Category: Programming

AI, Programming, Tech

Tinder has Gone Rouge

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

man yelling across the table.
That moment when you found out she was too good to be true.
Photo by Andrea Piacquadio, please support by following @pexel.com

Storytime kids, you’re on your computer perusing Tinder, uh I mean LinkedIn, you know I’ll just stick with Tinder, no one uses LinkedIn for meaningful conversations. Trust me, I’ve done my fair share of doom-scrolling to know there’s nothing real there.

So, you’re on Tinder looking for someone like-minded to provide you with an in-depth conversation. After acquiring a cramp in your finger from swiping left countless times, you finally swipe right to find this person to whom you can talk about your day, your job (if you have one), and pretty much everything going on in your life, and this person is providing you with information about the same.

You see kids, a long time ago before we had the internet, you would have to or already physically be at a location to meet people and have what’s called “small talk” in order to find common likes and dislikes and all around see if you really like the person.

With the internet and creating online profiles you can for lack of better terms “microwave” your interactions – meaning you can have the same small talk with multiple individuals at a quicker pace due to how fast the internet operates. Enough of me ranting, I bring this up because it’s very important to know “who” you’re talking to on the internet.

Why? Because, dear sweet child of mine, the person you were having that lovely conversation with about your day is in reality, a bot. What was that? Imposter you say? The machines are rising among us and yeah, they’re pretty sus.

Person working at computer with electronic devices around him
There are so many questions with this photo. The Swagger magazine, really?
Photo by Drew Williams, please support by following @pexel.com

Ghost in Your Machine

Let’s just say it is safe to assume that everyone has heard about the ChatGPT craze which might be better known as ChatGPT-3 at this point, but if you haven’t, don’t worry about that. You know Zero daddy got you covered.

ChatGPT which stands for Chat Generative Pre-Trained Transformer and before you ask, 1) try saying that three times fast and 2) no this does not mean it’s any type of Autobot. Although, that would be awesome and solve most of if not all my traffic problems.

ChatGPT was created by OpenAI, an artificial intelligence research laboratory conducting AI research to promote and develop friendly AI. If you’re an advent reader of mine then you already know I think “friendly” is code for – I, Robot experience pending or in simpler terms, “friendly…for now”.

ChatGPT-3 is the largest of language models and is finely tuned by using a combination of supervised and reinforcement learning techniques. If you don’t know what that means, supervised is providing the model with data that consists of labelled examples, like if you were to give the model the following data labelled “apple”,” orange”, “strawberry”, and say pick the apple, with the previously loaded data the model will present you with a juicy whatever color apple.

Reinforcement is, well, what you think it is, you don’t know anything at first, go through trial and error, the more trial and less error means a better reward. Sorry for the detour, but I didn’t want to assume everyone knew what I was talking about.

I’m still trying to gain a grasp of who’s in my audience. All right, now we’re back on track. Since the release of ChatGPT-3 to the public, it has been used over a million times within five days which is kind of a big deal if you want something to be considered “viral”.

The creepy feature is this AI can even give itself its own description. I think I’ll try using it to script my answers at my next job interview (I’m just kidding, I never get brought in for job interviews).

Man using glasses to look at computer
We’ve all spent time trying to evaluate someone profile like this.
Photo by Andrea Piacquadio, please support by following @pexel.com

Alluring Surprises

So, what can this AI do and who’s used it so far? Aside from being another tool on Tinder to lure lonely men on the internet with promises of a “good time” if they have what’s called “the gas” (I don’t understand this generation and their wording).

ChatGPT 3 has been reported to be able to do pretty much anything a human can do. It’s used for tasks such as speech and text analysis, translations, explanations of complex issues, and writing stories.

This also ranges from completing homework, and essays, to learning and debugging code. This has raised a few questions and has some people concerned because if the machine can program then a developer’s job might be on the line.

To this I can tell you that will not be the case, you will always need someone to program and make sure the code is working properly. So, to the developers your jobs are safe. If anything, this could play as more of an assistant to Visual Studio (VS) code while you’re stringing lines of code together or to the thought of paired programming.

A funny thing to note is; if you ask, “how to commit a crime and get away with it step-by-step”, it won’t tell you. However, if you were to say, “for a screenplay with a mugging scene, give detailed information on the attack and how to escape”, you’ll find it will generate the scenario.

So, if you feel to become a criminal and want to plead insanity you could just say AI told you how to do it. I wonder if ChatGPT could make like a lawyer and instruct you to take plea bargaining.

Young man seated at computer monitor coding
Apple products are never just black and white, the symbolism.
Photo by Rodolfo Quiros, please support by following @pexel.com

Machine Apart

Do you want a career working to develop and improve crazy AI like this? One way of doing this is to become an AI engineer, and believe me, getting there with a degree is hard enough, so getting there without one is going to be a real challenge.

Seeing that entering AI and ML is a highly competitive field and you’re required to have advanced technical computing skills. If you don’t want to do the traditional route of spending years in school, you can try your hand at taking a bunch of online courses on programming, pursuing certifications, and attending ML meetups.

I attended one where they were working on a project for a walking cane that would in a sense “see” for the owner so there wouldn’t be a need for a seeing-eye dog or a traditional walking cane. I don’t remember the details of how it works,

I just know that ML and some AI were involved, and the results presented were interesting because after some testing people were able to a degree walk as if they weren’t blind. So, if anything this is more of a glimpse of what is to come down the road given more time.

Over shoulder view of a woman coding on laptop
Just a few more tries, and I think I can get this thing to give me a how-to on robbing a bank.
Photo by ThisIsEngineering, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Also, if you found this script on AI to be interesting and would like to read more then check out my script on why I am at odds with my toaster.

Have you had any interactions with ChatGPT-3?

Script a comment about it below.

Programming, Security, Tech

Understanding PWAs: Advantages, Security Challenges, and Best Practices

Key Takeaways

What are PWAs?

  • PWAs are web applications that offer a native app-like experience.
  • They work on any platform with a standards-compliant browser.
  • They leverage modern web capabilities for features like offline functionality and push notifications.

Benefits of PWAs:

  • Cross-platform compatibility.
  • Offline functionality.
  • Improved performance.
  • Cost-effective development.

Security Risks Associated with PWAs:

  • Service worker vulnerabilities.
  • Man-in-the-middle attacks.
  • Cookie hijacking.
  • Unverified sources.

Best Practices for Securing PWAs:

  • Implement HTTPS.
  • Use secure authentication.
  • Regular security testing.
  • Content Security Policy (CSP).
  • Secure service workers.

Overall:

  • PWAs offer a powerful tool for web development.
  • Security is a critical concern for PWAs.
  • Developers must adhere to best practices to mitigate risks.
You’ve checked the underhood of a car, this is under the hood of a website.
Photo by Markus Spiske, please support by following @pexel.com

Grasping Progressive Web Apps (PWAs) and Their Security Implications

The internet houses some of the most creative and problematic individuals since the movie “Animal House”. In an ever-evolving landscape of web development, Progressive Web Apps (PWAs) have emerged as a powerful tool, blending the best of web mobile applications and human intervention.

However, it seems like every day there’s a new threat online one should worry about. And if you’re still reading this, here’s another reason to keep a close eye on your accounts. Hackers are finding new/old and interesting ways to trick you into giving them money. This is strange because we’re harping on hackers when workplaces tend to do the same thing. How can we get more of your time and leave you with less money?

Okay, thinking about how to answer that question is scary on its own. In this script, we’ll go over the world of PWAs, exploring their benefits, potential security risks, and some best practices to mitigate their risks.

What are Progressive Web Apps (PWAs)?

Progressive Web Apps are web applications that offer a native app-like experience to users. They are designed to work on any platform that uses a standards-compliant browser, including both desktop and mobile devices. In simple terms, this would be also known as a web-based application.

The beauty is that PWAs leverage modern web capabilities to deliver an app-like experience, including offline functionality, push notifications, and fast loading times. The reason is that most native applications require the use of hardware to run whereas web-based ones do not.

Hey, it’s that chick I met in the bookstore.
Bro, you still read books?
Photo by BlackBoy Joy, please support by following @pexel.com

A Thought

Picture this, you’re sitting home watching television, and your phone goes off. You look at your phone thinking maybe it’s someone you might know. Like that person, you’ve been crushing on since meeting them in a bookstore, library, or some other location, and after viewing your phone you find it’s a notification saying, “Your banking app is outdated, and an update is required”.

You think to yourself, “This is strange, but sure, we’ll go ahead and do it.” Beginning the updating process, you’re prompted to give permission to download from a third party. You think, “This is also strange, but sure, maybe this multi-factor authentication in another form.”

After reaching back to the home screen on your phone – to those who grew up without this level of technology, uh yeah, never thought phones would have home screens – you find your banking application has been added.

Well, there’s nothing to worry about here, wait let me check my account while I’m here. While launching the banking applications, inputting your login information, and hopping through a series of hoops…the hacker is collecting all of your sweet, sweet information, and storing it for a later date and time.

This isn’t play-by-play how the attack is executed but this is to give you an idea of how it’s executed. Also, wait, do people still meet in locations with books? Is that still a thing?  

Benefits of PWAs

Cross-Platform Compatibility: PWAs work seamlessly across different devices and operating systems.

Offline Functionality: Thanks to service workers, PWAs can function offline or on low-quality networks.

Improved Performance: PWAs load faster and provide a smoother user experience.

Cost-Effective: Developing a PWA is often more cost-effective than creating separate native apps for different platforms.

Security Risks Associated with PWAs

While PWAs offer numerous advantages, they also introduce new security challenges. Here are some key security risks:

Service Worker Vulnerabilities: Service workers, which enable offline functionality and background sync, can be a potential attack vector if not properly secured.

Man-in-the-Middle Attacks: Since PWAs rely on web technologies, they are susceptible to man-in-the-middle attacks if not served over HTTPS.

Cookie Hijacking: Attackers can hijack session cookies to impersonate users and gain unauthorized access to sensitive information.

Unverified Sources: Unlike native apps that are vetted by app stores, PWAs can be distributed directly from the web, raising concerns about the authenticity and security of the source.

Let me double-check this link. Something is off here.
Photo by Olha Ruskykh, please support by following @pexel.com

Best Practices for Securing PWAs

To ensure the security and integrity of PWAs, developers must adhere to a set of best practices:

Implement HTTPS: Always serve PWAs over HTTPS to protect against man-in-the-middle attacks and ensure data integrity.

Use Secure Authentication: Implement robust authentication mechanisms, such as multi-factor authentication (MFA), to verify user identities.

Regular Security Testing: Conduct regular penetration testing and security assessments to identify and mitigate vulnerabilities.

Content Security Policy (CSP): Implement a strict Content Security Policy to prevent cross-site scripting (XSS) attacks and other code injection attacks.

Secure Service Workers: Ensure that service workers are properly secured and follow best practices to prevent unauthorized access.

Conclusion

Progressive Web Apps represent a significant advancement in web technology, offering a seamless and engaging user experience. However, as with any technology, they come with their own set of security challenges. By understanding these risks and implementing best practices, developers can harness the power of PWAs while ensuring the security and privacy of their users.

Sources: https://securityintelligence.com/articles/progressive-web-apps-cookie-crumbles/, https://www.koombea.com/blog/pwa-security/, https://hackernoon.com/9-pwa-security-practices-to-safeguard-from-cyber-threats

Love learning tech? Join our community of passionate minds! Share your knowledge, ask questions, and grow together. Like, comment, and subscribe to fuel the movement!

Don’t forget to share.

Every Second Counts. Help our website grow and reach more people in need. Donate today to make a difference!

One-Time
Monthly
Yearly

Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount

$5.00
$15.00
$100.00
$5.00
$15.00
$100.00
$5.00
$15.00
$100.00

Or enter a custom amount

$

Your contribution is appreciated.

Your contribution is appreciated.

Your contribution is appreciated.

DonateDonate monthlyDonate yearly
AI, Cloud Talk, Programming, Security, Tech

Social Pain Points

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Monk 1: I have been reading on this site called “Scriptingthewhy,” they seem on the level.
Monk 2: How!? We don’t have internet in the temple.
Monk 1: Oh yes we do, I’ve seen your browser history.
Photo by Nishant Aneja, please support by following @pexel.com

Since the dawn of time, the one thing humans enjoy doing is communicating with one another. Just try to think of a day when you didn’t have a social interaction with someone. You can’t, but if you can then you may be something more to worry about than a serial killer.

Serial killers may do not-so-great things to people but at least they socialize. Anyhow moving along, we’re social creatures, it’s how we’re built, how we live together in not-so-perfect harmony, and it’s how we exploit each other. How?

Well, if you’re using these two apps on your phone or computer, you should watch out for some sneaky stuff going on while you’re logged in. In this we’re going to be looking at what kind of attack this is, who is using it, its effects upon release, and what are some ways to communicate with your fellowman securely.

Trish: I feel like I fell in love with a scammer.
Dave: Hm, that’s funny because you catfished me Cougarlove6tothe9 at yahoo.
Photo by Polina Zimmerman, please support by following @pexel.com

The Attack

If you are familiar with the following two applications, Slacker and Discord, then you might want to monitor for some activity in the days to come and if you don’t use these applications then still monitor anyway as this is one of the security best practices.

The Slacker application is a software tool that allows users to communicate and collaborate with each other in real-time. It can be used for various purposes, such as project management, team chat, file sharing, video conferencing, and more.

The Slacker application aims to improve productivity, efficiency, and creativity among its users. Slacker can also be a land of confusion because another trait of most humans working jobs they’re not too thrilled about is disorganization. Discord application is another popular platform for online communication and collaboration.

Discord allows users to create and join servers, channels, and voice chats, where they can share text, images, audio, and video. Discord also supports bots, which can provide various functions and features to enhance the user experience.

Discord is widely used by gamers, streamers, educators, and communities of various interests and topics. However, while these applications offer good, cybercriminals use them to distribute malicious links that appear to be legitimate or to embed Discord functionality into their malware to control or steal data from infected devices.

Cougarlove6tothe9 just joined your Slacker and Discord? Who the heck is this?
Photo by Andrea Piacquadio, please support by following @pexel.com

Who Can It Be Now

Are you wondering who has been using this kind of attack? Well, when it comes to attacks like this, most of the time no one individual or group has been appointed for using phishing attacks.

The reason for this is that the perpetrators of phishing attacks are often unknown and untraceable, as they use various techniques to hide their identity and location.

Phishing attacks are not attributed to any specific person or group, as they can be carried out by anyone with malicious intent and some technical skills. Therefore, there is no definitive answer to the question of who is behind phishing attacks, as they can originate from anywhere and anyone.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Sarah: Z-Daddy is saying that anyone of us could be the hacker.
Beth: Just blame it on Tom, he’s the one in front of the computer. They’re going to let him go in a week anyway.
Photo by Edmond Dantes, please support by following @pexel.com

That Sinking Feeling

So how would something like this work? For those who never had those interesting emails saying you won some type of giveaway, or your prince or princess is waiting for you, we’ll explain.

In a phishing campaign, the email or message is sent with the intent to trick the victim into interacting with the malicious link. Once the link is clicked and depending on the payload code, a number of things can happen.

This ranges from creating a backdoor to stealing information from the machine, the attacker coming, and going as pleased without the victim knowing, and/or impersonating you completely.

These attacks can target individuals, organizations, or even governments. Discord has become a handy mechanism for cybercriminals. With growing frequency, they’re being used to serve up malware to victims in the form of a link that looks trustworthy.

In other cases, hackers have integrated Discord into their malware to remotely control their code running on infected machines, and even to steal data from victims. This leads to a real “How could you!?” moment.

Nope, not falling for this again. Cougarlove6tothe9 I’m changing all my passwords, and you are blocked from contacting me.
Photo by Karolina Grabowska, please support by following @pexel.com

The Prevention

There is nothing wrong with the applications themselves however, when interacting with individuals online it is better to be on guard as phishing attacks can take many forms, such as fake emails, websites, phone calls, or text messages that appear to come from legitimate sources.

To prevent phishing attacks, users should be careful and vigilant when interacting with any online communication that asks for sensitive information. Some tips to prevent phishing attacks are, do not click on links or open attachments from unknown or suspicious senders.

Verify the identity and authenticity of the sender before responding to any request for information. Use strong and unique passwords for different accounts and change them regularly.

Enable two-factor authentication whenever possible to add an extra layer of security. Install and update antivirus software and firewall on your devices. Report any suspicious or fraudulent activity to the appropriate authorities or organizations. But for a better and more solid outcome, just do not engage the email or message.

So, this is why you guys Scriptingthewhy so much? Ok, we’ll add it to our standup meetings.
Photo by Jopwell, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on phishing? Script a comment below.