0xtero

0xtero , 1 day ago

Well, that was extremely long winded way to say "depends on your threat model".
Which it does.

So nothing new under the sun.

0xtero , 11 days ago (edited 9 days ago)

So your requirement with cellular calling (eSIM) is already fairly restrictive and depends on which market we're talking about. Where I live (.se) you get to choose between Apple and Samsung and since Apple was out of the question, you're stuck with Samsung.

Not entirely sure if your second requirement with long battery life can be fulfilled. You'll be charging the watch every day, probably more often if you take calls on it.

There's some rumors that Garmin Forerunner/epix will get eSIM support, but that will be also carrier dependent.

These wearables are pretty complicated high end devices, I wouldn't really give them to elderly parents who stuggle using a normal mobile.

I think it might be better to look into other tyoe of devices like pager systems from caregivers, if you're worried about health issues.

0xtero , 12 days ago

Yeah, well just go ahead and see if it works for you now. I doubt much has changed, but some bits are probably more polished these days.
Most distros support some kind of LiveCD, so you can try it out without having to reinstall your machine, it's painless and quick to evaluate before you take the plunge.

zenbook duo pro

A quick search reveals this. Might be helpful.
https://davejansen.com/asus-zenbook-duo-and-fedora-linux/

0xtero , 12 days ago

I thought it was funny as well. Sometimes FOSS communities are so very uptight, we should relax a bit.

0xtero OP , 13 days ago (edited 13 days ago)

I also don’t get much value out of the statement that “every” OS except Android is vulnerable. Do they really mean all other OSes, or just what would come to mind for most people, i.e. Windows, macOS, Linux, iOS? What about the various BSDs for example?

It's a DHCP manipulation attack, so every RFC 3442 compliant DHCP implementation implementing option 121 would be "vulnerable" (it's not vulnerability though). Android apparently doesn't implement it, so it's technically impossible to pull off against Android device. There might be others, but I'd guess most serious server/desktop OS'es implement it.

The title isn't misleading at all, even though the "neutering their entire purpose" is a bit of a click-bait. This doesn't affect ingress VPN at all.

It's an attack that uses DHCP features (according to RFC).

It's a clever way to uncloak egress VPN users, therefore it does have privacy impact since most of us use VPN for purposes of hiding out traffic from the local network and provider and there's no "easy" fix since it's just a clever use of existing RFC.

0xtero , 18 days ago

I guess it's time to update uBlock Origin lists.

0xtero , 19 days ago (edited 19 days ago)

I mean.. why would people downvote you for that?
I have a todo.txt which I update. If I need to "be mobile" I just stuff some notes into Signal note to myself.
During meetings, I still take notes with paper and pen, because that's much faster than digital notes.

0xtero , 23 days ago (edited 23 days ago)

Ente Photos - Google Photos replacement with encryption and privacy
Ente Auth - Good multiplatform authenticator.
^^ These are paid for service (you get both with same sub), but extremely good.

AntennaPod - Podcatcher
K-9 email

0xtero , 24 days ago

Someone being enraged about snap on behalf of Windows users was certainly a take I didn't know I needed.

0xtero , 25 days ago

I don't and the energy consumption of public AI services is a stopper for "testing and playing around". I think I'll just wait until it takes over the world as advertised.

0xtero , 29 days ago

I’ve configured Firefox on their Linux laptop not to keep any cookies after the browser is closed. I know this isn’t a Linux/Firefox issue

It's you issue.

Block third-party cookies, but allow cookies from the site itself. I'm not sure why you'd filter those out in the first place?

0xtero , 1 month ago

I'm a consultant so whenever I'm applying for a new gig I need to provide a consultant profile, which is very similar to resume.

Over the years I've learned that most customers are not very interested in the "personal stuff" sections - they just want to know you have the skills required, so try to minimize the amount of personal data and concentrate on skills and past gigs (anonymizing customers/companies) etc.

But - unfortunately you have to tell something about yourself and your ability to work together with others, there's really no way around it. It's also more and more customary that (for some reason) they want your photo. Stuff like education, certifications need to be there, but keep it very short. Think about "social media profile page".

Provide stuff like contact info, address, phone, date of birth (if required) and references separately - don't put them into your resume. You can add something like "Personal information and references provided separately by request" in there, that way, even if the document is shared, all they get is something resembling a LinkedIn profile.

You can also try to add "confidential" to the document header, but I've noticed it's not respected very often.

0xtero , 1 month ago

Teaching kids good, healthy anticapitalist values is important. It's also good to teach them some basic computing and privacy skills, because they're not going to get that anywhere else. They're going to be under lot of social peer pressure to have the latest phones and being connected on social media, consuming information from algorithms.They need to understand how to minimize the harm from Meta and the big tech.

Same applies to the copyright industry and their practices (along with corps who are heavily anti-repair like Apple) - they need to understand the exploitation model of capitalism and lobbying - from there, let them make their own choices.

0xtero , 1 month ago

Gamers are so fucking weird.
Really enjoyed the show. Hope they make 2nd season.

0xtero , 1 month ago

But if it was reality

"In a future, post-apocalyptic Los Angeles brought about by nuclear decimation, citizens must live in underground bunkers to protect themselves from radiation, mutants and bandits."

And you picked a girl punching a guy the exact moment to suspend your belief at?
Damn dude.

0xtero , 1 month ago

A symlink is a file that contains a shortcut (text string that is automatically interpreted and followed by the operating system) reference to another file or directory in the system. It's more or less like Windows shortcut.

If a symlink is deleted, its target remains unaffected. If the target is deleted, symlink still continues to point to non-existing file/directory.
Symlinks can point to files or directories regardless of volume/partition (hardlinks can't).

Different programs treat symlinks differently. Majority of software just treats them transparently and acts like they're operating on a "real" file or directory. Sometimes this has unexpected results when they try to determine what the previous or current directory is.

There's also software that needs to be "symlink aware" (like shells) and identify and manipulate them directly.

You can upload a symlink to Dropbox/Gdrive etc and it'll appear as a normal file (probably just very small filesize), but it loses the ability to act like a shortcut, this is sometimes annoying if you use a cloud service for backups as it can create filename conflicts and you need to make sure it's preserved as "symlink" when restored. Most backup software is "symlink aware".

0xtero , 1 month ago

Kinda tired of the constant flow of endless "analysis" of xz at this point.
There's no real good solution to "upstream gets owned by evil nation state maintainer" - especially when they run it in multi-year op.

It simply doesn't matter what downstream does if the upstream build systems get owned without anyone noticing. We're fucked.

Debian's build chroots were running Sid - so they stopped it all. They analyzed and there was some work done with reproducible builds (which is a good idea for distro maintainers). Pushing out security updates when you don't trust your build system is silly. Yeah, fast security updates are nice, but it took multiple days to reverse the exploit, this wasn't easy.

Bottom line, don't run bleeding edge distros in prod.

We got very lucky with xz. We might not be as lucky with the next one (or the ones in the past).

0xtero , 1 month ago

Luckily I've changed my default OS to Linux

0xtero , 1 month ago

Microsoft hates this one simple trick

0xtero , 1 month ago

And thus begins the enshittification of Discord

0xtero , 1 month ago

I think they're only worried about U.S class action. Don't think American companies really care about the legality anywhere else

0xtero , 1 month ago

Only reason Discord has "a shop" in EU is for tax evasion. It's a P.O Box at Schipol airport. I really don't think they care very much.

0xtero , 1 month ago

I meant NL is one of the top 10 tax havens in the world due to their exemptions that allow corporate tax evasion.

0xtero , 1 month ago

I don't think this one counts as a big win to be honest It was just freakish luck

0xtero , 1 month ago

Or found out in corporate code review / pentest. We just don't know.
I get that we want to say FOSS is great due to the "many eyes/shallow bugs" thing, but that didn't work for OpenSSL or log4j. The fact that it did now is great, but let's not get carried away. It was just pure luck.

0xtero , 1 month ago

SELinux has been GPL for 24 years.

It's part of what was called Rainbow Books, but is known more widely these days as the Common Criteria.
https://en.wikipedia.org/wiki/Common_Criteria

It's the "Government setting standards" sort of scenario.

0xtero , 1 month ago

Catching this now is pretty huge, because it mainly targets distro build systems. Had this gone undetected, we'd be in shiznit creek couple of years down the line.

0xtero , 1 month ago

It mostly affects/targets the build systems of binary distros - infecting their build machines with this would result in complete compromise of released distro down the line.

0xtero , 1 month ago

If you want private messaging - use Signal.
If you use any kind of messaging on commercial platforms, expect immediate loss of privacy. They call them "direct" messages for a reason.

0xtero , 1 month ago (edited 1 month ago)

Something something Privacy vs. Anonymity.
But I invite you to try. Good luck getting into my phone!

0xtero , 1 month ago

Oh boy. Some of you people watch too many movies.

Let's get some basic stuff established:

• This thread is about commercial platforms selling your direct message data. That's the threat model.
• I don't live in a country where the police SWAT teams throw flashbangs without court orders
• If the authorities want to get to me (which, again, is not the threat model of this thread). They can. Easily. They know where I live. They just have to knock on the door. It's not even locked.
• I did, to my best knowledge, not reply to you in anywhere this thread. I'm not sure why you are replying to me.

But sure. I'll give you this: If your threat model is dodging SWAT team flashbangs, I doubt using Signal is much use to you at that point. That just wasn't what this thread was talking about.

0xtero , 1 month ago

Which was a response to this

0xtero , 2 months ago

I think she should use company provided software and hardware for company related work.

Pirating stuff when your employer offers you supported way to work is just.. beyond stupid.

0xtero , 2 months ago (edited 2 months ago)

Just go ahead and try. You don't really need our permission to do that. Most distros support "live install" direct from the installation media, without making changes to your system. If you don't like it, reboot and you're back to whatever you had before

Have fun!

And to answer your double negation questions, yes and yes.

0xtero , 2 months ago

It doesn't mean anything at all. Swedish SIGINT agency has been working with 5-eyes for ages.

0xtero , 2 months ago

Fantastic piece of software! It's important to make backups if you use Audible as they can and will remove your paid books at will/randomly.
Always keep a local copy - and consider checking your local library, they might have your next audiobook for free!

0xtero , 3 months ago

In a memo sent to employees Mozilla says it wants to bring “trustworthy AI into Firefox”. To help it do this sooner it’s merging its Pocket, content, and AI/Ml teams.

Yeah, I'm not sure this is the "renewed focus" we're looking for, chief

0xtero , 3 months ago

Haha, nice troll

0xtero , 3 months ago

That's not quite right. Mastodon does not have any privacy at all and it's not safe to treat it as privacy platform.

What makes Mastodon worth using is the federated model and lack of commercial engagement algorithms.

0xtero , 3 months ago

I bet the CFO was in habit of joining Zoom company calls with the cat filter turned on. Therefore everyone was pretty much OK with this.
https://www.youtube.com/watch?v=lGOofzZOyl8

0xtero , 3 months ago

Once, not so long ago, streaming was more convenient than pirating. But, as expected the commercial services went through their Standard Cycle of Enshittification and now we either let ourselves get flogged by 50 competing predatory services or just take the easy way and sail the high seas.

The choice is not that hard. Yarr.

Of course this returns us to the state where the streaming companies who have literally "enshitted their own beds" now turn to legislators and policymakers (who they hated, just couple of weeks ago) to ask them to provide some "law and order" to this unruly mob and to defend the corporations right to put thumbscrews on the population for ever increasing profits.

And so it goes.

0xtero , 3 months ago

It's good that they're not selling to Tencent. But it's a shame they're not selling.

0xtero , 3 months ago

Yeah, that's a shame. Hasbro/WotC isn't the best of companies.

0xtero , 3 months ago

So hear me out. What if we took $6.9M out of the CEO bonus and dropped the Mozilla AI project?
Maybe that would be enough to hire a maintainer or two for Firefox iOS port?
Maybe that could work?
I don't know, just an idea. Crazy.

0xtero , 3 months ago

Smart Audiobook Player

0xtero , 3 months ago

No, I guess it doesn't connect to any streaming service. I use Google Drive to store my books and just copy whatever I need from there.