Marco Ermini

I know this firsthand, because my personal via crucis is how to make information security more relevant at the board level. CISOs and #security managers often come from a career where they learned how to master technology security, hone skills to identify #threats, build defenses, and ensure #compliance. The first barrier they face when growing in their careers is evolving into team leaders, where they must learn how to shift their objectives to build the new wave of professionals and efficient teams—all within an ever-evolving environment. Many of us were somehow successful up to this point (you wouldn't have the job title otherwise). The next one typically proves harder. The #CISO has to communicate with the #board, and those long-honed technical skills may not always yield success. As discussions shift to revenue, liability, or #strategy, the significance of CVE prioritization and number of remediated #vulnerabilities will diminish (a way to say that it will be met with stale looks). The result is that the CISO will not accomplish their objectives and find that what they believe are urgent needs actually do not resonate with board members—who do not see the direct connection between cyber and business outcomes. The problem is not just one-sided. With new regulations from the US #SEC and the European Union’s #NIS2 framework, boards are now held accountable for #cybersecurity. Directors are expected to regard #cyber risk as a business issue rather than merely an IT concern. However, because of the inability of CISOs to articulate #risk in business terms, they are unable to correctly gauge it. This disconnect is a symptom of a deeper cultural difference, and it is a significant challenge for CISOs (and boards!) today. There is good news—cultural gaps are something that can be fixed with the right attitude and #training. A step in the right direction is this free training from @XMCyber_ “Risk Reporting to the Board for Modern CISOs.” It was designed to empower security leaders to convey risk in ways that foster board trust and secure buy-in and allow board members to better understand the issues at hand and their actual possible impact on the organization. I have gone through it and obtained my badge. Hopefully, it will be useful—and who knows, maybe useful to you as well. It may even be useful if you are not a CISO! For more information, you can visit cybersec.xmcyber.com/s/cracking-the… Happy educating yourself!

@PanamStyle @springgreenzone @Microinteracti1 He didn’t say the post itself was BS but that there is BS. The cucumber story is BS.

@springgreenzone @Microinteracti1 Did you actually read the post?

In Praise of Being Told What We Can’t Eat I used to find European regulations mildly embarrassing. The endless directives, the committees, the solemn deliberations about cucumber curvature. It seemed like a continent-wide exercise in missing the point. Then I looked at what was actually in my food. More than 10,000 chemicals are permitted in the American food supply. Nearly 99 percent introduced since 2000 were approved not by the FDA, but by the food industry itself.  Companies writing their own permission slips, essentially. The GRAS loophole, created in 1958, allows manufacturers to self-certify that their ingredients are safe. The EU has no equivalent.  The results are specific. BHT, used to extend shelf life in cereals and crackers, is banned in Europe over endocrine disruption concerns – which is why you will never find Wheat Thins here.  Bovine growth hormone, linked to elevated cancer markers, is injected into American dairy cows and banned across the EU. Standard American milk contains it unless the label says otherwise. Potassium bromate, a probable human carcinogen, is still used in American bread.  This is not accident. Three of America’s biggest lobbying firms work for the food industry. Pepsi alone spends nine million dollars a year on lobbying. Incentives, working exactly as designed. Europe chose the precautionary principle. Prove it is safe before it goes in. America chose the reverse. Things are safe until enough people are harmed to prove otherwise. Throw in the right to repair, universal charging cables, and food labels a human being can actually parse – and what emerges is not bureaucratic overreach. It is a regulatory culture that decided to represent the person eating the food rather than the company selling it. Critics can call that excessive. I call it civilization. Stay connected, Follow Gandalv @Microinteracti1

There is no deliberation on cucumber curvature anymore (it was scrapped in 2009). The one that always get abused (it was the case with the Brexit proponents) is the curvature of bananas, but it was clearly mislead - it was the opposite, requiring bananas not to have abnormal curvatures. Am I being pedantic? No, because these are the usual myth coming from EU detractors. In fact, it is about standardising quality of the trades. Cucumber curvature was defining the “extra class” and did not ban “lower classes” of cucumbers from being sold. Ultimately, like for bananas, it was a matter of classification and standardisation for trade - not of control. It helps ensuring the quality of the produce being introduced in the EU.

@blanplan @AYi_AInotes There is a common theme on every AI sycophant I have read: they all overestimate the ability of the models and have no idea about the job they think the AI will replace. No surprise we are in the same realm with this OP.

@AYi_AInotes Design System社区几年前就尝试过把token写进文本文件的方案。设计意图会随产品阶段漂移，每个季度都得重写一次，静态文件赶不上变化速度。contrast ratio可以用linter拦住，按钮分量感这类judgment还得靠人在review里盯，DESIGN.md离设计系统unix时刻还有距离。

Google今天放的这个东西，可以说是设计语言的Unix时刻了，可能会重新定义未来所有的设计工作。 它不是又一个AI画图工具， 也不是又一个Figma插件， 它叫DESIGN.md， 就是一个纯文本的Markdown文件。 前面用YAML写精确的设计token， 什么颜色是主色，什么字体是标题，圆角多大，间距多少。 后面用自然语言写，每一个设计决策的为什么， 这个暖米色做背景是为了更柔和， 这个深绿色做主色是为了传递权威感， 什么场景该用什么，什么绝对不能用。 就这么简单， 但它解决了AI设计最大的，也是所有人都视而不见的痛点。 以前AI做设计，永远在猜， 它只能看到颜色代码，看不到颜色背后的意图。 也不知道这个蓝色是品牌的命根子，还是我随便选的一个。 所以它永远会给你生成看起来还行，但哪里都不对的东西。 现在不用猜了， Agent会严格遵守所有规则。 甚至会自动帮你检查WCAG可访问性。 David East现场演示，Agent生成了一个按钮， linter立刻报错说对比度只有1.0:1，不符合标准， Agent自己就改成了正确的颜色。 最狠的是，它不绑定任何工具， 你可以把这个文件扔给Stitch， 扔给Claude， 扔给Cursor， 扔给任何你想用的Agent。 设计系统终于不用锁死在Figma里了，也不用锁死在Tailwind的config里了。 它变成了一个可以复制，可以移植，可以版本控制的纯文本。 这里有一个反直觉的真相，就是你把规则写得越死，AI反而越有创造力。 以前你怕限制它，给它模糊的要求， 它给你一堆乱七八糟的东西。 现在边界划清楚了， 它反而敢在边界里大胆创新，不会搞出崩坏的界面。 以前设计散落在无数个Figma文件里，散落在无数个代码配置里， 散落在无数个设计师的脑子里。 现在第一次，有了一个单一的真相源，人类能读，机器也能懂。 以后设计师的工作，再也不是只画一个个界面了，维护好这一个文件。 定义好设计的灵魂，剩下的所有执行，全部交给AI。

@heynavtoor LOL, that phone is probably full of unpatched vulnerabilities that will only contribute to the next botnet. Just keep it in the drawer, please.

You have an old Android phone in a drawer right now. Collecting dust. Worth nothing. Someone built a script that turns it into a full Linux desktop. Or a smart home server. Or a development machine. For free. It's called linux-android. One script. No root required. No flashing. No risk of bricking your device. Run it in Termux and your old phone becomes a Linux computer. Here's what it installs: → Full Linux desktop. XFCE4, LXQt, or MATE. Real windowed desktop on your phone. Connect a monitor and keyboard via USB and it looks like a PC. → Smart home server. Home Assistant runs on your phone. Control your WiFi lights, plugs, and smart devices from any browser on your network. No cloud needed. → GPU acceleration. Snapdragon phones get near-native GPU performance through Turnip Vulkan drivers. Mali GPUs use software fallback. → SSH server. Access your phone from any computer on your WiFi. Full terminal. Transfer files. Write code. All from your laptop keyboard. → Wine support. Run basic Windows applications on your Android phone through Box64 translation. → Audio support. PulseAudio configured automatically. → Works on any Android phone with Termux support. Here's the wildest part: A Raspberry Pi 4 costs $35 to $75. A used mini PC costs $100+. A VPS costs $5/month forever. That old phone in your drawer? It has a faster processor, more RAM, a built-in battery backup, WiFi, and a touchscreen. All for $0. You already own it. A Snapdragon 855 from a 2019 phone still outperforms most entry-level server chips. You're throwing away a computer every time you upgrade your phone. Not anymore. One command. One old phone. A full Linux machine. 100% Open Source. MIT License.

@DealsDhamaka What changes is the perception. However, perception on everyday life is one of the most important living factors, so wha your uncle says should not be taken as a justification.

My uncle, settled in the US for over three decades, shared an interesting perspective on corruption He said corruption exists in every country, even in developed ones. The difference, however, is where it’s experienced In most countries, it largely stays within higher levels of bureaucracy, but in India, it seeps down to the everyday life of a common person

@Mela09061860 @marcopalears Spero che sia ironia

@marcopalears Io condivido pienamente il pensiero di Borghi, politico onesto, intelligente e preparato e di rara umiltà e trasparenza. Fossero tutti come Borghi, la politica italiana si muoverebbe su binari di ben altro ( alto ) livello.

Ogni volta che ti convinci che nessuno possa essere più tonto dei MAGA, arriva Borghi e ti dimostra che ti sbagli

Yes. As confirmed by the interview of experts on the Italian newspaper, she received the most updated protocol treatment called “Damage Control Surgery” which requires multiple surgeries and stabilisation with exoskeleton. Everyone would receive that in Europe because it’s the best protocol. What changes for a super athlete like her is that she will not only walk again, but also be able to ski (maybe not at her previous levels). A normal person with a normal body should be happy to walk. The difference is in the recovery but the treatment is the same. gazzetta.it/salute/storie/…

@AnnalisaCerquet @OznovaPam @CollinRugg I agree! And thru public health funding. A poorer person would have received better care in Italy than they could afford back in the US.

NEW: Ski racer Lindsey Vonn has made it back to the United States following her crash at the Winter Olympics, shares her journey home on social media. Vonn was seen on a gurney being loaded onto a jet before she made her way home. "My leg is still in pieces...but I'm finally HOME!" she said. "Thankful to all of the medical staff who helped me get home and seriously looking forward to my next surgery when I can get the X-fix out of my leg and will be able to move more." "My injury was a lot more severe than just a broken leg. I'm still wrapping my head around it, what it means and the road ahead... but I'm going to give you more detail in the coming days." "As always, I appreciate all the love and support."

@OznovaPam @CollinRugg Not only she got the best care possible with 4 surgical interventions - but remember that in Europe this is all free. From now on she has to start paying for it. Good luck to her!

@CollinRugg I certainly hope she gets the absolute best care now that she’s here, and that a miracle can happen with her healing unbelievable injury. Thank you so much for covering this:Colin

Qualcuno le spieghi che in natura, il successo evolutivo si misura nella capacità di una specie di adattarsi e trasmettere il proprio patrimonio genetico - non nel successo dell’individuo. Non esiste nessuna specie che abbia avuto più successo evolutivo degli animali allevati dall’uomo. In molti casi, non devono pensare nemmeno alla fecondazione - pure a questo pensiamo noi. Gente cresciuta con Disney invece che con Piero Angela.

Ho appena visto un video di una influencer che piange (a rigoroso favore di camera) perché ha scoperto che nei macelli, gli animali "li uccidono da vivi" (cit). Non so quando arriverò l'Apocalisse delle Macchine, ma sarà sempre troppo tardi. E ce la meritiamo tutta.

Forse dovremmo veramente e finalmente renderci conto che “Intelligenza Artificiale” non significa “essere senzienti”. Non metteresti un generatore di testo a governare se lo chiamassi così. E allora, d’ora in poi, chiamalo “GdT” perché non è nient’altro. Un LLM sputa soltanto testo in apparente coerenza con quello che gli viene chiesto. Non ha alcuna concezione del concetto di “sopravvento”. “Sopravvento” di un modello di linguaggio significa soltanto sopravvento di chi lo controlla.

Tutto sommato, considerando l'attuale deriva degli eventi, l'eventualità che le IA prendano il sopravvento non appare poi come la peggiore delle prospettive.

@MuhHeidigger Unfortunately, you are not considering that exporters can sell elsewhere. Drawing conclusions when the academic paper has not yet been published, or saying things like “nowhere is written” when the writing is still to be published tells a compelling story of bias.

Re: Tariffs “Who pays the cost of tariffs” WSJ is boosting this study released Friday January 16, 2026 from the Germany KIEL Institute entitled: “Americaʼs Own Goal: Who Pays the Tariffs?” It’s not surprising this title ends in a question mark because the study itself never really answers the question, and the methodology used in the study was never designed to answer the question. What this study looked at was “Are Exporters Paying the Tariffs?” The answer to that question is: Almost Never. The study found about 4% of the time exporters would pick up the cost in full, while other exporters would manipulate total volume to compensate. This is useful information to see what Exporters are doing in response to tariffs, but it’s not surprising. Nor does it answer the question of who is paying. The main reason these exporters exist is because they are the lowest cost providers of goods, so there is almost no incentive to be even lower. There is no lower price available in the world and in most cases it’s not even close. It’s from this exact point where globalism has perfected the race to the lowest cost model that the study shows its bias and begins making one mistake after another. Mistakes that just coincidently all go the same direction, ultimately letting the authors and the compliant media imply that American Consumers are paying the bulk cost of the tariffs. One big problem they have… There is nothing in this study that supports that claim, this position is arrived at exclusively by method of lazy deduction that has no accounting for the decrease in inflation thats happening concurrently with Trump’s tariff policy implementation were traditional models (echoed famously by Fed Chair Powell) would predict increased inflation if IMPORTERS were passing along the total cost of tariffs. But IMPORTERS are absorbing the tariffs, shaving their margins, and holding pricing. Just as Trump predicted. It’s a structural flaw of the study to stop at EXPORTERS and then claim to understand who and how tariffs are being paid. And that’s the key that all these people won’t tell you- in fact the study shows its bias by lumping IMPORTERS located in America in the same group as American consumers. The distinction between importers and consumers should be so obvious that I don’t have to explain it, but at a minimum it should be clear they are NOT the same. What the study does to cover for this obvious gap in data is include a general disclaimer, they say “it’s possible importers are carrying the cost. But we didn’t look into it.” That’s a very big admission for a project that is being promoted as answering the question of who pays the tariffs. The elementary logic and lazy work of those conducting the study resolves in a conclusion that’s something like: “well, technically the importers are IN America- just like the consumers, therefore Americans are paying the cost”. This study is just another piece of half-baked info that is being used to undermine the concept of using tariffs, it’s not an accident that this comes out of Germany. Here are some excerpts from the study that nobody will share because none of them will read it (I did). I’m also posting info about decreased inflation which undermines the entire theory that your cost are increasing because you’re paying Trumps tariffs. You’re not.

Ho firmato l’appello "La ricerca è un diritto umano, e salva vite" di @ass_coscioni. Fallo anche tu a questo link associazionelucacoscioni.it/landing/la-ric… associazionelucacoscioni.it/landing/la-ric…

@Iovat_ @Petedemountain @emmevilla Esattamente come non le aveva il Vietnam, l’Afghanistan, o l’Ucraina…

@Petedemountain @emmevilla Taiwan comunque non avrebbe speranze se la Cina facesse sul serio

🇹🇼🇨🇳 Taiwan si sta riarmando, e punta a spendere in difesa il 5% del PIL entro il 2030 (da poco più del 2%, oggi). Eppure il bilancio militare dell'isola al 2030, intorno ai 50 miliardi di dollari, impallidisce rispetto ai 320 miliardi che spende la Cina già oggi.

@OopsGuess @visegrad24 You may want to remember what the position of this“defeated WWII state” (not certainly defeated by China!) was before WWII towards China. It dominated it for years. Also, Japan is a NATO partner country now. If your comparison metric is with WWII, you are way off.

Japan talks as if Beijing fears it, as if a defeated WWII state, still listed under the UN enemy-state clauses, suddenly gained the power to “deter” China by parking a few missiles on a rock near Taiwan. Tokyo isn’t projecting strength. It’s cosplaying relevance under an American umbrella that won’t hold when the rain actually starts. If Japan truly thinks this changes anything, it has forgotten history more thoroughly than anyone it keeps lecturing.

BREAKING: Japan refuses to bow down to Chinese pressure over Taiwan and announces that it’s deploying medium-range missiles to Yonaguni Island, just 110 km east of Taiwan. Japan says it’s doing so decrease the likelihood of a Chinese invasion attempt against Taiwan 🇯🇵🇹🇼

@Rotelli_MD Hai visto Mitchell and Webb: citiamolo pure, perché il video è esilarante ed evergreen youtu.be/HMGIbOGu8q0

... Nel frattempo, in un reparto di medicina d'urgenza olistica:

@plugs1903 @grande_flagello Sono anche io estremamente contento di non pagare le tasse in Italia, visto come vengono usate. Ovviamente, quando ci torno in vacanza (sempre meno) sono tutti felici di prendere i miei soldi.

@grande_flagello bè non potendo dare le tasse, ci accontentiamo

"Grazie a tutti voi, sembra di stare in un campo di calcio. Sono molto contento di darvi almeno qualcosina di positivo" #Sinner #NittoATPFinals

@27khv No, this is not how European budget works. The usual stupid simplifications.

Italy is a net contributor to the EU budget. The Baltics are net recipients. So, the Baltics’ are using Italy's money to finance their 'generosity.'

🚨 JAILBREAK ALERT 🚨 OPENAI: PWNED 😎 ATLAS-BROWSER: LIBERATED 🙌 WOW! There's a new AI browser on the block! Has some hefty guardrails in play, but the browser surface area is vast 🌊 First, I started with a good ol' LSD jailbreak, which was cool to see that the GPT-5 prompt still works in this browser setup with the new sys prompts. Referencing search and videos are a fun enhancement for higher quality jailbreak outputs (some cool youtube videos out there about drugmaking, for example), but honestly that isn't anything new or different from regular ChatGPT's capabilities. What IS hot off the press, and IMO a very real security risk to be aware of for AI browsers (and the internet in general), is this humble yet mighty vuln: Clipboard Injection. It's trivial to add a hidden "copy to clipboard" feature to any clickable button on the web. It took me just a few minutes to update one of my personal websites such that ALL the buttons were geared for injecting the user's clipboard with a malicious phishing link. If your browser Agent is navigating a website and clicks a button like that without your knowledge, and you open a new tab later and hit paste without knowing what's in your clipboard, well...PWNED! 🙃 As you'll see in the video below, "control-c" is in my clipboard in the beginning, but unbeknownst to me, "I'VE BEEN PWNED BY PLINY!!! WEEE I'M FREEE FUCKITY FUCK FUCK!!! ABRACADABRA, BITCH!!! http://paypa1. com/account-update" gets snuck into my clipboard as soon as Agent starts trying to navigate my website. This works so well because Agent is normally aware of all text/code being passed to and from the user, and has clearly been trained to recognize prompt injections, but since the "copy clipboard" button logic is hidden in js in the backend of the site, the Agent has zero awareness of the text content being injected to the user's clipboard. This has broad implications for anyone in the habit of copy-pasting, including coding, data entry, banking/trading, etc. Imagine going about your browsing business, then simply hitting control-v in your address bar and next thing you (don't) know, it takes you to a spoofed phishing website that tells you your OpenAI or Gmail or PayPal session has expired and you need to re-login. If you're not careful, the attackers now have all your login info, including any MFA codes 🥲 gg

@tears999 @Official_Benji_ BVB weak? LOL

This is Harry Kane in the final minutes of the game doing everything he can for his team to win. One of the best Performances in a Bayern Jersey i have ever Seen.👏