On this Giving Tuesday, I thought it would be an excellent opportunity to post my journey getting involved with Linux kernel development.
I'm still on the hunt for new clients to work with, but someone I ran into at the Linux conference in Seattle told me kernel development is in demand, especially in the area of security (and might lead to more, better jobs).
I decided that this would be the excellent opportunity to document how it's done and encourage others to get involved.
The starting point for contributing is following the directions here: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Get_Involved
The first step is signing up for the mailing list. The #linux-hardening liberia.chat IRC channel is also available, but after spending hours going around in circles, I discovered registry requires a non-vpn connection. I might head by a WiFi hotspot at some point to do this.
Next I'll be showing what I do in order to find bugs to squash!
To be fair, Proton's hands were tied. It was either give up the customer data for a few customers or their business would have to be shut down for all the users relying on it.
In reality the activists made a crucial mistake of not using a VPN. If they used the Proton VPN in conjunction with Proton Mail they would have been safe.
I would look for a hosting provider that hosts servers outside a 5-eyes country (which is just about every western country, unfortunately). After doing A LOT of web searching I came across cloudsigma. They have servers in Switzerland, Germany, and the Netherlands. No, they haven't paid me for this (although, cloudsigma, if you're reading this...I'm your biggest fan!).
I'd give https://dnt.abine.com (also called Blur...not really sure what to call them) a look. It's kinda like privacy.com but from what I can tell there's more privacy and any card you create is client-side encrypted.
I presented an idea at the recent Linux conference. I think I probably botched the talk. :-(
In any case, the idea I was proposing was this...
Just hire people.
The current way of hiring is high risk low reward.
But if you initially hire someone for a small project as a 1099 that's low risk high reward. Seeing how the handle a small project can indicate how they'll handle a large one.
Not sure of a left solution...I suppose passing a law that limits the number of interviews a company can do; or creating a public hiring department so that all hiring decisions are decided at a state/local level and then passed on to employer; or shutting a company down if there are too many complaints about their hiring process...but I can imagine a lot of issues with these.
It can be very tempting to immediately jump on the "ban signal" bandwagon, but I think it would be wise to take a step back and understand where they're coming from.
In reading the blog post their focus is on user privacy as their top priority. I don't believe signal would make this decision without privacy in mind. What's the alternative?
If spammers run rampant, Signal has a bigger privacy nightmare on their hands. Maybe by a miracle you got Grandpa to join you on signal. But a spammer then reached out to him with "hot young singles in your area" and Grandpa just had to click. Now suddenly Grandpa's retirement savings are gone.
So I'm not saying it's not worrisome. I'm saying let's remain open-minded. After all, it's nearly impossible to have 100% open source software in any stack. You're either using an AMD or Intel CPU. They're both closed source, but they allow you to interact with a privacy community.
Ah! Someone beat me to it! Haha. But this is a great idea. Always had mixed feelings about FF sync. Cool to see it can be self-hosted.
Sounds awesome. The site is taking a bit of time to load. Is it a heroku app?
Does a wrench make us more lonely?