Show more
kravietz ๐Ÿฆ‡ boosted
Sheogorath :si_blobfox:  

@kravietz The main goal of using a grub password is preventing someone from booting, pressing e setting /bin/bash as init and use vi to write nasty little scripts around your boot partition. It rasies the bar to "I have to open the device" which that again can be made visible using nail polish:

mullvad.net/en/blog/2016/12/14

At least when you are paranoid enough.

Also of course you should use secureboot as you mentioned.

1
kravietz ๐Ÿฆ‡ boosted
Benjamin Young Savage (แฑแ“แ’‹แฑแ“)  

Boston Dynamics gets more and more terrifying every day.

1
kravietz ๐Ÿฆ‡ boosted
Sheogorath :si_blobfox:  

@kravietz Set a grub password!

Use OpenSCAP Workbench with the proper profile for Ubuntu, Fedora or CentOS to check compliance.

Full set of instructions (one might want to select just a few, but still):

access.redhat.com/documentatio

I guess that should already help a lot :)

1
kravietz ๐Ÿฆ‡  

3) When there's choice between .deb and Snap/Flatpak version available (there is for Firefox, Brave and many other popular programs) always go for Snap/Flatpak version as it runs in a much more effective sandbox.

This doesn't come completely free either because with Snaps your profile file move to the sandbox but it's quite a simple operation.

Show thread
0
kravietz ๐Ÿฆ‡  

2) Always run the latest available Linux distro - so in case of Ubuntu go for 19.10 - and always have all updates installed.

Show thread
0
kravietz ๐Ÿฆ‡  

My answers in random order:

1) Make sure you have Secure Boot enabled in BIOS, and BIOS password set.

That's pretty much all you can do to prevent backdooring & keysniffing of your bootloader today when someone covertly gets physical acces to your laptop.

If this is a viable threat, go for QubesOS, but be aware of its limitations (e.g. inability to access GPU by the operating system, so no games or 3D graphics)

Show thread
0
kravietz ๐Ÿฆ‡  

Just had an interesting question from a colleague who has a notebook and works remotely from random places:

> I've got full-disk (FDE), what else I can do for ?

1+
kravietz ๐Ÿฆ‡  

One reason why 's 1.1.1.1 resolver is so fast is that it seems to be making a tradeoff between speed and freshness of responses. Specifically it seems to cache RRs for as long as allowed, while other public resolvers will recheck much earlier.

0
kravietz ๐Ÿฆ‡  

LOL a nice list of names preferred by weirdos from different countries, for example "1000-jaehriges-reich", whose registration is blocked in .eu eurid.eu/en/register-a-eu-doma

0
kravietz ๐Ÿฆ‡  

At "Internet Consolidation: What Lies Beneath the Application Layer?" panel in Chatham House in London.

Starts with the question about .org sale...

0
kravietz ๐Ÿฆ‡  

role to install, configure and manage zones using , a enabled authoritative-only nameserver bitbucket.org/kravietz/ansible

0
kravietz ๐Ÿฆ‡  

" EU unveils โ‚ฌ3bn research fund to develop batteries

Seven member states to invest in the project which is set to run until 2031"

amp.ft.com/content/53a92e68-1a

0
kravietz ๐Ÿฆ‡ boosted
Wetrix  

Avast, a cybersecurity company, sells its customers' browsing data

reddit.com/r/privacy/comments/

forbes.com/sites/thomasbrewste

0
kravietz ๐Ÿฆ‡ boosted
rา‰ustic cyอ beฬธrpuฬตnk๐Ÿค ๐Ÿค–  

*Came home and checking email*
*WiFi keeps dropping out*
*Checks conn...โ€

Whyโ€™s there a freakin CAST IRON PAN on the router?!?

โ€œIt was on the table, but I was cleaning up. So I left it in your roomโ€

ON THE ROUTER??!??!!

โ€œOh...โ€

For sale: Slightly used dimwit of a roommate

1
kravietz ๐Ÿฆ‡ boosted
The Tor Project  

After months of work, we have a new stable release series.

Tor 0.4.2.5 is the first stable in the 0.4.2.x series. This series improves reliability and stability and includes several stability and correctness improvements for onion services. blog.torproject.org/new-releas

0
kravietz ๐Ÿฆ‡ boosted
Open Culture  

Medicare chief asked taxpayers to cover stolen jewelry.

Seema Verma requested $47,000 for items taken from an SUV that took her to a speech. politico.com/news/2019/12/07/m

0
kravietz ๐Ÿฆ‡ boosted
NGI Zero open source funding  

Wireguard will be included in the newest Linux-kernel! -> lists.zx2c4.com/pipermail/wire @NGIZero is proud to have funded this effort which will provide Linux-users worldwide with an open source VPN utility that is exceedingly simple, yet thoroughly modern and secure. Want to know more? -> nlnet.nl/project/wireguard-sca

0
kravietz ๐Ÿฆ‡ boosted
Sem Schilder :t_blink:  

RT @zkat__@twitter.com

The NPM registry is going to disappear overnight one of these days and there's millions of people without an actual backup plan. twitter.com/mykola/status/1198

๐Ÿฆ๐Ÿ”—: twitter.com/zkat__/status/1203

0
kravietz ๐Ÿฆ‡ boosted
Lazarski  

Protocols: Duty, Despair and Decentralisation transcript

Thoroughly enjoyed reading this piece by @matdryhurst@twitter.com on possibilities for co-operatively run, decentralised music industry

medium.com/@matdryhurst/protoc

1
kravietz ๐Ÿฆ‡ boosted
cck  

#Briar โ€“ Next Step of The #Crypto #Messenger Evolution | Torsten's Thoughtcrimes
blog.grobox.de/2016/briar-next

0
Show more

kravietz ๐Ÿฆ‡'s choices:

nuclear

55

privacy

50

security

43

russia

15

ipfs

11
Mastodon ๐Ÿ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

Moreโ€ฆ