• 0 Posts
  • 82 Comments
Joined 1 year ago
cake
Cake day: June 27th, 2023

help-circle
  • I think a possibility is a series of open source anvil or nixos scripts that you can run on most hardware with minimal changes, in an extendable architecture of some kind to add or remove functionality and they perhaps get maintained by the community or some structure of the kind of Linux distributions.

    This could enable people with minimal skills set up and maintain a reasonably useful but secure environment just by changing a few variables.


  • Unlike other chat services Telegram has a “social” aspect and search capabilities for locating public discussion channels.

    Furthermore E2EE is optional and most people don’t turn it on and is certainly not on in public channels.

    While techies are freaking out about an attack on encryption the articles I’ve read so far don’t mention anything about encryption or otherwise it seems that French police is concerned about moderation or attempts at moderation of those public channels, that Telegram specifically refuses to moderate.

    Perhaps this will be an attack on encryption by stealth but at this point that’s not what it looks like.

    As a personal anecdote when I installed Telegram a few years ago and searched for my city’s name the top 20 results where channels offering to sell you heroin - which I thought was so blatant as to be certain it was police sting operations - but who knows.



  • whereisk@lemmy.worldtoTechnology@lemmy.worldApple AI vs. Microsoft AI
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    3
    ·
    5 months ago

    See how much an exploit for iPhone vs Android will run you in the open market.

    Also how fast a discovered security hole will be patched and distributed to the fleet between the two systems.

    Most Android phones will never get a patch, some will get it 6 - 12 months later and very few within the month.

    Also one is run by an advertising company.







  • There’s a difference in stakes and impact and intent: the client firm is actively interested in finding security holes and the outcome of a negative security report does not (usually) directly affect the continuing operations of the business or impact on the personal reputations of the business owners their ability to conduct business, or how moral they’re perceived by society.

    A negative report here would be a devastating blow on Linus himself, his business is built around him and relies on audiences trusting him, it would also open up the door for legal action that could result in massive monetary damages and fines.

    I’ve had “independent” valuations and audits. I’ve seen how these firms work - and it’s not independent. They obey the people that pay them or they don’t get any work in the future from anyone else “that firm destroyed my business”.

    The most suspect aspect of the report is that they found nothing negative, everything was perfect. This on its face doesn’t ring true for any business I’ve ever seen, as well as how they responded to the accusations and how many people came out to accuse them.









  • Sorry, probably not.

    This is meant to run hosted (like a website), so it needs a server setup.

    If it all sounds like gibberish then you don’t understand what a lamp stack or a docker container is it’s unlikely you’ll be able to install it on your own in a way that is useful or that you can maintain for security.

    You could possibly hire someone to install it on your behalf - but given that it’s dealing with your finances I would be hesitant to do so.

    If you are on Android try the Cashew app - has a paid tier but it’s unlikely you’ll need it and is minimally intrusive.