varx boosted

Whenever I point out privacy or security issues with product X, there will be invariably responses along the lines of:

„Ha, what a surprise! I’m certain that products Y and Z do the same!“ 🤡

Thank you for demonstrating how clever and critical you are, now please go away.

varx boosted

What this means in practice: for a given problematic extension (like ) I have no idea whether they declared their remote code. So there is no policy violation to report, I have to assume that Google already reviewed this and deemed acceptable.

Show thread

Entertaining story about doing physical security awareness training and screwing it up: darknetdiaries.com/episode/6/ (transcript: darknetdiaries.com/transcript/)

varx boosted

Here we go, after 1.5 years and a pile of c++ code later I'm pleased to announced my basilisk story is FINISHED!

"Basilisk collection - From Wikipedia, the free encyclopedia"
suricrasia.online/unfiction/ba

varx boosted
@varx
I was just thinking about their SOS pager last week. You can wake up a NOC guy for x dollars. If it's a legit reason, you get it back and the price halves. Otherwise, you forfiet it and the price doubles.
varx boosted
varx boosted

Wow, This Anime Does Not Exist definitely is something thisanimedoesnotexist.ai/

It does generate many "sensitive" images though, just fyi

I really appreciate the balance that NearlyFreeSpeech.net takes in this blog post on "free speech" and what it actually means for their service:

blog.nearlyfreespeech.net/2021

Yes, they'll host content from racists, but they won't give special assistance, and they'll absolutely turn people in to the authorities if they cross the line into illegality.

This is a rare stance to take these days, and I bet it gets them shit from "both sides". (It's also more than I'd personally have patience for!)

varx boosted

I recently backed up and restored my main home server so I could reinstall it, and ran into an issue with the user and group IDs having changed -- which made restoring more complicated.

A writeup on the small script I wrote to fix the situation: brainonfire.net/blog/2020/12/2

Of note: It was very, very useful to have backed up /etc/passwd and /etc/group along with the user data!

varx boosted

@cjd Also, it replaces 2G, which means thongs that used to work now stop working

Github has reinstated youtube-dl and is committing to « review Section 1201-related accusations and allow code repository owners to dispute those accusations before taking down their code »:

eff.org/deeplinks/2020/11/gith

varx boosted

So, I'm interested in hosting an online chat space, and I'd like opinions.

My understanding is that the current go-to options for a lot of people are Discord and Slack, but I have a pretty strong preference to promote the use open source tools, plus it's just cool to be able to run a chat server out of our basement.

...oh shit, right, I should start by *interviewing myself*.

Show thread

If I had a well-defined problem I could just beat with code until it stopped moving, this would all be a lot easier.

Trying to build software for humans is like trying to balance a stick balanced on a stick balanced on a stick balanced on my hand. -.-

Show thread

Is there a term for the combination of yak-shaving and coder's block?

I keep wanting to work on my app but I can't make the network view until I build the gossip protocol ...until I *specify* the gossip protocol ...until I have key trust worked out ...until I have the threat model defined ...until I do some user-needs interviews ...until I figure out who I need to interview (i.e. who all this is for.)

I've heard that donations don't go towards Firefox development, but rather are distributed to initiatives that Mozilla funds, internal or external. Which makes me a little confused about what they want and need, along with some other mixed signals.

I'd really rather it went towards reducing their reliance on Google.

But... I don't know if this is true.

Show thread

Apparently I made a big enough donation to Mozilla last year that I am now on their "personally handled donors" list or something.

A few weeks ago I was invited to an unrecorded, invite-only conference call on Mozilla's future or something (which I had to miss, and may not have been interactive?) and today I've been asked if I want to schedule a 15 minute call to share my thoughts on how Mozilla has done this year.

I should probably do it, if only to clarify where the money *actually goes*.

varx boosted

@greyor It's cute though the letters are more human-friendly. The fact that chmod-calculator.com could exist and be helpful indicates that the program exposed its guts to the humans in the wrong way somewhere

varx boosted

Wow! sfconservancy.org/news/2020/no

@conservancy Software Freedom Conservancy, one of the most important organizations in #FLOSS #opensource #freesoftware , is hiring a full-time employee. Remote, not limited to the United States. Really interesting, flexible job description.

Amazing team, critical mission. In an alternate universe where I was putting my consulting on hiatus and looking for a full-time job, I would be applying for this RIGHT NOW. Check it out & boost!

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.