sudneo
@sudneo@lemm.ee
🇮🇹 🇪🇪 🖥
- Comment on Hacker advertises alleged database of 89 million Steam 2FA codes 19 hours ago:
Looking at how this started, it’s even more depressing.
- Comment on Hacker advertises alleged database of 89 million Steam 2FA codes 1 day ago:
Already debunked
- Comment on 3-2-1 Backups: How do you do the 1 offsite backup? 4 days ago:
Objdct storage is anyway something I prefer over their app. Restic(/rustic) does the backup client side. B2 or any other storage to just save the data. This way you also have no vendor lock.
- Comment on “No Apple tax means we will lower prices” - Proton announces lower prices for users by up to 30% after US ruling against Apple fees 1 week ago:
Yes, the whole discussion is around antitrust, and he thinks republicans have a chance to do better than democrats there. There is nothing to “bro” about, it’s pretty clear from the context. If he said any of that before the election, I could vaguely read an endorsement for single-issue voters. Saying republicans are better than democrats in fighting antitrust after Democrats shat their pants about it, doesn’t sound an endorsement to me.
The rest of this comment is out of topic. His focus (and his company focus) has always been on a specific political area. So there is no expectation that he would address the whole political scenario, when he was talking about that narrow area.
But he went out of his way to demonize the democratic party and somehow hold the Republicans up as the defenders of small business
So this is what bothers you? A completely legitimate critique of the democratic party? Well, I personally cannot care less, but you do you.
I see the issue as very simple: Him and his company work in the privacy space. Tech monopolies are a problem because captured people. Improving in this space is a win for privacy. Which is not something that is beneficial “in a vacuum”, it’s beneficial to all those vulnerable people that will be attacked by this government, or the next. he expressed optimism about the fact that republicans can do better than democrats here. Period. Naive, wrong, whatever. A legitimate opinion based on his reading of the last few years’ trend.
No endorsement, no “pledge loyalty”, nothing. Just a consideration. He also mentioned on his reddit account that ultimately actions will be what will count (as it is obvious). So to me this is legitimately a nothing burger. I cannot care less that people in US (and in many more places) live politics like a football game. I cannot care less that you or others got hurt because he criticized Democrats. They could and should do better, and then if the critique is unfair I will be there saying that he “goes out of his way” to criticize them. So far he clearly motivated his opinion with what Schumer did.
- Comment on “No Apple tax means we will lower prices” - Proton announces lower prices for users by up to 30% after US ruling against Apple fees 1 week ago:
There are less than 10 companies that control almost the entire tech space. What “fewer choices”…?
Breaking up google would be already enough, which is what the focus was. All your comment sounds very fuzzy to me. Basically the whole antitrust thing is on google, if republicans break it up, great. Which " allies" are they going to bolster?
- Comment on “No Apple tax means we will lower prices” - Proton announces lower prices for users by up to 30% after US ruling against Apple fees 1 week ago:
Republicans tech policy is motivated entirely by the fact that their racist and conspiratorial views were getting them banned on social media sites from 2015 - 2024
And i should care because…? Why should I care why republicans wanted to break up tech monopolies, if breaking monopolies is anyway something that I consider a positive change?
Breaking monopolies give people more choice. More choice (free) leads to hopefully people choosing more privacy conscious tools. More privacy means less data that can be handed over to doge, less data that ICE has to target minorities, etc.
then you either whole-heartedly agree that a group of criminals and wannabe dictators should be able to destroy any business that publishes speech against them, or you are extremely gullible.
Those are not the only 2 options. I am instead very happy that they will do the right thing for the wrong reason, and outside those monopolies more people will choose services that republicans have no power over. Moreover, your whole argument assumes someone is in US. I am sympathetic to the people in US, but tech monopolies are a global problem.
- Comment on “No Apple tax means we will lower prices” - Proton announces lower prices for users by up to 30% after US ruling against Apple fees 1 week ago:
He didn’t endorse the republican party.
The fact that you inflate the meaning of that tweet to make it more meaningful than it is, doesn’t mean he did anything of the sort. The tweet happened after the election but before the government, and it was an endorsement of the antitrust appointee. He also expressed his opinion that republicans were more likely than democrats to fight big tech monopolies in the antitrust space. This is far from an endorsement.
It was also a completely unnecessary comment, in response to nothing.
It was in response to Trump’s tweet about the antitrust appointee. I would say quite relevant context for a tweet about the antitrust appointee.
It was unnecessary, true. Like every tweet. He expressed his unnecessary opinion, the same way we are doing now.
- Comment on “No Apple tax means we will lower prices” - Proton announces lower prices for users by up to 30% after US ruling against Apple fees 1 week ago:
Andy praised Gail Slater publicly, and they even worked together.
- Comment on “No Apple tax means we will lower prices” - Proton announces lower prices for users by up to 30% after US ruling against Apple fees 1 week ago:
The premise is already wrong. There was no promise or loyalty, not even close.
- Comment on Please consider supporting Lemmy development 1 week ago:
Likewise, you chose to ignore the other scholars who don’t support the same thesis.
- Comment on CrowdSec vs Fail2Ban - What to use? 1 week ago:
Wow, those are big networks. Obviously I suppose in case of AWS it doesn’t matter as no human visitor (except maybe some VPN connection?) will visit from there.
As someone who bans /32 IPs only, is the main advantage resource consumption?
- Comment on Please consider supporting Lemmy development 1 week ago:
If they do, they are really bad at it. They are basically a close community and they got isolated even in a tiny community like (the wider) Lemmy.
I do remember a fun anecdote where a post was shared from a propaganda website, one of those that would appear here. The article was clearly faked, the alleged “Ukrainian Nazi profile” on Instagram didn’t exist, the same news couldn’t be found in Russian (only in English) and the text was the same across 3-4 random websites. They were discussing it seriously of course, but between them, which again, to me suggest more an echo chamber rather than a deliberate effort to push propaganda.
Either way, I did block generously :)
- Comment on Please consider supporting Lemmy development 1 week ago:
Yeah, their cult’s position on Ukraine is simply atrocious. They cannot deal with the fact that Russia is an imperialistic nation and since Ukraine is supported by US (if we can say that) this makes it easy for them.
This is why if you discuss that in Ukraine 15k civilians died since 2022 only they will tell you that they are all Nazis, or that it’s Ukraine fault, because they use them as shields (same claim Israel does, but guess where they stand on that), or something like this.
This attitude is then completely reinforced by being in a echo chamber with extreme peer pressure and silly moderation, so one’s opinion keeps being constantly entrenched.
As a communist myself, my diagnosis is that that population is mostly 20-something westerners who grew up in the political vacuum post-1991 and adopted uncritically views of the cold war. Most of them probably feel an inherent guilt by living in countries where they benefit from everything they swear against, and the online cosplay as a revolutionary is their way to cope and self-identify as a person living by their own morals.
My suggestion is to block generously.
- Comment on Please consider supporting Lemmy development 1 week ago:
There are enough links in this thread already showing that this is literally nazi propaganda
Maybe you should practice a big dose of humility, considering that one comment up you were making stuff up about what words mean, and now you are misinterpreting a single quote about a single opinion about the holodomor that focuses purely on whether it was intentional or not.
Calling it “Nazi propaganda” is just complete nonsense.
To reiterate, “enough links in this thread” refers to one out of 16 views listed in a Wikipedia page, which for sure is not an exhaustive list of all scholars’ views. Nowhere is to be found that holodomor is “basically Nazi propaganda” and the fact you think anybody questioning your uninformed opinion is a Nazi apologist is just a mental shortcut you are taking to protect your views from any level of scrutiny.
Maybe deal with the fact that you simply are not equipped to discuss this topic.
- Comment on Please consider supporting Lemmy development 1 week ago:
The intentionality of Holodomor is debated, but calling an event that killed millions of people and scarred generations “imaginary genocide” or “Nazi propaganda” like the other commenter did is deranged.
The quote you posted is far from final. I won’t pretend to have the answer, but you presented one opinion as if it’s a mainstream and accepted view, when it’s not. Just Wikipedia shows multiple views, and I am sure that academic literature would present even more.
So let’s be realistic and admit that if academic consensus can’t be reached by historians by now, you don’t have the truth in your pocket as nobody else does, and we won’t figure it out in a Lemmy conversation.
- Comment on Please consider supporting Lemmy development 1 week ago:
Prison = тюрьма
Not a (Russian) native speaker, but still.
- Comment on That's all folks, Plex is starting to charge for sharing 1 week ago:
I presume you mean running Plex in host namespace. I don’t do that as I run the synology package, but I can totally see the issue you mean.
Running in host namespace is bad, not terrible, especially because my NAS in on a separate VLAN, so besides being able to reach other NAS local services, cannot do do much. Much much much less risk than exposing the service on the internet (which I also don’t).
Also, this all is not a problem for me, I don’t use remote streaming at all, hence why I am also experimenting with jellyfin. If I were though, I would have only 2 options: expose jellyfin on the internet, maybe with some hacky IP whitelist, or expect my mom to understand VPNs for her TV.
(which doesn’t harden security as much as you think)
Would be nice to elaborate this. I think it reduces a lot of risk, compared to exposing the service publicly. Any vulnerability of the software can’t be directly exploited because the Plex server is not reachable, you need an intermediate point of compromise. Maybe Plex infra can be exploited, but that’s a massively different type of attack compared to the opportunities and no-cost “run shodab to check exposed Plex instances” attack.
- Comment on That's all folks, Plex is starting to charge for sharing 1 week ago:
No that’s the thing. Plex can also use their infra as a tunneling system. You can have remote streaming without exposing Plex publicly and without VPN. It is slow though.
- Comment on That's all folks, Plex is starting to charge for sharing 1 week ago:
Well, as an application it has a huge attack surface, it’s also able to download stuff from internet (e.g., subs) and many people run it on NAS. I run jellyfin in docker, I didn’t do a security assessment yet, but for sure it needs volume mounts, not sure about what capabilities it runs with (surely NET_BIND, and I think DAC_READ_SEARCH to avoid file ownership issues with downloaders?). Either way, I would never expose a service like that on the internet.
- Comment on That's all folks, Plex is starting to charge for sharing 1 week ago:
Not to be “achtuallying” bit VPN is not a way to remote stream, it’s a way to bring remote clients in the local network.
Likewise exposing services on the internet…not really going to happen esepcially for people - like me - that run plex/jellyfin on their NAS.
I don’t have a horse in this race, i don’t use remote streaming, I only ever streamed from my nas to my 2 TVs, and I am experimenting with jellyfin. But for those who do need remote streaming, jellyfin is going to be problematic.
- Comment on What are some FOSS programs that are objectively better than their proprietary counterparts? 3 weeks ago:
Not to talk about annotations. Take screenshot, click preview, click edit, click rectangle tool, make rectangle (repeat), click done. Instead with flameshot it’s literally 2 clicks. Thanks for writing documentation BTW, on behalf of whomever you work with.
- Comment on What are some FOSS programs that are objectively better than their proprietary counterparts? 3 weeks ago:
I have opposite experiences! Multiple Linux laptop, with multiple docking stations: a bit of xrandr magic and everything works, forever. (BTW, try setting manually the refresh rate at different values for the two monitors via xrandr, I have solves a similar problem to yours in the past by creating a dedicated display class.)
On a Mac, it’s impossible, I have to plug one cable directly in the computer to make it work, and the quality of the output on 2k monitor is way worse since they disabled sub-pixel rendering or some stuff.
Windows also works decently on this regard, until it doesn’t (my partner’s PC stopped recognizing HDMI monitor at some point, and the debugging was frustrating as hell).
- Comment on What are some FOSS programs that are objectively better than their proprietary counterparts? 3 weeks ago:
I agree so much for flameshot. For work I moved to a Mac and we are not allowed to install flameshot (signing issue), and the workflow for taking screenshots (e.g., when writing documentation) is so much worse and slow with the default macOS tooling.
- Comment on The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone. 4 weeks ago:
In 4 years I have never (and will never) used any service from /e/. There is no vendor lock whatsoever. That’s fully optional.
Points 3, 4 and 5 in your list are moot IMHO.
Also
It takes a base level of understanding why you would buy a Fairphone
It doesn’t really. “Phone is repairable and X can help me”, “they pay the makers fair wages” are not really complex value propositions that require some (technical) understanding.
The point of /e/ and similar distributions is that you can buy a phone with it (average user will never reflash) and just have a phone that doesn’t use Google (it does, for the amount that doesn’t require you to do extra technical stuff and have a sane user experience at the same time).
That said, calyx seems a great alternative and so are iode. I think the advantages of one over the other (for my brief search) are quite small.
- Comment on The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone. 4 weeks ago:
Gotcha, you are the classic person who is unnecessarily confrontational, but that dashes at any actual confrontation, because ultimately you have nothing to say. Your history shows this clearly.
We can all live without toxic people like you.
- Comment on The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone. 4 weeks ago:
So your argument is repeating a cliché? OK.
I don’t need to convince you, but I explained my reasoning. Maybe make some practical examples, show some CVEs that - if left unpatched - severely impact the privacy (or the broader security) of the average users.
Also, as anybody who works in security knows, security is not a binary, and securing often means paying a price (in usability, in Euro, in comfort, in performance, whatever). In my mom’s threat model there is no the APT leveraging a 0 day to breach her worthless phone, there are opportunistic scammers who send her emails. There is also google and the like harvesting her data to sell her shit (hence a deGoogled phone with bootloader unlocked is more important than a Google phone with bootloader locked, for example).
In my threat model there might be some more resourceful attackers (because believe it or not, a financial org trusts me with securing their infra). However, as I also said, a much simpler and cheaper attack that recently has made the news is just to snatch the phone unlocked from my hands on the street, rather than exploiting an android CVE. This is why for example I have app pins for signal, email and everything that supports it, and I need to authenticate at every use. I also store all my TOTP on my yubikey, rather than keeping them on the phone (even with PIN), so my phone is not good as a 2FA device.
What you call blasé is actually just a way I personally assessed the risks and decided to invest accordingly. People whose threat model involve the bots who spam emails do not have to invest in security like if the NSA is after them. Updating android a month later is not going to be even a “low” risk for most people, especially if they adopt the much more important practice (IMHO) of not installing every shitty app under the sun. If you think otherwise, make concrete examples perhaps. Using a cliché is not really building your credibility here.
- Comment on The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone. 4 weeks ago:
I definitely wait more than a week to update for example. The marginal security risk is completely irrelevant for me compared to the operational risk of a buggy update. N-1 is a common practice for updating software in fact, unless there is absolutely a great reason to upgrade.
Also, I want to be in your circle, because most people I know if the phone doesn’t update automatically they probably won’t even think of updating their phone (or their computer) at all.
For me the reason is simple, I don’t care about the advanced threats that would be mitigated by GrapheneOS enough to buy a pixel and migrate. I already own a FP3 and that’s what I am going to use until it breaks.
I might consider Graphene in the future, but having to buy a Google phone (even a used one) already pisses me off, compared to a FP (or similar). eOS also tries to be a “noob-friendly” distribution, that you can buy phones with and you never have to mess with the phones, which means people who don’t have the skills or don’t want to mess with their phones might trade the risk with ease of operation, and it might be the right choice for them.
- Comment on The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone. 4 weeks ago:
Generally speaking privacy and security are related but not really linked to each other. Google services might be very secure, but a privacy nightmare for example. In this particular case, even more, because the chances that using a “googled” phone will mean data collection (I.e. privacy issues) are almost certain, while the risks we are talking about are much more niche and - as I elaborated on another comment - in my opinion not really in most people threat model.
I would like to hear your perspective instead, because I am not really into using authority arguments, but as a security engineer I believe to at least understand well the issue with security updates, vulnerabilities and exploits. So yes, I do think to know what I am talking about.
- Comment on The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone. 4 weeks ago:
I am not dismissing it, I am saying that is not as big as you make it to be. Most users lag behind in updates anyway, besides using minimal and trusted applications, the outside exposure to exploitation is relatively small, for a device without a public address. I am not the one APTs are going to use the SMS no-click 0-day against.
Similarly for the bootloader issue. The kind of attacks mitigated by this are not in most people threat models. They just are not. As someone else wrote, it’s possible to relock the bootloader anyway with official builds (such as my FP3). But anyway, even for myself the chance that my phone gets modified by physical access without my knowledge is a fraction of a fraction compared to the chance that someone will snatch the phone in my hand while unlocked, for example (a recent pattern).
If these two issues are what prompts you to call a “security dumpster fire”, I would say we at least have very different risk perceptions.
- Comment on The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone. 4 weeks ago:
FWIW, I have the FP3 for now more than 4 years. I have only replaced the battery 6 months ago. A case would have been extra waste (to produce the case itself) in my case, and probably will be trashed after as it might not fit the next phone.