Notices by Rysiekúr Memesson (rysiek@mastodon.social), page 16

Also worth mentioning a very nice (no) dark pattern. The last name in the list is always behind the gradient block, which means you can never untick it.

That's Oath, the new owners.

List of names of the "partners" Tumblr shares your data with

5/5

List of names of the "partners" Tumblr shares your data with

4/5

List of names of the "partners" Tumblr shares your data with

3/5

List of names of the "partners" Tumblr shares your data with

2/5

List of names of the "partners" Tumblr shares your data with

1/5

Kek.

@HerraBRE shush now! ;)

Again, this seems like a good resource about GDPR: https://gdprexplained.eu

Done by EDRi, Panoptykon, Bits of Freedom. So they should definitely know their stuff.

With all my gripes with# Signal (centralized, non-federated, server-based, Electron-based desktop app), the fact that in my circle of contacts it's not longer the "pretty good solution we should be using" but the "pretty good solution we are using but looking for something better" is such a win.

I just wanted to stop for a second and appreciate that.

If we're talking about the need to move to something better than Signal, we are in a pretty decent place.

#infosec

@JackyDahlhaus I am waiting for machine learning algos to start being trained on bad puns and polka music.

This would give us Weird AI.

/me shows himself out

White House Eliminates Cybersecurity Position
https://www.schneier.com/blog/archives/2018/05/white_house_eli.html

Uhm...

@Shamar @kaniini if the copyright system made it possible to ban clean room reimplementations, you would not have a lot of the GNU utils, which are cleanroom reimplementations of closed-source tools from different UNIXes.

Patent laws are being used for this exact purpose these days. That's why they're considered evil by the FLOSS community.

Be careful what you wish for.

On drones, #Google, #Evil, #reCaptcha, and the #AGPL:
https://joeyh.name/blog/entry/prove_you_are_not_an_Evil_corporate_person/

#GoodRead #FreeSoftware #DontBeEvil

@jerry @Aaron what we really need is a way to securely send e-mail.

People will continue to send e-mail. There is no way this goes away antime soon. People will send sensitive stuff via e-mail.

We can spend time discussing just how exactly people should not use e-mail, or we can build a system that works.

I like the ideas behind PEP and AutoCrypt. I'd like to see them implemented in more clients.

@Gargron @angristan

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

;)

https://www.occrp.org/en/62-press-releases/8084-slovak-police-must-return-seized-reporter-s-phone-immediately

Yesterday, Slovakia’s National Crime Agency seized a mobile phone belonging to @OCCRP 's partner, investigative reporter Pavla Holcova.

Slovak police invited Pavla for an interview for what we believed was a friendly meeting to aid the investigation into the murder of Jan Kuciak.

Instead, Pavla was interrogated for over eight hours. (...) Police made comments during the interrogation suggesting the Holcova’s professional history was “always against the system.”

Seriously, if you want to comment on the #efail GPG thing, esp. the way it was handled by EFF, first and foremost get your damn facts right.

There is a discussion we should be having about this, but for fucks sake it has to be on some sane level. And that requires not spreading bullshit.

It's already complicated enough.

Oh boy. https://github.com/signalapp/Signal-Desktop/issues/1635

tl;dr Signal Desktop is based on Electron, which in turn is based on Chromium 58-59, and it seems to be affected by bugs that have been fixed in Chrome/Chromium 60-62.

Gotta love #Electron. As somebody said "now everyone is running 5 different instances of old insecure versions of the most scrutinized and attacked application on Earth."

#InfoSec

I do not want to live on this planet anymore:
https://arstechnica.com/information-technology/2018/05/drive-by-rowhammer-attack-uses-gpu-to-compromise-an-android-phone/

"[T]he exploit is the first to show that GPUs can flip individual bits stored in dynamic random-access memory. (...) It's also the first Rowhammer attack that uses standard JavaScript to compromise a smartphone, meaning it can be executed when users do nothing more than visit a malicious website. Another key innovation: on average, GLitch takes less than two minutes to compromise a device"

#infosec

@phryk @federicomena nope, we will definitely end up with geocities UI.

UI/UX is a whole research area. If you want to do research, go ahead by all means! But if you're creating an UI to be used in production by real users, don't go overboard. It has to work in the context of the OS and all other programs/UIs on it.

Think about how annoying all special snowflake UIs for WiFi settings, antivirus software, firewall systems, and music players on Windows were.

Ugh.