I’ve seen this often.

User sends a screenshot of her screen.

On the screenshot, you see a tab with a google search result page for "How do I take a screenshot?" 😃

If everything is fine with this RC, you can expect the final 0.21 release by the end of the week 🎉

Show thread

Failed exploit against our Mastodon server. SQL injection attempt, obviously.

@tux They seem to be interested in you. 😉

Why are we flooding your feed today? Because we feel we are entering into a perfect storm of privacy issues.

We believe that engaging in and out of our personal networks can help us correct course.

1. We have an unprecedented attack on #encryption, in the US with the EARN-IT act, and beyond.

2. Pervasive widespread person-tracking is being embraced by governments and the public, often unwittingly.

3. Fear may prompt the public to cling to ideologies that are injurious to #privacy.

There are great initiatives over here.

A local NGO named DigitalForYouth collects and refurbishes laptops and phones for low-income groups and schools.

Sadly, they seem to be completely adverse to the idea of using free software and will impose Windows 10 on every machine. 😞

The mobile app for Meet has been updated to 20.1 this week.

They fixed an annoying bug in the settings dialog. Entering a custom URL for the server was a real pain. Now it’s quite easy.

This is very good news. There are lots of Jitsi Meet instances around, and this setting is really useful. (And I had some friends about to give up only because of that poor usability problem.)

I learned something about NS, the Dutch railways: they use GNU/Linux for their info screens.

Slight misconfiguration here, though. 😉

has gone too big, it should become independant from .

That way, instead of we could start saying G-MAFIA. 😄

Matthias Kirschner (from Europe) raised an interesting concern during his talk.

Some people might say: "I want a restrictive to the software I’m writing, to prevent 'bad guys'—e.g. the military, the Mafia—from using it."

Bad idea: if people are killing other people, software licences are probably not something they would really care about.

Better stick with licences that do not impose personal views about who and what purposes. (Copyleft is important, though.)

It is interesting to see how attacks are quickly mutating.

Today, hundreds of "GET /.aws/credentials" requests started popping up.

Show thread

In the past hours, I have seen a large number of requests in my log.

"GET /.env HTTP/2.0" 403 146 "-" "curl/7.58.0"

Hundreds of bots looking for the file, then going away. Most addresses resolve in compute.amazonaws.com

They are very obviously trying to get a config file. Is it still that old Laravel ?

#fosdem is around the corner. I've been attending since 2004. If you do anything computer related try to attend once in your life.

It feels good to live away from Windows machines. This is getting creepier every day.

Installing also installs a side executable that can search the hard drive and remove programs it thinks might interfere with the browser.

Remember: If you behave like malware, then you ARE malware.

ghacks.net/2018/01/20/how-to-b

I want to help non-technical friends to secure their clients with .

How shall we deal about expiry dates for GPG keys?

1) Teach them how to renew their keys
✅ They become self-supporting
❌ Way too complicated. Error-prone

2) I keep their private keys and do it for them
✅ Easy
❌ Unethical to potentially become a privacy-violator myself

3) Set a key that never expires (or in 10+ years)
✅ No need to worry
❌ What if their phones get stolen or hacked?

Any better idea?

Stand in solidarity with your favorite demonetized YouTuber,

watch NOTHING
upload NOTHING

December 10th-13th

#YouTubeWalkout

fans know that "Correct Horse Battery Staple" is a strong .

I inadvertently saw a user applying the 4-word password principle in front of me:
– Teenage Mutant Ninja Turtles
😄

I bet this opens the door to a new type of effective dictionary attacks.

Lesson for all of us: teach your users to be smart and never rely on simplistic rules.

After a lot of combined effort by the F-Droid community and the jitsi team the #Jitsi Meet app is now finally available on F-Droid:

f-droid.org/packages/org.jitsi

🎉 🎉 🎉

updates are equisitely non-explicit.

—"The security of your device has been improved."
—"New / enhanced features"
—"Further improvements to performance".

No detailed information of any kind.
Maybe they assume we shouldn’t know.

Show more
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!