Skip to main content

· One min read
Rus
docker run -tid `-v /opt/php/data:/data php:8.2` 
# to get container id
docker ps 
# 
docker exec -it {container_id} /bin/bash

apt install build-essential autoconf libtool
apt install python
apt install libsqlite3-dev sqlite3
apt install bison
# i could miss something, could be extra python's packages required

git clone https://gitlab.gnome.org/GNOME/libxml2.git

cd libxml2 open xpath.c, find and increase XPATH_MAX_NODESET_LENGTH (my case was extra 0 added)

/*
 * XPATH_MAX_NODESET_LENGTH:
 * when evaluating an XPath expression nodesets are created and we
 * arbitrary limit the maximum length of those node set. 10000000 is
 * an insanely large value which should never be reached under normal
 * circumstances, one would first need to construct an in memory tree
 * with more than 10 millions nodes.
 */
#define XPATH_MAX_NODESET_LENGTH 10000000

./configure
make
make install

next step is compiling php [0] with new libxml:

git clone https://github.com/php/php-src –depth 1
cd php-src
./buildconf
./configure
make -j $(nproc)
# to check 
./sapi/cli/php -i

to install on the system

make install

[0] https://php.watch/articles/compile-php-ubuntu

· 8 min read
Rus

Details element example

Transcript part about from episode 320 - Constructing Self and World

Sam Harris: Tangle however you want, but what do you think is the best hypothesis at the moment describing what the brain is doing? And we might want to start by differentiating that from everyone's common sense idea of what the science probably says about. What the brain is doing.

Shamil Chandaria: Yeah, okay, that's great. So why don't we look at the brain from first principles, and then maybe we can later apply to meditation and spirituality. So the thing is that maybe 20 years ago, the consensus of what the brain was doing was it was kind of taking bottom up sensory data, sensory information, and kind of processing it up a stack. And then eventually the brain would know what was would figure out what was going on. And that view of what the brain is doing is, in fact precisely upside down, according to the latest theory of how the brain works.

Shamil Chandaria: And I think the way to start at this question is really from first principles. It really does help to look at it philosophically, which is we're an organism with this central processing unit, the brain which is enclosed in a kind of dark cell within the skull.

Sam Harris: We are already brains in vats.

Shamil Chandaria: We are already thought experiments. Exactly. And all this brain has access to is some noisy time series data, some dots and dashes coming in sort of from the nervous system. Now, how on earth is it going to figure out what is going on in the world?

Sam Harris: Before you proceed further, I love the angle you're taking here, but let's just reiterate what is meant by that, because it can be difficult to form an intuition about just how strange our circumstance is. I mean, we have you know, we open your eyes and you see the world, or you seem to see the world, and people lose sight of the significance of light energy being transduced into electrochemical energy. That is not it is not vision. Right after it hits your retina, you're not dealing with light anymore. And this has to be a reconstruction And we're not going to talk about the details of that reconstruction, but to say that we're brains in vats right and being piped with electrochemical signals divorced from how experience seems out there in the world, that it just seems given to us, that's not hyperbole. It really is. You know, there is a fundamental break here, at least in in how we conceive of our sectioning of reality based on our on what our nervous system is.

Shamil Chandaria: Yeah, I mean, in fact, I don't know how deep you want to go with this, but actually you can even start before that, which is from the philosophical problem, which is what Plato and Emmanuel Kant kind of pointed to, which is that we only know our appearances, our experience. We have no contact with reality. Most people's common sense view is that "oh, look, we're looking out at the world through little windows in the front of our skulls, and we're seeing trees as they really are". Of course, that cannot be true for precisely the reasons that you said. We're just receiving some noisy, random electrical signals coming in, and the brain has never seen reality as it is.

Shamil Chandaria: I was going to, you know, the tree as it is in itself, if that makes any sense. Now, what the brain has to do is figure out the causes of its sensory data in other words, it's trying to figure out what is causing its sensory data so it can get some grip on the environment and that, of course, is important from an evolutionary perspective, because if we don't know what's going on in the environment, we won't know where the food is and we won't know where the tiger is. So we need to find out the causes of our sensory data.

Shamil Chandaria: And this is ultimately, formally, exactly the statistical inference problem, the Bayesian inference problem. And Bayesian inference is trying to figure out the probability that, given my sensory data, I'm seeing a tree. Okay? Now, as we said, it turns out that the brain can't solve this problem, because actually, formally solving the Bayesian inference problems turns out, for technical reasons, to be computationally explosive. So what evolution has to do and what we have to do in artificial intelligence, is use another algorithm. It's called approximate Bayesian inference. And the way you solve it, because bayesian inference is so difficult, the way you actually solve it is going at it backwards. And what you have to do is you essentially have to have all this data come in and try to learn what you think you're seeing and from what you think you are seeing you then simulate the pixels that you would be seeing if your guess is correct. So if I think I'm seeing a tree, what your brain then has to do is go through something called a generative model and actually simulate the sensory data that it would be seeing if this was indeed a tree. Now, that is incredible, because what it means is that well, the upshot of that, just to cut to the chase, this is the real kind of what's called a neurophenomenological hypothesis, which is that in fact, what we experience, if we're aware of it, is our internal simulation is precisely that internal generative model. Now, you might just then conclude, well, we're just hallucinating we're just simulating. How do we have any grip on reality?

Shamil Chandaria: And this is where the free energy principle comes in. It says that what we have to do is we have to simulate what we think is going on but it's not any old simulation it's a simulation that minimizes the prediction error from the output of your simulation and the few bits of sensory data that we get. In other words, what we actually do with the sensory data is use it to calibrate our simulation model, our generative model. And there is another part of the free energy principle, which is, it turns out that minimizing prediction error isn't good enough. It turns out we also have to have some prior guesses, some prior probabilities about what we're experiencing. In other words, as I grow up through childhood and as you're inculturated, you come to learn that there are things like trees and so there's a kind of a high prior probability of finding trees in your environment. Now, what you want to do is you want to have a simulation, which is minimizing the prediction error with the sensory data, but also minimizing the informational distance between the output of your generative model, the simulation and your priors. In other words, you want a simulation that is as close to what you would normally expect before seeing the sensory data so this is really what the free energy is. The free energy has two terms. The first is roughly kind of a prediction error, and the second is an informational distance to the prior of what you'd be expecting. So it turns out that we can actually do approximate Bayesian inference, which is the mathematically optimal thing to do if we simulate the world and use that simulation to and create a simulation in such a way that minimizes the prediction error with the sensory data that we get and also minimizes the deviation from the divergence from our prior probability distribution. Prior probabilities. So that's kind of the free energy in a nutshell.

Shamil Chandaria: And it's kind of, as I said, it's very interesting because it helps us think about phenomenology, which is what I'm interested in, because if we open our eyes, as you say, and we find the world just appear in front of us, what is this, what is this experience that we're having? And the answer is, it's a kind of we're somehow aware of our internally generated model of the world. And that model happens to be kind of calibrated correctly with the sensory data.

<br/>

To add more information on Bayesian inference (from Dr Shamil Chandaria: The Bayesian Brain and Meditation)

· 3 min read
Rus

I've been putting together a chapter on privacy for the book (or maybe it will be first "test drive" instead, a practical guide on privacy) and very concerned about content and format of delivering that content to a reader. It covers only facebook's privacy setting so far and even relatively small topic is not easy to organize. Organize based on reader's needs or as in business or software development industries - Jobs to Be Done for readers.

Putting together pages in Figma first. Even a simple task of activating two-factor authentication requires many steps with instructions.

Great products start with real problems. People buy products and services to get a “job” done. The key to success is understanding the real job customers are using your product for.

* Intercom on Jobs‑to‑be‑Done

In the software world product developers focus too much on building customer profiles and looking for correlation in data. Or even just building a product based on the developer's needs and (imaginary) problems to solve. To create products that people truly want to buy, companies instead need to produce the job customer is trying to get done. When we buy a product, we essentially "hire" it to help us to do a job. When we want to watch a movie - we open Netflix and it solves our "job" of finding an interesting movie, streaming it on our tv. When we want to order food ("job") - we use Foodpanda which solves our job. If it does the job well, we will hire it again. If it doesn't help to solve our job, we "fire" it and look for something else to solve the problem.

The key to success innovation is identifying jobs that are poorly performed in customer's lives and then designing products, experiences, and processes around those jobs.

Similar problem with developers of books on security. So much information gets into each book, terms and scary stories assuming that the reader will come to a conclusion and fix everything on their own. My task of writing a book on security is not to deliver all the information about this topic, but creating a practical guide with visual representation of safe navigation online.

We all have many jobs to be done in our lives and internet safety is one of them. Again, "job" is shorthand for what an individual really seeks to accomplish in a given circumstance. And I hope to find out what "job" should the book I am working on solve and deliver it.

· 8 min read
Rus

 

Scam Me If You Can

"Cybersecurity For Dummies" covers a lot of topics on security, like a solid encyclopedia and from the beginning the author mentioned DDoS attacks, botnets and even cryptocurrency miners. That's where my mom will close the book. Probably "Dummies" series come with hydrant of information on the topic and I can't complain. Curious to know if people buy this book after they've got online into troubles. Malware or some privacy issues. I am not sure if my mom will be able to use this book in practice or understand anything beyond theory. Should a book on security be more practical? Should an author lead a reader towards the goal or its up to that reader to research and decide what to do to stay safe online. Is it enough to say "use a difficult password" instead of leading the way to help and point out where their password could be changed?

✅ Set a strong, unique password. Where is that?

Account → Settings and Privacy → Settings → Security and Login

* Practical example. Changing password in Facebook app. Even this isn't enought without a picture and next steps.

Here is a saved table of contents mostly for myself to remind how many topics might be covered and need to avoid overwhelming a reader.

Table of contents

Part 1: Getting Started with Cybersecurity  

    Chapter 1: What Exactly Is Cybersecurity?  
        - Cybersecurity Means Different Things to Different Folks 
        - Cybersecurity Is a Constantly Moving Target 
        - Looking at the Risks That Cybersecurity Mitigates 

    Chapter 2: Getting to Know Common Cyberattacks
        - Attacks 
        - That Inflict Damage 
        - Impersonation Interception 
        - Data Theft 
        - Malware 
        - Poisoned Web Service Attacks 
        - Network Infrastructure Poisoning 
        - Malvertising 
        - Exploiting Maintenance Difficulties 
        - Advanced Attacks 
    
    Chapter 3: Bad Guys and Accidental Bad Guys: The Folks You Must Defend Against  
        - Bad Guys and Good Guys Are Relative Terms 
        - Bad Guys Up to No Good 
        - Cyberattackers and Their Colored Hats 
        - Monetizing Their Actions 
        - Dealing with Nonmalicious Threats 
        - Defending against These Attackers 
        - Addressing Risks through Various Methods 

Part 2: Improving Your Own Personal Security  
    
    Chapter 4: Evaluating Your Current Cybersecurity Posture  
        - Identifying Ways You May Be Less than Secure 
        - Identifying Risks 
        - Protecting against Risks 
        - Evaluating Your Current Security Measures 
        - Privacy 101 
        - Banking Online Safely 
        - Safely Using Smart Devices 
    
    Chapter 5: Enhancing Physical Security
        Understanding Why Physical Security Matters 
        Taking Inventory 
        Locating Your Vulnerable Data 
        Creating and Executing a Physical Security Plan 
        Implementing Physical Security 
        Security for Mobile Devices 
        Realizing That Insiders Pose the Greatest Risks 

Part 3: Protecting Yourself from Yourself  
    Chapter 6: Securing Your Accounts  
        - Realizing That You’re a Target 
        - Securing Your External Accounts 
        - Securing Data Associated with User Accounts 
        - Securing Data with Parties That You’ve Interacted With 
        - Securing Data at Parties That You Haven’t Interacted With 
    
    Chapter 7: Passwords  
        - Passwords: The Primary Form of Authentication 
        - Avoiding Simplistic Passwords 
        - Password Considerations 
        - Creating Memorable, Strong Passwords 
        - Knowing When to Change Your Password 
        - Changing Passwords after a Breach 
        - Providing Passwords to Humans 
        - Storing Passwords 
        - Transmitting Passwords 
        - Discovering Alternatives to Passwords 
    
    Chapter 8: Preventing Social Engineering  
        - Don’t Trust Technology More than You Would People 
        - Types of Social Engineering Attacks
        - Six Principles Social Engineers Exploit 
        - Don’t Overshare on Social Media 
        - Leaking Data by Sharing Information as Part of Viral Trends
        - Identifying Fake Social Media Connections 
        - Using Bogus Information 
        - Using Security Software 
        - General Cyberhygiene Can Help Prevent Social Engineering 

Part 4: Cybersecurity for Businesses and Organizations  

    Chapter 9: Securing Your Small Business  
        - Making Sure Someone Is in Charge 
        - Watching Out for Employees 
        - Considering Cyber Insurance 
        - Complying with Regulations and Compliance 
        - Handling Internet Access 
        - Managing Power Issues 
    
    Chapter 10: Cybersecurity and Big Businesses  
        - Utilizing Technological Complexity 
        - Managing Custom Systems 
        - Continuity Planning and Disaster Recovery 
        - Looking at Regulations 
        - Deeper Pockets — and Insured 
        - Considering Employees, Consultants, and Partners 
        - Looking at the Chief Information Security Officer’s Role 

Part 5: Handling a Security Incident (This Is a When, Not an If)
    
    Chapter 11: Identifying a Security Breach  
        - Identifying Overt Breaches 
        - Detecting Covert Breaches 
    
    Chapter 12: Recovering from a Security Breach
        - An Ounce of Prevention Is Worth Many Tons of Response 
        - Stay Calm and Act Now with Wisdom 
        - Bring in a Pro Recovering from a Breach without a Pro’s Help
        - Reinstall Damaged Software 
        - Dealing with Stolen Information 
        - Recovering When Your Data Is Compromised at a Third Party 

Part 6: Backing Up and Recovery  

    Chapter 13: Backing Up 
        - Backing Up Is a Must 
        - Looking at the Different Types of Backups 
        - Exploring Backup Tools 
        - Knowing Where to Back Up 
        - Knowing Where Not to Store Backups 
        - Encrypting Backups 
        - Figuring Out How Often You Should Backup 
        - Disposing of Backups 
        - Testing Backups 
        - Conducting Cryptocurrency Backups 
        - Backing Up Passwords 
        - Creating a Boot Disk 
    
    Chapter 14: Resetting Your Device  
        - Exploring Two Types of Resets 
        - Rebuild Your Device after a Hard Reset 
    
    Chapter 15: Restoring from Backups  
        - You Will Need to Restore 
        - Wait! Do Not Restore Yet! 
        - Restoring from Full Backups of Systems
        - Restoring from Incremental Backups 
        - Dealing with Deletions 
        - Excluding Files and Folders 
        - Understanding Archives 
        - Restoring Using Backup Tools 
        - Returning Backups to Their Proper Locations 
        - Restoring to Non-Original Locations 
        - Never Leave Your Backups Connected 
        - Restoring from Encrypted Backups 
        - Testing Backups 
        - Restoring Cryptocurrency 
        - Booting from a Boot Disk 
        
Part 7: Looking toward the Future  

    Chapter 16: Pursuing a Cybersecurity Career  
        - Professional Roles in Cybersecurity 
        - Exploring Career Paths 
        - Starting Out in Information Security 
        - Exploring Popular Certifications 
        - Overcoming a Criminal Record 
        - Looking at Other Professions with a Cybersecurity Focus 
    
    Chapter 17: Emerging Technologies Bring New Threats  
        - Relying on the Internet of Things 
        - Using Cryptocurrencies and Blockchain 
        - Optimizing Artificial Intelligence 
        - Experiencing Virtual Reality 
        - Transforming Experiences with Augmented Reality 
        
Part 8: The Part of Tens  

    Chapter 18: Ten Ways You Can Improve Your Cybersecurity without Spending a Fortune
        - Understand That You Are a Target 
        - Use Security Software 
        - Encrypt Sensitive Information 
        - Back Up Often 
        - Do Not Share Passwords and Other Login Credentials 
        - Use Proper Authentication 
        - Use Social Media Wisely 
        - Segregate Internet Access 
        - Use Public Wi-Fi Safely 
        - Hire a Pro 
    
    Chapter 19: Ten Lessons from Major Cybersecurity Breaches  
        - Marriott 
        - Target 
        - Sony Pictures 
        - Office of Personnel Management 
        - Anthem 
    
    Chapter 20: Ten Ways to Safely Use Public Wi-Fi  
        - Use Your Cellphone as a Mobile Hotspot 
        - Turn Off Wi-Fi Connectivity When You’re Not Using Wi-Fi 
        - Don’t Perform Sensitive Tasks over Public Wi-Fi 
        - Don’t Reset Passwords When Using Public Wi-Fi 
        - Use a VPN Service 
        - Use Tor 
        - Use Encryption 
        - Turn Off Sharing 
        - Have Information Security Software on Any Devices Connected to - Public Wi-Fi Networks
        - Understand the Difference between True Public Wi-Fi and Shared - Wi-Fi

While many books have been written over the past couple decades on a wide variety of cybersecurity-related topics, most of them don’t provide the general population with the information needed to properly protect themselves.

Many cybersecurity books are directed toward highly technical audiences and tend to overwhelm noncomputer scientists with extraneous information, creating severe challenges for readers seeking to translate the knowledge that they acquire from books into practical actions. On the flip side, various self-published introduction-to-cybersecurity books suffer from all sorts of serious deficiencies, including, in some cases, having been written by non-experts and presenting significant amounts of misinformation. Anyone interested in cybersecurity often shouldn’t trust these materials. Likewise, many security tip sheets and the like simply relay oft-repeated clichés and outdated advice, sometimes causing people who follow the recommendations contained within such works to worsen their cybersecurity postures rather than improve them. Furthermore, the nearly constant repetition of various cybersecurity advice by media personalities after news stories about breaches (“Don’t forget to reset all your passwords!”), coupled with the lack of consequences to most people after they do not comply with such directives, has led to cybersecurity fatigue — a condition in which folks simply don’t act when they actually need to because they have heard the “boy cry wolf” one too many times.

I wrote Cybersecurity For Dummies to provide people who do not work as cybersecurity professionals with a foundational book that can teach them what they need to know about cybersecurity and explain why they need to know it. This book offers you practical, clear, and straightforward advice that you can easily translate into actions that can help keep you and your children, parents, and small businesses cybersecure.

· 3 min read
Rus

 

Scam Me If You Can

Next book from the list is "Scam Me If You Can" by Frank Abagnale (yes, its the same guy who inspired the 2002 film "Catch Me If You Can").

Introduction: Smart People Get Scammed

What’s Your Scam Quotient?

  1. The Playbook Exposed: Recognize—and Beat—the Con Artist’s Game

RULE #1 | PROTECT YOUR IDENTITY

  1. How Identity Thieves Work
  2. Tax Fraud and IRS Scams
  3. Sick: Medical Identity Theft

RULE #2 | SECURE YOUR FINANCES

  1. Protect Yourself Against These Bad Investments
  2. Small Business Shakedowns
  3. I’m (Not Actually) from the Government: Social Security, Government Grants, and Other “Official” Scams

RULE #3 | PRESERVE YOUR DIGITAL PRESENCE

  1. Fend Off Cyberattacks
  2. Passwords Are for Treehouses: Why We Need to Get Rid of Them

RULE #4 | SAFEGUARD YOUR HOME AND HEARTH

  1. The Calls That Just Keep Coming: Robocalls and Nuisance Calls
  2. Great Real Estate Ruses RULE #5 | SHELTER YOUR HEART
  3. It’s Personal: Fraud That Hurts More than Just Your Wallet
  4. Charity Scams: Giving Back, or Dodgy Donations?
  5. Love You Knot: The Wild World of Dating Scams

EPILOGUE: Fraud, Fast Forward

The book starts with a retired lady, meth addication and identity theft. Every year, millions of Americans consumers - nearly 7 percent of the population - are victioms of scams and fraud. This book is part of AARP's efforts to educate and arm readers of every age about as many scam techniques and prevention strategies as possible.

tip

Create a place where I and others can share descriotions of current/past scams and frauds. Database or wikipedia of online scams.

The book organized around five simple steps to scam-proof reader's life:

  1. Protect readers identity.
  2. Secure finances.
  3. Preserve digital presence.
  4. Safeguard home and hearth.
  5. Shelter your heart.

Next as I've seen already in security trainings or in a previous book goes a quiz which helps to identify vulnerability level to scams. Scam Quotient! After the quiz each chapter orginized around a real story (usually very bad and dramatic) and solution related to that. What I don't like about this approach is in this example:

Ten ways to avoid the triple threat: scarcity, urgency, and flattery

  1. Check you emotions.
  2. Give it twenty-four hours.
  3. Practice introspection.
  4. Keep it close to the vest.
  5. Get nosy.
  6. Don't fall for time limits.
  7. Do due diligence.
  8. Read reviews.
  9. Tell someone.
  10. Don't pick up.

Most of them are useful in theory, but it requires practice. Many examples to develop muscle memory on specific patterns around online deception.

This book lead me into the rabbit hole all the way to "Victimization of Persons By Fraud. January 1995". From 1995 till today nothing changes, only the scale of scams became much bigger with the internet.

Also found in Appendix. Survey instrument which might be useful for customer development.

· 2 min read
Rus

I've been consuming a lot of articles lately in order to understand the reader's expectations and many interesting sources are filling the creative well. New York Times writes extensively on this topic, I like these examples "Why You Need a Password Manager. Yes, You," "10 Tips to Avoid Leaving Tracks Around the Internet" or similar on privacy as well "How to Protect Your Digital Privacy". About two-factor authentication - "Protecting Your Internet Accounts Keeps Getting Easier. Here’s How to Do It.." Another older article from another source was about "9 internet scams we're still falling for in 2018."

When the coding backend of the book is in its progress I'm starting to lean towards research on currently available books on cyber security. Starting from "Hack-Proof Your Life Now!: The New Cybersecurity Rules: Protect your email, computers, and bank accounts from hacks, malware, and identity theft" I am going to absorb all these books and hoping to improve my vision on what should I write and how to present it clearly.

  • Boost your security (an unprecedented wave of cyber attacks and data breaches). While you can't stop hackers from sweeping up your data held by corporations and governments, you can prevent cyber criminals from using it against you.
  • Email address is the key to your digital life: it shouldn't be everywhere.
  • Love your passwords, lose weight, and beat the password paradox.
  • Rule #2: use mnemonic, goal-setting, or poetic passwords.
  • The two-step process that stops hackers. About enabling two-factor verification on your email and financial accounts.
  • Too many passwords and the unbreakable solution. Use a password manager for unbreakable protection.

That was the end of the free sample. I liked that idea with pre-story with real life examples for each chapter, action steps with what to do impliment for better security for each chapter, date of completion and score points for each step.

· One min read
Rus

Visual Explanations Images and Quantities, Evidence and Narrative. by Edward R. Tufte.

Tufte says that relevant to nearly every display of data, the smallest effective difference is the Occama's razor ("what can be done with fewer is done in vain with more") or information design... data displays must be clearm assured, reliable, sturdy. In designing information, then, the idea is to use just notable differences, visual elements that make a clear difference byt no more - contrasts that are definite, effective, and minimal.

My example of using pointers/lines to show important information on the screenshot.

· One min read
Rus

Today was listening People I (Mostly) Admire with Sendhil Mullainathan.

Steve and Sendhil laugh their way through a conversation about the importance of play, the benefits of change, and why we remember so little about the books we’ve read — and how Sendhil’s new app solves this problem.

The app called Pique and how excited I was to find there this description:

Change doesn’t happen by reading. When you use Pique, you’ll get to try out the concepts from the book in your own life.

The idea is instead of just reading a book - doing it. Doing > Reading. Okay, time to implement tests into the book before starting my writing journey. Here are examples with tests so far, if you have any idea what other format might be useful with tests, please let me know.

multiple choice questions. image from pandasecurity.

multiple choice questions with screenshots.

Very important part is to keep updating these questions and randomize it to make sure a reader will not just automatically bypass it.

· 2 min read
Rus

I like the format in which Nicky Case delivers information. It's "alive" and a fun way to acquire information. He is "coding" his knowledge, using visual images with javascript. Art and technology. How to remember anything forever-ish is a good example of that.

A reader can "play" with information to see what it means and how it changes in different settings.

As you can see, the less the decay, the flatter the curve – that is, the longer the memory lasts.

And I want to implement this into the book. Need to limit my imagination with javascript abilities (almost anything is possible with a web book), but I definitely want to improve the delivery of information from a screen to a reader.

tip

Thinking and perception are inseparably connected to vision.

Here is an example from Nicky's page. To me, personally, each picture provides a lot of stimulus and I need to switch between the author's comments to what is actually happening in the picture. Controlling what the reader has in sight seems a good design strategy.

tiny bit of How to remember anything forever-ish.

But what if here is not a scrollable web page with documents, but rather a book with its specific use cases (security in mine). Author works with a book as with an integral object, directing the reader's attention to a specific place with information - a unit of meaning. Just a quick remix of information gives amazing results (I used same pictures and information copy/paste, but differently representing it):

@ncasenmare's same content with my visual presentation.

Or even this example makes a big difference (maybe I am biased 🤷‍♂️)

added ability to write descriptions under images 🙌

The book is intended for continuous reading and requires full attention of the reader. Therefore, the spreads of the book entirely occupy the window and the field of vision of the reader. Text on the spread can be scrolled, when necessary, and the illustrations will retain their position on the screen, or vice versa.

Definitely I should learn more about ways to deliver any kind of information. This blog post is chaotic and full of blinking gifs, hopefully will provide more sensible examples where readers can “touch” and experience it themselves.

· 3 min read
Rus

In 2013 while living in Palo Alto and breathing the air of excellent education facilities around the town, I was shortly involved in work on a web-application security student laboratory with a couple guys from Stanford. This laboratory was a part of teaching class at Stanford and later Carnegie Mellon universities.

Don’t remember if I contributed much to the progress (I remember fixing security problems this web-application contains in itself), but remember my enthusiasm over the idea of making an interactive security lab, writing a lot of ideas down. Here is a part of my letter on this:

Interaction

The most interesting part is interaction with students and between them, because here you can implement many things which will help to motivate students and increase their interest. We can use PhantomJS and CasperJS to build a bot which will emulate the "real" activity (instead of testing inside his browser without understanding what is this for). In this case we can implement tasks with attack and defense. For example, student will be able to play with XSS and "steal" data from the bot (bot will visit the page every 2 minutes for example and student will see activity in log file, what could be more interesting than "tail -f access_log") and then in next task he will rewrite the script to prevent XSS and system will simulate the attack and check the result of his defense.

Second part is about interactions between students inside the class/system. It will help to gain skills of defense and attack, because who wouldn't want to hack a classmate with a permission? It's probably not easy to implement and sounds crazy, but what do you think if students will be able to connect and attack/defense against each other.

I was obviously delusional back then and very enthusiastic, this enthusiasm still lives inside and hopefully will try to impliment these ideas this time. Here is screenshot of the application:

It was long time ago. pre-2010ish

There were many different exercises, but mostly similar to each other and I spent many evenings trying to structure them into an “easy to implement” model. To make it easier each time to write new exercise without copying a lot of code. Similar question I’m facing with my current project - how to simplify the writing/designing process?

For instance, to write about the topic related to “Phishing” (The term comes from "fishing for information", and generally involves receiving an email designed to trick you into giving up information) and to make it interactive - I will need templates representing “Email Inbox”, “SMS message” or “Email”. I can easily show it as a static screenshot:

But it removes the interactivity. I will use static images to deliver information (gifs work too!), but to interact with users I’m going to rely on PugJS and magic of JavaScripts. PugJS a template engine which allows to make page interactive.

example of interactive interface. each turn/scroll shows new information related to selected part of the "email".

Need to make such windows for inbox, web browsers and a phone screen.