Show more
@loke @djsumdog I've never read Atlas Shrugged and I don't intend to any time soon.

So, uh. You know Invidious, the privacy-focused front end for YouTube?

Someone made the same thing except it's for Twitter. And it has RSS support.

"<video> tag doesn't play in iOS Safari unless you add type="*" for some reason" is a good example of where web development is still not fun

In one word, how would you describe the typical mood on Mastodon? 

For me it's "anxious".

For some reason every time I check in I seem to get an avalanche of toots with angst in them in some form or another.

There are others of course, like a lot of light hearted stuff, and references I don't get, but those just seem like a diversion.

Sorry it's just something that's been bugging me.

- long time might go by before you do
- having different parts of your code on different generations is a huge barrier to making sweeping changes when you do need to do that.
- want to evolve again? Congrats you now have 3 generations in one codebase.

Lesson: take the time to go back and migrate the whole codebase soon after you have a new arch that you like.

Show thread

One thing I'm learning about writing and maintaining a codebase that is now 12 years old is that it is a mistake to evolve one part of it to a new paradigm/architecture/framework/whatever and tell yourself you'll migrate the rest of it later, when you have to work on that part anyways.


Has anyone done something like this with @nextcloud?

Mounting the main file storage from a USB drive connected to a Pi at home, but running the Nextcloud instance on a remote cloud server (hopefully there's some file caching going on, at least for thumbnails, so that recent pictures remain viewable even if the Pi goes down temporarily, and other data like contacts or calendars should be on the server itself).

Doable? Any caveats?

What year did you first get the internet?

People who've done FOSS/self-hosted home automation, what system(s) did you use and how well does your setup work?

How the fuck are these the top comments on the RMS resignation post ?!

We should be cheering his resignation, you don't get to say shit like that and expect nothing to happen.

Private Internet Access is now on the #gab "affiliate partners" page. I'm a customer, so I've opened a ticket asking them to disassociate and #isolategab

Can anybody here recommend another VPN provider with straight openvpn support and some way of handling inbound connection attempts?

If you only read one post today, pay attention to this one... YOU HAVE BEEN WARNED

(Please Boost)

I've been cautioning people about this aspect of using biometrics for credentials for a few years now.

Sure, it may lend itself to secure authentication, yet it also lends itself to search and seizure w/o the constitutional requirements of a warrant signed by a judge. i.e., a court order is required to compel one to divulge a password, or at the very least unlock a device such as a laptop or mobile device using that person's password.

If you're arrested, law enforcement personnel do not have the authority to demand you divulge such information, or require you to use your passwords to grant them access to your assets. Only a judge can do that.

They can however, force you to roll out your fingers to be printed and entered into a fingerprint database, and for if arrested for an alleged felony, collect DNA from a suspect.

What this means, is that in the United States, if you lock your phone with a biometric key, such as a fingerprint, cops can hold you down and physically force your hand (yes, pundit) to unlock your phone, making all of the contents of that device available to them.

Here's the relevantt verbiage in this ARS Technica article that glosses over this fact that most folks aren't even aware of...

To wit: if you lock your phone with a fingerprint, it isn't locked at all if you're ever arrested for something even as common as a DUI.

"While courts aren’t unanimous, they frequently grant more latitude to defendants who refuse to divulge passwords, since doing so amounts to testifying against oneself. Biometric information, by contrast, is often regarded as evidence that investigators can confiscate."

The way they put it in this article, it doesn't sound as vile and all encompassing in scope as it actually is in reality - go read up more on this, US Circuit courts have already long since ruled on this, so it is in fact De jure.

I'll say this one more time: "If you are arrested for ANYTHING, and you lock your phone with a biometric key of any kind, Law enforcement is entitled to freely access ALL of your data without any additional cause.

Unless you want to be their bitch, Don't do it.

#search_and_seizure #iris_scan #1984 #retinal_scan #fingerprint #biometric #privacy #security #personal_information #vulnerability #big_brother #we_are_the_dead #chant_of_the_ever_circling_skeletal_family #run_forrest_run #be_afraid_be_very_afraid #shorn_sheep

Why can't you use "Beef stew" as a password? Because it's not stroganoff.

I spent all day looking for vulns in a IoT clothes dryer. What did I find?

* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door

Best I could do was get the DHCP server to serve the same IP to every request.

Well done GE.

#defcon27 #iotvillage

when you think about it, the idea that software should scale is actually really weird. "sure this garden is nice, but how nice can it be if it doesn't grow to cover the entire surface of the earth?"

Show more

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!