lemann

@lemann@lemmy.one

Hey! Please contact me at my primary Fedi account: @lemann

lemmy.one/u/lemann@lemmy.dbzer0.com

This profile is from a federated server and may be incomplete. Browse more on the original instance.

lemann,

Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.

There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks

I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.

What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!

lemann,

The tldr bot is pulling directly from the article - it used to use ChatGPT wayy back when it was originally created, but it got expensive for the creator, so now I believe it uses some sentence interpreter library to compare relevance of paragraphs, in combination with semantic HTML tags/markup.

The code for it is on GitHub

lemann,

Time flies man. I remember the hype for this game back in 2014 like it was yesterday

lemann,

In this asklemmy comm specifically?

There are two very popular asklemmy communities and they both are run differently 🤷‍♂️

!asklemmy
!asklemmy

lemann,

The door. Now. 😂

America has lost its f*****g mind. (feddit.de)

Hey, German here. What the f*** are Americans doing at the other side of the Atlantic? Some of you already know this monstrosity. I did’nt. This is a Ford F650 Truck and when I stepped out of my Youtube Bubble I realized, it was marketed as the “biggest, baddest Truck on the road” for the everyday American. Are you guys...

lemann,

Chuck a fiberglass walk-in bed cover on the back of that thing and you have a 12-seater bus!

Funny thing is, a Toyota Hiace bus has 17 seats, spacious interior, and is way smaller compared to this oversized thing

lemann,

I saw the picture and initially thought this was a Newcommunities post about a radio controlled car community 😭 not about an ACTUAL car omg

Help with assessing possible trolls or bots in !autism

Several users and I have noticed an increase in antagonism and generally unhelpful behaviors with comments and votes in !autism. Discussing it with the community users, they suggested that there might be trolls or bots that have been upset with the community. We would like to point out that we recently made a post stating that...

lemann,

Only thing I can think of would be to spin up a new instance, subscribe to the community, and then run queries against the db directly to identify bot or troll-like behavior in the community

Previously I would have said to just browse the community from Kbin because it used to expose a lot more user activity, such as upvoted/downvoted posts/users, but I believe that’s no longer visible…

Hopefully as Lemmy continues to develop, more tools become available

lemann,

Salty snacks, fried or baked 😁. Failing that, those tiny 7" pizzas that fit into my Ninja, ready in literally 8 mins

Used to like preparing food, but seems like such a hassle now

lemann,

I’m in the same boat as @shnizmuffin, lab has been nice and stable and have nothing to contribute as of yet.

At the beginning of the migration I was popping in and out of r/homelab, but as it stands now I haven’t visited there in ages!

lemann,

If MIT AppInventor is still kicking around, you should be able to use it for this… although sadly you won’t have access to the source code since it’s a Scratch-like way to create apps.

By default the Android voice assistant uses Google tech AFAIK, if you’re after a truly source-available solution then there’s ”Futo voice input" to handle STT, and “RHVoice” to handle TTS - though these would still need a HTTP API bridge to do what you want

lemann,

Free real estate 😂

lemann,

First one that came to mind when I saw the title TBH. First it was period tracking apps, now this. Scary state of things

lemann,

I think they would start obfuscating the relevant code to get around it

Many ad networks and AABs do something similar (especially Admiral) in an attempt to evade ad blocking extensions

lemann,

I think so, assuming these malicious packages are all primitive enough to just look for the single file in a user’s home folder lol. The only downside here is needing to provide the keyfile location to ssh every time you want to connect… Although a system search would pretty much defeat that instantly as you mention

SSH keyfiles can be encrypted, which requires a password entry each time you connect to a SSH server. Most linux distros that I’ve used automatically decrypt the SSH keyfile for you when you log in to a remote machine (using the user keyring db), or ask you for the keyfile password once and remember it for the next hour or so (using the ssh-agent program in the background).

On Windows you can do something similar with Cygwin and ssh-agent, however it is a little bit of a hassle to set up. If you use WSL i’d expect the auto keyfile decryption to work comparably to Linux, without needing to configure anything

Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them (www.404media.co)

The situation is a heavy machinery example of something that happens across most categories of electronics, from phones, laptops, health devices, and wearables to tractors and, apparently, trains. In this case, NEWAG, the manufacturer of the Impuls family of trains, put code in the train’s control systems that prevented them...

lemann,

I hope this NEWAG gets raked over the coals for this.

It’s outrageous to hold public infrastructure at ransom because the equipment spent X days in an independent repair shop - and pretty invasive to have DRM monitoring the train’s GPS location, and in some cases live reporting these back to the manufacturer to facilitate a remote lockdown.

Not to mention pushing an update to flag up a copyright warning on a screen in the drivers’ cab while the train is running 🤦‍♂️

I commend the engineer at the independent repair facility that had the idea to have hackers pick apart the train’s control unit, and the rest of the team for agreeing to it.

[Trigger Warning] Fawning Causes Abusive, Toxic Relationships for Autistic People (youtu.be)

The trigger warning is because the topic can be emotionally heavy for autistics since it talks about the social abuse autistics endure and how we react to it by masking. The guy has an apparent justifiably angry tone throughout the video. Otherwise, I think it is fine and there are no sensory issues to worry about....

lemann,

Looked up what “fawning” meant, never heard that word before

praising someone too much and giving them a lot of attention that is not sincere in order to get a positive reaction

Source

Haven’t watched the video so I’m unsure of the context, whether it’s about a neurotypical as the recipient of fawning, or a neurotypical fawning another individual

lemann,

Honestly I think developers should just use push notifications to tell the app to directly fetch the notification contents from their server, rather than sending the contents of the notification using push, where it is stored by Apple/Google.

Or do what Element and Syncthing do, which is bypass that entire Google push infrastructure (FCM, formerly GCM?) and connect directly to their own ones instead - at the expense of some additional battery consumption, particularly when there’s poor cell service. Due to iOS restrictions on background apps, this probably isn’t possible on that platform?

Edit: add clarification

lemann,

Anticheats that run in the NT kernel may as well be described as rootkits, especially as they aren’t transparent about exactly what they’re doing. Then there’s the question of what happens if they get compromised

lemann,

The last time I checked, piped had a button right on the playlist page to export playlists as JSON. You can then switch instances and re-import that data back in

I’m not sure about subscriptions though, only really use piped for watching videos quickly or listening to music playlists

lemann,

Very clever that they know how to use the subway system that well!

lemann,

Pressure shortens that timeline significantly IMO, similar to what happened with USB-C

lemann,

From GoG specifically, as they patch the older games on their store to “just run” on modern Windows

lemann,

The room might stink, but nobody intentionally shat on the floor.

I like this figure of speech a lot, stealing it 😁

lemann,

I assume it’s a feature to prevent Android’s memory management from forcefully killing Firefox… for me the tabs don’t unload, but they behave as if the JS running inside them has been frozen/paused.

Maybe installing those tabs as apps via Firefox’s menu will bypass this

  • All
  • Subscribed
  • Moderated
  • Favorites
  • normalnudes
  • Durango
  • kavyap
  • thenastyranch
  • everett
  • osvaldo12
  • rosin
  • mdbf
  • DreamBathrooms
  • khanakhh
  • magazineikmin
  • InstantRegret
  • Youngstown
  • slotface
  • JUstTest
  • Leos
  • ngwrru68w68
  • modclub
  • anitta
  • tacticalgear
  • ethstaker
  • GTA5RPClips
  • cubers
  • megavids
  • provamag3
  • cisconetworking
  • tester
  • lostlight
  • All magazines
    •