Damus
Open in Damus
Wish the sun to stand still 🌞 profile picture
Wish the sun to stand still 🌞
@Wish the sun to stand still 🌞

"There is no sanctum or honor among technophiles."

Creator of the Wyng backup system. Lifelong student of the personal computing condition (and human one as well).

#wyng #infosec #pcs #containers #vm #hypervisor #microkernel #backups #storage #linux #qubes #python #foss #oshw

npub1ukfnvsprp0zkr0kwczxrvzpwu7z8ury2gldrttnpyu9325c80m8s3ynsrvnpub
[email protected]nip05
Relays (1)
  • wss://relay.ditto.pub – read & write

Recent Notes

David Chisnall (*Now with 50% more sarcasm!*) · 1w
Almost 25 years ago, I wrote a blog post with the title β€˜jumping ship slowly’ about leaving Windows (XP was awful, it was mind boggling to me that Vista managed to make people nostalgic for XP). M...
 Wish the sun to stand still 🌞 profile picture
Wish the sun to stand still 🌞 @Wish the sun to stand still 🌞
@nprofile1q... My recommendation is to look towards Android apps for the switch. Android arguably has a better selection of apps, and the current version includes a reference desktop GUI! So libre Android distros should lead to better results in the long term.

"Desktop Linux" isn't a real thing; its more of a mirage for techies who revere Unix. Skills learned by non-techies at the GUI level are non-transferrable to other Linux systems. Consumer expectations and Unix fandom are not compatible.
David Chisnall (*Now with 50% more sarcasm!*) · 1w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqmjex459gdca6clm3hund6d78zn7rck2ava0hvnq00s6sgryn7x9q82pdts infosec.exchange has a 11,000 character limit, which is big enough that I've never h...
 Wish the sun to stand still 🌞 profile picture
Wish the sun to stand still 🌞 @Wish the sun to stand still 🌞
@nprofile1q... Mastodon makes this even worse: If you follow someone, it will put every segment of that */11 thread into your TL, making a mess of it. Its why I don't follow Cory Doctorow and a few others, sadly.
David Chisnall (*Now with 50% more sarcasm!*) · 2w
It baffles me that Apple is putting so much effort into not complying with the DMA. The lack of something like F-Droid on iOS is literally the only reason I don't have an iPhone. If they made it pos...
 Wish the sun to stand still 🌞 profile picture
Wish the sun to stand still 🌞 @Wish the sun to stand still 🌞
@nprofile1q... Apple isn't cleaner or (much) safer than a patched Android fork. They do the CCP's dirty work, and and they don't mind looking the other way when apps bake-in lucrative malware en masse. Apple's high fees are goading app vendors to find any/every way to exploit their users even when those monetization frameworks start advertizing out-and-out "attacks" on users.

Another iOS downside is you're allowed only one html rendering engine (Apple's).

And they updated iOS network stack so that VPNs are forced to leak endpoint IP address info.
abadidea · 2w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqrxju03m46wcteehupuwpv0uyzf05gtujjmh3egxkse8c9y4zepvszrdws0 nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqry8d2p39m9t0usuexq8k5ufw6kkv830...
 Wish the sun to stand still 🌞 profile picture
Wish the sun to stand still 🌞 @Wish the sun to stand still 🌞
@nprofile1q... You're saying the user can't change the culture that expects them to click on sketchy domains "to do their job". (A dubious claim.) But no one is helping them because the IT field has sunk into mass malpractice.

So everything will have to relocate here:

abadidea · 2w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqrxju03m46wcteehupuwpv0uyzf05gtujjmh3egxkse8c9y4zepvszrdws0 nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqry8d2p39m9t0usuexq8k5ufw6kkv830...
 Wish the sun to stand still 🌞 profile picture
Wish the sun to stand still 🌞 @Wish the sun to stand still 🌞
@nprofile1q... @nprofile1q... Indeed, since no one is teaching users about domain verification they certainly will be clicking on "xqz789.vacation" in abundance.

Treating addresses like vestigial curiosities means there will soon be no open Web, it will be blocked due to general confusion and mistrust.
1
abadidea · 2w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqrxju03m46wcteehupuwpv0uyzf05gtujjmh3egxkse8c9y4zepvszrdws0 nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqry8d2p39m9t0usuexq8k5ufw6kkv8306v8cl9cwmp226xrd7jtsslra4mq you’re getting this backwards. It’s not about whether the user check...
abadidea · 2w
phishing training really doesn’t spend enough time on β€œhow to structure your mass corporate communications in such a way that your employees won’t conclude that you communicate exactly like scam...
 Wish the sun to stand still 🌞 profile picture
Wish the sun to stand still 🌞 @Wish the sun to stand still 🌞
@nprofile1q... Why not just look at the domain name in the links...

Address awareness for users was de-emphasized in the 2000s because "they click through too often" and "CAs make mistakes". Then it was replaced with the same kind of user-responsibility expectation, but with fuzzy criteria that are easily 20x as complex.

Browser and mail clients could put up a warning "Going to XYZ domain" with the domain name in 24pt font. They could show homoglyph letters in bright background colors. They could do a lot of things that are not at all hard to engineer. But its only the weak rube-goldberg type garbage that impresses people.

@nprofile1q...
1
abadidea · 2w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqrxju03m46wcteehupuwpv0uyzf05gtujjmh3egxkse8c9y4zepvszrdws0 nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqry8d2p39m9t0usuexq8k5ufw6kkv8306v8cl9cwmp226xrd7jtsslra4mq β€œjust look at the domain name” does not work in the real world of re...
iodΓ© · 3w
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqrxju03m46wcteehupuwpv0uyzf05gtujjmh3egxkse8c9y4zepvszrdws0 sideloading will not be an issue on #degoogled OSs, it is only a problem for stock. As for recaptcha, unfortunately, there is no privacy-respecting workaround. Website owners who have pl...