Posts by lxo@snac.lx.oliva.nom.br
(DIR) Post #B2VARLnv1HOhEWWgYS by lxo@snac.lx.oliva.nom.br
2026-01-21T05:57:25Z
1 likes, 0 repeats
how about arranging for the GPS signals to go silent for a week to mourn her death?
(DIR) Post #B2VSOqr8uXYNqTzZom by lxo@snac.lx.oliva.nom.br
2026-01-20T14:56:43Z
0 likes, 0 repeats
I'm not seeing the difference you're claiming. the SOF binaries and the signature (by an Intel-controlled secret key) on them work exactly like Tivo-supplied binaries and signatures (by a Tivo-controlled secret key): there's a component on the sound cards that checks for the signatures, just like on Tivo systems, and that prevents the binaries from running if the signature doesn't match.now, you make it sound like the unsigned binary would still run, it's just other parts of the system that would cease to function. that doesn't match whatever little I have found, but... where can I find more information to understand how that (other?) problem affects us?CC: @jas@fosstodon.org
(DIR) Post #B2ZroSHACIa8cuJB6u by lxo@snac.lx.oliva.nom.br
2026-01-21T15:21:27Z
0 likes, 0 repeats
interesting. this suggests that naming the practice of blocking the execution of modified or recompiled versions of programs as Tivoization may have been a misnomer. from what you say, it seems that Tivo did not do that. but that didn't stop others from doing just that. for lack of a better term to describe that practice, I keep on calling it Tivoization.I don't think this case is one of digital handcuffs, at least not in the program itself. it's other components of the device reacting to the modification. you could say it's digital handcuffs in the other components. but it's not the program itself stopping you from doing things.I guess what feeds the confusion is that GPLv3 addressed both issues. but the definition of Tivoization, e.g. on Wikipedia, is pretty clear and well-referenced: it's about blocking the execution of modified versions, without any mention to other programs' refusing to function along with the modification.CC: @jas@fosstodon.org @Suiseiseki@freesoftwareextremist.com
(DIR) Post #B2eWhzy57dcrAEoBV2 by lxo@snac.lx.oliva.nom.br
2026-01-25T13:21:27Z
1 likes, 3 repeats
#GNU #Linux-libre 6.19-rc6-gnu is now available for testing from the git repository, with cleaning-up scripts updated for the upcoming 6.19 series
(DIR) Post #B2eZYPFyXpVsYuIPKK by lxo@snac.lx.oliva.nom.br
2026-01-24T20:51:55Z
0 likes, 0 repeats
what good is an encrypted messaging app if the enemy controls the computer it runs on?CC: @benjamim@social.lol @briar@fosstodon.org @Em0nM4stodon@infosec.exchange
(DIR) Post #B2eZYQnKpHn9KeuYxk by lxo@snac.lx.oliva.nom.br
2026-01-24T21:10:27Z
1 likes, 0 repeats
when the enemy controls the device on which the app runs, the encryption the app applies afterwards offers no more than an illusion of security, because the enemy gets to see the plaintext as it is entered into the device, or as it is displayed to users. the enemy can also unlock the device, and use the plaintext as evidence in fake trials. if you need actual security, something that demands you to start your use by generating your keys on a remotely-controlled device is not it. it's like building a castle on foundations of sand.CC: @benjamim@social.lol @briar@fosstodon.org @Em0nM4stodon@infosec.exchange
(DIR) Post #B2eZYRwEZgVKsY5BTM by lxo@snac.lx.oliva.nom.br
2026-01-24T21:23:38Z
1 likes, 0 repeats
you don't seem to understand the concept of using a remotely-controlled device that gets access to the plaintext before it gets encrypted, and that can be user to deliver targeted malware to specific users besides the malware it's loaded with from the factory. the loss of security takes place before and regardless of the protocol, because the device is compromised.a compromised device is a bit like the so-called analog hole, except it's digital, and it stands between you and the presumed-secure app, potentially leaking to its master any piece of plaintext you enter onto the device, or view on the device's screen, if not more.CC: @benjamim@social.lol @briar@fosstodon.org @Em0nM4stodon@infosec.exchange
(DIR) Post #B2eZeAXMBWXWeCApU0 by lxo@snac.lx.oliva.nom.br
2026-01-24T22:27:21Z
1 likes, 0 repeats
sure, when you say no, they laugh at you, but they still have access to your keys just the same. even if they never choose to upload them.CC: @dlakelan@mastodon.sdf.org @Linkshaender@bildung.social
(DIR) Post #B2eZqPwmiSrduquLzc by lxo@snac.lx.oliva.nom.br
2026-01-24T21:42:36Z
1 likes, 0 repeats
all phones ship from the factory already compromised, and under remote control by multiple parties, including universal backdoors to enable the controlling parties to further their control over them.signal's fundamental flaw is demanding users to start their use on such compromised devices. it all starts on a compromised foundation. regaining any security or privacy after that initial misstep, through which the remote controller of the device gains full access to your credentials and control over your account, is hard for me to believe. I'd be happy to be proven wrong, i.e., that if the user switches to another secure device afterwards, and terminate access from the compromised device, they can have assurance of exclusive control to their account from the secure device. but that's hardly relevant since most people keep on using signal from compromised devices controlled by the enemy.CC: @benjamim@social.lol @briar@fosstodon.org @Em0nM4stodon@infosec.exchange
(DIR) Post #B2eZqRj26Z3JQmUOps by lxo@snac.lx.oliva.nom.br
2026-01-24T22:10:26Z
1 likes, 0 repeats
you need a secure computer. all smartphones are tracking devices designed for surveillance and remote control. that tracking device in your pocket is not your friend, and it doesn't serve you.the keys you hold on it are as secure as bitlocker keys, or whatsapp keys for that matter. even if you don't choose to upload the keys to the vendor, the device is compromised and it has full access to them. it's not at all a solid foundation for security or privacy, because the keys that your security or privacy would depend on have been leaked to the remote controller of the device the moment they were generated.that sucks, but people have been fooled into mistaking universally-backdoored, remotely-controlled devices into sources of security and privacy. we need devices and systems that serve users to get that, and we pretty much don't have any of that, because such possibilities have been actively taken away from us for various reasons. and now that we need them, we can't have them, with extremely rare exceptions using ancient hardware with which signal won't allow you to start using it.CC: @benjamim@social.lol @briar@fosstodon.org @Em0nM4stodon@infosec.exchange
(DIR) Post #B2eowlfiM7seLNPSIi by lxo@snac.lx.oliva.nom.br
2026-01-25T13:50:48Z
2 likes, 1 repeats
nodremember when every gmail account got an associated XMPP account, and regular people would chat with other XMPP users until Google broke federation?XMPP was already more than good enough back then. and the users were there.
(DIR) Post #B2fQ5vx5CUer8ZldQW by lxo@snac.lx.oliva.nom.br
2026-01-25T21:57:27Z
0 likes, 0 repeats
new blog post: compromising encryption keyshttps://blog.lx.oliva.nom.br/2026-01-25-compromising-encryption-keys.en.html
(DIR) Post #B2fQ5xmsNPgKpV0VnM by lxo@snac.lx.oliva.nom.br
2026-01-25T23:11:30Z
0 likes, 0 repeats
he's not wrong. I hope it's clear that there are plenty of social and political and even technological problems that one can solve once one undertakes control of one's own digital life.what Schneier doesn't say or mean is that technology alone can't make security problems for you. it can, and avoiding that is what the article is about
(DIR) Post #B2fQ5zjP9I5qrJOlf6 by lxo@snac.lx.oliva.nom.br
2026-01-26T04:03:40Z
1 likes, 0 repeats
there are numerous times in which a piece of imposed computer technology requires so much privilege to be able to reject it that the rejection becomes unachievable by most, and seems far more costly (not just money-wise) than tolerating the immediate abuse. it's not so hard to understand why people so often go along with what's imposed on them. it's not every day that we get a chance to e.g. reverse engineer the tax form filling program that we must use, and make a free version thereof, or to reject contemporary means of payment when the freedom-respecting ones are phased out, or to refuse to carry a tracking device when everything and everyone expects you to have one to take a bus or the subway, to get a parking spot for your car or your bike, to see the menu at restaurants, to place your order, to pay, to do your taxes, to schedule appointments, ... I've become digitally excluded for not carrying a tracking device, for not having a device that will run all of these proprietary apps that governments and businesses take for granted nowadays. so the problems I face for my conscious choice are the flip side of the coin of problems that most people face because they can't fathom going for the alternative that also sucks. the only way we could win AFAICT is for nearly everyone to realize that this sucks and demand a respectful alternative.CC: @oigreslima@fed.sfl.pro.br
(DIR) Post #B2fV7g81VDliPZXHsW by lxo@snac.lx.oliva.nom.br
2026-01-26T06:19:47Z
1 likes, 0 repeats
it remains the same up to a point. since they have different goals, the framing ends up influencing the sort of contributors and contributions that it attracts, and that tends to reinforce the differences in goals.that said, you're absolutely correct that licensing terms aren't determinant in their orientation between these two possibilities. but there's a remarkable correlation: those who aim for freedoms for users tend to favor strong copyleft, while those who aim for being welcoming to business exploitation tend to adopt pushover licenses.CC: @Suiseiseki@freesoftwareextremist.com
(DIR) Post #B2gyxyIcHRztedjpSa by lxo@snac.lx.oliva.nom.br
2026-01-26T23:36:09Z
0 likes, 0 repeats
e nem é só questão de dor. um familiar está correndo sério risco de perder a visão num dos olhos por conta dessa doença.
(DIR) Post #B2gzPBAoWT8rOy3v0q by lxo@snac.lx.oliva.nom.br
2026-01-26T23:41:27Z
0 likes, 0 repeats
já zoei meu confuso horário de novo, não deu pra manter a #caminhada de manhã como eu gostaria. fui no fim da tarde, fiz uma voltinha na pista interna esticada com uma volta na praça. queria ter ido um pouco mais cedo, mas pessoal ia precisar do carro pra buscar a neta na escola. resultado: fomos juntos pra escola e pro parque. aí eu fiz minha caminhada enquanto eles ficaram na pista de patinação, pra netinha aproveitar o patinete.
(DIR) Post #B2iAVJ4jLknyIgIizw by lxo@snac.lx.oliva.nom.br
2026-01-26T16:26:52Z
0 likes, 0 repeats
my landline in a big Brazilian city was discontinued without warning in October. I heard people in the US got early warnings and had them discontinued as well. we can't count on their remaining available.tracking devices that won't run random apps remain available AFAIK, and they can conceivably be left in place instead of carried around, but for how long? and they do have microphones (and cameras) that can be remotely activated without warning.in Brazil, even in the absence of laws that mandate carrying such a tracking device, the federal government has an app/website that has become the single entry point for a growing number of government services, but the website limits access to many of the essential services, demanding access from a tracking device under remote control instead.banking for regular people has recently become impossible, as banks discontinued their web-based services and now they're in a spree of shutting down branches, forcing customers to use apps to get any service whatsoever. despite my bringing banks to court and winning, the bank ignores the court order and discontinues access to services on the website for good. so I've become digitally excluded, and now I have to rely on family members to do my banking. but that won't last long: the banks are warning they're going to demand smartphone fingerprint biometrics.I'm happy for you that your reality is not like this nightmare (yet?). hopefully we can reverse course before it hits you.CC: @iron_bug@friendica.ironbug.org @Suiseiseki@freesoftwareextremist.com @oigreslima@fed.sfl.pro.br
(DIR) Post #B2iAVLId536xCMoqwK by lxo@snac.lx.oliva.nom.br
2026-01-26T18:29:45Z
1 likes, 0 repeats
the "services" range from getting forms to pay taxes, starting businesses, getting health support, unemployment benefits, etc. depending on your privilege level, you may be able to give up rights and do without health support and various benefits, but if you try to go about without paying your taxes or fulfilling other legal obligations, you'd probably get in serious trouble. and then, when you get sued or even set out to sue the government to enforce your right to not have to use such surveillance devices, you find you have to use them to participate in the court audience (and if you don't show up you lose by default).I regret having trusted things would remain reasonable and not acting sooner to preempt these movesCC: @iron_bug@friendica.ironbug.org @Suiseiseki@freesoftwareextremist.com @oigreslima@fed.sfl.pro.br
(DIR) Post #B2iR0wDdSmijwhZTWq by lxo@snac.lx.oliva.nom.br
2026-01-27T16:25:12Z
0 likes, 0 repeats
lembro de pensar, ao assistir a'O Homem do Futuro' por acaso na TV, algo como "caramba! olha o nível dos filmes que tão fazendo no Brasil! não deve nada pra ninguém!" é um filmaço.outro que fiquei muito bem impressionado, também assistindo por acaso, foi Romance, com Letícia Sabatela e também com ele, Wagner Moura. https://pt.wikipedia.org/wiki/Romance_(filme_de_2008)algo me diz que vou gostar d'O Agente Secreto' quando assistir 🙂CC: @bug_elseif@bolha.us