Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!

Administered by:

Server stats:

252
active users

bolha.us: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#reproduceablebuilds

0 posts0 participants0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.

#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.

Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!

Replied in thread
Public
Kevin Karhan :verified:

@lispi314 @enigmatico @bunnybeam @kimapr
nodds in agreement

  • I think having a proper #API is a way to facilitate that, cuz worst-case one just slaps together some #aliases in #bash, #fish, #zsh or whatever #shell and just uses #curl to query stuff manually as this solves the whole #WebApp - issue.

And I do prefer #FLOSS as it works fine for an ever increasing audience!

  • Even if we choose to point at bad #UX / #UI combos like #GnuPG, we've to also acknowledge better existing alternatives like #enc that just work!

Personally, I think that everything people are expected to use if not forced to use should be #OpenSource as licensed in a #OSI accredited license and be released with #SourceCode and #documentation to make #reproduceableBuilds and thus facilitate #audits by truly independent parties...

  • And if that's not possible any requirement to using said things should be outlawed no matter the context!

A unsarcastically good example is #S3, even tho I hate #amazon, they wanted #developers to integrate their #ObjectStorage which necessitated an #open source'd API to the point that it's #backend is inherently reproduceable, and now every halfassing #Webhoster offers S3 #storage, sometimes with bit & second-precise billing.

GitHubGitHub - life4/enc: 🔑🔒 A modern and friendly CLI alternative to GnuPG: generate and download keys, encrypt, decrypt, and sign text and files, and more.🔑🔒 A modern and friendly CLI alternative to GnuPG: generate and download keys, encrypt, decrypt, and sign text and files, and more. - life4/enc
Replied in thread
Public *
Kevin Karhan :verified:

@ai6yr nodds in agreement whereas the "akshual coding" is "relatively simple" if one doesn't mind #readability, #maintainability or using understandable variablr names...

Testing can be automated if one builds and documebts the tests that is...

"#AI" can't do this because those #LLM|s don't learn organically but merely act as "#StochasticParrot" and not as intelligent beings that is able or even willing to transfer * exchange information freely...

YouTubeThis dad follows his kid's PB&J sandwich instructions very literallyBy 180 degree Funny
#ai#stochasticparrot
Replied in thread
Public
Kevin Karhan :verified:

@ditol @samueljohn @linuzifer

THIS is where I disagree...

You may think it's elitist, but if people are too lazy to learn even fundamentals like how to use #Tails then maybe they should just not do #tech at all?

  • Like: We expect people to show at the every least theoretical proficiency in terms of #TrafficCode and #VehicleSafety in +every juristiction I'm aware of* and literally mandated #DrivingLicense|s for that reason.

I'll gladly teach #TechIlliterates but I won't waste my time on people that spread disinfo...

It's 2024: @tails_live / @tails has been out for over a decade and there are a shitload of guides ranging from written documentation to Zoomer-friendly TikTok-Style shorts on how to get started.

FOR THE LAST TIME:

*STOP MAKING EXCUSES TO JUSTIFY ESCALATING COMMITMENT TO EVIDENTLY BAD SOLUTIONS!"

Whereas with #SelfCustody of all the keys as well as #ReproduceableBuilds and real #decentralization, this would be evidently impossible even if all the devs wanted to comply honestly and not just because they could be held at gunpoint.

  • #Signal is not your friend. It's merely a tax-exempt "non-profit" corporation, and corporations are explicitly nobodys friend - espechally when they demand #PII like phone numbers for useage.

Compare that to #monocles where you do pay like €2 p.m. but in return get #standard #protocols like #IMAP, #SMTP & #XMPP and can pay anonymously and not have to provide any PII whatsoever!

  • And unlike #Signal they ain't dependent on #VC funding and #grant money to keep the lights on.

Make of that what you will, but just like allowing flatearthers to roam freely without caretaker supervision doesn't make the world less round, so won't the facts change about #ITsec, #InfoSec, #OpSec & #ComSec.

Because all #centralized, #SingleVendor & #SingleProvider solutions are bad, and if they don't even allow for #SelfCustody then they are just a #grift to #scam tech-illiterates that don't know and/or don't care!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Attached: 1 image @Catweazle@vivaldi.net @baeuchle@chaos.social @Linux@kitty.social @torproject@mastodon.social @Vivaldi@vivaldi.net Claiming that ["[...] Mullvad is as private as Tor [...]"]( https://social.vivaldi.net/@Catweazle/113344664983833218 ) disqualified your for any future discussion. - If you can't distinguish between a #VPN and #Tor then you are either *criminally incompetent* or *acting as a #UsefulIdiot* by *spreading #FUD and known #disinfo*, which *can get people killed* who believe this bs! I'll set you some timeout, so you can think about it and apologize in due time! #thxbye #EOD #next
#thxbye#EOD
ExploreLive feeds
About