Posts by tasket@infosec.exchange
(DIR) Post #AbP9IxtHaEUDMKn9hw by tasket@infosec.exchange
2023-11-02T18:42:00Z
0 likes, 0 repeats
@thenewoil #Privacy will be crowd-sourced instead. VCs want 'disruption' and spying on working class people, so don't expect positive developments from them.#Murena2 #eos #calyxos #mozilla
(DIR) Post #AbduF72R2x8md9B1NI by tasket@infosec.exchange
2023-11-09T21:34:25Z
0 likes, 0 repeats
@thenewoil This is in the notorious PyPI, no?Malware reports should make a distinction between repos that are thoroughly curated and those that are not. PyPI has not taken all the steps it needs to be considered curated; putting a stop to new projects isn't nearly enough.People who use PyPI content directly should know they are taking a big risk. If the malware is found in Debian or Fedora repos, that is much more serious.
(DIR) Post #AbduSQSAAovAbqYiW0 by tasket@infosec.exchange
2023-11-09T21:36:47Z
0 likes, 0 repeats
@thenewoil This is in the notorious PyPI, no?#Malware reports should make a distinction between repos that are thoroughly curated and those that are not. #PyPI is know to be very risky; having this malware in, say, Debian or Fedora repos would be a much more serious issue.
(DIR) Post #Abe1DpIgD4rZ0T6oM4 by tasket@infosec.exchange
2023-11-09T22:52:34Z
0 likes, 0 repeats
@thenewoil Immutable root fs is one of the things that drew me toward Qubes OS back in 2013.But the read-only-like (non)persistence boundary in Qubes consists of a virtual machine boundary under a bare-metal hypervisor (Xen). Ubuntu relying on the Linux kernel to protect the fs means it is much more susceptible to being breached, owning to Linux's far larger attack surface and monolithic nature. #ubuntu #ubuntucore #qubesos
(DIR) Post #Ad3ZhAbeb1Bs1lDXGq by tasket@infosec.exchange
2023-12-22T04:38:42Z
0 likes, 0 repeats
@hn100 If enough people do the above, Google will just force it through another way.Here are the real steps:Install FirefoxClick 'Yes' on the 'default browser' questionChange Privacy: Tracking Protection to StrictOptional: Install uBlock Origin ad blocker add-onOn iOS devices, you can install the 'Firefox Focus' variant, which will give you strong tracking protection plus ad blocking without having to make any changes!
(DIR) Post #AomXqYAnkqBeIwHQsi by tasket@infosec.exchange
2024-12-06T21:53:05Z
0 likes, 0 repeats
@futurebird Yes lets have a bigger fediverse, plz!
(DIR) Post #ApbCXdakEuU66THacq by tasket@infosec.exchange
2024-12-31T08:24:43Z
0 likes, 0 repeats
@LineageOS Support for virtIO seems significant, no?Different topic: I also wonder how well virtual machines (running on phones) will be supported with the new Android 15 vm framework.
(DIR) Post #Apt0V90vFplK5HqnC4 by tasket@infosec.exchange
2025-01-08T22:34:37Z
0 likes, 0 repeats
@shalien @ErikUden @Gargron Fedi is still too rough around the edges.For one, people start to gain traction and then it flops because why? Ans: Popular posts become super annoying, recurring in TL dozens or hundreds of times per day..... so people react by muting those users and conversations.Little if any chance you'll see replies (to other users' threads) show up in your TL. Great candidate for a simple "algorithm"; as it stands its just poor engagement.Picture-only posts where most people can't view the thread, because the only place to click on such posts is a 1px tall line about 3px under the poster's avatar.Its very sad. Years back I donated money to Mastodon, but there are still UX holes you can drive a truck through and nothing is done about it. UX isn't taken seriously here, so its mainly techies that stick around.
(DIR) Post #Apt2ppLHmtrt40MiHY by tasket@infosec.exchange
2025-01-08T22:44:51Z
0 likes, 0 repeats
@shalien @ErikUden @Gargron Another huge problem:The only kind of URLs fedi has are web links, https. That means links to fedi content from wherever (even from fedi posts/UIs) will keep leading users to strange instances where they are told they aren't logged in. They will experience this over and over (and over) and it is➡️ confusing!⬅️ Bluesky handles this by centralizing link references, pointing them all to bsky.app. That is a decen failure, obviously.The correct way not to drive non-techies away would be what that other decen protocol, email, did: Define a protocol prefix so that the user's computer knows which app (or URL) should handle the request. (Imagine if there was no "sendto:" for email, and each time a user clicked on an email address to send a message, they were brought to the recipient's email server. That's how crazy fedi UX looks right now.) Hint: Arguably this is W3C's purview, so @w3c please stop the madness. Thanks!
(DIR) Post #AqHfPe6b1HShTfrlPk by tasket@infosec.exchange
2025-01-20T20:06:02Z
0 likes, 1 repeats
@futurebird This is also why when I see links to articles at "my insightful and canny new site" and they turn out to be at substack.com I lose a little bit of esteem for the author. Assuming they do have great angles and writing and their blog becomes popular, in a year or two I'm going to be hearing about the same old tune: Oligarch doesn't like them, puts their boot on their blog and now "there is nothing I can do". Some of them don't even ask for help, because in their universe online help only comes from flashy SV brands, not people like you or me.You know the saying "Its always DNS". Domain names are how we identify things on the net – verified by https. But we fell into this stupor thinking even that is too technical for most people, which is like thinking that traffic lights and road signs are too technical for motorists. To have Internet culture, we have to have at least a little bit of literacy about its signals.
(DIR) Post #AtjwPSW3oXKmrUnGGe by tasket@infosec.exchange
2025-05-04T05:04:35Z
0 likes, 0 repeats
@debian Wow. I hope someday bluetooth will become function again.
(DIR) Post #AuJpQQ14lLI63dAcfw by tasket@infosec.exchange
2025-05-21T12:10:32Z
0 likes, 0 repeats
@adfichter Between Outlook 365 requiring email copies sent to MS servers and the Windows Recall misfeature, the MS stack now looks like a platform for spying on the plebes.Assuming MS can assure institutions that any "cloud" involved in the spying will stay in the jurisdiction, then they may find it an attractive proposition.There is also the issue that Russian hackers gain entry to MS systems and conduct major heists on a semi-regular basis. Choosing the platform that will be most vulnerable to Russian hacking should raise additional questions.
(DIR) Post #AuNOQFs6YmT4SqVlnU by tasket@infosec.exchange
2025-05-23T05:41:14Z
0 likes, 0 repeats
@strypey You could 'at' them..
(DIR) Post #AzFT4j2cGwIwhI23uq by tasket@infosec.exchange
2025-10-15T23:26:13Z
0 likes, 0 repeats
@lightweight Fedi, however, has a couple of large UX issues that act like a techie filter. The techies hop over them as little more than an annoyance but others end up getting lost and give up. Mastodon is the flagship project but refuses to address the issues.Active user count has flatlined over the past year; the isolated Mastodon site run by Trump has twice as many active users as all fedi instances combined.The AP architects were just good enough to keep out perverse effects, but they lack competency in other areas as well as the ability to recognize their own shortcomings.
(DIR) Post #AzFUtgjehknAGj1olE by tasket@infosec.exchange
2025-10-15T23:47:42Z
0 likes, 0 repeats
@lightweight I am all for criticizing the inclinations of the uber-consumer. This fedi issue is different; the devs are not competent enough to meet potential users half way.If normal interaction is impossible via websites that use a "Share this page on fedi" link, instead dumping people who thought they signed up onto an alien domain that weirdly has the same logos and "Mastodon" on the top page. They are supposed to look for small clues like "this site run by xyz" in the corner and then hop out of the web browser back into their fedi app... or edit the URL in the address bar to put them back into their home instance web UI.That is all very screwed-up to most people.Fedi fans tout a protocol that "works like email" but don't want to actually learn the specifics of email or what makes it function in the users' hands. The specifics of the Internet are apparently 1990s old-hat TL;dr. They don't understand the difference between a protocol that's used under-the-hood and one (like email) that is user-facing.FediDB has recorded surge after surge of new, interested users in recent years but we never sustain more than 1.1 million worldwide. Its half-baked and even Christine Lemmer-Webber has been gently trying to tell us that AP should be replaced by something else.
(DIR) Post #AzGasKvN6cnxDUCtfM by tasket@infosec.exchange
2025-10-16T01:01:54Z
0 likes, 0 repeats
@fun @bart Something tells me Librephone are not working within the same parameters as PostmarketOS. I'm sure the former knows what SPI flash is and how to use it.I mean, seriously... you expect an org like FSF to not break secureboot for the sake of research? lolWhat I'm reading from Librephone is they are defining a breakaway platform that they hope will have a following with the ethical hardware brands that have been popping up. They don't need the sanction of secureboot, they can create their own system.Edit: After listening to their announcement conf call, they are not producing a whole OS. They are only using AOSP as their reference for reverse engineering closed drivers (blobs). And they expect that whole-OS projects can make use of the resulting open RE firmwares.
(DIR) Post #B1IM6uGFfmcPM7BHLE by tasket@infosec.exchange
2025-10-16T00:06:00Z
0 likes, 0 repeats
📉 #Fediverse is looking stagnant... Newcomers tolerate the bad UX for a while and then leave.https://fedidb.com/stats#fedi #mastodon #ux
(DIR) Post #B1IM6ztQjXvcp4Y8bQ by tasket@infosec.exchange
2025-10-16T00:39:31Z
0 likes, 0 repeats
@lightweight Notice also the "Trump surge" in the 2nd graph. And yet there is no "Bluesky Jay Graber surge", because the bsky peeps already tried the alternatives.#Fediverse
(DIR) Post #B1IUMj3LuYUerSCYNc by tasket@infosec.exchange
2025-12-16T06:10:05Z
0 likes, 0 repeats
@strypey Just as likely, people set up Mastodon accounts in a fit of pique, and never really use them.Implying there is nothing that is trying to engage with them.Personally, I think the main problem is a poorly understood and mostly unexpressed issue with the way fedi treats domains. Most people will simply think your stuff is broken if the "Mastodon" randomly forgets who they are; when people click on links, they end up on foreign servers (emblazoning "Mastodon" logos) and they forget to check that the domain in the address bar has changed. This even happens when people sign up with apps.ActivityPub wants to be a new decen Internet-wide protocol that people use directly. But it doesn't want to tick all the technical boxes that make such protocols user-friendly. "Good enough for techies who will hop over the gaps" is evidence that the designers lacked engineering savvy.But active account numbers in the fediverse, and more importantly overall server numbers, continue to be much higher than pre-2024.Conversely, a case could be made that there are significant losses being masked by diehard users opening multiple accounts for alternate modes like Lemmy, Pixelfed and Peertube. (IIRC, someone was writing about this being a trend among fedi users.)
(DIR) Post #B1xAiMOz2l0LqYTCO8 by tasket@infosec.exchange
2026-01-04T21:13:04Z
0 likes, 0 repeats
@futurebird @zeux In my experience, the mods didn't understand advanced questions that required a deep dive (hence, obscure). Once you got voted down on a few questions like that your account was essentially locked forever, which is what happened to me.I'm not saying SO wouldn't accept difficult topics, but difficult with a bit of obscurity would get you modded into oblivion. So it became a site for posters who only liked well-worn subjects and readers who are on their learning curve for a new-to-them topic.Also, having those creepy techbro topics from sister sites always in the right margin is probably off-putting for some.