Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!

Administered by:

Server stats:

252
active users

bolha.us: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#TechIlliterates

2 posts2 participants0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@JessTheUnstill @bohwaz @punkfairie @ajsadauskas @tomiahonen @fuchsiii

Granted, @tails_live @tails / #Tails and @torproject / #TorBrowser are propably one of the best & most battle-tested options that are useable for #TechIlliterates...

THAT'S NOT GOING TO HAPPEN!

If not for being absurd then for the fact that people need to get things done!

  • And it's not as if I haven't taught people how to get started, ranging from having to crash-course someone remotely via chat to hand-on #CryptoParty sessions: If it's way more complex than an AKM chances are people won't stick with it!

So you can imagine how glad I was when @thunderbird merged #Enigmail into #Thunderbird so there's no more fiddling around getting #PGP/MIME to work!

YouTubeLord Of War - AK 47By Angelking762x39
Replied in thread
Public *
Kevin Karhan :verified:

@JessTheUnstill @bohwaz @punkfairie @ajsadauskas @tomiahonen @fuchsiii Exactly...

Coincidentially, that's why #Android (and #iOS) doesn't let users have #root access because billions of devices owned by mostly "#TechIlliterates" that hardly get #SecurityUpdates would be an even bigger risk if they didn't boot a locked-down #ROM image, thus only allowing for #malware in user-privilegued userspace!

Cuz having a mobile OS that shoves everything through #Tor and only allows #userspace-Apps in the form modern web technologies would be a big #security and #privacy gain.

  • Not to mention #amd64 is on it's way out and inevitably they gotta have to transition to supporting #arm64 and eventually #RISCv-#64bit at some point.
#amd64#arm64#riscv
Replied in thread
Public
Kevin Karhan :verified:

@ajsadauskas @JessTheUnstill @tomiahonen @fuchsiii

And #MeeGo aka. #Maemo kinda was lauched dead in the water, with even less support than the #OpenMoko powered FIC Neo1973 in it's days, which was as approachable to #TechIlliterates as a F-22 cockpit to an illiterate…

Vivaldi SocialAJ Sadauskas (@ajsadauskas@vivaldi.net)@kkarhan@infosec.space @JessTheUnstill@infosec.exchange @fuchsiii@oxytodon.com On Nokia, I know @tomiahonen@mastodon.world is on Mastodon, and might be able to shed more light on what happened internally there? But the short version is Nokia chose the worst of all possible worlds by going with Windows Phone. Yeah, Symbian was reaching the end of its life. There were three choices to replace it: a) MeeGo. Ended up only shipping on one phone: The Nokia N9 in 2011. People still rave about that phone today. Possibly the best option. b) Android. Basically, what Nokia's successor HMD is doing, except they would have had far more momentum by going early. c) Windows Phone. History shows how that multi-billion-dollar blunder worked out. And I liked WP. I used it for around a year at one point. But MSFT completely mishandled it. As for Firefox OS, I think Mozilla completely misjudged the market for it. No, the first market for an open source phone with an app ecosystem based on open web standards shouldn't have been underpowered devices for emerging economies. It was for people who run Linux on the desktop at home, people who run deGoogled Android, and people who work in software development/IT/InfoSec.
Replied in thread
Public *
Kevin Karhan :verified:

@Andromxda @mollyim no it's not bs and fanboying @signalapp isn't going to change that.

If #Signal was secure it would be the #1 comms tool of organized crime...

Real professionals use #SelfHosting capable, fully #FLOSS'd solutions like #PGP/MIME & #XMPP+#OMEMO.

It's just me reading the room: Cuz #ComSec isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out #OpSec, #InfoSec & #ITsec is BSing hard.

  • The cold hard truth is that #TechLiteracy is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.

Fortunatelty, @thunderbird and @tails_live / @tails / #Tails and many other tools make that easier than ever before.

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
#cryptoparty
Replied in thread
Public
Kevin Karhan :verified:

@f @ai6yr @briankrebs I think it's less of a "#political" question but an act of #SelfDefense and #MutualDefense at this point.

Re: #TechIlliterates that are unwilling to learn, act like a "#BenevolentDictator" and enshure they can't harm themselves in the sense that they don't get #sudo or other administrative privilegues and can't do any #persistent #changes.

  • And if that means they get forced to use #Tails then that's a "necessary evil"...

After all, societies almost everywhere ban people from driving motor vehicles faster than 6 km/h by people who actively refuse to even take basic exams and classes for a #DrivingLicense.

  • And I'm convinced one can do more damage as #TechIlliterate with a #PC than a single-cylinger two-stroke engine driven motorcycle...
#techilliterate#pc
Replied in thread
Public
Kevin Karhan :verified:

@ai6yr @briankrebs OFC this targets #TechIlliterates and the only effective means here are:

  1. Teach #TechLiteracy instead of consumerism.
  2. Mandate #confirmation & #notification - #PopUp|s for every use of #Clipboard (similar to #webcam use by websites)...
  3. Ban #JavaScript - seriously!
  4. Ban #Windows, because it's a #Govware, espechally since #Windows10 and even more so on #Windows11 that is *insecure in every configuration!
  5. Put #TechIlliterates before a system they can't feck up. I.e. @tails_live @tails / #Tails for that reason alone (can't run such commands if they neither got #root nor any #persistent #storage to target).
  6. Normalize the use of @torproject #TorBrowser!
  7. #Teach #tech #literacy instead of #consumerism!
  8. Ban #GAFAMs and their shitty products!
  9. Migrate every #TechIlliterate to #Linux and don't give them administrative privilegues.
  10. Teach tech literacy instead of consumerism!
#techliteracy#confirmation#notification
Public *
Kevin Karhan :verified:

@erebion @inaruck doch, hab' ich.

Threat Models die ich betreut habe:

  • Person die vor staatlicher Verfolgung fliehen muss
  • Person mit Kopfgeld auf deren Ermordung durch Angehörige
  • Schutzsuchende in einem gänzlich feindlich gesinntem Staat

Ich werde nicht entsprechende personen d0xxen nur um #TechIlliterates zu überzeugen und ne Diskussion zu gewinnen!

Verbindung getrennt

Replied in thread
Public
Kevin Karhan :verified:

@dalias @lauren
@pixelschubsi

Also the blatant dismissal of absolitely basic #OpSec & #ComSec is just flabberghasting.

Only #decentralized, #OpenSource & #OpenStandards can actuall survive long-term and remain #secure.

It's the same reasons we use #PGPG/MIME & #SSH and not #X400 & #X25!

IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...

The less #info a provider has, the less they can be forced to snitch upon customers.

"#JustUseSgnal!" is a form of dangerous "#TechPopulism" aimed at bamboozling #TechIlliterates who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.

The only ones that have a chance to beat that are @delta / #deltaChat but that's just #PGP/MIME #eMail in a nice UI...

  • You may now laugh at me and think my "#TinfoilHat sits too tight" but I'm shure sooner or later I'll be evidenced as correct...
Hachyderm.ioCassandrich (@dalias@hachyderm.io)@kkarhan@infosec.space @signalapp@mastodon.world @monocles@monocles.social @lauren@mastodon.laurenweinstein.org Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal. The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties. There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...
#tinfoilhat
Replied in thread
Public
Kevin Karhan :verified:

@lauren I disagree as @signalapp requires a #PhoneNumber = #PII & cost barrier and they restrict access based off #PhoneNumbers.

  • Plus it's illegal in an increasing number if juristictions to gmeven attempt to acquire a phone number or SIM anonymously.

Whereas it's so easy and fast to get #TechIlliterates setup with #XMPP+#OMEMO (which uninke #Signal doesn't demand PII!) that I'd challenge you to a #speedrun with step-by-step documentation for every #TechIlliterate to follow along to setup Signal from scratch vs. me doing #XMPP+#OMEMO on @monocles @gajim.

Also #Signal being #centralized makes it as vulnerable as any other #SingleVendor & #SingleProvider solution!

  • Whereas even if #monocles were to shutdown, one could easily switch over to any other provider or #SelfHosting.

I'd not count on the #Trump-Regime not flexing #CloudAct against anyone they deem undesireable!

ExploreLive feeds
About