Posts by seanm@infosec.exchange
(DIR) Post #ATxT41WMSVocrFBRGy by seanm@infosec.exchange
2023-03-25T01:06:51Z
0 likes, 0 repeats
@lauren @thomasafine yet, this still creates the foundational infrastructure for tracking people. Start with marginalized groups then add the general populace.
(DIR) Post #ATyzf46rBkmPIAv8vw by seanm@infosec.exchange
2023-03-25T18:47:10Z
0 likes, 0 repeats
@thenewoil does France not have some kind of quorum requirement to pass legislation?>Only 73 MPs actually showed up to vote — out of 577.
(DIR) Post #AUSmlNBE8QGXphnvns by seanm@infosec.exchange
2023-04-09T03:43:19Z
0 likes, 0 repeats
@lauren I found it pretty wild when pipenv maintainers deprecated support for Python 3.6 a year or two ago. The system default for Ubuntu 18.04 LTS that is only now reaching EOL. Broke one of our services until I pinned the older pipenv package that supported 3.6.It boggles my mind that the pipenv team thought it was appropriate to stop supporting a major OS and that Canonical didn't step in to figure something out.
(DIR) Post #AVlZTMJsnCijBla4HY by seanm@infosec.exchange
2023-05-18T03:05:59Z
0 likes, 0 repeats
@lauren it's interesting that pervasive surveillance capitalism is now considered the default for advertising. This is not the only way to advertise. You should be well aware that advertising on the Internet has not always required tracking and surveillance. Two decades ago, websites and advertisers were able to provide static advertising content that didn't need to perform surveillance. Television and radio still use static ads for the most part. Why is that form of advertising never considered? What was broken about that model? I have no problem with sites that run ads on their websites. Advertising is not the problem. It is the surveillance that has been dressed up as advertising that is the problem.So, you're correct that most of us "ad haters" won't be happy with Google's new surveillance apparatus. It's just more surveillance in search of a problem.From a strictly technical standpoint, modern advertising is repeatedly shown to degrade the browsing experience and has been frequently abused to push malware.#advertising #ads #surveillance #malware #google
(DIR) Post #AVlbPBy9X879pyYcxE by seanm@infosec.exchange
2023-05-18T03:28:05Z
0 likes, 0 repeats
@lauren I can't disagree that people want free stuff. 😅I do see the television industry creating surveillance opportunities with streaming and smart devices.
(DIR) Post #AVnetSvBl4n5HPDZuS by seanm@infosec.exchange
2023-05-19T03:16:31Z
0 likes, 0 repeats
@lauren @lori that's true. However, I disagree that the only or best response to funding a service is pervasive surveillance. As discussed throughout this thread, there are ways to target ads (or not target at all) without the need for massive surveillance. A service can also consider charging for premium features or capabilities.Ultimately, though, if you post something publicly I generally feel that you don't get to dictate how someone consumes that content and label the consumer a thief when the consumer deviates.
(DIR) Post #AYrtyrdzCEYoJgWbmC by seanm@infosec.exchange
2023-08-18T22:01:02Z
0 likes, 0 repeats
@nextcloud Keeweb is no longer actively maintained and has not seen any new updates since 2021. There is also an open request for a new maintainer.https://github.com/keeweb/keeweb/issues/2022
(DIR) Post #AYtK1zG48S06laRiLo by seanm@infosec.exchange
2023-08-19T14:27:40Z
0 likes, 0 repeats
@nextcloud it looks like KeeWeb is nearly dead. The upstream project is dead and the Nextcloud integration also lacks sufficient maintainers.https://github.com/jhass/nextcloud-keeweb/issues/221https://github.com/keeweb/keeweb/issues/2022
(DIR) Post #AZGkwg6v42jZKcwIMK by seanm@infosec.exchange
2023-08-30T18:56:44Z
0 likes, 0 repeats
@malwaretech this is the correct call by the EFF. Look at what's happened in the financial sector when backbone payment processors cave to government and societal censorship demands. Sex workers have almost zero methods to use modern financial systems, including for legal work and activities.Offensive systems should be handled at the root by pressuring their service providers. DNS providers can also refuse to resolve hostnames for inappropriate content.The solution isn't simply send the cops. There are other levers that can be applied.
(DIR) Post #AZXxKb9jPSUneDDoEi by seanm@infosec.exchange
2023-09-08T04:56:26Z
0 likes, 0 repeats
@adam I think this will only be the short-term situation. In a few years, the wealthy people will upgrade to the latest models and sell their older, emissions-compliant vehicles on the used market. The cycle will repeat as each class upgrades and resells.As this progresses, the wealthy will continue to fund the bleeding edge technology and manufacturing efficiency will increase (possibly bringing down some costs or at least adding functionality).Changing an entire system usually needs to be done in iterations, not massive sweeps. This may require an adjustment period with some negative outcomes.I've also read that health outcomes have seen improvements in these zones of lower emissions. Vehicle emissions are toxic and harmful, so lowering them in population dense areas is also a societal (and economic) positive.
(DIR) Post #Aa8aLkohMMVUnk0G48 by seanm@infosec.exchange
2023-09-25T21:03:23Z
0 likes, 0 repeats
@Adam @theBurn SMTP is not a replacement for Signal (and other Signal-type encrypted apps).In general I do agree with:1. SMS/MMS is insecure.2. Phone numbers are not ideal.3. Email is ubiquitous and decentralized.4. Centralized services are a risk.However, your suggestion to use SMTP is not the solution to why Signal (and its ilk) is heavily recommended: security.1. Email security does not scale well. You can use ProtonMail, Tutanota, etc but those are still siloed for built-in encryption in that it isn't easy to send encrypted emails between services. How do you easily and in a scalable manner provide E2EE with email that a non-technical person can use?2. Current email security products such as PGP don't provide perfect forward secrecy (PFS). How do you provide PFS with email security options?Email is great for many usage scenarios and communication but it doesn't address the usage cases that Signal and others have been built around.
(DIR) Post #AatVDoez9rpmwXDS2i by seanm@infosec.exchange
2023-10-18T12:16:42Z
0 likes, 0 repeats
@restofworld the #Telegram response update should be:- corrected as it incorrectly links to end-to-end encryption (E2EE) documentation for secret chats. Secret chats are E2EE but everything else on Telegram is not E2EE, such as cloud chats (and group chats) on Telegram. "Server-client encryption" is not E2EE. - clarified that server-client encryption is not E2EE. Gmail has server-client encryption (https), too. I guess they're an encrypted communication platform now, too?This is exactly what @Mer__edith was trying to explain about Telegram's insincerity and deception around its security design and marketing.The last sentence is the problem:>The company also emphasized that all Telegram chats are subject to server-client encryption.
(DIR) Post #Ad0PUe4MA076cn9UAK by seanm@infosec.exchange
2023-12-20T15:42:37Z
1 likes, 0 repeats
@mttaggart it's also hard to feel financially secure when even the fancy job sector (i.e., tech) just faced massive layoffs. Even if jobs are paying "better" they aren't stable.
(DIR) Post #ApohTF8UqVgajOvvnc by seanm@infosec.exchange
2025-01-06T20:30:30Z
0 likes, 0 repeats
It is 2025 and Slack still doesn't have proper support for Linux and Firefox. They blame their usage of the Amazon Chime SDK. Sorry, but Slack is a billion dollar company and they've known about this issue for years. Either fix the dependency yourselves (Slack) or use a better one. Don't tell paying customers to suck it up. #Slack #Linux #Firefox
(DIR) Post #ApohTJyOrTa3jXFRFw by seanm@infosec.exchange
2025-01-06T20:31:59Z
0 likes, 0 repeats
Cisco WebEx and Microsoft Teams work fine with Firefox for Linux.#Linux #Firefox #Cisco #WebEx #Microsoft #Teams