history which may or may not be relevant to you: https://en.wikipedia.org/wiki/Cryptocat
history which may or may not be relevant to you: https://en.wikipedia.org/wiki/Cryptocat
A name I’ve seen in connection with this issue is Obtainium. From a cursory look, it appears this just streamlines checking for and getting apk’s from GitHub release pages and other project-specific sources, rather than adding any trust. So maybe it just greases the slippery slope :)
Security guidelines for mobile phones, and therefore policies enforced by large organizations (think Bring-Your-Own-Device), are likely to say that one may only install apps from the platform-provided official source, such as the Play Store for Android or the Apple App Store for iOS. You might say it’s an institutionalized form of “put[ting] too much trust in claims of authority.” Or you might say that it’s a formal cession of the job of establishing software trustworthiness to the platform vendors, at the mere expense of agency for users on those platforms.
People are not taught how to verify the authenticity and legitimacy of software
Rant: Mobile computing as we know it is founded on the rounding off of the rough corner of user agency, in order to reduce the amount users need to know in order to be successful, and to provide the assurances other players need, such as device vendors, employers, banks, advertisers, governments, and copyright holders. See The Coming War on General Computation, Cory Doctorow, 2011. Within such a framework, the user is not a trustworthy party, so the user’s opinion of authenticity and legitimacy, however well informed, doesn’t matter.
No, I have not tried that. But I might now. :)
I’ve got a Thinkpad 600X (Pentium III, 256MB RAM). I put Debian 12 on it, and the OS is not quite small enough. (NetBSD couldn’t drive my particular CardBus Wifi card, sadly, and 9front couldn’t drive the NeoMagic video properly.) Just Emacs on the console, no X, and eww for web browsing (to your question) and elpher for poking around Gemini. I’m not familiar enough with Thinkpads to know if that’s a useful data point for you.
Nobody’s mentioned https://www.haiku-os.org/ yet, so I will. I can’t remember what happened with it on my Thinkpad. There are several graphical browsers there, with a range of capabilities, as well as a port of Emacs.
I guess my real answer is: don’t handle today’s internet with all of its heavy websites? Use the web for documents, and use native applications rather than web apps for other purposes, such as chatting and email.
I would pull on that thread. That is, in your shoes
Directions unclear; shoelaces tangled
Musk’s X risks. Musk’s X risks. Muck’s eck ricks. Dangit
Secure Scuttlebutt is (was?) a protocol for high-latency communication between occasionally-networked humans. Pro: https://scuttlebutt.nz/; con (not read in detail): https://derctuo.github.io/notes/secure-scuttlebutt.html. I think it was supposed to be able to spread messages over Bluetooth, assuming a sufficiently connected web of nodes between person A and person B. Public keys were identities, and were bound to devices; unfortunately people may have multiple devices, or change devices over time, so this was a hindrance.
IPFS was supposed to be the Interplanetary File System. I think that was just because whatever pieces of content you ask for, you also cache, as part of the design: you keep a copy on the near side of the small high-latency pipe. But that’s mostly about file transfer, not interactivity.
UUCP was definitely made in a time where a latency of days for delivery of email or netnews was common.
In the early days of CGI, the Web was just one way people imagined interacting with applications; another way was email. RFC 3834 has some recommendations for people who are going to automate email responses. There used to be services you could email a URL to, and receive the web page back as an email.
Using ed (in my experience) involves looking up the screen, or up the roll of paper on your teletype, to see what the lines of your file were, and imagine what they are now, given the changes you’ve wrought to them since they were printed, and then turn them into what they should be. With Mars rovers you have a simulation that you issue your command to, before sending it off to Mars. With correspondence chess you might keep a physical chessboard for each game you have going, and/or send a form back and forth that keeps track of several moves.
People used to do computation at universities and businesses by writing programs at their desks, submitting them to be typed on punchcards, and receiving printouts some time later. They would “desk check” their programs before sending them in, because each compute job took a couple days to come back.
I mention all these because, in an extreme censorship environment, any local state (session history on paper, an app on a smartphone, an odd device) might not be good to have around. So usability may require reducing the total amount of state that a command carries. The current working directory at the time a command is run changes the meaning and outcome of the command; you may not remember that directory in a day or two. The vocabulary and syntax of command-line switches are easy to look up in online manuals - but are there offline manuals? I don’t know if this avenue of inquiry helps you, but it’s interesting to think about for a moment.
CollapseOS used to emulate the Z80 using… libz80, i think it was called? lib6502 is also a thing.
They are made (I think) to be implementable - even, to give implementors some flexibility. Then everybody goes and buys a tool to do it, and not that well. I thought 15 years ago that security configuration was a (voluminous) subset of system configuration and system administration, ripe for automation and rigorous documentation - not something to pay a different vendor for. But the market says otherwise. When you can split some work across a whole team, or even into a separate company, instead of glomming it into one job, that’s worth money to businesspeople.
The C128 has a Z80 too ;) I don’t reckon there was an SX128 though
Oh, like refusing to parse $5
. That would be good. Thanks for looking!
Uhhmmmm… “sold for 00”? What part of the software in between this headline and my browser is parsing $5
(which clearly has no value at that moment), and why is it working on input it isn’t intended to? What variables would exist and be interpolated into the title if they were to happen in a post title? Is this a known issue? An issue with the bot? An issue with Lemmy?
Do people get messages when you @ them? @krogoth@infosec.pub @jerry@infosec.pub @shellsharks@infosec.pub I don’t want to report this post - it’s a fine post - but I do want infosec.pub to be safe and secure.
There are many ways to be more selective about from whom to accept email. SPF, DKIM, DMARC, and various blacklists are among them. They are supposed to make life harder for spammers. But they have also made running a mail server something that few dare to try anymore. Setup is not easy, but getting blacklisted is, and it causes silent delivery failure, and takes days of work to fix.
As a result, most of the email is run by Microsoft and Google. But that didn’t stop phishers. They just go after people at smaller companies where security isn’t as tight yet, and then they’ve got valid Microsoft accounts to send from. Liars and Outliers by Schneier is about this sort of dynamic.
As for PKI: If I may assume you to be, or have been, affiliated with an armed service – Whose property is your CAC? And why did you use a pseudonym to make this post? (I mean to be pithy, not sarcastic.) I think Liars and Outliers by Schneier is all about this sort of thing - but I didn’t get much of it read before it was due back at the library.
Sam Zeloof has made chips in his garage and posted a whole series about it on Youtube. He bought his silicon wafers, he didn’t grow them, and his machines do take up the whole garage - but he did the whole thing himself. Fascinating viewing IMO. I don’t know anything about where one would get these garnetty materials you mention, though.
Marvellous!