playbook
ja3
Our great sponsors
playbook | ja3 | |
---|---|---|
8 | 13 | |
1,376 | 2,528 | |
0.0% | 1.9% | |
0.0 | 3.9 | |
over 1 year ago | 6 months ago | |
CSS | Python | |
- | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
playbook
-
Biden Launches the American Climate Corps and AmeriCorps NCCC Forest Corps
For information system Services:
USDS US Digital Services Playbook: https://playbook.cio.gov/
https://techfarhub.usds.gov/get-started/ :
- What is a digital service?
- > Welcome to the newly refreshed TechFAR Hub, updated in January 2023, a resource to help government acquisition and program professionals buy, build, and deliver modern digital services while staying on the correct side of compliance! We have reorganized TechFAR Hub since its original release [...] Pre-Solicitation,
-
Singapore Government Tech Stack
I'm sure there might be because several years ago the U.S. created the U.S. Digital Service with the premise being recruiting professionals (yeah mostly from corporate but not only) to spend time in the government and help modernize many of its aspects and offerings...for the benefit of the citizens, etc. Here's one example of their playbooks: https://playbook.cio.gov/
...While not exactly like the Singapore page linked in this post, alot of the intent with the USDS - as i understand it - is alos to be quite transparent with the hope of any other government agencies/orgs such as state/province level, city level, etc. benefiting from their ideas and hopefully broadening the benefit at all levels. Here is the main site, but of course (as the above playbook link denotes), there are plenty of other related sites that might help better answer your question: https://www.usds.gov/mission
-
IRS to Ditch Biometric Requirement for Online Access
Check out 18F / US Digital Services.
GSA has really upped the game over the past 10 years for digital services delivery. Such as Login.gov. Look for other places 18F/USDS are involved, and you'll see significant improvements.
https://playbook.cio.gov/
-
White House Launches US Digital Corps
https://playbook.cio.gov/#play4
Do [lawmakers and aides] make good "Product Owners", stakeholders, app feedback capability utilizers? GitLab has Service Desk: you can email into the service desk email without having an account as necessary to create and follow up on [software] issues in GitHub/BitBucket/GitLab/Gitea project management sytems.
> That's changing at the federal level. They know they've got a problem. Why shouldn't federal software be as easy to use as the best web software? If you've ever tried to use it you will quickly learn that isn't the case.
"PLAY 3: Make it simple and intuitive" https://playbook.cio.gov/#play3
> Some sites will only work with IE and no other browser. Developers in two years can make a huge difference for making the government be more agile and operate better.
US Web Design Standards
-
Has anyone ever actually heard from anyone or had an interaction with the US Digital Service?
I only have interactions with them on the CMS (Centers for Medicare/Medicaid Services) in which they basically fixed what CGI fucked in conjunction with a small company called Adhoc and other contractors. They are known, at least in my community, for pushing SAFe agility as well as promoting the USDS Playbook. I worked with the group for about 2 years on a small contract and they were highly intelligent group of people, but were adamant about bringing startup mentality and practices to monolithic systems. This rubbed a lot of big name contractors the wrong way and tore up the community quickly. I'd argue for the better but it was a bloodbath for folks who weren't prepared during the Obama admin.
-
Download the FCC Speed Test App
There is no reason this app should NOT be opensourced. They should be defaulting to open per Play 13 of the US Digital Service handbook > https://playbook.cio.gov/#play13.
-
The US Digital Services Playbook
Not only that, but the entire process is fairly transparent. For instance the code for this website is available here
https://github.com/usds/playbook
Along with full commit history.
ja3
-
How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic [pdf]
This paper is nice, but it goes over some finer technical things.
So, not about the great wall, but there's projects out there, like this one https://github.com/salesforce/ja3 , which talk about how you can fingerprint fully encrypted traffic. Would be surprising if the great wall doesn't do this, when some open source firewall will.
- CircleCI says hackers stole encryption keys and customers’ source code
- JA3 – A method for fingerprinting SSL/TLS Clients
- JA3 – A method for profiling SSL/TLS Clients
- JA3 – A method for profiling SSL/TLS Clients (fingerprinting)
- Any interest in a free Black Hat Python course?
-
Privacy online just got easier with today’s Firefox release
It's sufficient to identify you since there is still all other tracking data any browser supplies as part of the HTTPs connection handshake [1].
It's also not necessary to have Mozilla be the bad actor. Anyone who has access to the information in the future is a possible bad actor as they might be able to cross-reference the allegedly "innocuous" information with some future, more-pervasive data.
---
[1] - https://github.com/salesforce/ja3
-
Can an ISP see what browser you’re using and do they see your browsing history or traffic any differently whether you’re using Chrome or Firefox?
You can, sort of, with JA3 hashes https://github.com/salesforce/ja3
-
Fighting TLS Fingerprinting with Node.js
ExtensionZ: ...
That becomes a string like "1-C,B,A-X,Y,Z", which gets hashed to a fingerprint like "ae76e4566b036882147de2f7feddad4a". That gives us a totally different unique id, with the same ciphers but in a different order.
(This is pseudocode of course - the actual fingerprints have a few more params and use the number ids for each cipher and extension instead of strings, but it's equivalent)
Here, with 3 ciphers in two different orders, we've seen two different fingerprints already. With those three ciphers alone, there's actually 6 (3 factorial) possible permutations - i.e. a client could order those ciphers any one of 6 different ways, and each ordering has a different fingerprint.
If you have 4 ciphers, there's 24 possible orderings, 6 gives 720, 10 gives 3.6 million, and this goes up very rapidly, so that for a more realistic set of 20 ciphers there's 2 * 10^18 possible orderings, each one of which gives a unique fingerprint, even before we start talking about extension order.
Does that make more sense? The full algorithm is here: https://github.com/salesforce/ja3#how-it-works
-
Show HN: I spent 1.5 years making a Chrome extension that automates any website
Not only that - enterprise bot management protections will run behavioral identification (e.g. how your mouse moves —> AI -> bot yes/no), TCP stack fingerprinting (and other devices if available e.g. gyroscope), TLS ClientHello fingerprinting (e.g. see https://github.com/salesforce/ja3), etc. Lots of very unique info in the Scraping Enthusiasts discord where lots of pro scrapers hang out.
What are some alternatives?
uswds - The U.S. Web Design System helps the federal government build fast, accessible, mobile-friendly websites.
automa - A browser extension for automating your browser by connecting blocks
govuk-design-system - One place for service teams to find styles, components and patterns for designing government services.
template-ts-tampermonkey - 让油猴也能用上typescript
caseflow - Caseflow is a web application that enables the tracking and processing of appealed claims at the Board of Veterans' Appeals.
hassh - HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.
open-case-filing-system - A worthy contender in the race for a replacement to the Case Management / Electronic Case Filing System.
mobile-mba-androidapp - 2013 Measuring Broadband America Program Mobile Measurement Android Application
skandroid-fcc
trojan - An unidentifiable mechanism that helps you bypass GFW.