha and Oasis.
- On Sandstorm Alpha and Oasis, open the javascript console and type: Meteor.logoutOtherClients() (Yes, we need to add this to the UI!)
- For Github, remotely log out other desktop sessions here:
- For Google, see devices that are logged in here:
- For Google, you can "sign out all other web sessions" by going into gmail, scrolling to the bottom of your inbox, clicking the "details" link in the lower-right (under "last account activity"), and then clicking "sign out all other web sessions". Why this is not directly on the security page above, I do not know.
- If any apps on your desktop use app-specific passwords to connect to Google, revoke them here:
- If any apps on your desktop (such as Chrome) use OAuth to connect to Google, revoke them here:
- Generally this is a great page to visit in general for Google security:

8. Enable two-factor authentication everywhere you can: Google, Github, Facebook, Twitter, etc. (Some people think social accounts are not so important to protect. This is absolutely false: scammers love hijacking social accounts and then sending messages to your friends saying: "Help I'm travelling and I lost my wallet, please send money.")

Amazon has it's own package delivery service now. Got a package, not from UPS, Fedex, USPS, Ontrack or DHL. It says AMZL_US. Different courier too, because the dude left the package somewhere else compare to other services, had to hunt around.

Post has attachment

Post has attachment

Post has attachment

Post has shared content
These Google Voice survey forms don't show up very often. If you're a Google Voice user, please do fill out this survey. Thank you. (I'm a very heavy GV user and manage all my lines with it -- so I want this service around a long time.) -

I found nice recipe page on facebook, wish it was on G+. Then I can just reshare to my own collection for reference later.

Post has attachment
Join me in my new addiction :)
Wait while more posts are being loaded