ReversalHatchery

@ReversalHatchery@beehaw.org

Computers and the internet gave you freedom. Trusted Computing would take your freedom.
Learn why: vimeo.com/5168045

This profile is from a federated server and may be incomplete. Browse more on the original instance.

ReversalHatchery,

You wouldn’t own a house!
You wouldn’t own a car!
You would be happy!
Because we said so.

Each Facebook User is Monitored by Thousands of Companies – The Markup (themarkup.org)

Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies. That number varied significantly, with some panelists’...

ReversalHatchery,

This is just my opinion, but why would they tell you the truth? It’s not like you can find out they are lying.

ReversalHatchery,

Over the years there have been a few times I tried to communicate with the developer, and he was always arrogant.

ReversalHatchery,

At the same time it’s also important that the provider only complies with requests where it legally has to. I trust Proton to act this way.

ReversalHatchery,

They tell whatever they want until their claims can be validated with the source code. If we take it for granted that they use an original, unmodified version of the signal protocol programming libraries, there are still multiple questions:

  • how often do they update the version they use
  • what are they doing with the messages after local decryption (receiving), and before encryption (sending)
  • how are they storing the secret keys used for encryption, and what exactly are they doing with it in the code

Any of these questions could reveal problems that would invalidate any security that is added by using the signal protocol. Like if they use an outdated version of the programming library that has a known vulnerability, if they analyze the messages in their plain data form, or on the UI, or the keypresses as you type them, or if they are mishandling your encryption keys by sending them or a part of them to wherever

ReversalHatchery,

Password reset requires saying when the account was created (month and year) and “tech support” can’t help here either.

Did you try the date of their first email?

ReversalHatchery,

I don’t think so. I never delete such emails. Why would I? Not like it’s in the way

ReversalHatchery,

You can do that without this software too. Create separate windows accounts for every member of the family, preferably offline accounts (which are not attached to a Microsoft account and an email address), and put a password or a pin code on yours.

ReversalHatchery,

Oh, I see. What are those needs? Maybe there’s a better way.

ReversalHatchery, (edited )

I think it’s just dumb to not make a backup before large updates. There’s so many things happening, a lot can go wrong, especially if you have added 3rd party repos and have customized core parts of the system, not just through config files but let’s say you switched to latest kde plasma from the one your distro ships.

And what happens if you have to restore the backup?
You can look up what’s the solution to your problem in peace while everything is still working. If it was a server, all the services are still available, if it was your desktop you don’t have to use a live linux usb that’s without all your configs to find the solution

ReversalHatchery,

If you want something easy to use and you don’t have to learn buy a Mac, you want great software compatibility buy a windows pc.

That is very bad advice, as that may well not be a solution. There are people who want to use their computers without the ads, data mining and forced program defaults windows is doing.

That’s true that if people switch OS, they’ll need to learn a lot of new things. But don’t forget that not only sysadmins and adventurous people use Linux.

That being said, there are distros that give you a decent GUI frontend to the package manager, for example openSUSE

ReversalHatchery,

Not lying that they are improving the privacy of users would be a good start

ReversalHatchery,

No, I don’t have any suggestion for how should Apple circumvent laws. But if they can’t improve on it, they shouldn’t lie that they did so.

ReversalHatchery,

Sorry for the delay. In this case they were lying that they have improved their process regarding handling such orders, implying that they will now only comply for fewer orders that they can’t (yet) deny.

ReversalHatchery,

NFS

waiting for locked database

I agree that sqlite is slower through the network than a database server that was made with that in mind, but I think in your case the majority of it was something different.
I’ve recently read in the Jellyfin docs about problems with fs locks on an NFS share, and the point is that NFS does not enable locks by default or something like that, and you have to configure it yourself.

Does Google still hold contact data after deleting from Google Contacts?

I am in the process of moving out some contacts from Google Contacts, specifically those that I do not have a Gmail address. It's a way for me to give these people a tiny bit more privacy, as I'm doing a cleanup of my contact list. My concern is that Google will still keep their data even after I delete it from my end. Is it so?...

ReversalHatchery,

I don’t think there’s a factual answer to this question.
My take on it though is why would they delete it? They can make use of it in various ways, and in new ways every once in a while, and it’s not like as if you could prove it in court or even just find out that they didn’t delete your data.

ReversalHatchery,

That depends. More of the popular ones don’t encrypt the secret keys, they can just be read out with root access or even with the use of ADB (the pull command), not even speaking about reading the memory contents while booted to a recovery.
Some even uploads the keys to a cloud service for convenience, and they consider it a feature.

ReversalHatchery,

It’s not bad design, it’s definitely intentional, however I agree that it’s probably not for having backdoors, but for convenience. Average people forget their passwords all the time, and with encryption that level of carelessness is fatal to your data if they have not saved it somewhere, which they probably didn’t do.

Very few devices are rooted and usually you cannot get root without fully wiping your device in process.

I’m pretty sure the system is not flawless. Probably it’s harder to find an exploit in the OS than it was years ago, but I would be surprised if it would be really rare. Also, I think a considerable amount of people use the cheapest phones of no name brands (even if not in your country), or even just tablets that haven’t received updates for years and are slow but “good for use at home”. I have one at home that I rarely use. Bootloader cannot be unlocked, but there’s a couple of exploits available for one off commands and such.

ReversalHatchery, (edited )

What is an ULEZ camera?
Without details, it seems a bit weird that people are called extremists who don’t like their country being converted to china by covering every inch with a camera, maybe even if they used explosives against these in a way that didn’t hurt anyone.

ReversalHatchery, (edited )

Immich is a selfhosted photo management server with a user interface that’s similar to google photos. Also has mobile apps.
Their motto is “privacy should not be a luxury”.

I was planning for long to try it out because it looks very promising, but I was waiting for… I don’t know what? Fuck it I’m installing it today.

ReversalHatchery,

Have you ever logged in to a linux shell? If so, the below or similar may be familiar:

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

As I see they are just

  • covering their asses legally, in case someone wanted to go to court over losing family pictures
  • making sure that the admin knows that they really really should do backups of the data stored there
ReversalHatchery,

ext4 certainly has its place, it’s a fine default file system, there’s really no problems with it.

But others, like ZFS and BTRFS, have features that you may want to use, but ext4 doesn’t do: fs snapshots, data compression, built in encryption (to a degree, usually only happening for data and some of the metadata, so LUKS is often better IMHO), checking for bitrot and restoring it when possible (whether it is depends on your config), quotas per user group or project, spanning multiple disks like with RAID but safer (to a degree), and others.

ReversalHatchery, (edited )

In case of ZFS and bcachefs, you also have native encryption, making LUKS obsolete.

I don’t think that it makes LUKS obsolete. LUKS encrypts the entire partition, but ZFS (and BTRFS too as I know) only encrypt the data and some of the metadata, the rest is kept as it is.

openzfs.github.io/…/zfs-load-key.8.html#Encryptio…

Data that is not encrypted can be modified from the outside (the checksums have to be updated of course), which can mean from a virus on a dual booted OS to an intruder/thief/whatever.
If you have read recently about the logofail attack, the same could happen with modifying the technical data of a filesystem, but it may be bad enough if they just swap the names of 2 of your snapshots if they just want to cause trouble.

But otherwise this is a good summary.

ReversalHatchery,

are there applications where zfs/btrfs is more or less appropriate than ext4 or even FAT?

Neither of them likes to deal with very low amounts of free space, so don’t use it on places where that is often a scarcity. ZFS gets really slow when free space is almost none, and nowadays I don’t know about BTRFS but a few years ago filling the partition caused data corruption there.

ReversalHatchery,

It’s not about someone, it’s about something. A lot of us aren’t (only) using Linux as a server OS, but for desktop too, and desktop usage involves running much more different kinds of software that you simply just can’t afford to audit, and at times there are programs that you can’t choose to not use, because it’s not on you but on someone on whom you depend.

Then it’s not even only that. It’s not only random shit or a game you got that can edit your bashrc and such, but if let’s say there’s a critical vulnerability in a complex software you use, like a web browser, an attacker could make use of that to take over your account with the use of a bashrc alias.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #