The greatest piece of advice I was ever given was this: when you stop work for the day, never stop at a 'clean' break point; stop in the middle of something you can finish easily.
That way the next morning you're not confronted with a a dauntingly blank page or an empty function to write, but a half-finished one you can get back into without difficulty.
I can't remember who gave me that advice, but I've stuck to it dogmatically whenever I can.
¿EEUU ha atacando a otro país soberano al margen del derecho internacional? Supongo su ahora vendrán las sanciones de la Unión Europea y eso. rtve.es/noticias/20251229/trum…
A couple decades ago, I wrote a short paper that described how the basic approaches of cryptography and computer security lead to an efficient and practical privilege escalation attack against master-keyed mechanical locks, which I published in IEEE Security and Privacy (a nerdy computing technical journal).
Unexpectedly, my paper got some press attention. @jswatz_tx found it and wrote a short piece in the NY Times.
And then locksmiths freaked out. I mean completely lost it. They were very upset, not so much that a very common lock design had a basic security flaw, but that an "outsider" found it and had the poor moral character to make it public.
I started getting weird death threats. They doxed me ("let's see what kind of lock the bastard has on HIS house")
A trade publication called The National Locksmith ran monthly guest editorials in which prominent members of that profession were invited to denounce me. My favorite quote, from a locksmith named Billy Edwards, who had written a book on master keying, and who took my paper rather personally.
I should point out that master keying was about a century old at the time, and while the mechanical details weren't secret, locksmiths tended to regard the inner workings of locks as "restricted knowledge", rather like a medieval trade guild. I didn't understand this.
What took me by surprise was how different the physical security wold's attitude was compared with that of my community, where the ethics of discussion of vulnerabilities has long been essentially settled in favor of openness.
Essentially, their argument was that this would be a huge pain and expense to fix, and so we are all better off just keeping it on the down low. And that kind of worked, for about a hundred years, until more open communities - like computer security research - started looking seriously at locks (as both metaphors and as interesting mechanisms in their own right).
I see their point, even if I personally reject it. But in the age of the Internet, you just can't keep this kind of stuff secret.
Anyway, my intent in looking at locks and publishing my paper wasn't to disrupt the lock industry. I believed, as I still do, that mechanical locks and physical security have quite a bit to teach computing, but also that the abstract techniques of cryptography and computer security can illuminate weaknesses that are hard to see when looking at systems in strictly mechanical terms.
My attack is intuitive and obvious to cryptographers, but rather subtle without our field's tools.
I never did reach a truce with the locksmiths. A couple years later, I met Billy Edwards, the author of that editorial denouncing me, at a trade show, and when he learned who I was he refused to shake my hand and asked me to leave him alone.
I wish he had seen things differently, but I can respect that he was coming from a place of genuine concern, even if I think his approach was wrong.
To this day, I worry that I'm pretty screwed if I get locked out of my house.
NB: While I never intended to piss off locksmiths with my master keying paper, I did write a followup a couple years later about safes and safecracking, partly out of spite.
TL;dr: We can learn a lot from safes and safe locks, and the frameworks of cryptography and computer security are applicable there, too. The fact that our learning about this subject makes people in that industry upset is just a bonus.
I wrote that paper after I had moved from AT&T Labs to U. Penn. The Penn locksmith went totally apoplectic, and wrote regular angry letters to the dean and to the head of campus security warning about what an irresponsible, dangerous menace I am. But for whatever reason, his efforts were unsuccessful in getting me fired; the administration just forwarded me his letters, which I taped to the door of my office.
It occurs to me that people outside the security field might find it odd that we openly publish stuff like this. Why help people who might use the knowledge to do bad things?
There are a number of reasons. The first is that only through open discussion are we able to identify and fix problems. Another, which is what motivated my work, is educational: you can't learn to defend systems unless you understand how they are attacked.
So while openly publishing offensive security techniques might indeed help criminals, that harm is outweighed by significant benefits. Every properly trained computer science student should understand how to exploit vulnerabilities. Because the attackers DEFINITELY understand it.
What accessible E-Mail client do we use for iOS these days? Heard that the official has some notification issues with generic smtp accounts and the design isn't super awesome either.
O gosh, I threw Gemini-cli on my /etc/cloud.cfg on a Raspberry OS install. It totally fried the file such as the only remaining contents in it was the “$content” phrase. Not very nice! Luckily, dpkg came to a rescue and allowed me to restore the file.
New update to Audio Invaders! I tweaked the Runner enemy to be easier to hear, not lightning fast when you first start encountering it, and it now has a progressive rumble as it gets closer to the ground. High scores now save properly again, and you can now Pause the game and toggle Verbosity options on the fly! marconius.com/fun/audioInvader…
a bunch of weirdos on youtube are very mad and scared about the price of silver i guess?? like I don't know anyone who owns enough silver to give a shit
but this is how it always was. If you drop your mail off into their possession (big blue drop box) but they don't pick it up until tomorrow and process it at the local post office, the postmark is tomorrow not today ...
Yes they will absolutely use this as a way to sceew with mail in ballots by disrupting processing of those too close to the deadline (understaff, shutdown USPS, etc) and now there will be little chance of successfully challenging it. At this point Trump could legally fire EVERYONE at USPS weeks before the election to screw everyone over too and he probably will.
The conversation about AI is exhausting, and I'm finding myself more and more talking with my friends about its dangers and downfalls. I definitely see a new level of awareness and skepticism coming from non-tech people, which is great.
One question that sometimes come up with people wanting to learn how to code is "Is it worth even doing it with all this AI self coding tools?"
Hell yeah! Absolutely! Technical literacy is even more important now than ever!
In a time when the sentence "junior developers will be replaced by AI" is heard multiple times a day, does it make sense learning how to code?Yes, now more t...
A group of U.S. alcohol producers claims Canadian retailers are giving unfair advantage to local spirits, including what it calls “discriminatory” markups in Nova Scotia and other provinces.
Editional tips and tricks for downloading the cops pack
Sensitive content
Editional in regards to the cops tv show pack, please read for some useful tips and tricks. First things first. I recommend everybody who downloads this to use a vpn. Not that I would suspect any oh crap letters from isp's, but it's definitely better to be safe than sorry. also, if you check the reddit post, you'll note that you're asked to forward ports. However, I haven't done this, and when I tried, nothing worked, so downloading shouldn't be impacted by not forwarding ports. Also Note that as this has to be obtained via torrent, I recommend using q bittorrent for windows, mac etcetera. However, all tips should be able to be applied with any client, as they pretty much do the same thing. Anyhow, for those who take on the task of downloading and for those who use q bitorrent, if you're using a spinning harddrive which is what's recommended with an archive this large, when adding the magnet to your torrent client, make sure to check the box on the enicial torrent options screen after hitting download that's labeled, Download in sequencial Order, providing that this option exists for your prefered client. It might be labeled differently for eatch client. Leave everything else as it is. Also, in q bittorrent, under the connections section under options, set maxamum upload slots from 20 to 10. this keeps your drive from being pinned at 100percent, and the pack will download faster. Another tip for better performance decreasing disk loads. Feel free to check your upload speeds once the download gets going, I gave it about 10 minutes. But for instants, when downloading, if you notice that your upload speeds are maxing out at 1.0mbps, under the speed section within options, set your upload limit to anywhere between 200 and 500mbps. upload speeds do very from user to user, so feel free to set your speeds acordingly. I find that the client won't choke your download speedds at these numbers, and if anything you'll download faster. However, if you do notice any speed choking, set your limits back to infinity and let it do its thing. Note that with NVDA, the speed section doesn't read correctly. However, the first limit box is your upload limit setting after you hear it say grouping. And 1 last thing. Once I finish downloading the pack, I'll set my upload slots back to 20 and m,y upload speeds back to infinity, and will be seedding this for as long as I can. I definitely incurrage other downloaders to do the same, as this keeps the project alive and thriving and will hopefully keep the project from becoming unseeded. However, this isn't absolutely mandatory, just had to put that out their. Sharing is caring :). End of tips and tricks. Well, happy cops watching!
Editional tips and tricks for downloading the cops pack
Sensitive content
@Bri As in you're downloading it? It's already at 56percent for me and it's been downloading since saturday night, but if you have slower internet then it will take rather long to download. I have 500mbps networks myself
Editional tips and tricks for downloading the cops pack
Sensitive content
@Bri Aha. Yeah, if you're using an old version of microtorrent or something that doesn't have latest patches security fixes updates etcetera, it won't work. It refuses to connect, cops tv fan uses the latest security measures for this torrent. Strait up this makes that puney zip file upload on your server look like an ant. Lmao.
Editional tips and tricks for downloading the cops pack
Sensitive content
@Bri This is actually why I didn't continue uploading. He told me that he'd updated things on his end so drasticly that, if I finished uploading that I'd have to do it all over again due to the amount of missing content in the last cops pack
Editional tips and tricks for downloading the cops pack
Sensitive content
@Bri Haha yeah. an now we're looking at a wapping 3.54tb. I can't imagine even beginning to upload 1 season let alone 3.54 tb to a server. That's, a lot, of server space. And the time that it would take for me to do all of that would be incermountable
Editional tips and tricks for downloading the cops pack
Sensitive content
That very server is actually where I'm downloading it. I'm going to convert it all to audio. I'm 100% blind, so I don't need all that video taking up space that I don't have anyway.
Editional tips and tricks for downloading the cops pack
Sensitive content
@Bri As in to a harddrive plugged into a computer? I'd say roughly the same, maybe probably more time give or take. I'm downloading it to my 8tb western digital external drive plugged into my desktop and it's at 56percent and some change as of rite now. If you have a 500mbps connection I'd say about 5 days
@gnomon I'll need mp3 and was thinking of batching all tracks in an album, which kinda matches my laptop's number of cores.
I need to experiment a bit with the stereo first; it doesn't pick up the track number field, so if it just sorts an album's tracks in alphabetical order I'll need to tell ffmpeg or whatever to output track numbers as part of the track name.
(everything is in flac; I need mp3 smaller than the bitrate I used initially, or music won't fit in an USB stick)
Yeah, I know you know, but just don't use AI to do the school assignments. Otherwise it is like paying for an extremely expensive gym membership, then paying someone else to do the workouts for you on top of that. You just end up wasting time, money, and energy for nothing. lol
We are receiving reports that Google flags our repo as "having dangerous apps" or being a "dangerous site" – texts being very vague, no proof given (nor did they inform us). They also link to a page they call "Transparency Report" – which is of the same vagueness, but definitely not transparent (transparencyreport.google.com/…)
We're not aware of any such dangerous content. All apps on our repo are properly scanned, see izzyondroid.org/about/security…
Google did not inform us. Especially did they not inform us WHICH pages/apps at IzzyOnDroid they consider "dangerous", or WHY. Nor did they give us any means to respond to that threat. It is sad that they are obviously unable to do so. It seems to be asking too much, expecting at least a mail to "webmaster@"…
Should you have any deeper insights, please let us know.
@dalias unfortunately, we cannot afford such a law firm. Only a piece of what they could make of that, would allow us to run IzzyOnDroid full-time with a full team twice our size – and what a service we could offer then! Drop our $dayjobs and go full-in at IzzyOnDroid – a dream that would be!
@dalias I mean, imagine a big news portal claiming Google Play had been hacked, and "attackers currently on that site" would install dangerous apps, etc. pp. The fact alone to claim there are "attackers on the site"!
To me, this looks like scare mongering. I didn't expect they'd consider us such a dangerous competition, to need such actions…
@dalias Not sure it works that way here in Europe. But if there's a lawyer around who wants to pick this up that way, they're welcome.
We'd also welcome a fix and public apology from Google here, in a way making that lawyer "unneeded". Giving the missing details would be a start, I'd say. We're not exactly "bored" here, that we'd need a fight to have something to do…
Out of curiosity, I've asked VirusTotal for its opinion. All 97 engines report "green". Fun fact: that includes "Google Safebrowsing". If you want to check for yourselves, here's a fresh report generated less than 5 minutes ago:
You also need to check the izzyondroid APKs that are not compromised. If you look at the image where it says “relationship,” you will see that there are codes and numbers, and when you tap on those numbers, you will see the number of codes analyzed. Somewhere there should be files in red. The APK or page and repository are fine, but when you upload it to the internet, some APKs may be infected because there are people who copy them and infect them to steal data.
@iguana09863 thanks, but there is no "relations" tab. And all our APKs are run through VirusTotal as well. Would one have been tampered with on-site, it would be overwritten on the next sync again.
And APKs do not get infected by copying them. If those malicious people copy them for such purpose, they usually modify them, too. Which would not only break the signature, but also lead to a different file hash. It's all FOSS, they could compile such APKs themselves.
I'm not saying that your website or repository is infected, it was just an example and I did it with a file from a Nintendo game that I have saved. The IP address of some files may be infected or the DNS, and Google may have thought it was a virus and it may be a false positive. This has happened to me with tools and PDF files, so I wanted to mention it. Anyway, here's a link to this website, it's on internext and it's a virus scanner similar to virustotal👇 internxt.com/virus-scanner
Free tool for scanning files for viruses and malware. Protect your personal documents, data, and hardware from online fraud with a quick and easy scan.
I just tested this by going to apt.izzysoft.de/fdroid/ using the latest version of Chrome for mobile on Android and I don't see any warnings. It may have been a (potentially anti-competitive) false positive that Google has since corrected. But I don't currently see the issue showing in the screenshots here at all
This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
you probably said something not so nice about Trump - that is dangerous. Any dissent of the dear leader will be crushed by US big tech collaborators. Make America Fascist Again
edge browser had a blog post explaining they had better performance than chrome, mosyly measured in battery drain on laptop, but youtube kept changing small thing that was invisible to most user but broke hardware playback on edge browser and software video playback consumed twice as much battery. After a time, they gave up, switched to using chrome rendering engine instead of their own issue stopped.
We've registered our site with the Google Console now to get details on the pretended infection. The screenshot below are what they call "full details" – a joke. Nothing applicable (apologies for the German screenshot, but I couldn't see a way to switch the language).
So we requested a re-check. They wanted to know how we solved the problems. All we could tell them is that we checked all details they had provided…
For those to whom this matters, HKC Radio is in the process of being added to MyTuner Radio. You can search for us by name there, although we believe the propagation process may be long.
Did anyone else, when they were kids, or maybe even now, no judgement, have their favorite characters as imaginary friends or even people they knew in real life?
Taky jsem si prosel cele vlakno a v tom kontextu ta zprava nema zadnou relevanci. Je to jenom xenofobni vykrik 🤷♂️
A ten CoC Rustu mi prijde dulezity a dobre napsany. V soucasnem svete toxickych IT diskuzi (viz treba kauza Hyprland) chrani dobre nastavena pravidla vsechny zucastnene a ten OSS se muze posouvat dopredu.
я использовал #xmpp месяц,и ... #DeltaChat / #ArcaneChat лучшое что есть❤️🥛 я другие мессенджеры тоже тестировал #Session / #SimplexChat / #Signal ну такие себе,у каждого есть свои жёсткие минусы
Spoilers: The only legitimate complaint I have about Manamon 1 and 2 is that the main character sounds way older than they actually are. Why is a little boy or girl interfering with things they should not meddle with at such a young age? Entering a shadow kingdom, hopping into Requiem, stopping Eschonites at restaurants... you should be at least 18! Not to mention they don't even talk like their age. I'm not saying they have to sound immature, but cut back on the grammar. They're kids.
Andromeda. Nice to make your aquaintense! Um, I mean what? Yes she literally says that when she's about 12 and exploring her surroundings for the first time. Dang lol. I mean, the character was already older in m2 than in m1, so how about in m3, maybe if we get that in 5 years or what, if ever ever, he could be 18 indeed?
people are waking up and learning it's time to distrust Meredith. She's not pushing Signal into any direction where it's impossible for her to "pull out" of a country that is demanding a backdoor. RT: antifa.style/users/walsonde/st…
Spricht eigentlich irgendwas gegen #Delta Chat? Ich mein, #Signal ist toll, aber Meredith Whittaker hat bereits angekündigt, dass sie sich aus Europa zurückziehen werden, sollte die #Chatkontrolle kommen.
Europe is going to use the intense hatred of relying on American services to trick everyone into adopting a CBDC aren't they? It's such a moment in history where everything comes together perfectly RT: mstdn.social/users/hkrn/status…
EU to build no-fee payments service like Visa/Mastercard and Apple/Google Pay
L: https://www.independent.ie/business/digital-euro-what-it-is-and-how-we-will-use-the-new-form-of-cash/a165973061.html
C: https://news.ycombinator.
this is a serious question, in case anyone has specific knowledge[1]: how come 20% of Apple device updates (most egregiously the Apple Watch) are getting to "100%" and 80% of the update is "Preparing…" with no percentage
[1]: NOT GUESSES PLEASE DON'T GUESS I ALREADY HAVE QUITE A BIT OF KNOWLEDGE ON THE TOPIC THAT WOULD ALLOW ME TO GUESS MYSELF. ONCE AGAIN NO GUESSES PLEASE
Any #FreeBSD sysadmins out there running #Bastille jails with multiple interfaces? Or any sort of jail with multiple interfaces? I was going to try out Bastille rather than old-fashioned manual "Thick" jail like the ones I’ve set up before because I've never done multiple interfaces or thin jails and Bastille seemed like a good way to do that. Except that it isn't working. At least not in the way I think the docs imply... Of course I've opened an issue: github.com/BastilleBSD/bastill…
I am attempting to create a jail acting as a specialized proxy with access to multiple host vlan interfaces. The existing host config is: cloned_interfaces="lagg0 vlan0 vlan1 vlan2 lo1" ifconfig_la...
is an open carry state now.
moment in history where everything comes together perfectly
Matt Blaze
in reply to Matt Blaze • • •Unexpectedly, my paper got some press attention. @jswatz_tx found it and wrote a short piece in the NY Times.
And then locksmiths freaked out. I mean completely lost it. They were very upset, not so much that a very common lock design had a basic security flaw, but that an "outsider" found it and had the poor moral character to make it public.
I started getting weird death threats. They doxed me ("let's see what kind of lock the bastard has on HIS house")
2/
Matt Blaze
in reply to Matt Blaze • • •A trade publication called The National Locksmith ran monthly guest editorials in which prominent members of that profession were invited to denounce me. My favorite quote, from a locksmith named Billy Edwards, who had written a book on master keying, and who took my paper rather personally.
3/
Matt Blaze
in reply to Matt Blaze • • •I should point out that master keying was about a century old at the time, and while the mechanical details weren't secret, locksmiths tended to regard the inner workings of locks as "restricted knowledge", rather like a medieval trade guild. I didn't understand this.
What took me by surprise was how different the physical security wold's attitude was compared with that of my community, where the ethics of discussion of vulnerabilities has long been essentially settled in favor of openness.
4/
Matt Blaze
in reply to Matt Blaze • • •Essentially, their argument was that this would be a huge pain and expense to fix, and so we are all better off just keeping it on the down low. And that kind of worked, for about a hundred years, until more open communities - like computer security research - started looking seriously at locks (as both metaphors and as interesting mechanisms in their own right).
I see their point, even if I personally reject it. But in the age of the Internet, you just can't keep this kind of stuff secret.
5/
Matt Blaze
in reply to Matt Blaze • • •Anyway, my intent in looking at locks and publishing my paper wasn't to disrupt the lock industry. I believed, as I still do, that mechanical locks and physical security have quite a bit to teach computing, but also that the abstract techniques of cryptography and computer security can illuminate weaknesses that are hard to see when looking at systems in strictly mechanical terms.
My attack is intuitive and obvious to cryptographers, but rather subtle without our field's tools.
6/
Matt Blaze
in reply to Matt Blaze • • •I never did reach a truce with the locksmiths. A couple years later, I met Billy Edwards, the author of that editorial denouncing me, at a trade show, and when he learned who I was he refused to shake my hand and asked me to leave him alone.
I wish he had seen things differently, but I can respect that he was coming from a place of genuine concern, even if I think his approach was wrong.
To this day, I worry that I'm pretty screwed if I get locked out of my house.
7/7
Matt Blaze
in reply to Matt Blaze • • •NB: While I never intended to piss off locksmiths with my master keying paper, I did write a followup a couple years later about safes and safecracking, partly out of spite.
mattblaze.org/papers/safelocks…
TL;dr: We can learn a lot from safes and safe locks, and the frameworks of cryptography and computer security are applicable there, too. The fact that our learning about this subject makes people in that industry upset is just a bonus.
Matt Blaze
in reply to Matt Blaze • • •Matt Blaze
in reply to Matt Blaze • • •It occurs to me that people outside the security field might find it odd that we openly publish stuff like this. Why help people who might use the knowledge to do bad things?
There are a number of reasons. The first is that only through open discussion are we able to identify and fix problems. Another, which is what motivated my work, is educational: you can't learn to defend systems unless you understand how they are attacked.
Matt Blaze
in reply to Matt Blaze • • •