https://www.recompile.se/mandos

You’re right. Unfortunately, open-source has proven time and time again to be unsustainable and burn maintainers out

That’s a good reason for people to take the money they would have spent buying a proprietary solution and instead donate that money to an open source project. For me it’s not always about the cost, but what I get out of it. I’d rather the money go to the community and better it.

Its only everything from other instances and communities that the current instance subscribes to. It doesn’t subscribe to the full pipe of everything.

What’s likely happening is people in aggregate generally subscribe to the most popular communities and those communities have the most upvoted posts.

I stopped using it to pay because then I’d have to set up a PIN, and then type in the PIN every time I want to use it

This shocked me when I went from my Galaxy Watch 3 to a Galaxy Watch 6. I used to only have to put a PIN when I wanted to pay, but now it’s anything on the watch?

Because of that, I also disabled the payment app.

but completely backwards in thinking that an undocumented bluetooth backdoor is worse than the worst vulnerability found since the invention of the internet

Right HeartBleed was way worse than this, not on the same level. I wasn’t claiming the opposite.

I was responding to the comment that appeared to suggest they were on the same level.

No way they’re on the same level. Heartbleed allowed for remote memory reads. This requires you to have access to change the firmware and just gives you some more APIs to control the WiFi system and possibly bypass firmware verification.

Back in early 2024, I got a survey asking me why I chose to cancel my prime membership and I gave them multiple reasons.

The companion post, I Went To SQL Injection Court, goes into detail about the court process and witness testimony. One of the interesting things is just how different computer people think about security vs lawyers. Somebody might say that having a schema would help a malicious actor a small amount, and a lawyer will jump on that to deny the request. The idea that the schema would help a malicious actor is the same as a map helping a bank robber. The vault security and security guards are the relevant factors for this, not the map.

I’ll keep this in mind the next time I’m an expert witness in a computer case (based on this, I hope I’m not.)

In this context, SKU refers to a variant of this product. That is the correct acronym as I understand

I use Jellyfin for music mostly and it struggles with metadata. For example, if a song has two artists on it and I edit to correct it, it won’t update correctly and I’ll edit up with the artist “Artist A; Artist B”.

I’m working on adding ActivityPub to my Hugo blog right now. I support RSS, but I figured AP support means that you can get it into your Mastodon feed or even Lemmy feed making it easy to follow. Additionally, commenting (assuming it doesn’t get taken over by spammers.)

Which stops malicious usage, but doesn’t stop cases where web pages over use pushState as users move around instead of replaceState. I’ve seen maps that would add to the history every time a user moves around the map.

I’m on Wayland and KDE/Plasma. It worked on GNOME, but sadly not on Plasma.

How many users are using browsers that are old enough they don’t even support JS? It’s one thing to disable it for security/privacy (which the OP was talking about), because those users are probably more tech savy.

Do these old browsers not support DuckDuckGo?

I tried self hosting Pixelfed but gave up because it wouldn’t work. I’m used to Docker containers that are able to just start up by themselves, but the guide didn’t work for me. Maybe it’s time to try again.

One place it would be useful is if you are worried about somebody breaking into your home and stealing your computer. Don’t store the key on the home computer, instead store it on a cloud server. The home computer connects to the cloud server, authenticates itself with some secret, then if the cloud server authorizes, it can return the decryption key.

Then if your computer gets stolen or seized, it’ll connect via a different IP and the cloud server can deny access or even wipe the encryption key.

this doesn’t protect against all risks, but it has its uses.

Example: https://www.ogselfhosting.com/index.php/2023/12/25/tang-clevis-for-a-luks-encrypted-debian-server

Unfortunately, unscrupulous companies can build shadow profiles that bypass cookie and storage based isolation techniques like this.

Your browser gives off a lot of information. See here for some of the information they can use: https://amiunique.org/

You’re best off blocking things with uBlock Origin vs something that just isolates.

No, the cable isn’t going to implement the protocol. You need endpoints that are able to talk that protocol. That might be done with a firmware update or require new hardware.