Show more
kravietz 🦇  

Another security service web dashboard with... SDK, wtf?

Answer: "We have an ongoing discussion with marketing on that".

But especially in the infosec sector 99% people browse web with adblockers enabled. Marketing is getting crap data anyway so what's the point?

0
kravietz 🦇 boosted
Konstantin v. Notz  

It’s math #covid19
---
RT @BenjAlvarez1@twitter.activitypub.actor
This is how Angela Merkel explained the effect of a higher #covid19 infection rate on the country's health system.

This part of today's press conf was great, so I just added English subtitels for all non-German speakers. #flattenthecurve
twitter.com/BenjAlvarez1/statu

0
kravietz 🦇 boosted
☆jeroenpraat☆  

Tech: complete backups for rooted Android phones 

Since I installed #LineageOS 17.1 (#Android 10) and rooted it with #Magisk, I'm looking for a good #backup solution. In the past I used #Titanium, but that is afaik not open-source and can only backup apps. I also found a open-source app in Fdroid called #Oandbackup, but it's also only doing apps and gives a message my system is not supported.

But what I really want is a backup solution that backups the entire system as a file. So I can flash it back in one go when needed. Does that exists?

I know can ask that on #XDA, but I hate XDA.

0
kravietz 🦇 boosted
Matrix.org  

RT @JohanRicher@twitter.com

Since the #Quarantine the @matrixdotorg@twitter.com / @RiotChat@twitter.com instance of the French gov has grown from 89k to 140k users, a 57% increase! 👏
Even more impressive: daily messages increased 10 times, from 15k to 160k.
(Note that only agents from selected agencies can register an account.) twitter.com/emile_marzolf/stat

🐦🔗: twitter.com/JohanRicher/status

0
kravietz 🦇  

@clacke @stman

Sorry if I was unclear, but that's exactly what I meant... They don't.

What does help is some kind of reputation measurements in the first place (likes, downloads, "verified suppliers") and only then digital signatures to prevent spoofing.

0
kravietz 🦇  

@guenther

I'd recommend distributed as it has stronger system confinement than .deb and go straight for beta:

snap install --channel=beta firefox

The only thing to know: your profile lands in ~/snap/firefox/common because this is the root for confined filesystem

0
kravietz 🦇 boosted
guenther  

#Debian sid currently distributes an out-of-date #Firefox version to its users:

packages.debian.org/sid/firefo

Apparently, that's because their #rust compiler is outdated as well.

bugs.debian.org/cgi-bin/bugrep

Firefox 75 was released April 7 and (among other changes) fixes three security issues classifed as "high impact"

mozilla.org/en-US/security/adv

1
kravietz 🦇  

@clacke @stman

Correct. And PyPi.org does ensure unique package names but then it doesn't really help - I've just spend half hour debugging an issue caused by the fact I installed "yara" package while the one I wanted is called "yara-python" 🤦‍♂️

1
kravietz 🦇  

@stman For signed packages were last discussed like in 2018 medium.com/@hq/introducing-pkg

0
kravietz 🦇  

@stman

packages could have PGP signatures like forever (twine --sign), but predictably nobody uses it.

There's an active discussion on PEP 458 to sign packages at pypi (centrally) discuss.python.org/t/pep-458-s

1
kravietz 🦇  

@stman

Topic of signed gems seems to have been last raised in... 2013 github.com/rubygems-trust

1+
kravietz 🦇 boosted
★ STMAN ★ 🏳️‍🌈  

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository.

thehackernews.com/2020/04/ruby

1
kravietz 🦇 boosted
Nextcloud 📱☁️💻  

The Dutch Authority for Personal Data #privacy did an extensive analysis of various online communication solutions. #Nextcloud Talk and Jitsi are the only two solutions ticking all the privacy & security boxes!
autoriteitpersoonsgegevens.nl/

1
kravietz 🦇 boosted
☺️😆😴  

A buddy and I who are quarantined together have started a little online clothing shop. Doesn't have much (yet), but if anyone's interested in helping me get through these times financially (and you don't break *your* bank in the process), check it out and maybe buy an item?

Also, let me know positive or negative any comments/complaints/etc.

Boosts welcome.

tossa.store/

0
kravietz 🦇  

@ScottMortimer

I recently looked at saltpack, age, opmsg and ncrypt which are all modern alternatives to PGP, and saltstack looks nice but has zero key management functionality.

Which is understandable if you look at it as part of Keybase stack, but makes it quite useless for standalone use.

Age is probably the most intuitive and usable out of these. Opmsg is more cool in terms of features but follows the ways of PGP in cryptic user interface.

1
kravietz 🦇  

@strypey

Absolutely, web browsers are one the most complex and most frequently patched software out there. Some of the recent CPU attacks (Meltdown/Spectre) can be exploited through the browsers specifically and were mitigated at the kernel level. They can be exploited in targeted manner (email) or passively (watering hole attacks).

0
kravietz 🦇 boosted
quote do: unquote  
Disk partitioning is not hard
1+
kravietz 🦇  

When coding in *always* use the static type annotations mypy-lang.org/ available in Python 2.7 and 3.5+. With a decent IDE like PyCharm they will save you literally hundreds of hours of debugging in future. As I add and change old code in WebCookies.org I never skip adding the annotations and I can't count all the tricky bugs I have fixed or avoided...

0
kravietz 🦇  

@strypey

For daemons and apps regular apt/yum update will work, of course until the next reboot when you need to reinstall all updates.

For kernel the only option is livepatch.

In practice I suspect the answer is however: you don't. "We're defaced? Oh we just reboot and we're no longer defaced!"

And granted that any possible instability may be usually only by updates, I don't think it's a viable solution at all.

1
kravietz 🦇 boosted
Write.as  

Today we're launching a new beta feature — eBook exports!

A small, one-time payment gets you eBook exports for all your blogs & all improvements we'll make in the future. Learn more in our forum announcement: discuss.write.as/t/ebook-add-o

0
Show more

kravietz 🦇's choices:

nuclear

55

privacy

50

security

43

russia

15

ipfs

11
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…