Comments

library_napper, 1 year ago (edited 1 year ago) to privacy in Using Disinformation Like A Pro

In the industry we’d call it “tokenization” for the same end if the identifiers were unique

library_napper, 1 year ago to linux in What's your favorite music player on Linux?

Thanks. Just tried it but every time I add one song to the queue, it adds a ton of others to my queue that I did not add. How do I make it stop doing that?

library_napper, 1 year ago to linux in What's your favorite music player on Linux?

On Android its NewPipe. No ads, free, I can create playlists, and I dont have to store anything local.

library_napper, 1 year ago to linux in What's your favorite music player on Linux?

Firefox (invidious). Its free, no ads, and I dont have to store files locally.

library_napper, 1 year ago to linux in Thoughts on this?

Please dont just post screenshots of text. Post a link to the content.

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

This sort of thing happens dragnet. And mullvad users are definitely a group to be targeted. Dont assume OP isnt a refugee or journalist and give them bad advice that could get them killed

library_napper, 1 year ago (edited 1 year ago) to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

That’s why you download the key from multiple distinct domains from multiple distinct locations using multiple distinct devices and veryify their fingerprints match. If the key/fingerprint is only available on one domain, open a bug report with the maintainer.

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

No, you’re confusing two vectors of attack. I’m saying that if you fan trust the vendor, then you’re still at risk from downloading malicious software that was manipulated between the vendor and you (man in the middle attack), unless you verified a signature using a key stores offline (note https is still vulnerable because the keys are stored online)

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

Https is vulnerable to loads of attack. That’s why we sign packages.

library_napper, 1 year ago (edited 1 year ago) to opensource in Could we add alternativeto.net to the sidebar?

Of course it matters.We dont want to support or contribute content to a service that could go down one day and all the data is lost because we can’t fork it.

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

Homebrew is extremely insecure. It doesn’t verify package signatures, so its just as bad as the “just donloaf some sketchy untrusted binary off a website” approach

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

You might want to say why or you’ll get downvoted. Spoiler: its not safe and this is how you get malicious software on your computer

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

ChatGPT is garbage in garbage out. It’ll probably tell you to curl a file off the internet and pipe it to bash as root.

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

More Performant, yes. More Secure? Not sure about that

library_napper, 1 year ago to linux in New Linux user here. Is this really how I'm supposed to install apps on Linux?

They probably lowered it became mullvad is a security company and downlaoing .deb files from the Internet ia a vector for attack