kravietz 🦇 @kravietz@social.privacytools.io
- OpenPGP
- 6F7B6BB9A9B632555E1A03C132AF1F39C4EE03F2
- Website
- https://krvtz.net
- Matrix
- @kravietz:krvtz.net
Polish expat into UK. Information security engineer. Caver & cave rescuer (thus the bat). NHS volunteer & blood donor.
Joined May 2019
Wow... thanks to SourceHut I was able to make my `pam-tacplus` project to compile clean on FreeBSD in like 15 mins https://git.sr.ht/~kravietz/pam-tacplus As easy as pie!
kravietz 🦇
boosted
"My Semester With the Snowflakes”
When a 52 year old military vet became a freshman at Yale this fall, he found out that the students didn’t fit Faux News stereotype.
It’s a touching essay and worth your time:
https://gen.medium.com/my-semester-with-the-snowflakes-888285f0e662
Really cool idea: convention for self-describing data structures such as serializations, hashes, addresses etc
This three part highly acclaimed documentary series, produced in 1986, examines the pro's and con's of #nuclear power as they have never been examined before...or since. https://www.amazon.co.uk/gp/video/detail/B01DDEOKCI
kravietz 🦇
boosted
My Business Card Runs Linux
https://www.thirtythreeforty.net/posts/2019/12/my-business-card-runs-linux/ #linux
kravietz 🦇
boosted
kravietz 🦇
boosted
This is amazing, we evolved the alphabet from pictograms to highly stylized characters to letters and now we're going full circle by incorporating emojis such as 🐂 that thousands of years earlier became "a" and 🐟 that became "d"
kravietz 🦇
boosted
A Twitter app bug was used to match 17 million phone numbers to user accounts
https://www.reddit.com/r/privacy/comments/efbol6/a_twitter_app_bug_was_used_to_match_17_million/
https://techcrunch.com/2019/12/24/twitter-android-bug-phone-numbers/
Second, CTOs have the picture of manually keyed DNSSEC from 2000's (which was a nightmare) because this is when they usually stopped having hands-on experience with technology. They never heard about DNSSEC inline signing or ACME.
Third, large orgs frequently use "large" managed DNS providers, which suck at implementing "bleeding edge" technologies such as DNSSEC and IPv6. Or they will charge for them as "premium" features.
Why #dnssec is so unpopular among large orgs? As someone who works for large orgs I have seen a number of excuses, none of them really valid.
First, large orgs are traditionally risk averse and since they routinely screw up on simple "mandatory" things like TLS cert renewals so any mention of "DNS outage due to expired key" makes them freak out and reject any proposals of "optional" controls that could go wrong.
Why has UK nuclear power plant Hinkley Point C increased over three times?
https://medium.com/@Jorisvandorp/the-hinkley-point-c-case-is-nuclear-energy-expensive-f89b1aa05c27
kravietz 🦇
boosted
[*] with WhatsApp you can't really completely get rid of it because they actively ban independent client implementations so the bot uses WhatsApp Web, which in turn needs a running WhatsApp on Android. It can be an emulator (memory & disk hog) or a spare phone that sits at home connected to WiFi 24/7 just to do the bridging.
Weekend achievements: 1) spin a private #matrix instance on Synapse, 2) get Telegram bot working, 3) get WhatsApp bot workig. This way I can get rid of both #telegram and #whatsapp [*] apps from my #android device.
On the screenshot - Matrix chat client with a number of private WhatsApp chats open and a number of Telegram groups I'm subscribed to.
kravietz 🦇
boosted
So the European Central Bank has published a white paper about a crypto currency.
But this currency seems to be an own development, requires intermediate banks to be involved in all transactions and puts those banks in charge of remove your data from smaller transactions to make them anonymous.
Let me put it this way: this is broken by design. And that while we already have solutions for those problems implemented in GNU Taler.
It's just sad…
kravietz 🦇
boosted
"Galaksija" or Galaxy in Serbian, was a DIY computer from Yugoslavia, invented by Voja Antonić in 1983
It ran on a Zilog Z80 at 3Mhz and had 6K RAM and 8K ROM max. You built the whole thing, including the keyboard
Here's the complete listing from the Računari magazine (January, 1984) with the complete build instructions including the keyboard wiring (language is Serbian, I think)
http://www.voja.rs/galaksija/0102.htm
And the ROM-a B instruction set http://www.voja.rs/galaksija/ROM%20B%20Listing%20Scans/ROM_B_listing.htm
kravietz 🦇
boosted
Three French executives were convicted in the suicides of 35 of their workers https://www.washingtonpost.com/world/2019/12/20/three-french-executives-were-convicted-suicides-their-workers/
kravietz 🦇
boosted
@amolith @kev I'm more concerned with Clouflare's dominance (~75% of high-traffic websites on internet) regarding caching HTTPS in exchange for website owners private keys (in effect silently compromising all visitors to said sites as well). After digging into https://en.wikipedia.org/wiki/Cloudbleed and the technical solution at Cloudflare making this security bug possible, along with their transparency (https://www.cloudflare.com/transparency/), it became apparent that this is the biggest orchestrated HTTPS weakness out there serving US government.
kravietz 🦇
boosted
"Web design" has become kind of an oxymoron
On one hand, it's easier through building blocks, by including existing libraries. On the other, most people stick to the same or similar layouts
Also, browsing is a nightmare even on "non-app" type pages because of the sizes and number of third-party garbage. If it wasn't for uBlock Origin and uMatrix, I wouldn't be using a browser
Still thankful to @schnittchen for letting me know about uMatrix more than 2 years ago
kravietz 🦇
boosted
The modern web is becoming an unusable, user-hostile wasteland https://omarabid.com/the-modern-web
- OpenPGP
- 6F7B6BB9A9B632555E1A03C132AF1F39C4EE03F2
- Website
- https://krvtz.net
- Matrix
- @kravietz:krvtz.net
Polish expat into UK. Information security engineer. Caver & cave rescuer (thus the bat). NHS volunteer & blood donor.
Joined May 2019
kravietz 🦇's choices:
