_s10e

@_s10e@feddit.de

This profile is from a federated server and may be incomplete. Browse more on the original instance.

_s10e ,

Sieht sketchy aus, aber …

www.bka.de/DE/…/befragungsperson.html

_s10e ,

The alternative to multiple cores is a single core that runs faster. We tried this and hit a limit. So, it’s many cores, now.

_s10e ,

bahn.expert

_s10e ,

Plug-in ist ein Benziner, den man auch theoretisch ein bißchen elektrisch fahren könnte.

Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (www.vice.com)

Commercial Flights Are Experiencing ‘Unthinkable’ GPS Attacks and Nobody Knows What to Do::New “spoofing” attacks resulting in total navigation failure have been occurring above the Middle East for months, which is “highly significant” for airline safety.

_s10e ,

GPS is old, the amount of data you get from the satellite is small, essentially satellite id and timestamp. If we would redesign this today, you could include a digital signature.

Sure, but… you can google this to verify … one can probably manipulate GPS by introducing delay, i.e. resend data from a sat that was hear some seconds ago. With this signal the location will be off.

_s10e ,

I can’t understand what is to be gained by deliberately trying to knock civilian airliners off course.

You don’t deal with terrorists, do you?

_s10e ,

Ignore my ignorance. Are you saying the aircrafts track where they are going by calculating their position from gyroscope data? And this is more precise than GPS?

That’s like using the accelaration sensors in your phone to navigate. Or sailing with compass and nautical maps.

Possible. Tech isn’t even that novel. But still impressive.

_s10e ,

Or no one wants 8GB RAM octa-cores when they have a phone with similar specs in their pockets…

_s10e ,

No.

Im pretty sure they are fine with free riders when they are not too many.

_s10e ,

Well

The biometrics only unlock the device

Yes

and give access to the security key

This is the goal, sure, but what does this actually mean on device that’s mostly governed by software?

There’s a chip (like a yubikey) in the device that can hold cryptographic keys.

That’s good because the key cannot (easily) be extracted from the device.

That’s good as long as no one has physical access to your device.

With physical access, you hope that the device’s unlock mechanism is reasonably secure. That’s biometrics OR password/pin.

The ‘or’ is the problem. For practical reasons you don’t want exactly one method hard-wired. You have a fingerprint scanner (good enough), the secure element (good enough) and lots of hard- and software in between (tricky).

I’m not against biometrics (to unlock a device) because it’s convinient and much better than not locking the device at all. I’m also not against device trust (which you need if you want to store crypto keys sonewhere without separate hardware), but the convience of a single-device solution (laptop or phone) comes with a risk.

If an attacker can bypass the unlock method or trick you into unlocking or compromise the device, your secrets are at risk. Having the key stored in the secure enclave (and not in a regular file on the hard disk) prevents copying the key material, but it does not prevent using the key when the attacker has some control over the (unlocked) device.

A yubikey is more secure because it’s tiny and you can carry it on your keychain. The same chip inside your laptop is more likely to fall into the hands of an attacker.

_s10e ,

You are not wrong, but you we should understand what class of attacks we are protecting against. Will biometrics stop your maid from using your device? Probably less. Will it stop the FBI? Not so sure.

Now, you may say, an FBI raid is not what you worry about on a daily basis. Agree.

If you are trying to keep the photos on your device safe from snooping, your good. Attacker needs the device and your fingerprint.

When we talk online accounts, I’d count device+fingerprint as one factor. Sure, the maid from the example above can’t login into your gmail without your fingerprint, but most attacks are online. Your device sends a token to gmail, a cookie, a String; that’s like a password. One factor.

Technically, it’s slightly better than a password, because this token can be short-lived (although often it’s not), could be cryptographic signature to be used exactly once (although…), you cannot brute-force guess the token… But IF the token leaks, the attacker has full access (or enough to cause damage).

That’s why I would suggest an independent second factor, such as password. Yes, a password. Not for your daily routine (biometrics+device is much better), but maybe for high-risk operations.

_s10e ,

Tu nicht so als würdest du das Argument nicht verstehen.

Sagen wir 100g Fleisch und 100g Fisch haben denselben ökologuschen Impact, dann ist einmal pro Woche Fisch essen besser als jeden Tag Fleisch

Some Microsoft employees fume over the company's open offer to hire hundreds of OpenAI staff (www.businessinsider.com)

Some Microsoft employees fume over the company’s open offer to hire hundreds of OpenAI staff::Current employees point to layoffs and a salary freeze this year at Microsoft and wonder why it’s promising to match the pay of OpenAI staff.

_s10e ,

This. Job hopping works for some time even when you are young, when you learn fast and when everyone is hiring.

I took me one year to get out of my managerial job and I took a paycut, went to work a smaller company with lesser job title. My previous job was too good on paper. In reality it was a total shitshow. I was open to take the first reasonable offer, but recruiters were hesitant to even talk to me.

And it’s not just job titles. Skills fade if you are in position where you don’t continue learning.

_s10e ,

The OpenAI people built ChatGPT, the Microsoft folks worked on Clippy.

_s10e ,

The x permission on directories is exactly for this purpose. You can use the directory. You cannot read (requires rx), you cannot write (w), but you can ‘cd’ and operate on files in the directory.

This is important, you can lock someone out from a directory tree buy not giving them ‘x’ on the root. So, if your home is rwx------, no one but the owner can do anything in your home. This is effective even if some files and subdirectories have less restrictive permissions.

_s10e ,

Point for you, root is special.

_s10e ,

FeedMe

Is it better to use a non-FOSS email and phone number forwarder or to use one of each for everything? (www.cloaked.app)

I like to try websites out before tying my identity to them. How do you do it? Simplelogin? I honestly won’t manually make a new gmail for every new website I try and I to want the option to see what emails I get.

_s10e ,

Which of those work for phone numbers (SMS validation)? Email is easy.

_s10e ,

That was less than 24hours ago. Let’s just wait what happens.

Either Microsoft buys Kenya or Sam Altman is promoted to King of Narnia.

Abgeordneter verliest in österreichischem Regionalparlament die Namen von 21 Volksschulkindern und fordert dann "Abschiebung straffälliger Asylwerber" (burgenland.orf.at) German

Johann Tschürtz, Klubobmann der FPÖ im burgenländischen Landtag, sagte anschliessend, die Abschiebung „war nicht für die Schüler gedacht, da diese ja auch nicht straffällig sind“....

_s10e ,

Ja, aber trotzdem, was gehen ihn oder die Öffentlichkeit die Namen an?

_s10e ,

Ja

Corona-Sondervermögen: BVerfG erklärt Nachtragshaushalt 2021 für verfassungswidrig (www.spiegel.de) German

Meiner Meinung nach sollte hier nicht die Schlagzeile sein, dass die Ampel verfassungswidrig Corona-Gelder anders verwenden wollte. Sondern dass die Ampel 60 Milliarden für Klimaschutz ausgeben wollte, und die Union das für so schlimm hält, dass sie dagegen klagt....

_s10e ,

Ich les das auch so: will 60 Mrd Steuererhöhung

_s10e , (edited )

Misleading thumbnail, looks like a Greek island. Where does this come from?

_s10e ,

Shipwreck beach. I knew it looked familiar.

_s10e , (edited )

I’m also a happy osmand+ user, but once i got lost in the middle of a field / bush. I’m sure there was a trail once, but not safe to follow. Said bush was not very dense, so we though multiple times: Ok, this could be the way. Or that path?

How do y'all deal with programs not supported on Linux?

I’ve been seeing all these posts about Linux lately, and looking at them, I can honestly see the appeal. I’d love having so much autonomy over the OS I use, and customize it however I like, even having so many options to choose from when it comes to distros. The only thing holding me back, however, is incompatibility issues....

_s10e ,

We ignore them, mostly. You cannot miss what you don’t know.

There are plenty of options however to access software not available natively. Both VMs and Remote Desktop solution work for a wide range applications. Web-based solution can be as good as desktop programs.

So many casual applications are now either web-based or on your (not FOSS) phone, so for my personal use the thought of using Windows has never crossed my mind. Professionally, I resort to remote Windows or a Mac.

DoH blocker for IOS: Mullvad or Aha DNS Blitz

So I prefer to use a DNS blocker (DoH) on my IOS devices to block ads, malware, and trackers. For the longest time I’ve been using Aha DNS Blitz because it allows you to choose the exact filter lists you want to enable. Recently I saw Mullvad now has their own DoH service as well and I’m trying it out now. It’s not as...

_s10e ,

Nextdns Next DNS is nice when you want customizability.

_s10e ,

That’s what i use. Unfortunately it breaks some sites.

_s10e ,

Avast bought it.

Thanks sir the note.

_s10e ,

Zwischen scheiße scharf und extrem scharf

_s10e ,

“our systems come with 16gb as standard, which feels like 32gb on windows.”

while performing a task that can be done with 8gb easily

Bundesregierung plant Strafen gegen Seenotretter (Süddeutsche) (archive.is) German

Im Gesetzentwurf der Ampel zu irregulärer Migration findet sich ein brisantes Detail: Uneigennützige Helfer im Mittelmeer, etwa von “Sea-Watch” oder “Mission Lifeline”, könnten künftig so kriminalisiert werden wie gewerbsmäßige Schleuser....

_s10e ,

In welcher Partei ist die nochmal?

Asoziale Alternative für Deutschland?

_s10e ,

Did they say, it would run locally?

They said it would be available on their upcoming flagship product, sure, that’s marketing. To me, this does not imply that the heavy-lifting is on the phone’s hardware.

(And maybe a special-purpose AI, which requires significantly smaller models, can run on the phone, which is a high-end mobile computer.)

Why Not Store Encrypted Emails in Plaintext Locally?

Clients like Thunderbird are great because you have everything stored locally so you can easily search offline. They also support encrypting and decrypting emails in PGP. However, they seem to have the same limitation as protonmail where you can’t search through encrypted emails....

_s10e ,

This does not answer the question. OP wants to Thunderbird to decrypt PGP mails. Yes, it makes sense to use an encrypting fs, but we are still missing this thunderbird feature.

_s10e ,

Honestly, I can’t think of a good reason. This is just how email has always worked. What Thunderbird stores locally is identical to message on the server. It’s not decrypted because no conversion happens when syncing mail.

I agree, it would make sense to keep plaintext emails locally or on a trusted server for practical reasons.

_s10e ,

Why not? Some VPN providers operate their own network of DNS servers to avoid leaks via DNS, e.g. mullvad.

If you explain your setup (os?), some one will help.

_s10e ,

Interesting.

Wo kann man englische eBooks ausleihen?

Wenn meine Sprachkenntnisse und meine aktuelle Konzentrationsfähigkeit es zulassen, konsumiere ich Medien eigentlich am liebsten in Originalsprache. Vor allem Bücher von englischsprachigen Autor:innen lese ich eigentlich gerne auf Englisch. Bisher hab ich sie mir dann meistens gekauft. Bei deutschen Büchern bin ich...

_s10e ,

Ja, über München: vom Odeonsplatz sind es nur 10min zum Englischen Garten.

Muss man wissen.

_s10e ,

Ich verstehe kein Wort, aber ich versuche mal zu helfen.

DAK ist eine normale Krankenversicherung (GKV), wie sie fast jede Person hat, die in Deutschland arbeitet oder studiert oder sich langfristig niederlässt. Diese Versicherung bekommst du üblicherweise, wenn du in DE bist und es kann ein bißchen dauern mit der Bürokratie, je nach persönlicher Situation.

Zu “Mavista” - nie gehört - kann ich nicht viel sagen, aber vermutlich ist das eine Art private Reiseversicherung. Das brauchst du vielleicht für die ersten Monate bis dein Studium und GKV beginnt, vielleicht für den Visumantrag oder wenn du nur kurze Zeit in Deutschland bist. Für eine kurze Zeit sollte das nicht teuer sein. (Aber eine Reiseversicherung übernimmt vielleicht auch nicht alle Kosten, nur akute Dinge während einer Reise.)

Du schreibst nicht viel, aber vielleicht sind die beiden Optionen:

  1. Mavista (Reiseversicherung) für die Einreise + DAK (GKV) für das Studium oder oder
  2. Private Vollkostenversicherung (PKV) für die ganze Zeit (MaVista 48 Monate)

Beides wäre eine adäquate Krankenversicherung für eine Student:in. Es gibt sehr viele Versicherer in DE und wir unterscheiden zwischen GKV (DAK, TK, AOK, …) und PKV (Allianz, HUK, Axa, …). Für dich ist es wichtig, dass du eine Versicherung hast. Die Unterschiede sind für Studenten nicht so groß.

Viel Erfolg mit deinem Studium!

_s10e ,

Actual answer over circle-jerk speculation: To be legal in EU, they must offer one option without required (=forced) consent to tracking. When you pay, you can actually opt-out from any measure that require consent under GDPR.

All European publishers do this. They don’t want your money and probably don’t care much about the tiny minority that actually pays for freedom from tracking. This option exist to create the illusion of choice.

_s10e ,
  • buy a car
  • buy a backpack
  • hope
_s10e ,

Now commented on the built-in tracker protection in Firefox? Is it useless.

Personally I bank on uBo.

_s10e ,

There’s software that does this already. Right?

What are some FOSS programs that you think are a far better user experience than their counterparts? (sh.itjust.works)

I used Plex for my home media for almost a year, then it stopped playing nice for reasons I gave up on diagnosing. While looking at alternatives, I found Jellyfin which is much smaller and more responsive, IMO, and the UI is much nicer as well....

_s10e ,

Obs?

_s10e ,

Can someone explain what’s the point?

There’s some exam, online, runs in a browser. Ok.

Now we require a special browsers. Why?

Which only runs on Windows, but not in a VM, unless you make a small change. Why?

To stop cheating, I assume, but what kind of cheating needs a VM? Maybe I’m old, but we had handwritten cheat sheets on paper.

Are students using cheat software now that solves math problems for an online exam? And if they do, shouldn’t this score bonus points? Sounds like challenging problem to code an AI that she’s your exam.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • tech
  • drbboard
  • updates
  • til
  • testing
  • bitcoincash
  • programming
  • Sacramento
  • All magazines
    •