Em Adespoton

It won’t be gone. How else will they make good on their threat of shutting down media companies that say things they don’t like?

That means the British Indian Ocean Territory will cease to exist, along with the .io domain and countless websites.

What will happen is that the International Standard for Organization (ISO) will remove the country code “IO.” IANA (Internet Assigned Numbers Authority) which creates and assigns top-level domains, uses this code to determine which top-level country domains should exist. Once ‘IO’ is removed, IANA will start the process of retiring .io, which involves stopping new registrations and the expiration of existing ‘.io domains.‘

I don’t get this: shouldn’t Mauritius gain ownership of .io? Russia has .su, and it’s been over 30 years since the Soviets existed.

[edit] also, since there’s .whateveryouwant these days, why not just make .io a non-country TLD? That’s how it’s used anyway.

I feel your pain. I have maintainer roles for a few projects where things could be slowed down by a week or more if I didn’t have direct commit access. And I do use that access to make things run faster and smoother, and am able to step in and just get something fixed up and committed while everyone else is asleep. But. For security critical code paths, I’ve come to realize that much like Debian, sometimes slow and secure IS better, even if it doesn’t feel like it in the moment (like when you’re trying to commit and deploy a critical security patch already being exploited in the wild, and NOBODY is around to do the review, or there’s something upstream that needs to be fixed before your job can go out).

They haven’t been removed from the community though — just the maintainers list. Now they need someone else’s review to commit code to the kernel.

Personally, I think even maintainers should be required to have that — you can be the committer for pre-reviewed code from others, but not just be able to check anything you want in, no matter your reputation (even if you’re Linus). That way a security breach is less likely to cause havoc.

It’s worth noting that a sizeable number of Tor exit nodes are actually run by the German government. Meaning: they know exactly what’s going through those nodes.

So all they need to do to unmask a Tor source IP is control the first hop too. They’re in a position where they can narrow searches down to activity they’re actually interested in without significantly decreasing the privacy of other Tor users, and then they can peel back the onion.

This has been the case since shortly after Tor was created.

Google implemented WebP because they can control it without having to pay anyone else. Apple then bungled the client-side implementation.

Funny… I did the same thing. Chose Grand Central as my provider… who were then acquired by Google and became Google Voice :-/

These days I still have my GV number as it’s a known number, but I never call out on it. When possible I use Signal; I’ve also got burner talkatone numbers that change regularly, and Matrix/Element for any regular communication.

I figure the combination means that no provider has a full picture and all of those providers are unlikely to aggregate to the same databases.

The Beelink ones come with Windows 11 Home; since this is a privacy community, it should be obvious that that’s not all that great for privacy.

For wireless keyboards; I just got a cheap Bluetooth one with a trackpad because I knew it would be abused.

Take a TV, strap a mini PC like one of those BeeLink ones to the back (it comes with mounting hardware), plug an HDMI cable between them. Connect a wireless keyboard with trackpad, and congrats! You’ve got a big screen computer.

The next bits really depend on your technical know-how. What I did was wiped Windows from the PC and installed Linux, then installed Jellyfin and Firefox.

Jellyfin works as a media server so I can stream my own collection of videos/images anywhere im my home, and Firefox with uBlock Origin means I can log in to any streaming service I want, without the ads. And I can log into my (on-device) Jellyfin server the same way.

I’ve tried all the interfaces like XBMC/Kodi and Plesk etc. and find it’s more of a headache than just having a keyboard handy.

I had this experience once in an Ikea, of all places. I calmly told the clerk that according to local laws (which I cited), it was illegal for them to demand that information from me (phone number and post code) to sell me anything, and if the computer wouldn’t let them do it, then they should call a manager for an override.

When the manager came, the clerk said “this person refuses to give me their info” — to which I added, “your computer refuses to comply with the law; please override and then notify HQ that they are in contravention of the law and liable for significant fines.”

The next time I went in, they still asked me for the info, but the clerk was able to override. I suspect they just put in fake info for everyone who refused to supply it.

Tor is indeed about providing cover. US Military and US and German covert operations use it, and hide in the noise. But in those situations, it’s a win/win, as they provide funding and everyone gets to have a somewhat secure channel.

I’d argue though that in any case where you don’t control the exit node, you have no expectation of real privacy. So it becomes a question of how much you’re willing to trade.

How do they know your phone number? Only a cryptographic hash of it is sent to their servers.

Signal is designed to collect meta-metadata. They don’t hold any information that can tie a person to their account, but they definitely know how those accounts interact via their servers.

Some people realized when Signal removed SMS support on Android that Signal is a private org that can make changes as they see fit, and there’s nothing you can do about it.

Other people get stuck on the fact that Signal requires a legitimate phone number in order to operate.

In both of these situations, the people up in arms usually don’t understand WHY the changes were privacy and security improvements and make Signal a better platform. But the argument about not being fully in control still stands.

So it could be argued that Signal may keep you safer than if you try to roll your own Matrix or SimpleX server, and it’s definitely a better platform for anyone who wouldn’t have a clue how to set up and secure their own server. But people have definitely had reasons for leaving it.

Personally, I use both Signal and Matrix, and push average people towards Signal.

I thought people had been moving OFF signal lately?

Personally, I’m on signal, but never signed up for a Meta property because, well, it was obvious from the start that they had bad privacy controls that depended only on corporate promises.

Its main Western rivals like Samsung?

Actually, it may. The US has some odd laws where US companies have to enforce US restrictions globally. However, it wasn’t my understanding that Kaspersky was on any of the lists that would have resulted in this. Possibly it boils down to a Google ToS violation?

I’m sure we’ll be hearing more details this week.

That’s really interesting. I wonder if it’s due to Google being a US company?

I’m confused: Kaspersky just finished transferring its endpoint security software in these regions to a different company’s product via a software update. Kaspersky has sent messages out to customers saying that they are leaving this marketplace.

Given this context, I can see no reason why Google would leave their Android product available when they’re not technically allowed to sell it and Kaspersky has said that they won’t be selling it into these markets going forward. It does, of course, prevent Kaspersky from pulling another bait and switch and “updating” mobile devices to a third party product. That would be the reason for locking out the developer accounts.

Spot-on.

I spend a lot of time training people how to properly review code, and the only real way to get good at it is by writing and reviewing a lot of code.

With an LLM, it trains on a lot of code, but it does no review per-se… unlike other ML systems, there’s no negative and positive feedback systems in place to improve quality.

Unfortunately, AI is now equated with LLM and diffusion models instead of machine learning in general.