Time for an #introduction. I've been involved in #FOSS and #Linux since the late `90s. My career started as a sysadmin, pivoting to security. I'm the President of @purism and work on hardware and software to protect #privacy, #security and freedom.

I've written a number of books (kylerank.in/writing.html) and was a long-time columnist for Linux Journal magazine.

I have many hobbies including #weaving, refurbishing mechanical #calculators, #3dprinting, #brewing, and many other things.

Linux really needs to remove the “privileged ports” security theater bullshit.

We’re no longer living in the mainframe era. The security properties of the Internet are different to mainframes. This is actually an anti-feature that either complicates life or actually compromises security (when folks run servers as root and forget to drop privileges , etc.).

If anyone has any sway within the kernel team, etc., please do your thing.

source.small-tech.org/site.js/…

#linux #security #theatre #networking

Disable privileged ports security theatre on Linux instead of using setcap (#169) · Issues · Site.js / app

Summary Currently, we’re using setcap to grant the CAP_NET_BIND_SERVICE privilege to allow Node.js (during development and testing) and the Site.js binary...

^GitLab

Heads up: looks like MailChimp was compromised. Watch out for phishing attempts and remember to enable two-factor authentication on your accounts.

digitalocean.com/blog/digitalo…

#security #MailChimp #email #DigitalOcean

Impact to DigitalOcean customers resulting from Mailchimp security incident

The security of DigitalOcean customers and their data is a responsibility we approach with utmost dedication. When our customers' security is threatened we respond swiftly, communicate with transpa...

^{www.digitalocean.com}

Software Sessions is a #podcast by Jeremy Jung for practical conversations of developing software. Jung is a technical lead in the #security industry where he integrates software systems and hardware devices in on-premise environments

On the Episode "Bringing #GeoCities Back with Kyle Drake" from January 15, 2020, you get to hear behind the scenes experiences of #Neocities' infrastructure (IPv4 addresses and CDN, etc), legal challenges (phishing, spam, false DMCA strikes), how much it costs to do the thing, and creating a place that reminds us that making websites still matter.

softwaresessions.com/episodes/…

Also check out Jeremy's blog post on how to record a podcast. jertype.com/how-to-record-a-po…

#nowPlaying

Bringing GeoCities Back with Kyle Drake

Kyle Drake discusses what GeoCities was, why it failed, the technical and legal challenges of creating its spiritual successor Neocities, and how he's working to preserve and curate sites from the old web.

^{Software Sessions}

Related:

Normalize using end-to-end #encrypted (and ideally, ephemeral) communications.

Normalize not telling #Google everything you think, do, and say.

Do it now.

#privacy #security #surveillance

nbcnews.com/tech/security/abor…

Looming abortion law changes prompt digital privacy worries for clinics

Abortion clinics and providers are rushing to strengthen their digital privacy and protect the data of their patients due to the potential overturn of Roe v. Wade.

^{Kevin Collier (NBC News)}

Last week for availing $100 off with promotion code "L14SUMMER" and the special link below and share the info with your friends too!
puri.sm/products/librem-14/?mt…

#laptop #tech #security #privacy #freedom

If a company actually cared about your privacy and wanted to advertise its products, could it do so ethically? We have been thinking about this issue heavily at Purism.

We value people’s privacy and want to protect it not just with our products, but with how we market our products. Let us know, we are counting on your feedback!

puri.sm/posts/is-ethical-adver…
#privacy #security #freedom

A Letter to #Discord for not Supporting the #Linux Desktop

theevilskeleton.gitlab.io/2022…

I rewrote the whole article because I sounded extremely rude before. It's not nice to be rude to developers, whether you like them or not; whether the application is open source or not. Hopefully this revision is respectful and doesn't sound like I am shaming them.

#gnu #security #electron

A Letter to Discord for not Supporting the Linux Desktop

Discord is popular among the Linux desktop community. Thanks to Electron, the framework that Discord uses, it was possible for Discord to port the client over to Linux very easily.

^{TheEvilSkeleton}

Case it point, the text in my image was revealed by @janale about fifteen minutes after my original post.

toki.social/@janale/1083740420…

#GNOME #Obfuscate #security

jan ale (@janale@toki.social)

Content warning: Contents of blur

^toki.social

Warning: There’s an app for blurring out sensitive information in images called Obfuscate being featured on #GNOME Software right now.

Please be careful.

The default blur setting can easily be reversed.

The default should be to replace the areas with a solid colour or a pattern not derived from the underlying information.

This really should not be a featured app in its current state.

#security #linux #apps #obfuscate

Glad to see npm has a security holding package for save-dev (it’s what you end up installing if you forget the dashes before the --save-dev flag) :)

(And here’s hoping, despite what it says on the site, that they never give that package to anyone.)

npmjs.com/package/save-dev

#npm #security #nodejs

save-dev

security holding package. Latest version: 0.0.1-security, last published: 3 years ago. Start using save-dev in your project by running `npm i save-dev`. There are 98 other projects in the npm registry using save-dev.

^npm

Response to "#Flatpak Is Not the Future"

theevilskeleton.gitlab.io/2022…

#gnu #linux #foss #fedora #opensource #security

Response to “Flatpak Is Not the Future”

Late last year, this interesting article “[Flatpak Is Not the Future]” was published to the public, and very quickly grabbed the Linux community’s attention.

^{TheEvilSkeleton}

A #blog post about the new release of #Freshermeat :

cedricbonhomme.org/2022/05/10/…

#python #opensource #security

GrapheneOS version 2022050301 released: grapheneos.org/releases#202205….

See the linked release notes for a summary of the improvements over the previous release.

#privacy#security#grapheneos

GrapheneOS releases

Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

^GrapheneOS

I never did an #introduction!

Hi, I'm Max. I live in #NYC and do #journalism at PCMag where I cover #infosec, #security, and #privacy. I also write reviews of #VPN and professionally complain about #capitalism. I'm the Unit Chair of the ZDCG #union and moonlight as a #labor organizer. If you want to learn about how to unionize your workplace, plz DM me. I play #banjo badly and think about #medieval literature. I'm spending too much money on #fountainpens.

A Wildly Powerful, Privacy-Focused Linux Laptop Appears…

omgubuntu.co.uk/2020/07/purism…

"Suffice to say it's a beast based around a six-core Intel Core i7-10710U (1.10 GHz, 4.70 GHz turbo boost) processor."

@omgubuntu

Learn more about the all-new Librem 14: puri.sm/products/librem-14/

#privacy #freedom #security #linux

neilmadden.blog/2022/04/19/psy…

One side of the equation is r and the other side is multiplied by r and a value derived from s. So it would obviously be a really bad thing if r and s were both 0, because then you’d be checking that 0 = 0 ⨉ [a bunch of stuff], which will be true regardless of the value of [a bunch of stuff]! And that bunch of stuff is the important bits like the message and the public key. This is why the very first check in the ECDSA verification algorithm is to ensure that r and s are both >= 1.
Guess which check Java forgot?

#bugfix #crypto #java #security

CVE-2022-21449: Psychic Signatures in Java

The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, thi…

^{Neil Madden}