Skip Navigation
what if the hacker provided the public key for https connection?
  • Misbehaving or even simple errors are reasons for getting kicked out,

    That can be helpful if a transgression is noticed, and it's not orchestrated by a higher authority (e.g. government), and the damage isn't already done.

    browser builders are rather strict on the presence of the CAs they trust.

    Of course, browser builders are vulnerable to influence, attack, accidents, questionable judgment, and blind spots just as certificate authorities are.

  • what if the hacker provided the public key for https connection?
  • A proper CA will not sign a key for a domain when it has not verified that the entity that wants it's key signed actually controls the domain.

    Most browsers trust many certificate authorities from all over the world.

    Any of them could...

    • be compelled by authority
    • be compelled by threat
    • be hacked
    • have a lapse in ethics
    • have a rogue employee
    • etc.

    ...and yes, it has happened already.

    HTTPS as most of us use it today is useful, but far from foolproof. This is why various additional measures, like certificate pinning, private CAs, and consensus validation are sometimes used.

  • Linux Inventor Says He Doesn’t Believe in Crypto
  • I've never met Woz, but yes, I've long had the impression that his humility and sincerity reach depths seldom seen in humans, let alone in tech. Sadly, I also suspect these traits have made him easy to take advantage of in the past.

  • How to Create a Simple Debian Package
  • Not a bad shallow introduction to the package structure, but it leaves out more than a little, and doesn't address compiled software at all.

    Fortunately, Debian has extensive documentation. It's worth a look for anyone wanting to build packages suitable for publishing.

    https://www.debian.org/doc/devel-manuals

    The New Maintainers' Guide might be a good next step for understanding more use cases and available tools.

    The full Guide for Debian Maintainers is more up to date, including relatively new tools like dh that considerably simplify packaging software that uses common build systems.

  • Handbrake queue picks wrong file?
  • A tip that might help: For audio and subtitles, try using Track Selection settings instead of Track List settings, and once you have all your choices selected, save them as a preset. Then when queuing episodes, choose that preset.

    Also, consider doing a test run on part of a single episode before queuing up a batch. (Choose a time range of just a minute, for example.) That way you can check the result quickly, and adjust if necessary, before committing to the whole job.

    Finally, I recommend using Add To Queue for each episode, then Start once they're all queued.

  • You Can Now Jailbreak A PS4 With An LG TV
  • I’m just pointing out some specifics of the prerequisites,

    Yes, that's fair.

    which the article did a pretty bad job of highlighting imo, and how this is not the miraculous solution it’s somewhat touted to be.

    It would also be fair to acknowledge that hackaday is not touting miracles, but simply knows their audience. One would have to be very new to hardware hacks like this to be unaware that preconditions almost always exist. Older firmware is one of the most common preconditions.

  • hackaday.com You Can Now Jailbreak A PS4 With An LG TV

    You might think that jailbreaking a PS4 to run unsigned code is a complicated process that takes fancy tools and lots of work. While developing said jailbreaks was naturally no mean feat, thankfull…

    You Can Now Jailbreak A PS4 With An LG TV
    26
    Maybe I'm just new, but I just realized you can Ctrl-select or Ctrl-dblclick individual, separate pieces of text and copy them to the clipboard in one operation.
  • Are you talking about selecting multiple unconnected sections of text, so that they are highlighted at the same time? I think that's a Firefox feature.

    Or are you talking about selecting something and then something else, so that only the last thing is highlighted, and finding both selections listed as separate items in KDE's clipboard manager?

  • Do companies store facial and voice recognition data from the thousands of hours of zoom/teams calls that their employees use?
  • In general, if something is possible to exploit, some companies will exploit it.

    Figuring out which ones do can be difficult-to-impossible, since that information is not usually available to the public, or in many cases even to most employees. Unless a whistleblower steps forward, the best we can do is guess, and take whatever precautions we feel are worthwhile.

  • M.U.L.E. Online
    puzzud.itch.io M.U.L.E. Online by puzzud

    Classic M.U.L.E. for modern computers

    M.U.L.E. Online by puzzud

    For those who loved the classic Ozark Softscape game.

    5
    How do you contribute to OSS?
  • Most of what comes to mind has already been said by others, but I want to add one thing...

    the overall code seems so convoluted to me that I don’t even know where to start to analyze a solution, even though if it’d probably take ten lines to implement.

    One of the most important things to understand about software development is that (outside of small hobby projects) the vast majority of the work is not writing code. Most of the hours will be spent on a combination of other tasks, including:

    • Understanding the desired behavior
    • Understanding what has been tried before
    • Understanding what has and hasn't worked well in past attempts
    • Considering unexpected ways in which the software might legitimately be used
    • Imagining needs that might emerge in the future
    • Imagining problems/circumstances that might emerge in the future
    • Devising a solution that you think will work well
    • Predicting limitations of your design
    • Communicating the reasons and goals behind your design choices
    • Listening to feedback from others, and understanding it
    • Collaborating with others to find common ground
    • Conducting research to prove your assumptions or answer open questions
    • Learning the ins and outs of surrounding code that is only tangentially related to yours
    • Learning unfamiliar tools
    • Learning unfamiliar languages
    • Learning unfamiliar algorithms and data structures
    • Revising your design
    • Coming up with succinct and clear names for things
    • Testing your implementation (making sure it works now)
    • Devising and writing automated tests for your implementation (making sure it will keep working when someone else changes something)
    • Composing comments to explain why non-obvious things are done a certain way
    • Reformatting your code to fit the style of the project
    • Writing documentation, and rewriting it
    • Answering questions
    • Waiting for others to get back to you

    The time and effort required for all of this multiplies when modifying an existing codebase, and multiplies again when most of that code was written by other people. Shepherding a contribution from idea to final merge often requires not only technical skill, but also study, diplomacy, empathy, and immense patience.

    But I have no reference for how long a feature should take to implement in someone else’s code for the average Joe who does this for a living.

    It varies quite a lot. I have had dozen-line changes take months, and thousand-line changes take a day or two. Just know that if it's taking much longer than you expected, that is completely normal. :)

  • Telegram CEO calls out rival Signal, claiming it has ties to US government
  • on your own premises, for your own users/community in case you are not trusting Signal’s infrastructure.

    Yes, that's an example of data (and infrastructure) sovereignty. It's good for self-contained groups, but is not general-purpose messaging, since it doesn't allow communication with anyone outside your group.

    If you know any other similar alternative with strong encryption open source protocols please let me know! I love learning new things everyday!

    Matrix can do this. It also has support for communicating across different server instances worldwide (both public and private), and actively supports interoperability with other messaging networks, both in the short term through bridges and in the long term through the IETF's More Instant Messaging Interoperability (MIMI) working group.

    XMPP can do on-premise encrypted messaging, too. Technically, it can also support global encrypted messaging with fairly modern features, with the help of carefully selected extensions and server software and clients, although this quickly becomes impractical for general-purpose messaging, mainly because of availability and usability: Managed free servers with the right components are in short supply and often don't last for long, and the general public doesn't have the tech skills to do it themselves. (Availability was not a problem when Google and Facebook supported it, but that support ended years ago.) It's still useful for relatively small groups, though, if you have a skilled admin to maintain the servers and help the users.

  • What is the most appropriate way of tracking web traffic?
  • VPS can be had very cheap: https://lowendstock.com/

    Also, it might be worth looking for analytics software that can get its data from web server log files. I have done that with Apache and Nginx in the past. These days, I wouldn't be surprised if such software can ingest the log files created by Amazon's S3 free tier. You wouldn't have to manage a VPS with that approach.

    Of course, if you're letting a major data collector like Github (Microsoft), Amazon, or Cloudflare serve your site, it's not particularly good for privacy to begin with.

  • What is the most appropriate way of tracking web traffic?
  • The right way to do this is to self-host your analytics.

    I don't know which tools are popular for this nowadays, but something like Matomo On-Premise might be worth a look. I expect you can find more with a web search. Keywords: open-source self-hosted web analytics.

  • www.nytimes.com Scientists Find an ‘Alphabet’ in Whale Songs

    Sperm whales rattle off pulses of clicks while swimming together, raising the possibility that they’re communicating in a complex language.

    Scientists Find an ‘Alphabet’ in Whale Songs

    Non-paywall link:

    https://dnyuz.com/2024/05/07/scientists-find-an-alphabet-in-whale-songs/

    Similar articles:

    https://www.reuters.com/science/scientists-document-remarkable-sperm-whale-phonetic-alphabet-2024-05-07/

    https://www.smithsonianmag.com/smart-news/scientists-discover-a-phonetic-alphabet-used-by-sperm-whales-moving-one-step-closer-to-decoding-their-chatter-180984326/

    7
    www.techdirt.com Colorado Passes Its Third ‘Right To Repair’ Bill

    Despite the best efforts of automakers and companies like Apple, states continue to push forward with popular “right to repair” reforms that make it easier and more affordable for consu…

    Colorado Passes Its Third ‘Right To Repair’ Bill
    30
    hackaday.com Here’s How That Disney 360° Treadmill Works

    One thing going slightly viral lately is footage of Disney’s “HoloTile” infinite floor, an experimental sort of 360° treadmill developed by [Lanny Smoot]. But how exactly does it …

    Here’s How That Disney 360° Treadmill Works
    85
    newatlas.com Lithium-free sodium batteries exit the lab and enter US production

    Two years ago, sodium-ion battery pioneer Natron Energy was busy preparing its specially formulated sodium batteries for mass production. The company slipped a little past its 2023 kickoff plans, but it didn't fall too far behind as far as mass battery production goes. It officially commenced…

    Lithium-free sodium batteries exit the lab and enter US production
    178
    Amarok 3.0 "Castaway" released! [KDE music player]
    blogs.kde.org Amarok 3.0 "Castaway" released!

    The Amarok Development Squad is happy to announce the immediate availability of Amarok 3.0 "Castaway"! The new 3.0 is the first stable Qt5/KDE Frameworks 5 based version of Amarok, and first stable release since 2018, when the final Qt4 based version 2.

    Amarok 3.0 "Castaway" released!
    2
    www.theguardian.com Utah cat found safe in California after sneaking into Amazon return box

    Galena survived six days of travel with no food or water before being discovered in relatively good shape by Amazon employee

    Utah cat found safe in California after sneaking into Amazon return box
    14
    www.vice.com Scientists Have Studied the Mysterious Behavior of Cats Sitting on Squares

    Cats love sitting on any square object, as if drawn by some primordial instinct. A new study shows that the square can even be an optical illusion.

    Scientists Have Studied the Mysterious Behavior of Cats Sitting on Squares
    28
    U.S. "Know Your Customer" Proposal Will Put an End to Anonymous Cloud Users
    torrentfreak.com U.S. "Know Your Customer" Proposal Will Put an End to Anonymous Cloud Users * TorrentFreak

    A proposal in the U.S. could see cloud service companies offering CDNs, virtual services, and proxies, to positively identify every customer.

    32
    www.techdirt.com The GOP Is Blocking A Last Ditch Effort To Bring Cheap Broadband To Poor Americans

    The FCC’s Affordable Connectivity Program (ACP), part of the 2021 infrastructure bill, currently provides 23+ million low-income Americans a $30 broadband discount every month. But those 23 million…

    The GOP Is Blocking A Last Ditch Effort To Bring Cheap Broadband To Poor Americans
    35
    cointelegraph.com NSA ’just days from taking over the internet’ warns Edward Snowden

    The National Security Agency could be given expansive new surveillance powers under a proposed change to the FISA 702 bill — slated for a vote on April 19.

    NSA ’just days from taking over the internet’ warns Edward Snowden
    28
    InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)MO
    mox @lemmy.sdf.org
    Posts 54
    Comments 321