Notices by Michał "rysiek" Woźniak · 🇺🇦 (rysiek@mstdn.social)

@triskelion lolwat?

Do you have a link?

@dalias @pettter

@dalias @pettter thoughts on Cwtch vs SimpleX?

@pettter there was a confirmation dialog. Now it requires you to go to a specific part of the app and scan it again:
https://github.com/signalapp/Signal-Android/commit/112874c08019a40b6f8f1dbbf84eb0ab4d796582

@pettter :100a:

But also, as @dalias noted, this flow has no business being initiated from the device that wants to be linked:
https://hachyderm.io/@dalias/114030792304413072

@dalias absolutely!

I can see how that's complicated here – Signal app is the one that has access, but is also on the device that is easier to scan QR codes on.

So it kinda makes sense, from usability perspective, to initiate it with a QR code displayed in Signal Desktop, and scanned on the mobile device.

Not sure what the solution here is, but I agree with you it should be the other way around.

@Deixis9 also, the Baltics. Baltics are probably more directly in harms way here than Poland, for now.

Update Signal and pay attention when joining groups:
https://www.wired.com/story/russia-signal-qr-code-phishing-attack/

👉 No, Signal has not been compromised
👉 No, Signal encryption has not been broken
👉 No, there is no back-door in Signal

You should continue using Signal. The update is responding to a sophisticated, state-level attack targeting specific groups.

Unless you are a high-value target, you are almost certainly never going to see this in the wild.

If you know you are a high-value target, ask your support.

#InfoSec #Signal

Technical details in the report:
https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

The tl;dr is:

Signal uses https://signal[.]group/#hash-fragment links in QR codes that allow people to join groups. Group identifier is in the hash-fragment.

The link loads in a browser first. A bit of JS redirects it to a sgnl://signal[.]group/hash-fragment link that is then handled directly by Signal app on mobile.

Malicious QR codes use a different domain (list in the report) and redirect to a sgnl://linkdevice URL instead.

That sgnl://linkdevice URL is also handled by Signal app on mobile, but instead it links that mobile client to another client (like Signal Desktop).

Apparently what the update does is it adds a confirmation dialog before a device is linked, and then double checks for a while at random intervals.

Fuck Trump and his victim-blaming.

Russia started this war, Russia can stop this war at any moment it chooses to.

If Russia stops fighting, there will be no war.

If Ukraine stops fighting, there will be no Ukraine.

#Ukraine

Anyone Can Push Updates to the DOGE.gov Website
https://www.404media.co/anyone-can-push-updates-to-the-doge-gov-website-2/

> The doge.gov website that was spun up to track Elon Musk’s cuts to the federal government is insecure and pulls from a database that can be edited by anyone, according to two separate people who found the vulnerability and shared it with 404 Media.

Such experts. Many meritocracy. Wow. Amaze.

seems like the list of people who will find themselves one day claiming to have been "just following orders" is growing by the hour

#Slidstvo is an investigative journalism organization from #Ukraine, founded by absolutely fearless folks, one of whom I have the honor of calling a friend.

They just got 80% of their budget slashed due to US oligarchs – the kind they tend to investigate – shuttering #USAID:
https://www.slidstvo.info/english-stories/slidstvo-info-calls-for-donations-after-losing-80-of-u-s-grant-funding/

Investigative journalism is hard and dangerous enough by itself. They are doing it in a war-torn country, under falling bombs and rockets. And now their limited budget just got even more limited.

Another thing: as far as I understand the National Assembly did not *technically* have the power to lift the (illegally declared, but still) martial law.

They voted to do so anyway. They *asserted* their power.

And then based on that vote told the military to return to barracks. And that worked!

There are so many elements here that I feel people miss – or refuse to understand – about coups.

For example, none of what the South Korean president did was legal. But that alone would not have stopped the coup.

If people just waited, twiddled their thumbs, and thoughtfully commented how "this is illegal", the coup could have probably succeeded.

Remember the coup attempt in South Korea two months ago?
https://en.wikipedia.org/wiki/2024_South_Korean_martial_law_crisis

It started with late night declaration of martial law. Proceeded to military being actually deployed.

People came out into the streets in the middle of the night and physically refused to follow directions by military personnel enforcing the martial law.

Policymakers voted to end the martial law, inside the National Assembly building that was being stormed by the military.

Coup ended within 6h.

98GiB of CDC datasets have been uploaded to Internet Archive, before they were taken down from CDC's website to comply with Trump's executive order:
https://archive.org/details/20250128-cdc-datasets

This means that the @internetarchive will quickly become a target for the fascists currently running the US government.

Now would be a good time to start thinking how can we help protect it and help out.

Donating is the simplest thing we can do right this moment:
https://archive.org/donate

#CDC #InternetArchive

hey so

why is this thing called DeepSeek

and not AI Wei Wei

#AI #DeepSeek

@tezoatlipoca @Paulatics and as an app for maps, OSM-based @organicmaps works well for me.

First, a note about my work. I am entirely funded by readers like you, and your support will be crucial going into what is clearly going to be a very busy four years.

https://citationneeded.news/signup

#crypto #cryptocurrency #USpolitics #USpol