Ingenuity

19 Feb 19
Ideas and Facts

Easy-easy books, are they dangerous? Read it in my article

19 Feb 19
bricolage

The Greek epic, The Odyssey, said to be composed by Homer, tells of the nostos of Odysseus, who returns to his kingdom in Ithaca after twenty years and saves it from being plundered by his wife’s suitors. He is a hero despite having lost his army at sea—a hero in homecoming as well as in […]

19 Feb 19
Like Clockwork

“Hey,” said Kim. “I haven’t heard from you in a while.” The words ‘are you okay’ never left her mouth, but PIgeon accepted this as a call of concern.             “Hey,” responded Pigeon. “I’ve just been…” she trailed off. What had she been doing? She was so used to Running that all this standing still […]

19 Feb 19
AGIA PARASKEVI

Written by Vladimir Moss  Mao died in September, 1976. “Even before he died,” writes Frank Dikötter, “large parts of the countryside had already abandoned the planned economy. It was to be one of the most enduring legacies of a decade of chaos and entrenched fear. No communist party would have tolerated organised confrontation, but cadres […]

19 Feb 19
Blog do Alma

Two events in 2018 influenced in my choice to read the book The Decline and Fall of Policarpo Quaresma: the World Cup in Russia and the presidential elections in Brazil.

19 Feb 19
Chiaka Echebiri

PREPARING FOR ASSESSMENT The employability skills An ideal candidate has three major concerns about assessment test. Is assessment another exam? What exactly should I get prepared for? Can one fail the assessment test? This article is written to X-ray the meaning of assessment as well as provide techniques on how to excel during an assessment […]

19 Feb 19
IPO EMPIRE

How Was Stonehenge Built? New Clues About Ancient Stones Unearthed in 5,000-Year-Old Mystery  Newsweek Stonehenge mystery solved: Massive rocks came from 180 miles away  Fox News Why did Stonehenge’s massive rocks come from Wales, 180 miles away?  USA TODAY New Data Reveals The Human Ingenuity That Built Stonehenge  Forbes How Stonehenge’s ‘bluestones’ were quarried in 3000 BC  Daily Mail View […]

19 Feb 19
Skunkworks

Things at UFO Conjectures have taken a markedly spiritual turn. First, some thoughts on UFOs in the cosmos of Jesuit thinker Teihard de Chardin, then speculations about possible UFO sightings and extraterrestrial encounters in the Koran, and, finally, most interestingly, reflections on the failed promise of the flying saucers:  namely, that they have yet to […]

19 Feb 19
The GitHub Blog
GitHub launched our Security Bug Bounty program in 2014, allowing us to reward independent security researchers for their help in keeping GitHub users secure. Over the past five years, we have been continuously impressed by the hard work and ingenuity of our researchers. Last year was no different and we were glad to pay out $165,000 to researchers from our public bug bounty program in 2018. We’ve previously talked about our other initiatives to engage with researchers. In 2018, our researcher grants, private bug bounty programs, and a live-hacking event allowed us to reach even more independent security talent. These different ways of working with the community helped GitHub reach a huge milestone in 2018: $250,000 paid out to researchers in a single year. We’re happy to share some of our highlights from the past year and introduce some big changes for the coming year: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts. 2018 Highlights GraphQL and API authorization researcher grant Since the launch of our researcher grants program in 2017 we’ve been on the lookout for bug bounty researchers who show a specialty in particular features of our products. In mid-2018 @kamilhism submitted a series of vulnerabilities to the public bounty program showing his expertise in the authorization logic of our REST and GraphQL APIs. To support their future research, we provided Kamil with a fixed grant payment to perform a systematic audit of our API authorization logic. Kamil’s audit was excellent, uncovering and allowing us to fix an additional seven authorization flaws in our API. H1-702 In August, GitHub took part in HackerOne’s H1-702 live-hacking event in Las Vegas. This brought together over 75 of the top researchers from HackerOne to focus on GitHub’s products for one evening of live-hacking. The event didn’t disappoint—GitHub’s security improved and nearly $75,000 was paid out for 43 vulnerabilities. This included one critical-severity vulnerability in GitHub Enterprise Server. We also met with our researchers in-person and received great feedback on how we could improve our bug bounty program. GitHub Actions private bug bounty In October, GitHub launched a limited public beta of GitHub Actions. As part of the limited beta, we also ran a private bug bounty program to complement our extensive internal security assessments. We sent out over 150 invitations to researchers from last year’s private program, all H1-702 participants, and invited a number of the best researchers that have worked with our public program. The private bounty program allowed us to uncover a number of vulnerabilities in GitHub Actions. We also held an office-hours event so that the GitHub security team and researchers could meet. We took the opportunity to meet face-to-face with other researchers because it’s a great way to build a community and learn from each other. Two of our researchers, @not-an-aardvark and @ngaloggc, gave an overview of their submissions and shared details of how they approached the target with everyone. Workflow improvements We’ve been making refinements to our internal bug bounty workflow since we last announced it back in 2017.  Our ChatOps-based tools have continued to evolve over the past year as we find more ways to streamline the process. These aren’t just technical changes—each day we’ve had individual on-call first responders who were responsible for handling incoming bounty submissions. We’ve also added a weekly status meeting to review current submissions with all members of the Application Security team. These meetings allow the team to ensure that submissions are not stalled, work is correctly prioritized by engineering teams based on severity, and researchers are getting timely updates on their submissions. A key success metric for our program is how much time it takes to validate a submission and triage that information to the relevant engineering team so remediation work can begin. Our workflow improvements have paid off and we’ve significantly reduced the average time to triage from four days in 2017 down to 19 hours. Likewise, we’ve reduced our average time to resolution from 16 days to six days. Keep in mind: for us to consider a submission as resolved, the issue has to either be fixed or properly prioritized and tracked, by the responsible engineering team. We’ve continued to reach our target of replying to researchers in less than 24 hours on average. Most importantly for our researchers, we’ve also dropped our average time for rewarding a submission from 17 days in 2017 down to 11 days. We’re grateful for the effort that researchers invest in our program and we aim to reduce these times further over the next year. 2019 initiatives Although our program has been running successfully for the past five years, we know that we can always improve. We’ve taken feedback from our researchers and are happy to announce three major changes to our program for 2019: Legal safe harbor Keeping bounty program participants safe from the legal risks of security research is a high priority for GitHub. To make sure researchers are as safe as possible, we’ve added a robust set of Legal Safe Harbor terms to our site policy. Our new policies are based on CC0-licensed templates by GitHub’s Associate Corporate Counsel, @F-Jennings. These templates are a fork of EdOverflow’s Legal Bug Bounty repo, with extensive modifications based on broad discussions with security researchers and Amit Elazari’s general research in this field. The templates are also inspired by other best-practice safe harbor examples including Bugcrowd’s disclose.io project and Dropbox’s updated vulnerability disclosure policy. Our new Legal Safe Harbor terms cover three main sources of legal risk: Your research activity remains protected and authorized even if you accidentally overstep our bounty program’s scope. Our safe harbor now includes a firm commitment not to pursue civil or criminal legal action, or support any prosecution or civil action by others, for participants’ bounty program research activities. You remain protected even for good faith violations of the bounty policy. We will do our best to protect you against legal risk from third parties who won’t commit to the same level of safe harbor protections. Our safe harbor terms now limit report-sharing with third parties in two ways. We will share only non-identifying information with third parties, and only after notifying you and getting that third party’s written commitment not to pursue legal action against you. Unless we get your written permission, we will not share identifying information with a third party. You won’t be violating our site terms if it’s specifically for bounty research. For example, if your in-scope research includes reverse engineering, you can safely disregard the GitHub Enterprise Agreement’s restrictions on reverse engineering. Our safe harbor now provides a limited waiver for relevant parts of our site terms and policies. This protects against legal risk from DMCA anti-circumvention rules or similar contract terms that could otherwise prohibit necessary research tasks like reverse engineering or deobfuscating code. Other organizations can look to these terms as an industry standard for safe harbor best practices—and we encourage others to freely adopt, use, and modify them to fit their own bounty programs. In creating these terms, we aim to go beyond the current standards for safe harbor programs and provide researchers with the best protection from criminal, civil, and third-party legal risks. The terms have been reviewed by expert security researchers, and are the product of many months of legal research and review of other legal safe harbor programs. Special thanks to MG, Mugwumpjones, and several other researchers for providing input on early drafts of @F-Jennings’ templates. Expanded scope Over the past five years, we’ve been steadily expanding the list of GitHub products and services that are eligible for reward. We’re excited to share that we are now increasing our bounty scope to reward vulnerabilities in all first party services hosted under our github.com domain. This includes GitHub Education, GitHub Learning Lab, GitHub Jobs, and our GitHub Desktop application. While GitHub Enterprise Server has been in scope since 2016, to further increase the security of our enterprise customers we are now expanding the scope to include Enterprise Cloud. It’s not just about our user-facing systems. The security of our users’ data also depends on the security of our employees and our internal systems. That’s why we’re also including all first-party services under our employee-facing githubapp.com and github.net domains. Increased rewards We regularly assess our reward amounts against our industry peers. We also recognize that finding higher-severity vulnerabilities in GitHub’s products is becoming increasingly difficult for researchers and they should be rewarded for their efforts. That’s why we’ve increased our reward amounts at all levels: Critical: $20,000–$30,000+ High: $10,000–$20,000 Medium: $4,000–$10,000 Low: $617–$2,000 Our broad ranges have served us well, but we’ve been consistently impressed by the ingenuity of researchers. To recognize that, we no longer have a maximum reward amount for critical vulnerabilities. Although we’ve listed $30,000 as a guideline amount for critical vulnerabilities, we’re reserving the right to reward significantly more for truly cutting-edge research. Get involved The bounty program remains a core part of GitHub’s security process and we’re learning a lot from our researchers. With our new initiatives, now is the perfect time to get involved. Details about our safe harbor, expanded scope, and increased awards are available on the GitHub Bug Bounty site. Working with the community has been a great experience—we’re looking forward to triaging your submissions in the future!
19 Feb 19
Stephen Knapp

    Recently I read some reports on a conference in which India’s history was discussed with the conclusion that there is little reason to be proud of India’s past 1000 years for what some people call the enslavement by invaders. But I have a different view. Of course, we know and recognize that India has […]

19 Feb 19
The TRUTHnews

As the rescheduled National and State general election comes up at the weekend, a call has gone to electorates in the state to come out en- mass and vote for President Muhammadu Buhari and All Progressive Congress (APC) candidates in the elections, The Co -ordinator Kogi State Women / Youth, Buhari /Osibanjo Presidential Campaign Council […]

19 Feb 19
Yosef Shelbayah's Blog

  The phenomena of “woke” capitalism is a force to be reckoned with in today’s world of mass communication. It appears that many Americans want their favorite brands to engage in the political conversations that they once would not dare touch with a ten-foot pole. Heeding the call to action is Gillette; a mammoth in […]

19 Feb 19

Jeremy Matuszewski of Thunderstruck Ag opens up about working with farmer inventors and the importance of listening to farmers needs.  He takes pride in recommending products that will really work on their farm and the significance of establishing good relationships.

19 Feb 19
ST. JUDE'S TAVERN

Chapter 19 Tehran, Iran – Kaspiysk, Russia             A late model Toyota Land Cruiser was waiting outside Evin Prison at nearly 3 AM for Malachi and Lt. Col Mahmood. Sgt. Yahyai was in the driver’s seat. Mahmood helped Malachi into the back seat. He had inadvertently placed his hand on Malachi’s back, which bore the […]

19 Feb 19
The Art Of Chart

Stonehenge mystery solved: Massive rocks came from 180 miles away – Fox News By Stonehenge mystery solved: Massive rocks came from 180 miles away  Fox News Why did Stonehenge’s massive rocks come from Wales, 180 miles away?  USA TODAY New Data Reveals The Human Ingenuity That Built Stonehenge  Forbes How Stonehenge’s ‘bluestones’ were quarried in 3000 BC  Daily Mail […]