varx boosted

Zcash has donated $40k to Open Privacy to build out Cwtch, a private messaging app that (apparently) will do payments too?

> Lewis said Cwtch... was inspired by market research with sex workers and queer communities that experienced censorship and malicious surveillance. As such, Open Privacy is looking into multiple options, including bitcoin, diverse on-ramps and liquidity.

coindesk.com/zcash-foundation-

Birdsite thread from Sarah Jamie Lewis about the donation: twitter.com/SarahJamieLewis/st

varx boosted

Oh, and while you are at it, could you take care of Avast SafePrice browsing extension as well? It has the same code, it's also transferring the entire browsing history to uib.ff.avast.com - to be sold for "consumer analytics" via .

For example, if the file is presented as "index.html" then I can just save it that way, but I also want to be able to munge "index.html .exe" into "index.html_.exe"

(Alternatively, a library that already does this, preferably in a JVM language...)

Here's what I have so far, but it's really only Linux-focused: git.sr.ht/~timmc/cavern/tree/5 for the generic case and git.sr.ht/~timmc/cavern/tree/5 for the Linux-specific part.

Anyone know of a solid reference on "dangerous", forbidden, or misleading filenames in various operating systems? E.g. names starting with a dot in UNIX-type systems, or COM1.txt on Windows.

I'm trying to sanitize file names for an application that downloads files for the user. (Not worried about actually filtering by file type.)

varx boosted

You know those annoying "please rate me!" prompts apps and sites pop up in the middle of you trying to do something?

Don't dismiss them. Use the opportunity to complain about the practice. If a significant number of reviews are "1 star: annoying prompt to rate the product", the stupid practice will fall out of favor.

varx boosted

I've been playing around with github.com/eth0izzle/bucket-st for a while.

Providing AWS keys and performing authenticated requests is strongly recommended, but I can't imagine Amazon would be very happy with someone making bulk requests to find open S3 buckets.

Does anybody here have experience with that? Do they ToS people for that or do they just not care?

Thinkin' 'bout naming my URL library "You're'll"

varx boosted

Here is a pre-filled Form 13909, just print it out, add your personal information, and mail it to the address listed on the bottom of the form.

yukari.sr.ht/internet-society-

Alternatively, this file can be opened with LibreOffice Draw to make edits and prepare your document digitally:

yukari.sr.ht/internet-society-

lodraw crash course: F2 + click drag to make a new text box, Ctrl+[ to reduce the font size to something reasonable, red icon in the toolbar along the top to export as PDF. You can send the document by email to eoclass@irs.gov.

doing a Root Cause Analysis on my child's spilled orange juice

varx boosted

IRS form 13909 can be used to submit a complaint about a tax-exempt organization. The Internet Society's governance documents contain the necessary information:

internetsociety.org/about-inte

It's funny to think that I used to scoff at antivirus software reporting browser cookies when doing a full system scan, mostly to boost perception that the software was *doing* something.

Nowadays I could actually see that as useful. "Oh hey, you're not using an adblocker that prevents surveillance cookies, here are some recommendations."

(Not that AV software would ever be so... relevant? User-aligned?)

varx boosted

I'll publish two blog posts on Kaspersky vulnerabilities this week, first one is now up. Here I demonstrate hijacking communication channels that the "Web Protect" component uses to communicate with the antivirus application.

palant.de/2019/11/25/kaspersky

Firefox's privacy.resistFingerprinting setting is pretty cool, but it's frequently a problem that it reports my time zone as UTC to websites. Today may have been the final straw; I was scheduling a followup interview at a company, and didn't realize I had (effectively) said I was only available between 5 AM and 11 AM each day, until the recruiter politely asked if I could do afternoons as well.

varx boosted

The Matrix, 1999: Morpheus inserts a giant TRRS plug into Neo's head

The Matrix, 2019: Morpheus tries for 20 minutes to pair a Bluetooth neural interface to Neo's head before finally giving up

varx boosted

I used Twitter via TEXT MESSAGE for most of 2008-09.

Smartphones: Hardware As A Service

(Google is EOL'ing their original Pixel model, just three years after releasing it.)

varx boosted
Ah, nice. Seeded https://talktotransformer.com/ with "One honk per day" and received some helpful social networking guidelines.

One honk per day, or call it an "eighth-tenth" honk. If your honk frequency changes, so will the number of honks.

The honk should be short, but not so short that you cannot identify it.

The honk is an animal sign of respect and should be accompanied by a friendly greeting or a nod.

The honk should be done from a seat and in a safe area.

It is considered rude to make noise in a place of business.

The honk may be made on public property only when the person doing the honk has the permission of the owner of that property.
varx boosted

Casual reminder that Elon Musk didn't found Tesla. When he contributed venture capital to the company he literally paid extra so he could have the title "Co-Founder".

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.