Shamar @Shamar@qoto.org
Joined May 2019
Shamar
boosted
RT Stefania Maurizi @SMaurizi
#ReportersSansFrontières ha creato una petizione importante per fermare l'estradizione di Julian #Assange.
Vi prego di firmarla prima che sia troppo tardi. Se Julian #Assange lascia l'Europa, è la sua morte: fisica,mentale, professionale, politica
@Cyia@metalhead.club
You might like
https://en.goteo.org/
Another interesting project is #GNU Taler but I've never used it https://taler.net/en/
What were you expecting?
#Google own your work since they become your internal communication platform, even if #ThoughtWork (still) profit from it.
How did you dare to use a different #browser? 🤣
Imagine how much work Google have to do every day to make their tools slighly unusable on whatever browser they do not control!
But don't worry, you have a choice they trust: #Firefox!
Oh... it doesn't work with your Google addicted internal services?
Uhm... well... I do not know!
But don't call Google a #MONOPOLIST!
You have been warned! 😉
@Cyia@metalhead.club
The fact is that the whole monetary systen (that includes banking, paypal, visa, mastercard...) may even consume 10 times more energy than the #cryptocurrency one (and it doesn't) overall BUT it serves billions times more transactions.
To estimate the difference you shouldn't just count computers transactions but all cash transactions.
That's why these energy comparisons are ridiculous.
Shamar
boosted
La professoressa invita a usare tecnologie pubbliche, un accesso aperto alle pubblicazioni universitarie e ai dati di ricerca, e trasparenza per docenti e ricercatori riguardo i dati degli strumenti che usano
Shamar
boosted
@zacchiro I would say that distributions are that observatory, they've always been.
It's just that some ecosystems (Go, NPM, Rust, …) just destroyed their ability to act as a group of third-party maintainers and I think a large group of people stopped caring about why distributions and ports tree were created in the first place.
It's just that some ecosystems (Go, NPM, Rust, …) just destroyed their ability to act as a group of third-party maintainers and I think a large group of people stopped caring about why distributions and ports tree were created in the first place.
Shamar
boosted
Il nostro stimatissimo Associato è stato multato di 7.000 € dell'elettorato del Lavoro.
Assurdo questo attacco antimprenditoriale !
@Cyia@metalhead.club
Traditional banking is not a math-washed scam, but for sure the Gramm–Leach–Bliley Act of 1999 enabled thousands of financial scams culminated in the 2007-2008 global crisis.
You know, side effects of US imperialism... 🤷♂️
As for the energy consumption of the whole **banking** system, even the most ridiculous calculation I can find (this one: https://hackernoon.com/the-bitcoin-vs-visa-electricity-consumption-fallacy-8cf194987a50 ), forget to mention that such banking system serve several order of magnitude more transactions than the whole criptoindustry.
Even taking into account the millions of fake #NTF transactions used to pump their price!
_____
As for educating you about the limits of #blockchain I really would not know where to start...
After more than ten years #blockchain is an old tech still lacking a real problem to solve.
Maybe this interview at FTX boss might open your eyes: https://www.bqprime.com/onweb/sam-bankman-fried-described-yield-farming-and-left-matt-levine-stunned
Or might be not.
You know @strypey joked that "people otherwise smart" have a "cult-like antipathy" against the #blockchain.
In fact psychology has a category that fit well with crypto-believers: #delusion.
It's a psychiatric disorder where people believe something surreal despite all evidences.
Having saw a loved friend facing such issue, I had to study the issue for a while.
It was scary because the more you argued against the false beliefs, the more the person delves deeper into the delusion, constructing surreal explanations to justify the contradiction you show them.
So I learned that delusions are due to experiences that contradict deep beliefs over which your own identity is based.
It might happen, for example, when a person discover to be attracted by people of the same sex at a late age, after a life as a seducer or something like that.
So usually arguing about the belief is pointless, people simply cannot accept what they experience and invent the best explanation they can.
(and note that the smarter is the person, the harder is to spot the issue as the construction might be incredibly realistic!)
Anyway, in #DeFi and cryptoindustry there are tons of unscrupulous people who know they are scamming people and they are fine with it.
But there are also several people who cannot quit either because "it's a liability for your career" or because they've bound their identity to such bullshit too strongly.
In such case there is nothing anybody can say or show to make them change their mind.
I hope it's not your case.
Good luck!
@Cyia@metalhead.club
Did you read what I wrote or you are just too angry to do so?
The problem are not just few #blockchain based scams.
Nor the rich illegal market of violent oppression based on it (drugs, weapons, pedo-pornography...)
The blockchain itself is a math-washed large-scale scam-factory!
Even just because there is ALWAYS a better technical solution to every single application of it (except for scams, obviously).
Above I listed several reasons why a lot of "otherwise smart people" don't like this bandwagon.
But there are many many others...
Yet I have to admit that between 2016 and 2019 the blockchain had a very effective and green application, unmatched by any other out there.
You were able to discards tons of low quality candidates for a #developer #job with a simple script looking for few keywords in the resume: #blockchain, #cryptocurrency, #SmartContract, #Ethereum and so forth.
By looking for those keywords you were able to discard a lot of people who were either incompetent or unethical.
Unfortunately after mid 2019 these keywords begun to disappear from the resumes.
I've spotted tens of candidates who resubmitted their #resume after a while WITHOUT any reference to the blockchain.
Last year I interviewed two of them and asked (resumes at hand) why they removed any reference to the blockchain.
One replied "I realised my company was a scaming people and quit".
The other replied something like "you know, these days a past in crypto can be a liability for your carreer".
🤷♂️
Infact trust can be very effective AND safe if it's easy to reassign and can only be used transparently.
#Blockchains are NOT trustless systems: you are just blindly trusting strangers you cannot easily hold accountable.
This is particularly blatant in a "permissioned" #blockchain and in those based on #PoS, but it's also true for #PoW based ones: exchanges, developers, mining pools...
So people using the blockchain are basically trusting the least trustworthy people out there without any effective mean to remove such trust (without loosing money, obviously).
Shamar
boosted
"If you think that #Assange is a hacker, narcissist & rapist, you're not to blame because you have been deceived. If you think you haven't been deceived it means the deception is working." https://nitter.eu/NilsMelzer/status/1332274516379185153
Maybe those "otherwise very smart people" know CAP theorem?
Or maybe they know a #Ponzi scheme when they see one?
Or at least when crypto bilionaire explain #DeFi as Ponzi schemes?
Or maybe they remember #TheDAO, that proved once for all that #blockchain can be rewritten?
Or maybe they know several better alternatives to any application of blockchain (except for scam)
Or maybe they know #PoS based cryptocurrency are institutionalozed plutarchies?
Or maybe they know PoS assumes people having their highest stake on-chain (that is NEVER the case)?
Or maybe they follow closely the matter since years (I started somewhere in between 2009 and 2012) and saw countless ICOs turning as plain scams?
Or maybe they know about #Tether?
You focus on the huge waste of energy of but in fact you are ignoring the legitimacy criticism of #cryptocurrency.
Yes the cryptoindustry waste a huge amount of energy even if you do not count the one wasted in marketing, propaganda and lobbying.
But that's just one of the issue.
Shamar
boosted
Tell your young people not to give their spare energy to employed work. Their employers will take it if they give it but all that happens is the young folk burn out. Teach them “no” and “pay me”
Forse ti può interessare anche questo:
http://www.tesio.it/2022/04/22/Fondamenti_di_CyberSecurity.html
Al termine sono anche menzionati due libri, uno più tecnico/teorico e l'altro più divulgativo che potrebbero interessarti:
https://archive.org/details/cittadinanza-digitale-tecnocivismo-libro
Shamar
boosted
@zacchiro (first of all, I would like to apologise for essentially hijacking your post. I started writing a pretty short comment, which expanded into a post of its own. I'll keep it as a comment to you as context, but please be aware that it's not all a commentary on your position)
But the definition of "better" depends on the individual. I personally consider the fediverse to be infinitely better than Twitter or Facebook.
Your statement could be seen as an argument to make something better than Twitter for all current users of Twitter. I don't think that's possible, and even if it was, the result wouldn't be anything that the users of the fediverse would in any way shape or form enjoy.
Now, it may be that your argument is that the fediverse in its current incarnation shares the same problems as twitter.
If so, I might actually agree with you. It could be argued that the implementation of the fediverse where are are communicating right now (Mastodon, Pleroma, etc) has the same underlying flaw as Twitter: that someone who wishes to discuss retorcomputers ends up doing that on the same forum as someone who is spewing fascist BS. This works today because there is a certain unifying trait among the fediverse community (we tend to all hate fascist BS). However, if it grows too big, that may no longer be the case.
Discourse on the internet before the arrival of the large platforms that ends up being used by default by a large proportion of users was arguably a lot better. There was no overlap (or at least very little) between the people with different interests, and as such even if a discussion spiralled out of control it never got "viral" to involve people outside the community where the argument started.
Which brings us to possible solutions. It's easy for me to point out problems, mix that together with a bit of "it better better in the olden days" and call it a day. However, I really don't have a solution that I believe would fix this once and for all.
But, I enjoy being on the fediverse. I absolutely abhor being on twitter and FB. Thus, there is clearly something that this place does that the others do not. If anything, I'd like to see it being easier to create small communities. The local timeline is one such thing, but there should be more support for that. Unfortunately, the official Mastodon client doesn't even show the local timeline as far as I have been told.
Perdonami ma non sono d'accordo.
Anzitutto perché le minacce non sono mai tutte note ed il threat modeling non permette di eliminarle, ma di reagire rapidamente quando si presentano per ridurre il loro impatto.
Inoltre prepararsi ad affrontare le minacce note facilita la risposta a molte ignote.
Poi non esiste un profilo di minaccia "basso".
Hassan Mustafa Osama Nasr (detto #AbuOmar) era semplicemente l'Imam di Milano ed è stato pedinato, rapito e torturato.
Più o meno una figura equivalente ad un parroco di un Duomo particolarmente importante ed il vescovo di una piccola diocesi.
E se sblocchi il tuo telefono con le impronte che lasci su qualsiasi cosa che tocchi, puoi quasi lasciarlo sbloccato.
Io consiglio caldamente di NON usare impronte digitali (o qualsiasi altro dato biometrico) come sistema di autenticazione.
@boxer @Songase975 @margio@indieweb.social @prevenzione
Se mi posso permettere un consiglio, cambia subito approccio.
Se trovata la chiave di una si scoprono le altre, considera tutti gli account in questione compromessi.
La probabilità che nessuno dei servizi in cui le hai usate abbia subito un databreach decresce esponenzialmente con ogni nuovo servizio.
Se la probabilità di un databreach è 0.1%, con 100 servizi la probabilità che nessuno sia stato bucato è del 90.47% (0.999¹⁰⁰).
Ovvero hai il 10% circa di probabilità che tutte le password che seguono quello schema siano state compromesse.
9 caratteri poi sono pochissimi anche contro un brute force.
Fra i 40 e i 50 bit di entropia.
Una password decente deve stare sopra i 100-120 bit.
Adotta password manager offline decenti e usa password migliori.
È un buon consiglio.
@margio@indieweb.social @Songase975 @prevenzione
@margio@indieweb.social
Le impronte digitali le lasci letteralmente su ogni cosa che tocchi.
Il volto su ogni registrazione di ogni telecamera di sicurezza cui passi vicino.
La voce in ogni stanza in cui entri (ed in ogni videoconferenza).
Dunque i dati biometrici sono molto MOLTO più FACILI da sottrarre di una password.
Una volta ottenute le tue impronte digitali per installare una backdoor sul tuo cellulare bloccato bastano pochi secondi.
Una password è molto PIÙ sicura.
Anche se ne hai centinaia (come me) e senza alcuno schema, puoi usare uno o più password manager OFFLINE a seconda della frequenza e dei luoghi/contesti in cui le utilizzi e dell'impatto che avrebbe la loro compromissione.
Naturalmente questa gestione richiede consapevolezza.
La stessa consapevolezza per cui non ci si fida di #SGX/#SecureEnclave, per cui non ci si fida dei #GAFAM e si utilizzano password (o chiavi crittografiche) diverse per ogni utenza.
Una consapevolezza che non puoi sostituire con una soluzione tecnologica.
Per altro, affidare dati biometrici a #Google, #Microsoft e #Apple è peggio che affidare le galline al lupo, perché almeno se il lupo mangia la gallina te ne accorgi!
@minimalprocedure@octodon.social @prevenzione @Songase975
@margio@indieweb.social
Ah la #SecureEnclave che è stata decriptata nel 2017 e bucata nel 2020?
Più o meno le stesse promesse offerte da Intel SGX le cui vulnerabilità sono ampiamente documentate https://en.wikipedia.org/wiki/Software_Guard_Extensions#Attacks (la mia preferita è la LVI)
Chi ha accesso fisico all'hardware può fare quel che vuole. E non è affatto difficile ottenerlo, perché il cellulare te lo porti dappertutto.
Leggi cosa riescono a farci i professionisti: https://www.journalofdemocracy.org/articles/subversion-inc-the-age-of-private-espionage/
> a patto di avere con se un loro device
Esatto.
Nonostante tutte queste vulnerabilità, queste aziende investono su queste tecnologie proprio per poter avere tutte le uova di tutti nel proprio paniere.
Nemmeno una basilare differenziazione del rischio.
E se mai dovesse servire, loro possono inviarti un bell'aggiornamento di sicurezza personalizzato, prendere tutti i dati biometrici che tu ritieni al sicuro nella "Secure Enclave" e nascondere tutto prima del secondo riavvio.
Invece una password che sai solo tu e puoi cambiare quando ti pare non ti espone a questi rischi.
Ma io ne capisco poco eh... 😉
@margio@indieweb.social
beh... bene!
Sono sempre molto felice di imparare cose nuove...
puoi essere un po' più specifico?
Joined May 2019
