Mic drop

Adobe is the one company i’d never, ever, ever want to support, especially with a subscription. 🏴‍☠️ all day every day

Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.

There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks

I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.

What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!

The room might stink, but nobody intentionally shat on the floor.

I like this figure of speech a lot, stealing it 😁

I like this, but would really prefer if Google works with the GSMA to get these implemented into the actual RCS specs, rather than using specially crafted proprietary RCS messages to add features to RCS (like they have done for E2EE)

It’s not natively supported by the base RCS standard, in the section at the end of the paper in the section titled “Third Party RCS Clients” Google explains that they’ve built the e2ee their Messages app themselves, (on top of standard RCS).

A developer has to use Google’s implementation specifically in order to send and recieve e2ee messages to Google’s Messages app (and Samsung Messages who also implemented this recently)

Although the e2ee implementation is using the Signal protocol under the hood, it’s for message content only - this is what is transmitted in cleartext (taken from the paper)

• Phone numbers of senders and recipients
• Timestamps of the messages
• IP addresses or other connection information
• Sender and recipient’s mobile carriers
• SIP, MSRP, or CPIM headers, such as User-Agent strings which may contain device manufacturers and models
• Whether the message has an attachment
• The URL on content server where the attachment is stored
• Approximated size of messages, or exact size of attachments

Without using this implementation of the Signal protocol on top of RCS, the message will deliver to the contact’s phone, but shows up as unencrypted garbled text

That is a very useful resource though, never knew there was a paper available on the implementation. Saving 😁

Your admin created it

https://lemmy.dbzer0.com/post/8874717

What’s your problem with tagginator? Just block it if you don’t want to see it?

BTRFS has encryption now? Yay!! I have been wrapping it inside a LUKS partition for years at this point…

Holy moly that is an absolute sh*t ton of ads!

Free google play credit, I usually get an email every year for it

But I do pay for Plex, despite Jellyfin being a thing. If I like something and it’s worth it to me personally, why not 🤷‍♂️… but you will never find me defending their kinda crappy decisions like the new Discover feature, removal of “All Songs” from the plex apps in favor of moving people to Plexamp, removing the Gallery sync a few years ago etc.

Some people want their software to be 100% FOSS all-eyes-on-the-codebase, others just do a balancing act based on their personal values.

I value my software to be “transparent enough” in how it operates, “just work”, and hackable to some extent - if I really wanted to I can swap out the ffmpeg binary that Plex uses for transcoding to something else (doesn’t remove the Plex Pass limitation for those curious), I can hook into the server API to change ambient lighting colour based on the cover/background of whatever media is playing, I can create speakers running a Linux board to cast Plex media to, etc. But once that hackable ship sails, then I will look to FOSS alternatives.

For Niagara, everything “just worked”. No noticeable bugs, fast search, consistent feel and design, useful contextual info (e.g. next calendar event shows under the clock), and gestures that made sense for its overall UX. Using it felt less like you were using a “launcher”. The yearly sub was cheap enough that I wouldn’t mind covering for it if I didn’t get credits, and having a single person working on software usually comes with a high level of attention to detail (particularly in performance and UX) but it does have the downside that the experience may be more opinionated and closed compared to if it was a community-driven FOSS project instead IMO.

Alas, google didn’t send credits this year, Niagara made less sense for value/worth-it compared to Kvaesitso, so I abandoned it.

For me, Kvaesitso does everything in a slightly different, much more customizable way, and being FOSS was one of the things that made it particularly attractive as a replacement

Because it’s from china doesn’t mean anything though lol. So are our phones, clothes, bikes, car electronics, batteries, practically all electronics except hard drives etc.

Don’t forget that there are talented individuals everywhere, regardless of whatever perceptions exist about their country of origin.

In this case, OP wants access to what they consider to be a good show, and that’s that 🤷‍♂️🏴‍☠️

Second this. Zorin OS, and Mandriva Linux (before they went bankrupt, and the community picked up development) were my first exposure to Linux over a decade ago, and the ux familiarity really helps a ton.

A lot of the other distros had funny stuff going on with multiple docks, open apps showing in the top dock, others looked like a Stardock Special and it was just a little confusing for younger me lol

X.509 certs are commonly used in TLS/HTTPS.

Why is one needed in your boot process?

Don’t know why but I found this funny

Edit: sorry, I may have misunderstood your post - free email != email masking.

My original post below…

Curious why you consider email address masking services as for those with “drastic anonymity” requirements?

I personally don’t think so: they are pretty much just a digital P.O. box, and are typically not anonymous in any way (subpoena/court order to the provider). They are built-in to Firefox too, it will automatically create new ones OOTB as you sign up on websites, if you click the autofill.

They are however IMO one effective tool out of many to restrict the ability of data brokers and hacking groups (aggregated breach datasets) alike from making money from your online presence without your consent.

In almost all cases this data is freely searchable for law enforcement and private investigators, allowing them to avoid going through the legal system to investigate and possibly detain you for things you’re not guilty of

I delete them from the ssh config folder after installation, along with the DSA and ECDSA keys. No ed25519? No auth.

Also prevents a handful of bots from attempting SSH login into your cloud infra, a lot of them don’t support ed25519 kex

Probably a good idea to look for a different client, call me tinfoil but I wouldn’t want to touch a very old mechanism that is supported/pushed by a very recognisable 3 letter agency

Why have they got three separate areas for it? That seens really counterintuitive IMO

Searching on stock Android gives a handful of results, but they’re all under one dedicated system area called “Gestures” 🫠 not spread out across several like what Samsung has done

Blahaj needs to lock down their registrations for a while, seen three different spammers flooding lots of comment sections within the past day or so registered on their instance.

I think it’s a trolling group from a specific instance, if you inspect the location of the images attached in the comments

When these kinds of exploits are discovered, my first fear is people with Flipper Zeros running custom firmware exclusively for trolling…

Imagine you’re listening to music in your headphones (or in your car with Bluetooth), then without warning it reconnects and now you’re hearing baby shark 😣