Note: I don’t know if I’ll do this, but it is something that I am passionate about and have a lot of experience with. The outline also still needs some tweaking.

Introduction to Online Safety and Privacy

Course Overview

• Target Audience: General public without technical backgrounds
• Duration: 3 hours total (2h 40-45m content delivery, 15-20m break)
• Objective: Equip participants with skills and knowledge to stay safe and protect their privacy online
• Format: In-person interactive lecture, discussion, demonstrations, and Q&A

Course Outline

Hour 1: Foundations of Online Safety and Privacy (90 min)

• 10 min: Welcome and Introduction
  • Overview of course objectives
  • Importance of online safety and privacy in daily life
• 25 min: Defining Key Terms
  • Personal data: Names, emails, addresses, phones, browsing habits
  • Threats: Phishing, malware, identity theft, social engineering, scams
  • Tools: Encryption, HTTPS, two-factor authentication (2FA), VPN
  • Data breach vs. data leak
  • Interactive exercise: Match terms to definitions on handouts
• 15 min: What Are My Risks?
  • Simple explanation: How do I identify my risks?
  • Questions: Who might want my data? What could they do? How can I reduce risks?
  • Example: Google Yourself
  • Example: 2-3 min Kitboga video clip (e.g., scam call)
  • Quick activity: Write one online habit and one potential risk
• 15 min: Common Cybercrime and Privacy Threats
  • Overview: Phishing emails, malicious apps, scams
  • Real-world examples: Fake login pages, text scams (show sample on slide)
  • How attackers target you
• 10 min: Q&A and Interactive Poll
  • Quick quiz: Identify phishing email or key term
  • Open discussion on participants’ experiences

Break (15-20 min, ~90 min into course)

• Time for personal needs, refreshments, or informal questions

Hour 2: What can I do about it? (80 min)

• 15 min: Strong Passwords and Authentication
  • Creating strong, unique passwords
  • Using password managers (e.g., KeepassXC, Bitwarden)
  • Setting up two-factor authentication (2FA)
  • Example: Shoe HaveIBeenPwned for compromised accounts
• 15 min: Safe Browsing and App Usage
  • Recognizing secure websites (HTTPS, lock icon)
  • Avoiding suspicious downloads, pop-ups, links
  • Checking app permissions on smartphones
  • VPNs, Tor, etc.
• 15 min: Social Media and Privacy Settings
  • Adjusting privacy settings (e.g., Facebook, Instagram)
  • Risks of oversharing personal information or kids’ info
  • Avoiding social engineering tactics
• 10 min: What Happens When Your data Is Compromised
  • Why it happens: Breaches at employers, banks, websites, etc.
  • It’s often not your fault, but you do have options
  • Actions: Check HaveIBeenPwned, freeze credit, change passwords, report to FTC
• 15 min: Hands-On Activity
  • Walkthrough: Setting up 2FA on a sample account (hardware key or app-based like Google Authenticator)
  • Demo: Reviewing privacy settings on Facebook (handouts for X, Snapchat)

Final Segment: Staying Safe Long-Term and Wrap-Up (30 min)

• 15 min: Staying Informed and Vigilant
  • Keeping software/devices updated
  • Recognizing new scams (e.g., AI-generated fraud)
  • Trusted resources (e.g., FTC, StaySafeOnline.org)
  • Scenario discussion: Analyze suspicious text scenario
• 10 min: Wrap-Up and Final Q&A
  • Recap key takeaways
  • Handout: Safety checklist and glossary
  • Encourage sharing one action participants will take
• 5 min: Closing
  • Thank participants, provide resource links, invite feedback

Last February, I finally got a job. Without going into a lot of detail, I got it by leveraging some contacts that I had where I used to live in NC. The number of interviews that I had from applying for jobs in LinkedIn, Indeed, and direct applying was absolutely tiny. Of course, as soon as I started doing the series of interviews for this job, I got calls for four more interviews, because that’s just how things work. I make it a rule to never speak about a current job, just that I have one. If you really want to, you can find me in LinkedIn and see who I’m working for.

Project Page: https://github.com/cosmos72/twin

So, picture this: A window manager that is 100% text user interface (TUI). It’s simple and to the point. You open a terminal in Linux or maybe you are working on headless system with no GUI. You use /usr/bin/twin and now you can open multiple terminals in one terminal without the weird shortcuts of Screen or Tmux. It works like every other GUI environment and has the feel of early 90’s MSDOS.

I think it’s far past time for Linux distributions to really rework how they handle dependencies. I remember installing a graphical tool not long ago that had to dependancy of a dependancy that required emacs. I love emacs, but this is beyond silly. I think there should be a way to map out applications and their dependancies and draw a line between a tool not being able to work altogether and some edge case utility that the software provides that requires the dependancy.

A couple of weeks ago I had an interview with that company that I really wanted to work for. I won’t say who it was. I’ll just say that it would have been an ideal position for me. In order to prepare, I wrote a list of talking points that I anticipated could be discussed during the interview and I had them ready. Since this was an online interview, I had the privilege to have this with me. If this were a face to face interview, I would have just memorized them beforehand to the best of my ability. Since I suspect that I didn’t get the job, you might wonder if this exercise worth doing, I think think it is. It helped me to focus on what I wanted to say and not go off on weird tangents (like I sometimes do).

When I was reviewing OSINT tools from the Intel Techniques course, I wondered if there is a better way to keep track of what’s going on with a specific website. You could screenshot that website multiple times per day, every day, but that could be tiresome and potentially rate-limited.

It occurred to me that many times a website will tell you when it’s updated via an RSS feed. Any RSS feed reader will read the feed and output it to the display, but can I use that feed to download the entire page where the feed is linked to without needing to visit the page directly? The answer, of course, is yes, but the problem is that there isn’t already a tool that does that. That’s why I wrote RSS Saver. Here’s how it works:

Babylon Bee
110 Front Street, Suite 300
Jupiter, FL 33458

Dear Babylon Bee,

I am writing to you in response to the job opening on X entitled: Satire Validator. I, in fact, have no sense of humor and therefore would be perfect for this position. When I was a child growing up on the mean streets of Marion, Illinois; I was often seen as different from my siblings and my peers. They wanted ice cream from the Dairy Queen after church, I wanted a cold shower. They wanted a Nintendo, I wanted a dictionary. They wanted hugs and kisses, I simply desired a stern talking to.

So, I’m on the job hunt again and looking at moving again. This was supposed to have happened almost 2 years ago but life threw me a curve ball. I will be moving from Prague to the US but first I need a job.

Finding a new job is quite frankly scary because you’re putting yourself out there and you don’t know what to expect. On top of it all is moving back to the US with my wife who will be living on a green card. It’s going to be even harder for her.

OSINT, especially the SOCMINT (Social Media Intelligence) specialty, is often focused on widely used social media platforms like Twitter/X, Facebook, etc. However, there are lesser-known alternatives, such as Usenet, that can be a goldmine for OSINT investigations.

This article is not only for OSINT practitioners but also for researchers and internet historians who want to understand the specific ins and outs of Usenet research.

What is Usenet?

Before diving into how to use Usenet for OSINT, let’s briefly cover what it is. Usenet, also previously known as “NetNews,” is a decentralized network of servers that provide access to the Usenet network. Usenet is not a product; much like Email or IRC, it is an open internet standard (NNTP) that anyone can use. In many ways, you can think of it as the message board cousin to Email.

That’s easy. I use it for grammar and spell checking for cover letters and my resume.

Why do I limit it to these specific uses? I am a real person who at least hopes that job applications will be read by other real people. LLM’s can’t replicate the way I talk or the way I write. The English that they generate is not my English. Not to mention, an LLM-generated cover letter suggests that I don’t care about who the employer is; I’m just going to apply for anything with matching keywords in a job description. I am writing this in response to a post that I saw recently on LinkedIn where someone was advertising their service that can supposedly apply for 1000 jobs on your behalf at a time and get you up to 50 interviews. I’ve been unemployed and desperate before. I understand the need to find a job ASAP, but I don’t think mass spamming is the way to go. It’s a trap that can get you labeled negatively in the eyes of a hiring manager.