APT install kali linux repos in Ubuntu 22.04

If you recently tried adding a new linux source repository in Ubuntu 22.04, then you might have seen this warning mesage:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

Apt-key is a sub-command of apt used to manage asymmetric encryption keys in order to authenticate packages. It was found some time ago to be vulnerable to man-in-the-middle attacks (see CVE-2011-3374). Now it has finally been deprecated and will be deleted at some point in the future.

Read more →

Bug Bounty 101 (a triager’s perspective)

Bug bounties (BB) are rapidly becoming an essential part of the modern security toolkit for most companies. And for good reason, they provide a cost effective way of exposing your application to a potentially vast range of experts and catch security holes that would otherwise take time and effort to find.

From experience unless you have a dedicated team working full time on security, most bugs uncovered by internal teams are done so in a serendipitous way. Regular pentests are useful for improving security controls and provide that extra compliance check but I find that results are often limited especially when it comes to application security and business logic bugs.

Read more →

AGI and existential risk

The Creator” is the latest AI blockbuster sensation to grace our screens this year. In it we are introduced to a future where AI robots and “simulants” are a more compassionate and peaceful version of their human counterparts and have to fight for their freedom and defeat American imperialism. Although the film is visually stunning with impressive photography and special effects, the storytelling is superficial, with poor character development and an unoriginal scenario imo. But even the best movies of the last decades on the topic (Her, Automata, Ex Machina) all seem to be missing something big in the way they describe our interactions with AGI.

Read more →

Neovim for Writers

In this quick post I share how to optimize your Neovim setup for writing. Neovim is a great option for writers, it combines an ergonomic resting default position with powerful text manipulation capabilities.

First let’s install a good syntax highlighter that includes Markdown, I use polyglot which is pretty complete and works well.

Plug 'sheerun/vim-polyglot'

Let’s also install the Ranger plugin for file navigation (note that you will need to install the ranger program also independently) and a markdown previewer plugin to check your results as you write.

Read more →

On proof of work

When I first heard about Bitcoin, proof of work (PoW) sounded like the coolest and most mysterious concept tied to the protocol. But mainstream media articles trying to describe the PoW process always fell short of a proper explanation for me. They usually read something like: “miners race to solve complex mathematical problems in order to validate the next block of transactions and earn bitcoins as a reward”, which sounded cool and all but only added to the mystery and the confusion.

Read more →