InnerScientist

@InnerScientist@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Researchers discover new security vulnerability in Intel processors⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
Intel Outside
⁨Comment⁩ on ⁨xkcd #3084: Unstoppable Force and Immovable Object⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
That just moves the problem, what happens if I put a piece of paper between them? Unless they don’t interact with anything they still face the same problem.
⁨Comment⁩ on ⁨MicroOS: Rootless podman?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Tldr:

Rootful podman with podman run --userns=auto is more secure than one rootless host user running many pods, because those pods could (theoretically) attack each other.
though you still have the possibility of an exploit in the image pull

Rootless podman running one pod (as in service including database and so on) per host user with different subuid Ranges is the most secure, but you have to actually set that up which can be a lot of work depending on distribution.
⁨Comment⁩ on ⁨Windows 11 users reportedly losing data due to Microsoft's forcedWindows 11 users reportedly losing data due to Microsoft's forced BitLocker encryption⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
All devices launching with Android 10 and higher are required to use file-based encryption.
To use the AOSP implementation of FBE securely, a device needs to meet the following dependencies:
- Kernel Support for Ext4 encryption or F2FS encryption.
- ```
Keymaster Support with HAL version 1.0 or higher. There is no support for Keymaster 0.3 as that does not provide the necessary capabilities or assure sufficient protection for encryption keys.   
```
- ```
Keymaster/Keystore and Gatekeeper must be implemented in a Trusted Execution Environment (TEE) to provide protection for the DE keys so that an unauthorized OS (custom OS flashed onto the device) cannot simply request the DE keys.   
```
- Hardware Root of Trust and Verified Boot bound to the Keymaster initialization is required to ensure that DE keys are not accessible by an unauthorized operating system.
source.android.com/docs/security/…/file-based?hl=…
⁨Comment⁩ on ⁨Windows 11 users reportedly losing data due to Microsoft's forcedWindows 11 users reportedly losing data due to Microsoft's forced BitLocker encryption⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

Lose access to your MS account = lose your data forever. No warnings, no second chances. Many people learn about BitLocker the first time it locks them out.

It seems like they just got locked out of their Microsoft account (which stores the bitlocker key). Idk why they can’t just reset their password or if this article talks about the times where people couldn’t do that due to missing email access or maybe resetting the password deletes the bitlocker keys?

Either way though, the problem is that Microsoft is forcing encryption on everyone and not properly educating them on the consequences like “Backup your decryption key if you care about the data” in a way a normal user actually listens to.
⁨Comment⁩ on ⁨Getting mixed signals from Reddit. Furthermore I shall henceforth be on Lemmy full time.⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
But my streak is at 419, I can’t stop now!
⁨Comment⁩ on ⁨Florida draft law mandating encryption backdoors for social media accounts billed 'dangerous and dumb' | TechCrunch⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Encryption backdoors are dangerous and dumb.
⁨Comment⁩ on ⁨TLS Certificate Lifetimes Will Officially Reduce to 47 Days⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Why do you need EV certs?
⁨Comment⁩ on ⁨Bluesky has started honoring takedown requests from Turkish government⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Absolutely bamboozled
⁨Comment⁩ on ⁨Elevated⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Just the usual amount. I don’t think we want to know.
⁨Comment⁩ on ⁨Encrypting data on local servers?⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Somethign I haven’t seen mentioned yet is clevis and tang, basically if you have more than one server then they can unlock each other and if they’re spatially separated then it is very unlikely they get stolen at the same time.

Though you have to make sure it stops working when a server get stolen, using a mesh VPN works just as well after the server is stolen so either use public IPS and a VPN or use a hidden raspberry pi that is unlikely to be stolen or make the other server stop tang after the first one is stolen.
⁨Comment⁩ on ⁨Google To Subscribe To Your Emails To Find Content For Your Search Listings.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

but I often have to use email on other people’s computers

why

public computers have usb drive access disabled

But why would you ever want to log in to your private e-mail on a public computer.
⁨Comment⁩ on ⁨On email privacy: can I store my own email and relay them through an email provider?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Luckely we’re not relying on emails for security relevant and or private information, right?
⁨Comment⁩ on ⁨On email privacy: can I store my own email and relay them through an email provider?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
The emails are unencrypted, emails in transit are in transit between the e-mail servers and relays and use secure tls channels.
They are only encrypted from your phone/notebook/browser to the server, then when send they will be encrypted till the next server.

Every server/relay first decrypts everything send to it, because it has to due to the TLS terminating at each server.

See also your source:

Transport Encryption: This form of encryption is used to secure your emails while they are transmitted over the internet. Most of today’s email services, including Gmail, employ transport layer security (TLS) to protect emails in transit. While it encrypts emails between servers, it doesn’t protect the content once it reaches the recipient’s inbox.^1^

In practical terms, Your e-mail server, your e-mail servers relay (if it has any) and your recipients relay server/server can all read your email unless

End-to-End Encryption (E2EE): E2EE takes encryption a step further. It ensures that only the sender and the recipient can decrypt and read the emails. Even the email service provider cannot access the contents of the email. E2EE is typically achieved through third-party encryption tools or services.^1^

Which takes active effort from both the sender and the recipient to make work - it’s almost only possible with people you know and little else.

^1^ umatechnology.org/gmails-new-encryption-can-make-…
⁨Comment⁩ on ⁨Having trouble with my caddy congif for my lemmy instance⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
You can use caddy-l4 to redirect some traffic before (or after) tls and to different ports and hosts depending on FQDN.

Though that is still experimental.
⁨Comment⁩ on ⁨On email privacy: can I store my own email and relay them through an email provider?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Only thing I can comment on is that 99% of all E-Mails you will get are unencrypted and can be read by your relay. (There are few e2e encrypted emails being send.)

So either trust them or don’t use a relay.
⁨Comment⁩ on ⁨Organic Maps migrates to Forgejo due to GitHub account blocked by Microsoft.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Step 1: Get write access to the project you dislike.
⁨Comment⁩ on ⁨JPMorgan researchers say they have generated and certified truly random numbers using a quantum computer, a world-first with potential security and trading uses.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
They don’t have quantum in the name.
⁨Comment⁩ on ⁨Signal downloads spike in the US and Yemen amid government scandal | TechCrunch⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Security vs having someone to message.
⁨Comment⁩ on ⁨Sanity check: am I crazy for wanting to wipe everything and do/learn from scratch?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I recommend switching to NixOS only after you have a basic but broad understanding of Linux, many things in NixOS are more complicated than in “normal” Linux, which is needed to archive what it does, but is overwhelming for someone who doesn’t know the what and why and where that using Linux brings.

A picture showing the NixOS learning curve/cliff
⁨Comment⁩ on ⁨Microsoft tells Windows 10 users to just trade in their PC for a newer one, because how hard can it be?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Sell their houses to who, Ben? Fucking Aquaman?!
⁨Comment⁩ on ⁨Open Source Github Repositories in Danger of being Deleted⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
You triggered the independent thought alarm
⁨Comment⁩ on ⁨Apple takes UK to court over 'backdoor' order⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
So, why are they suddenly allowed to talk about it?
⁨Comment⁩ on ⁨Good afternoon I choose thoughts you've never had before.⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
If I had a nickel for every time someone thought of boiling pasta by showering with it piercing their nipple, I’d have two nickels-- which isn’t a lot, but it’s weird that it happened twice.
⁨Comment⁩ on ⁨Sergey Brin says AGI is within reach if Googlers work 60-hour weeks⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
That’s why I bake my cake at 2608°C for ~1,8 minutes, it just works™
⁨Comment⁩ on ⁨Rising egg prices and high demand are prompting consumers to rent or buy chickens, but experts warn the move may not cut costs⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
They are seizing the means of (egg) production!
⁨Comment⁩ on ⁨Need Support: DMZ at home with nginx proxy to LAN⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Check DNS, MTU and do a full wireshark capture from the Client using both curl and the browser.
⁨Comment⁩ on ⁨What's up, selfhosters? - Sunday thread⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Find a new service you like, add it using rootless podman. That way you can test it without affecting your running system.
⁨Comment⁩ on ⁨Issue with wireguard and advance routing⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Try sysctl -w net.ipv4.conf.all.rp_filter=2 on the PC (not vps)
⁨Comment⁩ on ⁨Issue with wireguard and advance routing⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Do a ping of 8.8.8.8 from your user, then open a new console and run tcpdump -i <interface> with first your uplink, then wg0. The packets should be seen on wg0 if they’re routed correctly and the problem then is on the vps side. Otherwise it’s a problem on your local config.