Notices by CyberFrog (froge@social.glitched.systems)

@dalias@hachyderm.io I actually do think the automated connections to a remote system for updates are bad and should be removed in this case, but it's just wild to me that you genuinely don't believe in mandatory security updates, and further that you actually seem to not understand that the network traffic from a VPN is itself attack surface... this means that even if you trust both ends of the connection you should still install security relevant patches to mitigate issues on the network or in the protocol itself, at the very least, not to mention bugs that can occur when an untrusted application runs locally

most people don't actually completely trust all the applications on their device anyway, even if that application is granted network access to function, this is why defense-in-depth and sandboxing is such a big field of study still

@dalias@hachyderm.io "the network service which tunnels absolutely all my private data over a new encrypted protocol is not attack surface and should never update"

fucking lmao

@dalias@hachyderm.io @sparklepanic@infosec.exchange good luck living that way, you're just wrong and nobody agrees, that's why security updates are forced in many software products now

@dalias@hachyderm.io @sparklepanic@infosec.exchange because almost all software updates are actually fixing security relevant bugs in modern times, this statement effectively amounts to "I don't care about security patches, come mess my shit up"

it would be really funny if it wasn't so stupid tbh

@khm@hj.9fs.net @sparklepanic@infosec.exchange @dalias@hachyderm.io the wireguard VPN app actually supports distribution and installation outside of the regular app-store flow, and therefore includes an update mechanism for those users, but it's stupid and scummy to leave that turned on for people pulling from an official app store still... also pointless outside of data collection

the guy who builds wireguard and maintains the android app is a well known linux contributor and security researcher, so I doubt they're doing this for malicious reasons, it might just be a stupid oversight

yooo federated forgejo is becoming real, this is great news

RE: https://social.meissa-gmbh.de/users/meissa/statuses/114499541149466596

@hyc@mastodon.social @rayckeith@techhub.social it's likely to fail at sea, but most aircraft can easily receive ground based signals (even phones on airplanes over domestic airspace get 4g signal sometimes)

@onepict@chaos.social another day, another user discovers that the OSI is a business front without much care for FOSS in reality lol

Reminder for those who may not realize this, but #Stylometry is kind of an insane field of study, and you can be uniquely identified based on your writing style alone.

This has, in the past, been applied to open source developers and programming code too, and it was found that using stylometry techniques you can identify the author of a compiled binary based on their open source code style ~78% of the time

https://arxiv.org/pdf/1512.08546v1

There are some techniques to avoid this luckily, which involve fairly basic changes to your writing style and structure that can very effectively anonymize things again:

https://en.wikipedia.org/wiki/Adversarial_stylometry

@GossiTheDog@cyberplace.social did you see that github's copilot will refuse to autocomplete ANY code which has the word "gender" in it? also several other banned keywords lol

supposedly there are over 1,000 words which it will detect and refuse to operate on...

https://github.com/orgs/community/discussions/72603

@aral@mastodon.ar.al @ErickaSimone@mastodon.social @broadwaybabyto@zeroes.ca catch me hacking this algorithm and releasing information to the public to trick the system into believing everyone is impoverished, algorithmically driving Microsoft's profits into the dirt, and allowing thousands to buy items at a relative discount.

I promise me and those like me have infinitely more time and energy to fuck this up than the corporations have to fix it, I'll make it my lifelong side project to lose them vast amounts of money with the same technology they built to exploit people lol

The loops.video instance has been submitted to #FediBlock with the reason being outlined below. I can't say I disagree, the terms of service presents a serious problem for user content rights, and this should be addressed before federation of loops.

Otherwise for the safety of your users I would highly suggest that instance admins defederate loops immediately once it comes online (assuming the TOS is not changed first)

https://bajsicki.com/blog/loops-video-terms/

@futurebird@sauropods.win perhaps we should instead be teaching cooperation and mutual support structures, rather than assuming every single person should be taught how to rule over every single other person... but kindly lol

@futurebird@sauropods.win yeah, I think it is probably beneficial to push this into wider society still, although I am weary of the impacts it could have if further development on the ideas isn't also prioritized

What I really wouldn't like is a society of people all taught that they are smart and kind enough to rule, but with nobody to rule over, and very few skills for flat mutual cooperation

@aral@mastodon.ar.al #shametesla did nothing wrong!

@magicalthinking@noauthority.social @Humpleupagus@eveningzoo.club they regulate usage of the internet, they don't actually manage or run it right now (for the most part), I just don't think national governments that don't even manage or control the internet should be regulating how people use it

most of the world doesn't have net neutrality, and the USA repealed it recently (again), so packet shaping and blocking/censorship happens constantly online according to whatever your government just doesn't like that day, in the USA internet providers will check for insecure connections and inject extra advertising into websites just to rake money out of you (and this is technically legal), in other places entire protocols like torrents are blocked

The people responsible for running the internet should be working on regulating and managing more of it without intervention and demands from random governments, like US states that want to block porn, or Egyptian and Chinese governments trying to block news websites, letting some national government which only represents a fraction of the people online control how shared resources are used and accessed by everyone else is just shitty in general

This isn't even such a new idea, the people who built these systems understood the issues it could create, that's actually why the governments don't manage who can buy and run a website online, that'd be terrible lol

I feel like the internet should be an independent national organization, independently regulated with its own rule of law and governance systems, letting national governments which are tied to specific populations and land areas control such an important shared global resource is misguided and morally/ethically wrong tbh

@magicalthinking@noauthority.social no, I just care about improving the world and don't like the way governments manage the internet for their own interests smh

@alice@lgbtqia.space not saying the people who often reply this way really mean it, or that they're actively malicious, often they're genuinely just misinformed or whatever

but in saying that... there is a reason the CIA writes about this in their handbooks on how to disenfranchise and squash grassroots movements, it DOES take energy and momentum to sustain positive change, and comments that offer nothing of substance while broadly discouraging action absolutely have a big impact on people and wider movements as a whole, I think this is something most people don't consider very often but it's hugely important to remember

@aral@mastodon.ar.al I genuinely can't view this because reddit is a garbage platform not built for humans anymore, and they block my browser and network, and block people without an account in a lot of cases now, but I'm sure whatever this was it's damning lmao