Shamar @Shamar@qoto.org
Joined May 2019
Shamar
boosted
@ThierryBreton@twitter.com 🇬🇧 Russia spies on Ukraine and peace activists. Still no support from EU Commissioner @ThierryBreton@twitter.com for a right to secure end-to-end encryption #E2EE in the #DigitalServicesAct #DSA as proposed by Parliament. This must change now!
https://peertube.european-pirates.eu/w/eTamhMxqcL2eo1cZU1JgH2
Hey @homegrown I've just seen your related project page and I noticed you did not mention #FreedomBone but then I realized its name changed to #LibreServer!
https://libreserver.org/
https://freedombone.net/
Good work! ;-)
@miriamgreco@mastodon.uno
Ho mai detto che Linux non contiene backdoor? 😉
Ne contiene meno, MOLTE meno, ma non è affatto esente.
E d'altro canto, chi credi che finanzi la stragrande maggioranza dello sviluppo del kernel Linux?
Sì beh, giusto per chiarire: io sviluppo software e NON vendo cybersecurity né consulenze sul tema.
Di mestiere sviluppo software finanziario per alcuni grandi gruppi bancari.
Nel mio tempo libero, oltre a sviluppare cose come http://jehanne.h--k.it/ e https://github.com/hermescenter/monitorapa mi occupo anche di educazione informatica e cibernetica ed insegno (sempre gratuitamente) a grandi e piccini concetti fondamentali che gli permettano di ragionare ed usare in maniera critica gli strumenti disponibili (ed anche di scegliere di NON usarli quando non valgono il costo che pagano in termini di autonomia).
What happened to "Cortana"?
What is "rampancy"?
Shamar
boosted
NYT [1]:
"[Putin] has exerted iron control over the news outlets in Russia; state media is not publicizing most casualties..."
True. But why deny the existence of Russian independent media and "agency" of Russians?
"But some Russians have access to virtual private networks (VPNs) and are able to get news from the West."
Some Russian independent media are even so kind as to write in English:
Moscow Times: https://www.themoscowtimes.com
Meduza:
https://meduza.io/en
[1] https://www.nytimes.com/2022/03/16/us/politics/russia-troop-deaths.html
La differenza fondamentale è che la probabilità di scoprire una vulnerabilità in un sorgente è nettamente superiore a quella di scoprirla in un binario.
Naturalmente questa probabilità si riduce progressivamente all'aumentare della complessità del codice, ma fare di "tutta la birra un brodo" è, come già detto, miope.
Giusto per fare un esempio, OpenBSD è più sicuro di Windows o Linux perché espone, nella configurazione di default, meno vulnerabilità.
E' sicuro in assoluto e contro qualsiasi attaccante?
No, ovviamente.
Ma è _più_ sicuro di altri contro moltissimi attaccanti.
Hai ragione: la sicurezza di un sorgente non può essere data per scontata.
Ed una volta verificata, non puoi dare per scontata la sicurezza del compilatore e dunque del binario.
Cioè hai un sistema più sicuro (hai rimosso le vulnerabilità del sorgente) ma non sicuro in assoluto.
Su Linux, c'è chi sta lavorando proprio a minimizzare il grafo di dipendenze e rendere riproducibile la build a partire dai soli sorgenti:
https://www.joyofsource.com/we-did-it.html
https://github.com/fosslinux/live-bootstrap
Ma naturalmente non sono mai le persone che sono state convinte che sia impossibile, a far progredire il mondo. 😉
@miriamgreco@mastodon.uno
Purtroppo stai facendo confusione.
Sui sistemi Linux quella backdoor va installata scientemente da qualcuno che, in qualche modo, ha ottenuto accesso al sistema.
Le backdoor in Windows (ed in generale nei prodotti Microsoft) sono parte del sistema operativo stesso.
Qui trovi quelle scoperte nel solo 2021: https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&product_id=&version_id=&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=8&cvssscoremax=0&year=2021&month=0&cweid=0&order=1&trc=909&sha=2648b74d1c319051fa0ae719a0ab19d610cab150
@miriamgreco@mastodon.uno
Certo, questa è una ottima obbiezione.
Quando ho iniziato il porting di #GCC su #Jehanne, non immaginavo assolutamente che avrebbe di lì a poco abbandonato il progetto #GNU. Né ero consapevole che la Steering Committee [1] fosse composta in ampia prevalenza da dipendenti di aziende con contratti miliardari con il DoD americano (9 membri su 13).
Perché potessi accorgermene è stato necessario che togliessero #RMS su richiesta di un dipendente di #Facebook.
D'altronde la questione è seria e ben nota sin dai tempi di "Reflections on Trusting Trust" [2] e molti ci stanno lavorando da anni, attaccando il problema da vari fronti.
Detto questo rassegnarsi, collettivamente, al fatalismo del "eh ma tanto è tutto insicuro" è ciò che lascia molti esposti ad innumerevoli vulnerabilità che potrebbero essere facilmente evitate.
____
[1] https://gcc.gnu.org/steering.html
[2] https://cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
Shamar
boosted
Woot! I fixed a policy limitation at work by simply refusing to apply the policy as written and standing my ground. "Family" for purposes of sick/bereavement/etc. leave now includes anyone with which the employee has a "family-like relationship", not just "blood and law relatives"
I got into a little trouble by signing off on family leave for an employee whose dear friend ("she's like a sister to me") needed some medical support, but I stood my ground on the basis that we shouldn't be defining family in a way that excludes people our employees consider family. And I signed it off twice more.
HR threatened to fire me over it, but a whole bunch of my peers and a good chunk of my team basically went together to HR and my VP and said "he goes over this, we quit". Solidarity works!
@ekaitz_zarraga As you know, I always think hackers should follow their own curiosity.
So there's nothing wrong studying GCC. There's even nothing wrong in using or hacking GCC.
I just don't feel safe by DEPENDING on GCC.
In case you are going to write about TCC internals, please don't forget to send me a link, though.
____
I don't remember much about target description macros, but started from here https://wiki.osdev.org/OS_Specific_Toolchain
I remember that learning about Spec Files was a turning point that raised my productivity in the port https://gcc.gnu.org/onlinedocs/gcc/Spec-Files.html
@ekaitz_zarraga Not an expert at all, but GCC made me crazy when I had to port it to #Jehanne.
Also, since the removal of #RMS from the #GCC SteeringCommittee I realized that its development is mostly in the hand of large US corporations with large DoD military contracts.
I mean, what can go wrong?
I started to port Jehanne to TCC but it's not that easy (in particular for the kernel parts) and after some days on that I moved to other stuffs. For now.
GCC is a cool tool(set).
Unfortunately, they forgot (or betrayed) the #GNU in their name.
Shamar
boosted
LibRedirect loads privacy-friendly sites automatically when you load YouTube, Search, TikTok and other sites - Martin Brinkmann - Mar 16, 2022
#LibRedirect is an open source browser extension for Mozilla #Firefox and Microsoft Edge. It is designed to redirect the loading of popular destinations on the Internet automatically to #privacy friendly websites.
www.ghacks.net/2022/03/16/libr…
#LibRedirect is an open source browser extension for Mozilla #Firefox and Microsoft Edge. It is designed to redirect the loading of popular destinations on the Internet automatically to #privacy friendly websites.
www.ghacks.net/2022/03/16/libr…
Shamar
boosted
#TrackingExposed ha oggi pubblicato uno speciale rapporto di 24 pagine sulle attività di #TikTok in Russia.
I loro ricercatori hanno scoperto in esclusiva che TikTok ha bloccato circa il 95% dei contenuti precedentemente disponibili per i suoi 55 milioni di utenti in Russia *senza annunciare questa iniziativa*
https://tracking.exposed/pdf/tiktok-russia-15march2022.pdf
https://twitter.com/trackingexposed/status/1503734082840182788
You seem pretty confused.
(assuming you are not just trolling).
Maybe if you unroll the thread you might get the point.
Or maybe not.
Here a short recap:
1) @fsf points out that #Copyright law slows down human progress by comparing software to Pi
2) @agntsmith points out that mathematical constants are excluded by copyright protection
3) I noted that any software (or content or data) can be encoded as a mathematical constant basically because they are just notational conventions and proved my point by recalling the famous case of Carmody illegal primes.
4) @p2hang argued that I should get an education because I do not know that constants need mathematical proofs. When asked about a proof for the value of 1, he tried a call to authority by telling that Principia Mathematica contained such proof.
5) I opened Principia Mathematica and guess what? 1 is DEFINED, not proved, at page 36. So I deduced that he got an education but it didn't worked as he didn't understood what he studied (so much to not being able to tell a definition from a proof).
Finally you came arguing that judges consider intent (true) that not every number can be a constant (false), that the illegal primes are actually illegal (unknown, as no one even tried to open such legal pandora box) and several other confused argument I don't bother to repeat here.
And I didn't even mentioned the Curry-Howard equivalence!
Guess what?
Every single program out there is a theorem too. And theorem are not protected by copyright or patents.
So sure, maybe I need to get an education. But please tell me where you got yours so that I can avoid your misinformed arrogance.
😘
Just in case anybody would ponder if you know what you are talking about, here is page 36 of Principia Mathematica, where 1 is defined, without any proof whatsoever.
Maybe I need to "get an education" ¹ but please, tell me where you got your so that I won't repeat your waste of money and time. 😉
___
1) as you suggested here: https://chungus.cc/notice/AHQjqzgCD9TMBwzoWW
... and yet Phil Carmody is still free and his prime encoding #DeCSS was published.
Sure, @roboneko, you are right about the fact that a Judge consider actual intention, but as much as he want to praise the most powerful, he still has to follow the Law (at least formally).
And sure, I'm not suggesting to actually do anything illegal.
I'm just arguing that any software (or any content) CAN be encoded as a mathematical constant.
You just have to define it.
Now you say that by defining "mathematical constant" as "a convenient notation to precisely convey a useful meaning", I'm not using the term properly.
Let's assume you are right.
So what's the definition "anyone use"?
Joined May 2019
