Ward

Ward, 9 months ago

Dracula 🦹‍♀️

Ward, 9 months ago

🫡

Ward, 9 months ago

swear i sore this on three news 5 years ago

Ward, 9 months ago

github.com/ente-io/auth

Ward, 9 months ago

Big fan of Quaver, its a community-driven, and open-source competitive rhythm game.

github.com/Quaver/Quaver

Ward, 9 months ago

Don’t like Brave or their products. But only decent & safe browser on Android with site isolation etc.

Ward, 9 months ago

From the article you linked yourself

Firefox calls per-site process isolation Fission and is enabled by default on desktop. Fission is not yet enabled by default on Android, and when manually enabled it results in a severely degraded/broken experience. Furthermore Firefox on Android does not take advantage of Android’s isolatedProcess flag for completely sandboxing application services.

Read before you send :)

I use Firefox on my PC, but as I stated Firefox on Android is lacking basic security features.

Ward, 9 months ago

haha cope harder friend, by default Firefox lacks site isolation. Enabling it is highly experimental 🤣 Before linking something and claiming I’m spreading misinformation (quite a serious claim to me because i spend my days coding foss privacy focused software) read the entire article 1st and when someone points out your wrong, learn how to take a loss. Also Android Firefox doesn’t take advantage of Android isolated processes, what Android chrome based browser’s do

Ward, 9 months ago

Oohh I know what must be happening, the highly experimental features you’ve enabled on Android Firefox must of messed up the pages. Explains why you can’t read.

Enjoy using your insecure browser 😘

Ward, 9 months ago

As I said I not a fan of Brave (mostly because of the crypto stuff), calling it spyware you could say is hhmmmm “misinformation”. Yes security and privacy are different concepts but they are closely linked. If your browser fails to stop malicious code from being executed, you might find this impacts your privacy.

Matter of facts is, Android Firefox lacks site isolation. Yes you can enable a highly experimental version of site isolation what will break your browser (admitted by your source) and may even fail to isolate sites altogether. Android Firefox doesn’t use isolated processes, a functionality what can’t be enabled.

I’m not sure what your goal is with this discussion, but obviously you don’t have any regard for privacy or security. Your arguments over semantics are obviously in bad fair (and not even accurate to the original discussion).

To reiterate for the millionth time, feel free to use Firefox on Android, I’m avoiding using Firefox due to large security concerns. Once Mozilla finishes implementing site isolation and process isolation, I’ll be the 1st one to move off Brave and into Firefox.

But for your own future reference, actually source articles what support your statements. Otherwise don’t get upset when someone points that out.

Ward, 9 months ago (edited 9 months ago)

Per-site process isolation is a powerful security feature that seeks to limit exposure of a malicious website/script abusing a security vulnerability. Firefox calls per-site process isolation Fission and is enabled by default on desktop. Fission is not yet enabled by default on Android, and when manually enabled it results in a severely degraded/broken experience. Furthermore Firefox on Android does not take advantage of Android’s isolatedProcess flag for completely sandboxing application services.

Obviously Firefox has it own data isolation, but this doesn’t matter if someone can execute bad actiing code due to lack of process isolation.

Ward, 9 months ago

Worthwhile plugging Obtainium what is helpful for pulling prebuilt apks off Git

github.com/ImranR98/Obtainium

Ward, 9 months ago

Organic maps 😍

Ward, 9 months ago

Check out onlyoffice. Open source MS 365 alternative and yet to find any issues with it.

www.onlyoffice.com

Ward, 9 months ago

Yea but obviously he has a office 365 plan, so a alternative to the office suite for word processing etc is relevant.

Ward, 9 months ago

Thought this comment he made was odd about Proton mail.

The site is filled by beautiful black screen without JavaScript enabled.

Like yes, its a bit difficult implementing local encryption or decryption without js enabled.

Has some good messaging, I’d say most of his comments are pretty widely known concerns or limitations.

Like obviously web apps still rely on trust from the host, but it minimizes the attack surface massively.

Ward, 9 months ago

Not sure if this is entirely true, it is possible Proton mail is encrypting everything at rest (with the users public key) and only following PGP mail limitations during transit.

Like for example plaintext emails are encrypted at rest on Proton mail, what isn’t ideally (compared to e2ee) but still minimizes the attack surface.

Actually for reference this is exactly the case

Message storage All messages in your Proton Mail mailbox are stored with zero-access encryption. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-Proton Mail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well. Password-protected Emails are also stored end-to-end encrypted. Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.

proton.me/…/proton-mail-encryption-explained

Ward, 9 months ago

Developer of Paaster.io here, always looking for Python or UI/UX contributes 💞

github.com/WardPearce/paaster

Ward, 10 months ago (edited 10 months ago)

No not currently, not comfort taking funding for any of my projects right now, until I establish some sort of expensive breakdown and transparent fund use. But even with funding a decent audit from a company who knows what they are doing would probably be 7k USD minimum.

I do have a personal fund for hosting, what is used for Paaster. github.com/sponsors/WardPearce

Ward, 10 months ago

Not 100% sure what you mean, but the encryption key for questions are only known by users who are shared the link & is never transmitted to the server. Answers are encrypted by the survey’s public key what only the creator of said survey knows the private key. The public key is also encrypted by the secret key in the URL so the server can’t even submit answers.

Here is a example URL of a survey.

example.com/s/64b185662c74e7c40cac5e66/KfcrkxiR-4nomGbEqNos0dyhEBsgiUAqPpZiRQt5syE#oAnQnjWhxq2IFTZBvrylVSHxg92HoWQr2mJQ-qZwvPY

• s/64b185662c74e7c40cac5e66 - This is the survey ID, transmitted to server.
• /KfcrkxiR-4nomGbEqNos0dyhEBsgiUAqPpZiRQt5syE - This is a hash of the survey’s signing public key, this is to stop MITM attacks from the host & validation of the survey questions.
• #oAnQnjWhxq2IFTZBvrylVSHxg92HoWQr2mJQ-qZwvPY - This is the secret key for decrypting questions, this is also used to decrypt the public key for encrypting answers. This key is never transmitted to server.

All encryption & decryption happens locally, so the server never sees any plain text. It is possible for the host to modify the frontend to expose keys, but this is true of any web app & Purplix is hosted from Vercel straight from our Git repo, so it would be quite obvious if this happened.

Ward, 10 months ago

Purplix is planning to launch with multiple choice, single choice, short answer and long answer. After launch we’ll be adding additional answer types.

Ward, 10 months ago

Don’t know the complete inner workings of Cryptpad. But it appears Purplix uses more modern encryption, uses more modern frameworks & has more safe guards against MITM attacks. Also additional options like captcha, proxy block, account required etc.

Ward, 10 months ago

Purplix now supports per Survey & per Canary themes.

themes

Ward, 10 months ago

Sheeesshh, you know when Public lewdness supports your project you know its good! Thanks for the kind words, have a great day.

Ward, 10 months ago

For extremely basic video editing Simple Gallery is a good option.

github.com/SimpleMobileTools/Simple-Gallery

Also I’d avoid f-droid due to security concerns.