lmmarsano
@lmmarsano@lemmynsfw.com
- Comment on Head of the Signal app threatens to withdraw from Europe 1 day ago:
I don’t understand why you can’t read: (1) developer verification can be disabled, bypassed, or worked with, (2) you called it sideloading removal, which it isn’t.
You just don’t like the extra steps that limit the ease for ignorant users to install software known to be malicious that could have been blocked. I don’t like handholding my dumbass folks through the preventable IT problems they created.
- Comment on Head of the Signal app threatens to withdraw from Europe 1 day ago:
I don’t think you should comment on security if “open source” means anything to you
Anyone can look at the source, brah, and security auditors do.
For finding backdoors binary disassembly is almost as easy or hard as looking in that “open source”.
Are you in the dark ages? Beyond code review, there are all kinds of automations to catch vulnerabilities early in the development process, and static code analysis is one of the most powerful.
Analysts review the code & subject it to various security analyzers including those that inspect source code, analyze dependencies, check data flow, test dynamically at runtime.
There are implementations of some mechanisms from Signal.
Right, the protocol.
Can you confidently describe
Stop right there: I don’t need to. It’s wide open for review by anyone in the public including independent security analysts who’ve reviewed the system & published their findings. That suffices.
Do security researches have to say anything on DARPA that funds many of them?
They don’t. Again, anyone in the public including free agents can & do participate. The scholarly materials & training on this aren’t exactly secret.
Information security analysts aren’t exceptional people and analyzing that sort of system would be fairly unexceptional to them.
Oh, the surveillance state will be fine in any case!
Even with state-level resources, it’s pretty well understood some mathematical problems underpinning cryptography are computationally beyond the reach of current hardware to solve in any reasonable amount of time. That cryptography is straightforward to implement by any competent programmer.
Legally obligating backdoors only limits true information security to criminals while compromising the security of everyone else.
- Comment on Head of the Signal app threatens to withdraw from Europe 1 day ago:
You misidentified your objection. It isn’t sideloading removal, which isn’t happening. It’s developer verification, which affects the sideloading that remains available.
Just because you don’t understand the value of verifying signatures doesn’t mean it lacks value.
I recall the same alarm over secureboot: there, too, we can load our certificates into secureboot and sign everything ourselves. This locks down the system from boot-time attacks.
I will never ever ever be able to get friends and family access to third-party applications after this change.
Then sign it: problem solved.
Developer verification should also give them a hard enough time to install trash that fucks their system and steals their information when that trash is unsigned or signed & suspended.
Even so, it’s mentioned only in regard to devices certified for and that ship with Play Protect, which I’m pretty sure can be disabled.
Google promised they would allow on-device sideloading
Promise kept.
their word means fuck-all and you know that
No, I don’t. Developers are always going to need some way to load their unfinished work.
- Comment on Head of the Signal app threatens to withdraw from Europe 1 day ago:
Google will soon stop you sideloading unverified apps
unverified
ie, unsigned, so sideloading is still available and they are not
fighting tooth & nail to remove side loading too
You can sign it yourself or bypass verification with
adb
as they documented.Will Android Debug Bridge (ADB) install work without registration? As a developer, you are free to install apps without verification with ADB.
If I want to modify or hack some apk and install it on my own device, do I have to verify? Apps installed using ADB won’t require verification.
In other words, cool misinformation.
- Comment on Head of the Signal app threatens to withdraw from Europe 1 day ago:
Are they?
- Comment on Head of the Signal app threatens to withdraw from Europe 1 day ago:
I don’t think you understand anything you wrote about. Signal is open source, is publicly audited by security researchers, and publishes its protocol, which has multiple implementations in other applications. Messages are encrypted end-to-end, so the only weaknesses are the endpoints: the sender or recipients.
Security researchers generally agree that backdoors introduce vulnerabilities that render security protocols unsound. Other than create opportunities for cybercriminals to exploit, they only serve to amplify the powers of the surveillance state to invade the privacy of individuals.
- Comment on In this essay... 2 days ago:
More specifically he proved that you cannot prove that 1+1=2
That’s a misinterpretation of the incompleteness theorem: you should reread it. They did prove 1+1=2 from axioms with their methods.
- Comment on Google is blocking AI searches for Trump and dementia 3 days ago:
AI mode is shit, though.
- Comment on Can you think of any now? 1 week ago:
The quote isn’t
those who remember the past won’t repeat it
Thinking it does is falling for the ol’ Oracle of Delphi phenomenon of misreading the claim.
- Comment on Beware, another "wonderful" conservative instance to "free us" has appeared 1 week ago:
they get off on ruining your day cuz
That’s true of everyone, though. Leftists find leftists grating, rigid with their insufferable call-out tactics, fixation on niche issues, clashing priorities, infighting, ease of provocation at obvious bait. We just have a stronger capacity to endure the left than the right does.
- Comment on 1 week ago:
Possibly this post by Dan Satterfield? Web snapshots are easy, folks: hardly an excuse to omit sources.
- Comment on to hell I say 2 weeks ago:
or look at this super cool octopus
octopus video preview - Comment on Too soon? 3 weeks ago:
Does that mean you don’t believe in empathy?
Sincerely believing in empathy as a guide doesn’t mean only when it’s convenient. Empathy isn’t supposed to be convenient.
For clarification, I’m not claiming he deserves empathy.
- Comment on Too soon? 3 weeks ago:
I feel bad that piece of shit procreated.
cosmic karma at work
just-world fallacy & Hindu karma doesn’t work that way
- Comment on Too soon? 3 weeks ago:
That unnecessary image of text could have been accessible, quoted text that supports searches and is fault tolerant against image breaks.
- Comment on Too soon? 3 weeks ago:
possible to be empathetic about the manner of his death and the suffering
What would that the serve? Seems like a waste of emotion.
- Comment on Mamdani Promises: “We’ll Divest From Israel, Ease Crackdown on Pro-Pales 3 weeks ago:
So are Israeli bonds the same as a US Treasury bond?
Though I’m no expert, they’re in the same asset class or similar classes. Their investment portfolio may likely include US Treasury bonds, and common financial advice is to diversify by including a mix of other bonds.
The rest you wrote seems about right.
- Comment on Mamdani Promises: “We’ll Divest From Israel, Ease Crackdown on Pro-Pales 3 weeks ago:
Israeli bonds
S&P 500 ETF
Entirely different asset classes: fixed income vs equity.
Fixed income is for lower risk & volatility with a more predictable (typically lower) rate of return.
Nonetheless, 5% return on bonds is hardly exceptional, and comparable alternatives exist in that asset class.
- Comment on Trump Admin Warns GOP: Demanding More Epstein Files Is an ‘Act of War’ Against the White House 4 weeks ago:
There is a list, but there is no list.
Is either claim falsifiable?
Believers claim a blackmail list or compendium of damning documents has been shielded from public disclosure by an insidious “Deep State”. The press has long reported there is no credible sign of that & Trump played up conspiracy theories to win the following of useful idiots who subscribe to them.
What kind of evidence would a believer accept if the truth isn’t exactly as they believe?
- Comment on Finish the story, chat. 4 weeks ago:
Other than break accessibility, searchability, fault tolerance, & make the web less usable, what is this image of text lacking alt text doing that real text doesn’t?
- Comment on bet you can think of more 4 weeks ago:
In other words, touch grass?
- Comment on Yes, you can store data on a bird — enthusiast converts PNG to bird-shaped waveform, teaches young starling to recall file at up to 2MB/s 4 weeks ago:
Humans are worse: the original statement stands.
- Comment on Yes, you can store data on a bird — enthusiast converts PNG to bird-shaped waveform, teaches young starling to recall file at up to 2MB/s 4 weeks ago:
Starlings are cooler than you, though.
- Comment on [deleted] 5 weeks ago:
Can we all agree kids shouldn’t be watching Porn?
Not even the US Supreme Court agrees with you.
constitutional interpretation has consistently recognized that the parents’ claim to authority in their own household to direct the rearing of their children is basic in the structure of our society
They argue parents should be free to show porn magazines to children
Moreover, the prohibition against sales to minors does not bar parents who so desire from purchasing the magazines for their children.
And this
p*ornhub
Seriously?
- Comment on Who is the enemy? 5 weeks ago:
Where’s the fucking list Donny?
So, we’re positive there’s a secret list now instead of a wild claim out of the right-wing conspiracy hole that Donny played up to undermine the establishment to bolster MAGA votes like the press has been saying months ago?
I understand it’s a convenient weapon to turn against Donny, and it’d be funny if his coalition imploded over an unsatisfiable demand he created, but they’re not here on lemmy, so why is this here?
- Comment on Who is the enemy? 5 weeks ago:
Shitlibs that pretend Bill Clinton and Joe Biden aren’t pedos
This guy loves wild, unsubstantiated claims.
- Comment on Teen killed himself after ‘months of encouragement from ChatGPT’, lawsuit claims 5 weeks ago:
A human being that should be criticized mercilessly?
- Comment on Teen killed himself after ‘months of encouragement from ChatGPT’, lawsuit claims 5 weeks ago:
unalives
seriously?
- Comment on Teen killed himself after ‘months of encouragement from ChatGPT’, lawsuit claims 5 weeks ago:
As far as I know, magic doesn’t exist, so words are incapable of action & can’t actually kill anyone. A person who commits suicide chooses it & takes action to perform it. They are responsible for their suicide even if another person tells them & hands them a weapon.
These are merely words on a screen lacking force to compel. There’s no intent or likelihood to incite imminent, lawless action. Readers have agency & plenty of time to think words through & reject ideas.
It’s hardly any different than an oblivious peer saying the same thing. Their words shouldn’t create any legal obligation, and neither should these.
- Comment on Kick faces possible $49 M fine after French streamer Jean Pormanove dies on air 5 weeks ago:
This comment might provide some insights: lemmy.zip/comment/21080783
Sources for that information should be easy to cite, yet I notice none.
they can do it in private
How do we tell real apart from fake performances? Should fake performances be private only when they already aren’t? Seems difficult to police without chilling freedoms.
Economic coercion needs to be controlled somehow. I guess the question is how to police actual abuse while permitting legal performances like the Jackass franchise of reality, slapstick comedy.