generalx

aral , 2 months ago to random

Oh look, and Signal has just told me that Jack Dorsey has joined Signal.

(a) Signal telling people on your contacts that they’ve joined Signal is a privacy violation.

(b) When the fuck did I add Jack Dorsey’s number to my contacts? Must’ve been ages ago; don’t even remember meeting him back in the day but it’s possible I guess.

🤷‍♂️

CC @Mer__edith regarding point a.

generalx , 2 months ago to random

I don't trust syncthing-fork anymore.

1. App ID changed with version 2.x, seemingly for no reason.

2. catfriend1, the original maintainer has disappeared with no public announcement.

3. Apparently the Play signing keys were transferred to a Github user with a 5 day old account.

4. The old repo does redirect to this new user's repo.

It could be benign and another case of FOSS devs "moving on," quietly. But my paranoia prevails.

https://github.com/researchxxl/syncthing-android/issues/16
#syncthing #privacy #security #fdroid

aeva , 2 months ago to random

Suppose I wanted to throw a silent rave party some day, and said event would be open to anyone to attend provided they bring their own headphones and receiver.

What would be the best form of legal broadcast such that 1) the event could happen in a small park, 2) the required receiver is relatively easy to obtain, 3) the broadcast is heard relatively synchronously, and 4) doesn't require the attendees have a radio license, and 5) doesn't require me to have an expensive license?

briankrebs , 3 months ago to random

This is pretty wild. Checkout.com got hacked by a group that claims to be Shiny Hunters again. Checkout said in blog post that it would not be extorted by criminals.

"We will not pay this ransom.

Instead, we are turning this attack into an investment in security for our entire industry. We will be donating the ransom amount to Carnegie Mellon University and the University of Oxford Cyber Security Center to support their research in the fight against cybercrime."

Far too many victim firms just pay up, to get back to business as usual asap. Imagine if a fraction of those victims instead paid into a fund for research that actively disrupts these groups.

https://www.checkout.com/blog/protecting-our-merchants-standing-up-to-extortion

briankrebs , 3 months ago to random

Was searching my Signal contacts for something something "N" and found a contact I'd not noticed before: Note to Self. One of these days I will just RTFM.

"Who is Note to Self?

This contact entry is a chat to send messages to yourself.
Use this feature to jot down a note for yourself to review later or to share messages and files with your linked devices.
All messages in Note to Self are end-to-end encrypted Signal messages.
Yes, you can send disappearing messages to yourself. The timer starts immediately."

https://support.signal.org/hc/en-us/articles/360043272451-Note-to-Self

ALT

evacide , 4 months ago to random

There is a lot of demand for digital privacy and security advice out there right now and lots of people are giving advice and writing guides. I beg them to do a few things:

1. Be explicit about the threat model your advice is meant for.

2. Do not give advice you haven't tried implementing yourself. Eat your own dog food.

3. Get feedback on your guide from your target audience before publication.

4. Incorporate that feedback. This is not an optional step.

FediTips , 5 months ago to random

Okay, some really bad news but also a suggestion for a way forward.

The Guppe groups domain name was sold by their registrar before they could renew it. This means all Guppe groups are broken, and their web addresses point to a spam blog 😞

However, there is another group provider called FediGroups, you can find out more on their site:

➡️ https://about.fedigroups.social/home

FediGroups has features that Guppe never had, including private groups.

(More info about #Guppe situation: https://github.com/immers-space/guppe/issues/118 )

jerry , 5 months ago to random

Oh look. Farmers Insurance takes the security of my data seriously.

generalx , 5 months ago to random

In the past year, have you given money to the homeless that you see on the street?

#poll #polls #homelessness #charity #askfedi

nixCraft , 6 months ago to random

Finally somebody said it better 😅🤣

ALT

ernie , 6 months ago to random

So apparently we are within the last 60 days of dial-up AOL being a thing.

https://help.aol.com/articles/dial-up-internet-to-be-discontinued

ht @mattl

ALT

ai6yr , 6 months ago to random

Head's up, the "you must confirm your profile" scam is proliferating on the Fediverse. I wonder if they are trying to gather driver's licenses and credit card numbers? It's a scam.

#scam

ALT

vkc , 7 months ago to random

[Thread, post or comment was deleted by the author]

georgetakei , 7 months ago to random

Resist Fascism.

vkc , 7 months ago to random

[Thread, post or comment was deleted by the author]

georgetakei , 7 months ago to random

That moment when Elon Musk’s AI starts speaking in the first person as Musk, then the answer gets deleted by…someone.

MikeDunnAuthor , 8 months ago to random

ICE's HSI unit conducted a raid at a popular restaurant in San Diego's South Park neighborhood. About 3 dozen agents, some in full tactical gear, arrested restaurant workers while patrons there and around the area were enjoying dinner. The federal agents didn't expect a resounding rejection by the neighbors and patrons. The community spontaneously protested the ICE agents. ICE discharged three flash-bang grenades to disperse the crowd. The people instead pushed ICE agents out of their community forcing the vehicles to retreat, shouting anti-fascist slogans. This is the way it should be everywhere.

https://www.nbcsandiego.com/news/local/ice-operation-south-park-restaurant/3837341/

#gestapo #ice #fascism #immigration #racism #trump #solidarity

ALT

nixCraft , 8 months ago to random

you might miss on some good candidates with such a gatekeeping…

ALT

generalx , 8 months ago to random

Here's a helpful site showing companies to avoid during your job search:

https://aijobs.net

#GetFediHired

vkc , 9 months ago to random

[Thread, post or comment was deleted by the author]

jerry , 9 months ago to random

I rather like the new VMWare logo

Impossible_PhD , 9 months ago to random

The article I write for my campus newspaper is out. Have a read, if you want.

It's called Governed by Terror, a phrase drawn form the definition of state-sponsored terrorism.

Because I wasn't always afraid to go to work.

https://fsutorch.com/2025/04/30/governed-by-terror/

vkc , 9 months ago to random

[Thread, post or comment was deleted by the author]

w7voa , 9 months ago to random

Amazon denies the Punchbowl News report that it plans to display how much Trump tariffs add to the price of each product on the e-commerce platform.

jerry , 9 months ago (edited 9 months ago) to random

What is your favorite remote access software?

evacide , 9 months ago to random

I see that I'm in for another week of explaining that end-to-end encryption will not fix stupid.

hacks4pancakes , 9 months ago to random

Just perpetually tired seeing how bad the default advice seniors give juniors about cybersecurity careers is on Reddit. They mean well, but didn’t have to fight this market.

stux , 9 months ago to random

Let this sink in..

The government of the US and El Salvador are making people disapear

Without trail, without evidence

They "cannot" and will not reverse anything even knowing what they're doing is wrong, big time

These so called "Presidents" can make anyone disappear but cannot return them

nixCraft , 9 months ago to random

Step 1. Put on a black hoodie.
Step 2. Go to the cafe.
Step 3. Take out your laptop.
Step 4. Open a terminal window.
Step 5. Run the htop command and yell from the bottom of your stomach, "I'M IN!"

briankrebs , 9 months ago to random

Wow. The tech and NASDAQ giant NVIDIA's shares have tanked in after hours trading, down 7 percent right now. Might have something to do with this disclosure:

"On April 9, 2025, the U.S. government, or USG, informed NVIDIA Corporation, or the Company, that the USG requires a license for export to China (including Hong Kong and Macau) and D:5 countries, or to companies headquartered or with an ultimate parent therein, of the Company's H20 integrated circuits and any other circuits achieving the H20's memory bandwidth, interconnect bandwidth, or combination thereof. The USG indicated that the license requirement addresses the risk that the covered products may be used in, or diverted to, a supercomputer in China. On April 14, 2025, the USG informed the Company that the license requirement will be in effect for the indefinite future.

The Company's first quarter of fiscal year 2026 ends on April 27, 2025. First quarter results are expected to include up to approximately $5.5 billion of charges associated with H20 products for inventory, purchase commitments, and related reserves."

Expect an extra wild ride on Wall Street when the bell rings tomorrow.

A graphic from Google showing NVIDIA Corp. stock price tanking in after hours trading.

ALT

stux , 10 months ago to random

This is why we don’t need #US #cars in #Europe

ALT

deviantollam , 10 months ago to random

The phrase "100% undetectable monitoring" should only appear in emails from a company that makes medical devices for diabetics or an early warning solution focused on structure fires. Not smartphone software. 😒

@evacide I woke up to this email today. I am displeased.

Is there any angle by which I can turn this into something good?

Is this a spyware product deserving of unpacking or analysis, and if I led these people on and got free licenses or something out of it would that help any researchers at EFF or elsewhere to dissect it?

ALT

nixCraft , 10 months ago to random

How people react when critical vulnerability announced in a popular Foo app

• What do privacy/security-minded people hear? Run as far as possible from Foo app.

• What stock market people do? Buy more Foo app stock.

• Ordinary public: I don't care as long as the job gets done using Foo app

• What bad guys do? Hack as many systems loaded with Foo app & steal personal data.

• What does a three-letter agency think about Foo app? Good. Good. Let them install Foo app. It will make our job easy.

evacide , 10 months ago to random

So much of cybersecurity is "We must secure the Orphan Crushing Machine so that unauthorized people do not crush the orphans," and not "Why the fuck are you building an Orphan Crushing Machine in the first place?"

w7voa , 10 months ago to random

CBS - SCOTUS agrees to halt a lower court order that required six federal agencies to rehire more than 16,000 probationary workers who had been fired. https://www.cbsnews.com/news/supreme-court-trump-probationary-workers/

dnsprincess , 10 months ago to random

Okay, it's finally time to admit it...

I'm on the job search.

I'm really struggling with self-worth. I've made it pretty far in some interviews, but haven't landed a job. I've been cut for internal candidates or other things.

It's been really rough. I have a dog to provide for... and I need healthcare.

I've done so much in cybersecurity. Anti-fraud SOC, teaching, sales, consulting, and more.

I've applied to over 200+ jobs and feel like I'm getting nowhere. That's why I've been so down lately.

Wish me luck on my upcoming opportunities...

w7voa , 10 months ago to random

Awaiting reaction from the residents of the Heard and McDonald Islands after the US today imposed a 10% reciprocal tariff on products from the volcanic territory between Madagascar and Antarctica. Might be waiting a bit -- apparently the total human population is (double checks notes)...zero.

image/png

evacide , 10 months ago to random

In case you are wondering why my public PGP key is expired, it is because I would like to discourage people from sending me PGP-encrypted email. The number of times I have had people send me mail in the clear that they appear to have thought was encrypted is NOT SMALL.

jerry , 10 months ago to random

The US Constitution didn’t have a complete set of test cases written before it was released.

briankrebs , 10 months ago to random

My name keeps getting mentioned in Top 10 infosec influencers lists, or Top[arbitrary number here] security professionals to follow. Here's the thing: The group responsible for all these "awards" has tried to get me to participate in their group activities (podcast interviews, etc. I always decline or ignore). But near as I can tell their top people lists have mostly the same people on them that have somewhat thin backgrounds in the cybers. So it seems to be some kind of circular promotion thing, possibly of the paid variety, which is not something I want to be associated with.

Some people say any publicity is good publicity, but I've never believed that. My instinct as I see these "awards" parroted by the people listed in them is to dig deeper into who the awards givers are. But in the meantime, my inclination is to send a polite note asking them to please not include me in their lists.

Is that a dick move? What would you do?