Notices by mkb (mkb@mastodon.social)

@TuvixJaneway

@freemo I figure it’s impolite to interact with the human unless the dog introduces us first. 😜

Shit.

Hong Kong police move on university campus, begin mass arrests, threaten live fire - The Washington Post https://www.washingtonpost.com/world/hong-kong-police-pummel-university-with-water-cannon-as-officer-hit-by-arrow/2019/11/17/f004c978-091f-11ea-8054-289aef6e38a3_story.html

#HongKong

The folks at @protonmail are bringing their app to @fdroidorg:

https://protonmail.com/blog/android-expansion/

#privacy

@jartigag A friend of mine used to say "You know you're about to have a bad day when someone comes up to your desk and asks, 'How much do you know about Sendmail?'"

This is great:

Zakk Wylde playing Sabbath on a Hello Kitty mini-guitar:

https://www.youtube.com/watch?v=rwhvFLHIlBs

🤘
#Metal

@jartigag Yep, mac filtering is a fine illustration of a key security concept: “Secure” is not boolean.

Any mitigation we can come up with can still be circumvented. The goal is not to make attacks impossible but to shave risk by making attacks incrementally more difficult.

https://vimeo.com/131222941

@jartigag

The next (and better) mitigation is to use other layers: Use a VPN and use encrypted protocols wherever possible. You want both because VPNs can leak and encrypted protocols aren't always an option.

Actually, I highly recommend everybody use a VPN when using any sort of public wifi. Your university might provide one. If not, commercial options aren't terribly expensive compared to tuition and textbooks. :)

@jartigag

There are mitigations but I'm not aware of an ironclad fix.

When thinking about these risks it helps to do a little thread modeling: What specifically do I want to protect? Who might threaten it? What specifically might they do?

A corporate network can help prevent wifi MITM from an outsider by using MAC filtering and the Enterprise variants of WPA/WPA2. That's too onerous for public networks or most smaller orgs.

`git push` or it didn’t happen.

Mixed feelings.

Mr. Robot’s fourth season will be its last https://www.theverge.com/2018/8/29/17796672/mr-robot-ending-fourth-season-series-finale

#MrRobot

Today is the 100th birthday of technical badass Katherine Johnson. Ms Johnson calculated trajectories for Apollo space missions by hand.

https://www.nasa.gov/content/katherine-johnson-biography

“Although VPNs pose special challenges for SIGINT (signals intelligence) collection and processing, we’ve recently had notable success in exploiting these communications,” said an article from the internal NSA newsletter SIDtoday.

https://theintercept.com/2018/08/15/nsa-vpn-hack-al-jazeera-sidtoday/

#vpn #privacy #doh

@mayuutann

#Elixir is the language I'm most excited about but I've only scratched the surface.

I'm most facile in #Ruby so that's what I've done the most in.

These days circumstances dictate that I do an awful lot in shell scripts. They're grody but still the right tool for certain jobs.

@rysiek @Gargron @charlag @wakest

The consensus among cryptographers is the Signal protocol is top of the heap for secure messaging right now.

Wire's protocol might be fine but it hasn't received the same level of scrutiny. Wire's privacy practices also aren't as robust. Among other things the server keeps a list of everyone you have communicated with.

Ultimately, the right choice depends on your particular application and threat model.