Jonah 
@jonah@social.privacytools.io
- Keybase
- jonaharagon
- Website
- https://jonaharagon.com
- Matrix
- @jonah:privacytools.io
- OpenPGP
- 6325c3370b70177138abf3086a957c9a9a9429f7
- PrivacyTools
- https://www.privacytools.io
Admin
#PrivacyTools Administrator, #OpenNIC Operator, macOS and Linux user, maybe some other stuff too? 
Joined Mar 2019
@ben_dw I just responded re Lineage in another thread, but tl;dr: shady stuff going on with their “security patch levels”, I’m not convinced they’ve put in any effort towards security. Graphene is specifically security-focused and has a number of security improvements over even normal AOSP (that he’s also trying to merge back in to upstream FWIW) like device auditing and hardened memory allocation.
@supernova @ben_dw
In fact, most (all?) of the time they don’t even include them with ROMs with devices still receiving device security patches. IIRC even on Pixel devices the security patch level doesn’t include device-specific patches even though Google releases them for free.
@supernova @ben_dw this is actually mostly untrue and it’s one of the most annoying things about Lineage IMO. Lineage will port in AOSP security patches, but most security patches for devices are actually device-specific (like firmware patches) and Lineage in general makes 0 effort to include them. So the security patch level reported is misleading because it either isn’t what you’d expect, or on some occasions manually set higher when there haven’t been ANY security patches at all.
@ben_dw Yeah. Well, they'll probably(?) extend it past Oct'19 but if it were up to me I'd jump to a Pixel 3 or 3a by then, or perhaps a 4 depending on release date. The Pixel 3/3a is significantly more secure than the 2 or 1 though FYI.
Jonah
boosted
boosted
Someone from Cisco went on stage to propose weakening TLS 1.3 for "network-based security solutions" (enterprise spyware).
There was a long line at the mic of people pushing back on it... I almost felt bad for the poor speaker 🙂
https://tools.ietf.org/html/draft-camwinget-tls-use-cases-05
@one@freespeechextremist.com AFAIK the reason there's no Google Search in China is because they didn't work with the Chinese Gov. Plus a government MITM CA is a *very* obvious security risk (compared to a voluntary collab), and it's pretty clear Google values security far more than privacy or... human rights, so I have hope that they'll make the right decision regarding this specific issue at least.
@one@freespeechextremist.com @ben I would guess Chrome will blacklist the certificate as well though. They've blacklisted numerous root CAs for issuing *.google.com certificates before (StartCom, WoSign, Symantec).
@ben_dw GrapheneOS 100% if you're looking for security and privacy. You can't root it or install an app store (well you can install F-Droid but you can't give it system-level access to auto-update) but IMO those are good things, just a bit less convenient.
If you're only looking to escape Google and actual security is less of a concern for you Lineage is probably fine, and a lot more customizable, if you're into Android mods.
@ben_dw we're pretty much covering costs currently, taking into account one-time transactions like crypto donations, but I would like it(/would feel better) if we were covering costs from recurring donations alone (Liberapay/Patreon), because that'd be more predictible and I'd think about it less.
Maybe we'll have to put together some Patreon rewards lol
After over 3 months of using #TootApp on my iPhone I’ve finally figured out how to view the local/federated timeline 👌
Jonah
boosted
boosted
Hey-o! Just want to say if you're enjoying our Mastodon server, our Matrix chat, or anything else we're doing @ privacytools.io, I would really appreciate it if you'd consider donating any amount towards our costs 😄
We're currently spending around $60/month on servers and other infrastructure, and we'd like to be able to pay our team more in the future! We prefer https://liberapay.com/privacytools.io/ but there are many other contribution methods at https://www.privacytools.io/donate/ 😅 Thanks everyone!!
"Jonah has 1 patron."
Huh, someone is giving me money. I wonder who it is, but LiberaPay won't say...
@greyor @AppleStrudelMan if I learned anything from my statistics class ages ago, I can say with 95% confidence that only 32% ±9.189% of people pronounce SQL as "sequel"—and are wrong 😄
meta, mh -
@ben they do get a bit excessive at times. I wonder why, if people want to avoid a topic, they don’t just use the built-in filters rather than rely on CWs.
So what’s the deal with kiwifarms and why have multiple people told me to silence/suspend them now? I’ve never even heard of them, is this a preemptive thing? Hard to keep up with things at this rate 🤔
Finally setup my own Nextcloud install! 😄
Jonah
boosted
boosted
Solve a debate:
@glitcher32 yeah so you're going to login as root (sudo su) first, then run those commands, which should theoretically change everything. Changing usernames isn't like, officially supported in Linux but most things are tied to the UID and the username is just for show so it should be fine.
@glitcher32 usermod -m -d /home/[new username] -l [new username] pi
Run as root (i.e. logged out of the pi user), that should do it all in one command 😅
You'll probably also need to change the sudoers file:
export EDITOR=nano && sudo -E visudo
(replace anywhere it says pi in that file with the new username)
- Keybase
- jonaharagon
- Website
- https://jonaharagon.com
- Matrix
- @jonah:privacytools.io
- OpenPGP
- 6325c3370b70177138abf3086a957c9a9a9429f7
- PrivacyTools
- https://www.privacytools.io
Admin
#PrivacyTools Administrator, #OpenNIC Operator, macOS and Linux user, maybe some other stuff too?
Joined Mar 2019
