umami_wasbi

@umami_wasbi@lemmy.ml

pending anonymous user

This profile is from a federated server and may be incomplete. Browse more on the original instance.

umami_wasbi, (edited )

For not having some infra managing “cards”, to have some infra managing app instead. Let’s be real, that infra (and managing work) most likely is being out sourced to another company. I think the “efficiency gained” is minimal, but rather the cost to operate. With apps, they can recoup some cost by selling your data.

umami_wasbi,

Can you please elaborate what you mean “web browser defined in 2024”? Thanks.

umami_wasbi,

That I’m not surprised. Look how many companies are shoving apps down our throat while treating web browser users as second class citizens. My sister (21-30 age group) only know to use the “Google app” to search the web on her iPhone while Safari is pinned at the bottom and rarey uses it.

umami_wasbi, (edited )

I just found out some softwares around infrastructures also uses CLA, including:

  • Kubernetes (hosted by CNCF)
  • Istio (hosted by CNCF)
  • Grafana
  • All projects under Apache Software Foundation (e.g. HTTP server)
  • OpenStack (hosted by OpenInfra)

To my surprise, even Golang core uses CLA too.

EDIT: Add more to the list

EDIT 2: Envoy Proxy also hosted by CNCF uses DCO instead of CLA. Interesting.

It looks like very difficult to bulid an infra without some components uses CLA.

umami_wasbi,

Golang I believe yes but aint k8s are now belongs to CNCF where multiple companies behind?

umami_wasbi,

The way I see it is that we don’t know the content of Apache 3.0, nor have a vote to chose what license they adapt in the end. Does Apache have a good track record? Yes, but it is getting diffcult to put trust in sonething today. It’s still a rug under, or fail safe as you name it, which is used by corprates today. I would rather have a framework/procedure in place preventing it from happening from the get go.

ADDITION: I haven’t read Apache’s CLA yet so it might or might not contains copyright grant clause.

umami_wasbi,

I had a quick peek into Swift and FoundationDB and both doesn’t have CLA or DCO, interesting move by Apple who usually makes anti-consumer decisions.

umami_wasbi,

tl;dr: a botnet service for AI/ML services to scrape the internet.

extra guility: the link have referral code

Safest way of using WeChat on Android?

I live in Canada. My girlfriend is Chinese (also living in Canada), and while we are able to communicate via SMS, her mobile carrier isn’t the best, and so there have often been issues for us with regular texting. She expressed a strong preference to use WeChat, at least as a backup option for when texting fails us. While I...

umami_wasbi,

At least Whaysapp have the content encrypted

umami_wasbi,

then so does your claim, unverifiable

umami_wasbi,

Do you mind share it?

umami_wasbi, (edited )

Instead of fiddling with the limitation on Android set by Google, I think a custom crypto DAC/ADC would be far eaiser, though you need both hard and software knowledge to accomplish this. It also came with the added benefit of not processing cryptographic operations on a black box.

Still, I don’t know what goal you want to achieve and threat model is. If you are just curious if this possible, the answer will be ye with tons of hops amd hacks. If you really want security, I will advise you go another route.

umami_wasbi,

Yes and no. Google put some limitation on the software side. For example, you can’t do call record unless you’re in a country isn’t two party consent.

umami_wasbi,

It’s on a different stack. Telegram (and VoIP) operates on the network stack, cellular call is working on the GSM/LTE stack. Networkin stack is more opened and free to do what you want; GSM/LTE stack have many proprietary tech that’s is not open to everyone.

umami_wasbi,

PoW? The client need to do some computation before the server takes the like signup or signin or something. Not 100% foolproof but can thwart some bot attempts I guess.

How to explain learnings from Digital privacy in an interview and resume

I wish to mention learnings from the coupious time i spend on learning online privacy ,security and anonymity for my b school (MBA) admissions interview. Can I market is as a cybersecurity internship. But Cyber security has a different meaning altogether. I’m pretty much at the advance stage of the privacy journey( read all...

umami_wasbi,

I don’t know what “privacy” you know but I can you a reference of what cybersecurity I know. I had a Cybersecurity course and it’s more focused on compliances to standards like ISO 27001/PCI-DSS, regulations like CCPA/GDPR, risk assessment/management, BC/DR, and more. Cybersecurity have a broader meaning to me and essentially a safety net to make sure plans are in place and not let the business down from normal operation.

umami_wasbi, (edited )

As much as I want to use it, CJK support is still missing in most OSS keyboard.

umami_wasbi,

I use Tasker to filter out notifications

Thoughts on Guard.io as a service for lesser tech savvy family members?

Hi there, So just watched latest video of Jim Browning and in the video he had a sponsor I had not heard about before, Guard.io. So I went to check it out, and it seems like a fairly decent service (by that I mean, a service I would put on family members devices) for helping against possible phishing attempt and general...

umami_wasbi, (edited )

I guess what he mean the service must proof itself legit by actions, rather saying it out loud in a FAQ.

Still, that FAQ explicitly saying they are legit gives me the feel of “The lady doth protest too much, methinks,”.

umami_wasbi,

Does that applies to accounts registered in the US but now I’m not physically lived in?

umami_wasbi,

The whole point of opensource is making your source code public. Even if you can disable history viewing in GL, someone can still mirrors your repo and diff it for changes. The only way to not let people see changes is simply not open sourcing it.

Private submodule can help hiding some of your code and configurations, but this only helps hiding parts of the repo, including its history. You can’t preventing people measuring changes of your webpage once online as anyone can just archive it.

umami_wasbi,

Is this only happened with SSH, or other network facing services using liblzma too?

umami_wasbi,

It seems like a RCE, rather an auth bypass once though. bsky.app/profile/…/3kowjkx2njy2b

Firefox failing several privacy tests out-of-the-box, according to Brave article (lemmy.world)

I understand firefox is free software and greatly customisable. I think forks like LibreWolf are fantastic. But I believe the FOSS community needs to be more critical of mozilla. They haven’t been the sharpest tool in the drawer for a while…...

umami_wasbi, (edited )

When you look for comparisons between products, look for one that is done by a non-biased neutral organization, third party at minimum. Not from the company making the product hence have an incentive to paint them better than its competitor.

You can make a stronger point if you go and verify each claim in the comparsion chart and proving Brave is actually better than Firefox. Instead of just linking a comparison blog from Brave. Don’t trust, verify.

And a matter of fact, privacy is only a part of what a browser should have. Not a complete feature set. I can make an extra private browser that only accepts my custom protocol and only with my websites but that would be not useful as a general browser one wants to daily drive, which is what Firefox aiming to do.

umami_wasbi,

When I can inject keystrokes to windows not on focus with scripts.

umami_wasbi,

FOSS projects must not discriminate the use of the project. Meaning no matter you host it for internal use, or resell the project as a service, they shall be treated the same with the same rights.

umami_wasbi,

If you can, just give up the number and starts new. It’s way easier and cleaner

umami_wasbi,

Or SEPIA

Android phone saving metadata for screenshots (i.ibb.co)

I always remove this data from my screenshots before sharing, but is there any way to prevent this from happening in the first place? I’ve searched and searched, but all I can find is information about how to remove the data after the fact, which I already know how to do, but it would sure be nice if it never got added in the...

umami_wasbi,

Wtf. What phone are you using?

umami_wasbi,

Still I’m not going back to the Windows. Even if I do, Win11 wouldn’t be my choice.

umami_wasbi,

Btrfs subvol isn’t suited for all cases. For example I can’t do LUKS on top of Btrfs because its a filesystem, not block storage.

umami_wasbi, (edited )

You can. In fact I’m planning the setup for my laptop which uses this as part of the design.

wiki.archlinux.org/…/Encrypting_an_entire_system#…

umami_wasbi,

Maybe also not Ubuntu or RHEL? I heard they also collect telemetries and hard to trun off. Unsure.

umami_wasbi,

Great to know

umami_wasbi,

I though FDE is to thwart physical access to exfiltrate and or recover data. Making the root partition unencrypted surely will boost performance but I feel like this opens up an additional avenue for an attacker to exploit and defeat the purpose of doing FDE? It isn’t just making “installed apps private” but literally replace some binaries with a backdoored version of it with then enables access to decrypted data.

umami_wasbi, (edited )

For secure boot bypasses I could only find BlackLotus is the only one capable to do this. I would like to have more details to support the claim “Secure Boot has been hacked in a minute.” Also, I would like the explanation on secure boot is a false sense of security and points to suport such claim as BlackLotus is the only publicly known malware to bypass secure boot.

However, I do firmly believe that there ia no reason that servers can’t use FDE as they are no differ than other typical computer.

EDIT: forgot the “boot” for secure boot

umami_wasbi,

Hardware token being less secure?

umami_wasbi,

Should the LVM partition layout considered as metadata leak in LUKS over LVM?

umami_wasbi,

Should I worried about it?

umami_wasbi,

I’m planning FDE on my laptop which have 2 drives. I originally plan to use LUKS on LVM as I can use LVM to join two drives into one. But now I wonders if my choice is right.

umami_wasbi,

So you mean BTRFS over LUKS? I will have a try on a VM later, plus the ZFS too. Thanks for the advice.

Encrypted hard drive asking for password every time

I recently switched to Linux (Zorin OS) and I selected “use ZFS and encrypt” during installation. Now before I can log in it asks me “please unlock disk keystore-rpool” and I have to type in the encryption password it before I’m able to get to the login screen....

umami_wasbi, (edited )

If he uses TPM. I’m not aginst OP using it but he needs to understand the drawbacks. At least I hope he will.

umami_wasbi,

Great to hear. TPM is totally usable if your threat model can tolerate the risk. Sadly Linux is a bit lacking support for TPM in FDE. You can try the Nitrokey with GPG method without pin I wrote in the other thread if you hit the wall. Good luck!

Here’s a guide if you want FDE with TPM: blastrock.github.io/fde-tpm-sb.html

umami_wasbi,

That I doesn’t know Ubuntu patches it out.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • fightinggames
  • All magazines
    •