I was reading GitLab's documentation (see link) on how to write to a repository from within the CI pipeline and noticed something: The described Docker executor is able to authenticate e.g. against the Git repository with only a private SSH key, being told absolutely nothing about the user's name it is associated with....
When authenticating with git over SSH, the private key should be considered secret and well protected.
That means the corresponding public key that was uploaded to the git server is enough to authenticate and no username is required. However, a password protected privare key is possible and extra layers of security can be added to the authentication mechanism.
As far as resource based attacks based on public key searching, I doubt many servers have significant enough public keys on a single host to even notice. Most repos are siloed and have specific teams/individuals assigned to them, so only a small number of public keys even gets loaded.
I dont know enough about the server side mechanics to be sure, but imo the attack surface is pretty small.
Chatgpt is licensing their product to lots of entities and then the licensees relabel the AI as their own with a line somewhere that says "powered by Chatgpt" or similar.
For example, Bing AI is just chatgpt-4.
So if DDG is simply licensing out chatgpt, id definitely have eprivacy concerns.
Gaming PC means video games, video games have historically been Windows or maybe Mac compatible. Only in the past couple years have game makers started making Linux compatibility a priority, and even then its a small percentage.
Until all systems align, Windows will continue to dominate. But things like HTML5 over Flash are helping those efforts!
What's everyone's opinion on a VPN provider? I've used Nord for a long time, but my subscription is up next month and I'm exploring my options. I use a vpn 24/7 on my laptop and most of the time on my phone as does much of the family....
My son was just born, and while a few photos will go on the likes of Facebook and Instagram, overall my partner and I are wanting to keep our shared photos private from the EULA abuses that we all know and hate....
Absolutely. They are entrenched in their regulations so much that it takes forever to change things.
Years ago, I had an account at an american big4 bank with an 8 character password and was going through and making all my passwords unique. I was changing everything to random strings of 20-30 characters (this isnt the best practice, btw, but still better than 8chars), so when I get to this bank account it capped me at 15chars. I couldnt believe the forced low entropy they gave me for something as vital as a bank account.
I asked them why, and basically they said their system would break with anything over 15chars.
The other 2 commenters are wrong. URLs as they appear in your web browser are NOT encrypted when sent over https protocols.
The only data that is encrypted is POST data, and ONLY if it is sent over HTTPS.
So for example, a website login page crafts a URL like https://some.example.com/login?sessionID=12345678 and when you log in to the site extra parameters like Username and Password are sent via POST data, then anyone listening to your web traffic (like the NSA or your neighbor with wireshark) will br able to see the website and the sessionID, but not the login details as they will only show up encrypted.
Yea, ive gotten pretty wide adoption from friends and family on Signal, but id love to have a comparable product with even more features/security/privacy
Matrix may get there eventually, but for now its Signal.
I used to think that there would be 1, main ‘Fediverse’ with all of the ‘big instances’ connected to each other. The recent Threads debacle has shown me otherwise....
neither of you are looking at all the data harvesting that occurs on platforms like Meta and Reddit. Telemetry, keystrokes (not just submitted, but any key typed iincluding backspaced ones), and more, and NONE of that is harvested on this platform.
woohoo! we got moderated content!!! cant wait for all the “organic” ads that pop up in my feed from users spouting the benefits of Tide^TM brand soap!!!
Porn sites Pornhub, XVideos, and Stripchat face stricter requirements to verify the ages of their users after being officially designated as “Very Large Online Platforms” (VLOPs) under the European Union’s Digital Services Act (DSA)....
Seems unlikely, GPS data is far more accurate and lots of security minded m people turn off WiFi when away from home but still need gps when out and about
[Thread, post or comment was deleted by the author]
about mastodon. i love centralized social networks because you can search for any post, regardless of the date of its creation, any person, any community. in mastodon, however, this does not work....
Watched Louis Rossman today, and he’s part of the team behind a new app for watching online video content - not just youtube, but nebula, peertube, twitch and more....
Dutch court convicts engineer to 5 years for maintaining crypto mixer Tornado Cash ( www.patrick-breyer.de )
Are right wingers creating FUD around Signal? ( hachyderm.io )
Telegram founder and CEO alledges signal has backdoors, they don't provide reproduceible builds, etc.
Here's what he said in a post on his telegram channel:...
SSH login without user name? ( docs.gitlab.com )
I was reading GitLab's documentation (see link) on how to write to a repository from within the CI pipeline and noticed something: The described Docker executor is able to authenticate e.g. against the Git repository with only a private SSH key, being told absolutely nothing about the user's name it is associated with....
Apple pulls AI image apps from the App Store after learning they could generate nude images ( ptv-news.com.pk )
The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers - The Citizen Lab ( citizenlab.ca )
DuckDuckGo now has an AI prompt available in beta, and I can already see it on my devices. Does it affect privacy? If so, what alternatives do we have?
Should I be worried about this development?...
5 reasons why desktop Linux is finally growing in popularity ( www.zdnet.com )
Thoughts on VPN providers?
What's everyone's opinion on a VPN provider? I've used Nord for a long time, but my subscription is up next month and I'm exploring my options. I use a vpn 24/7 on my laptop and most of the time on my phone as does much of the family....
What's your take on Bluesky?
I recently finished the episode of The Verge's podcast #Decoder with the interview to Bluesky's CEO and it seems a quite interesting project....
Family photo sharing?
My son was just born, and while a few photos will go on the likes of Facebook and Instagram, overall my partner and I are wanting to keep our shared photos private from the EULA abuses that we all know and hate....
VLC - App stores were a mistake ( archive.is )
VideoLAN...
Bluesky opens up federation, letting anyone run their own server | TechCrunch ( techcrunch.com )
Flipboard just brought over 1,000 of its social magazines to Mastodon and the fediverse ( techcrunch.com )
the encryption keys, why can't the government just sneak on them?
disclaimer: I'm just asking to get understanding of the theory behind network traffic encryption, I know this doesn't happen irl most likely....
Riot Games Now Requires Kernel-Level Anti-Cheat Software for League of Legends, Following Valorant's Implementation ( tuta.com )
cross-posted from: https://lemmy.world/post/10958052...
The 4 best Reddit alternatives: Top picks to replace your subreddits - Lemmy is listed first! ( www.androidpolice.com )
Here's what telegram's founder say about Whatsapp's privacy ( graph.org )
This is an article written by telegram's founder and CEO Pavel Durov in 2019 on "Why whatsapp will never be secure". Your thoughts?
Switched from uTorrent to QBitTorrent
So a bunch of people in this subreddit told me that uTorrent was trash and to switch to QBitTorrent....
The Fediverse is working just as intended.
I used to think that there would be 1, main ‘Fediverse’ with all of the ‘big instances’ connected to each other. The recent Threads debacle has shown me otherwise....
[Discussion] How do you feel about age verification on Porn sites? ( lemmings.world )
Porn sites Pornhub, XVideos, and Stripchat face stricter requirements to verify the ages of their users after being officially designated as “Very Large Online Platforms” (VLOPs) under the European Union’s Digital Services Act (DSA)....
[Thread, post or comment was deleted by the author]
Google will no longer hold onto people's location data in Google Maps — meaning it can't turn that info over to the police ( www.businessinsider.com )
[Thread, post or comment was deleted by the author]
Google loses antitrust case vs Epic Games. Jury rules Google Play store constitutes an illegal monopoly ( www.theverge.com )
The international web standards organization W3C is no longer active on X/Twitter and has directed all their followers to Mastodon. ( w3c.social )
i love centralized social networks...
about mastodon. i love centralized social networks because you can search for any post, regardless of the date of its creation, any person, any community. in mastodon, however, this does not work....
Plex starts narcing on its own users' anime and X-rated habits with an opt-out service, and it's going terribly ( www.pcgamer.com )
A better Revanced ( grayjay.app )
Watched Louis Rossman today, and he’s part of the team behind a new app for watching online video content - not just youtube, but nebula, peertube, twitch and more....
Fediverse alternatives ( feddit.uk )
There are directories of Fediverse projects:...