0xtero

0xtero , 1 day ago

Well, that was extremely long winded way to say "depends on your threat model".
Which it does.

So nothing new under the sun.

0xtero , 2 days ago

In conclusion, Fuck EA.
End of message.

0xtero , 8 days ago

Why?

0xtero , 11 days ago (edited 11 days ago)

So your requirement with cellular calling (eSIM) is already fairly restrictive and depends on which market we're talking about. Where I live (.se) you get to choose between Apple and Samsung and since Apple was out of the question, you're stuck with Samsung.

Not entirely sure if your second requirement with long battery life can be fulfilled. You'll be charging the watch every day, probably more often if you take calls on it.

There's some rumors that Garmin Forerunner/epix will get eSIM support, but that will be also carrier dependent.

These wearables are pretty complicated high end devices, I wouldn't really give them to elderly parents who stuggle using a normal mobile.

I think it might be better to look into other tyoe of devices like pager systems from caregivers, if you're worried about health issues.

0xtero , 12 days ago

Yeah, well just go ahead and see if it works for you now. I doubt much has changed, but some bits are probably more polished these days.
Most distros support some kind of LiveCD, so you can try it out without having to reinstall your machine, it's painless and quick to evaluate before you take the plunge.

zenbook duo pro

A quick search reveals this. Might be helpful.
https://davejansen.com/asus-zenbook-duo-and-fedora-linux/

0xtero , 12 days ago

I thought it was funny as well. Sometimes FOSS communities are so very uptight, we should relax a bit.

0xtero OP , 13 days ago (edited 13 days ago)

I also don’t get much value out of the statement that “every” OS except Android is vulnerable. Do they really mean all other OSes, or just what would come to mind for most people, i.e. Windows, macOS, Linux, iOS? What about the various BSDs for example?

It's a DHCP manipulation attack, so every RFC 3442 compliant DHCP implementation implementing option 121 would be "vulnerable" (it's not vulnerability though). Android apparently doesn't implement it, so it's technically impossible to pull off against Android device. There might be others, but I'd guess most serious server/desktop OS'es implement it.

The title isn't misleading at all, even though the "neutering their entire purpose" is a bit of a click-bait. This doesn't affect ingress VPN at all.

It's an attack that uses DHCP features (according to RFC).

It's a clever way to uncloak egress VPN users, therefore it does have privacy impact since most of us use VPN for purposes of hiding out traffic from the local network and provider and there's no "easy" fix since it's just a clever use of existing RFC.

0xtero , 13 days ago

These attacks range from phishing attempts to sophisticated malware intrusions. Website defacement attacks and Distributed Denial of Service (DDoS) attacks are often seen during significant events

...

And these tactics can also be replicated elsewhere. Other countries worried about the impact of cyberattacks and disinformation campaigns on their elections and democratic institutions should be paying attention.

These tactics are already being replicated elsewhere. This has been the normal Internet background noise for years. This is not news.
However, just as in 2014 when Russia was preparing for Crimea annexation, the amount of targeted (cyber and kinetic) escalated. Same again before Ukraine invasion. That's what we should be paying attention to - not everyday "millions of cyberattacks" or hybrid misinformation war - those are already happening. and should be handled as basic boring Internet hygiene.

We should be building resilience against targeted pre-invasion cyber. We should be building ways to take down drones, we should be building robust satellite communication networks so we don't have to rely on kindness of tech billionaires. We should find more robust ways of navigating because GPS is too easy target.

In short, we should be learning from the Ukraine conflict, which is the first (and currently only) real live theater for cyberwarfare.

0xtero , 14 days ago

Lemmy instance with "radical" moderation. Sort of like old SA/goon forums, 4chan etc.

0xtero , 14 days ago

Those were not unmoderated. Just radically differently moderated.

0xtero , 16 days ago

I was about to type this exact thing. We have some homeless of course, people always fall through the cracks - but for the most part, the local government provides for basic needs, shelter, food, money and (in due time) housing. Winter is harsh, you don't really survive living "in the nature" in rural areas.

Summer months often see homeless in the form of "Roma traveling beggars" or the "Irish asphalt/garden workers" who live out of caravans, tents or just back of their cars, but they migrate to southern Europe when winter comes.

But yeah, we pay a fuckton of taxes to have a social security network that catches people who are down on their luck. It's not perfect, but it's something. People don't have to live without food or roof over their heads.

0xtero , 18 days ago

I guess it's time to update uBlock Origin lists.

0xtero , 20 days ago (edited 19 days ago)

I mean.. why would people downvote you for that?
I have a todo.txt which I update. If I need to "be mobile" I just stuff some notes into Signal note to myself.
During meetings, I still take notes with paper and pen, because that's much faster than digital notes.

0xtero , 20 days ago

Average Bethesda experience I guess

0xtero , 22 days ago

It's missing quite a few features and it's buggy.
Still ten times better than Cities Skylines 2.

0xtero , 23 days ago (edited 23 days ago)

Ente Photos - Google Photos replacement with encryption and privacy
Ente Auth - Good multiplatform authenticator.
^^ These are paid for service (you get both with same sub), but extremely good.

AntennaPod - Podcatcher
K-9 email

0xtero , 24 days ago

Someone being enraged about snap on behalf of Windows users was certainly a take I didn't know I needed.

0xtero , 25 days ago

I don’t and the energy consumption of public AI services is a stopper for “testing and playing around”. I think I’ll just wait until it takes over the world as advertised.

0xtero , 26 days ago

This sounds like average Bethesda experience. I always get hyped by their pre-releases, but I find the actual games to be tedious and boring slogs.

I know it’s down to personal taste, but I think I enjoy a bit more rail-roading and bit less sandbox. Witcher 3 and Cyberpunk 2077 are “just right” for me, the story is tight. Bethesda games a bit loosey-goosey (ha!) with their storytelling.

0xtero , 29 days ago

I’ve configured Firefox on their Linux laptop not to keep any cookies after the browser is closed. I know this isn’t a Linux/Firefox issue

It’s you issue.

Block third-party cookies, but allow cookies from the site itself. I’m not sure why you’d filter those out in the first place?

0xtero , 1 month ago

I’m a consultant so whenever I’m applying for a new gig I need to provide a consultant profile, which is very similar to resume.

Over the years I’ve learned that most customers are not very interested in the “personal stuff” sections - they just want to know you have the skills required, so try to minimize the amount of personal data and concentrate on skills and past gigs (anonymizing customers/companies) etc.

But - unfortunately you have to tell something about yourself and your ability to work together with others, there’s really no way around it. It’s also more and more customary that (for some reason) they want your photo. Stuff like education, certifications need to be there, but keep it very short. Think about “social media profile page”.

Provide stuff like contact info, address, phone, date of birth (if required) and references separately - don’t put them into your resume. You can add something like “Personal information and references provided separately by request” in there, that way, even if the document is shared, all they get is something resembling a LinkedIn profile.

You can also try to add “confidential” to the document header, but I’ve noticed it’s not respected very often.

0xtero , 1 month ago

Teaching kids good, healthy anticapitalist values is important. It’s also good to teach them some basic computing and privacy skills, because they’re not going to get that anywhere else. They’re going to be under lot of social peer pressure to have the latest phones and being connected on social media, consuming information from algorithms.They need to understand how to minimize the harm from Meta and the big tech.

Same applies to the copyright industry and their practices (along with corps who are heavily anti-repair like Apple) - they need to understand the exploitation model of capitalism and lobbying - from there, let them make their own choices.

0xtero , 1 month ago (edited 1 month ago)

I’ve been paying for Nebula account for a while now. It’s got high quality stuff and it’s owned by creators making the content.

There’s also peertube and other fedi variants.

Works great for me, I don’t feel like I need YouTube or I’m missing out on important stuff.

NewPipe/Piped to watch occasional video linked from an article.

0xtero , 1 month ago

Gamers are so fucking weird. Really enjoyed the show. Hope they make 2nd season.

0xtero , 1 month ago

But if it was reality

“In a future, post-apocalyptic Los Angeles brought about by nuclear decimation, citizens must live in underground bunkers to protect themselves from radiation, mutants and bandits.”

And you picked a girl punching a guy the exact moment to suspend your belief at? Damn dude.

0xtero , 1 month ago

A symlink is a file that contains a shortcut (text string that is automatically interpreted and followed by the operating system) reference to another file or directory in the system. It’s more or less like Windows shortcut.

If a symlink is deleted, its target remains unaffected. If the target is deleted, symlink still continues to point to non-existing file/directory. Symlinks can point to files or directories regardless of volume/partition (hardlinks can’t).

Different programs treat symlinks differently. Majority of software just treats them transparently and acts like they’re operating on a “real” file or directory. Sometimes this has unexpected results when they try to determine what the previous or current directory is.

There’s also software that needs to be “symlink aware” (like shells) and identify and manipulate them directly.

You can upload a symlink to Dropbox/Gdrive etc and it’ll appear as a normal file (probably just very small filesize), but it loses the ability to act like a shortcut, this is sometimes annoying if you use a cloud service for backups as it can create filename conflicts and you need to make sure it’s preserved as “symlink” when restored. Most backup software is “symlink aware”.

0xtero , 1 month ago

Kinda tired of the constant flow of endless “analysis” of xz at this point.
There’s no real good solution to “upstream gets owned by evil nation state maintainer” - especially when they run it in multi-year op.

It simply doesn’t matter what downstream does if the upstream build systems get owned without anyone noticing. We’re fucked.

Debian’s build chroots were running Sid - so they stopped it all. They analyzed and there was some work done with reproducible builds (which is a good idea for distro maintainers). Pushing out security updates when you don’t trust your build system is silly. Yeah, fast security updates are nice, but it took multiple days to reverse the exploit, this wasn’t easy.

Bottom line, don’t run bleeding edge distros in prod.

We got very lucky with xz. We might not be as lucky with the next one (or the ones in the past).

0xtero , 1 month ago

I’m not sure why you think I didn’t? Sorry if it was unclear.

From the blog:

This incident has really made me wonder if running the unstable branch is a great idea or not.

My comment:

Bottom line, don’t run bleeding edge distros in prod.

Hope this clarified my opinion! Have a good day!

0xtero , 1 month ago

Yeah, I can get that. The xv situation probably wasn’t the best of examples though?

0xtero , 1 month ago

Luckily I’ve changed my default OS to Linux

0xtero , 1 month ago

Microsoft hates this one simple trick

0xtero , 1 month ago

And thus begins the enshittification of Discord

0xtero , 1 month ago

I think they’re only worried about U.S class action. Don’t think American companies really care about the legality anywhere else

0xtero , 1 month ago

Only reason Discord has “a shop” in EU is for tax evasion. It’s a P.O Box at Schipol airport. I really don’t think they care very much.

0xtero , 1 month ago

I meant NL is one of the top 10 tax havens in the world due to their exemptions that allow corporate tax evasion.

0xtero , 1 month ago

I don’t think this one counts as a big win to be honest It was just freakish luck

0xtero , 1 month ago

Or found out in corporate code review / pentest. We just don’t know. I get that we want to say FOSS is great due to the “many eyes/shallow bugs” thing, but that didn’t work for OpenSSL or log4j. The fact that it did now is great, but let’s not get carried away. It was just pure luck.

0xtero , 1 month ago

SELinux has been GPL for 24 years.

It’s part of what was called Rainbow Books, but is known more widely these days as the Common Criteria.
en.wikipedia.org/wiki/Common_Criteria

It’s the “Government setting standards” sort of scenario.

0xtero , 1 month ago

Catching this now is pretty huge, because it mainly targets distro build systems. Had this gone undetected, we’d be in shiznit creek couple of years down the line.

0xtero , 1 month ago

Oh boy. Some of you people watch too many movies.

Let’s get some basic stuff established:

• This thread is about commercial platforms selling your direct message data. That’s the threat model.
• I don’t live in a country where the police SWAT teams throw flashbangs without court orders
• If the authorities want to get to me (which, again, is not the threat model of this thread). They can. Easily. They know where I live. They just have to knock on the door. It’s not even locked.
• I did, to my best knowledge, not reply to you in anywhere this thread. I’m not sure why you are replying to me.

But sure. I’ll give you this: If your threat model is dodging SWAT team flashbangs, I doubt using Signal is much use to you at that point. That just wasn’t what this thread was talking about.

0xtero , 1 month ago

Which was a response to this