smpl

joined 2 years ago
[–] smpl@discuss.tchncs.de 8 points 2 days ago (1 children)
[–] smpl@discuss.tchncs.de 31 points 2 days ago

Librewolf it comes with uBlock installed.

[–] smpl@discuss.tchncs.de 3 points 6 days ago (1 children)

I've now finished reading and it wasn't about the xz code as I thought. The article was about the F-Droid developer Hans-Christoph Steiner telling a story about someone attempting to put pressure on F-Droid to merge code that was vulnerable in response to what happened with the xz project. So F-Droid never had the vulnerable code in it.

Tuesday, Hans-Christoph Steiner, a longtime developer of F-Droid, explained that a very similar situation nearly led F-Droid to push an update that would have introduced a security vulnerability into the product three years ago: “Three years ago, F-Droid had a similar kind of attempt as the Xz backdoor,” he posted on Mastodon. “A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn't found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a SQL injection vulnerability. In this case, we managed to catch it before it was merged. Since similar tactics were used, I think it’s relevant now.”

[–] smpl@discuss.tchncs.de 2 points 6 days ago (2 children)

My intention was not to influence your writing. I'm just curious as to why apps from F-Droid would be more likely to be malicious. I was surprised because my intuition tells me that apps from F-Droid are inherently safer than apps from Play, because the apps are carefully reviewed. If it's just the XZ incident, which was a fascinating case of a supply chain attack, I'm not convinced since I'd assume apps in other app stores using liblzma would be equally affected.

Thanks for sharing your experiences!

[–] smpl@discuss.tchncs.de 5 points 1 week ago (4 children)

Could you please provide sources for this claim?

F-droid: Is an alternative store that can be used in place of Google Play. It has mainly FOSS applications but occasionally it can contain malicious software. You must be aware of this and know what you are looking for.

[–] smpl@discuss.tchncs.de 14 points 2 weeks ago* (last edited 2 weeks ago)

Your fellow competitors did not necessarily perform the search when they were at the pub. It could be a the john when they got home. Your data profile is still tied to them right now.

[–] smpl@discuss.tchncs.de 9 points 1 month ago (6 children)

Have you looked at the OpenSearch Description file for your instance? It might be generated with an IP by SearXNG not knowing the hostname. The URL is probably https://search.home/opensearch.xml.

If you want to examine the search engines in your browser profile, they're stored in a json file compressed with a mozilla specific variant of lz4. The file is search.json.mozlz4 and can be unpacked to json with lz4json.

[–] smpl@discuss.tchncs.de 14 points 1 month ago (2 children)

I'd recommend you donate money to those who host open infrastructure. That stuff is expensive and critical to the free and open internet.

As for free software projects I suggest donating your time with contributions. That's what they need the most. Helping with bug reports and writing documentation are easy starters and worth much more than money. That's hard to sell as a gift though.. One gift card for confirming and investigating a bug in free software of choice. Merry Christmas Uncle Bob!

Going from being a cool hacker who does things for fun and share it with his peers to being a poor cyberbeggar does no good to a persons selfworth. Help out by contributing and let Mr. Cool Hacker have time for his day job on the side. We get better software and fewer burnouts.

125
Unwellian (discuss.tchncs.de)
 
 

Giliam de Carpentier skrev noget software for sjov til at generere forskellige optimerede gangmekanismer. Kombineret med elektronik- og snedkerevner blev en af gangmekanismerne til et trådløst gående sofabord i træ. Carpentopod.

https://www.decarpentier.nl/carpentopod

 

Gennem tests med en hud stand-in har en trio af fysikere fra Danmarks Tekniske Universitet rangeret de typer papir, der har størst sandsynlighed for at give paper cut. I en artikel offentliggjort i Physical Review E har Sif Fink Arnbjerg-Nielsen, Matthew Biviano og Kaare Jensen testet skæreevnen og omstændighederne involveret i paper cuts for at sammensætte deres rangliste.

Artikel mm. kan findes her https://github.com/Jensen-Lab/PhysicsOfPaperCuts

 
view more: next ›