vorlon

vorlon, 7 months ago

@mjg59 I hear the "Fuck Eben Moglen" mark is currently available

vorlon, 7 months ago

@enobacon are you aware of the efforts to automatically register everyone on the Oregon Health Plan? There's a strong correlation between non drivers and Medicaid recipients!

vorlon, 7 months ago

@enobacon https://boltsmag.org/automatic-voter-registration-medicaid-oregon-colorado/

vorlon, 7 months ago

@ct_bergstrom yes. Stop trying to use a search engine as an answer engine.

vorlon, 7 months ago

@BlackAzizAnansi

"stop resisting".

"Leave the area to your west."

There is no difference.

There is a reason American cities send their police forces to Israel for training.

vorlon, 7 months ago

@timonsku "I fear that our export-control laws are not equipped to deal with the challenge of open-source software" lol

vorlon, 7 months ago

@mcc hahahaha I'm so old

vorlon, 7 months ago

But that secret doesn't just live in your head; you share it with software to do the decryption.

When the software you're sharing it with is running in a web browser, that software is directly controlled by the web server that serves the page. There is NOTHING that stops the software running in your browser from sharing that secret back to the web server.

2/6

vorlon, 7 months ago

Web browser security considers it critically important to not share with a server information that was given to it by ANOTHER website, but web apps just plain wouldn't work if they couldn't consistently pass information back and forth between the frontend and the backend.

So when someone promises you end-to-end encryption to imply that you don't have to trust the server in the middle, it's important to ask: who controls the software that has access to my key?

3/6

vorlon, 7 months ago

If the answer is that it's the same party that controls the server that the end-to-end encryption is supposed to protect against, are my messages really secure?

Maybe you trust the server today. But will you trust it tomorrow? If the server is compromised, will you have any way of finding this out before you visit the compromised site and your web browser joyfully hands over the keys to the castle?

4/6

vorlon, 7 months ago

In-browser "end-to-end" encryption is better than no encryption, and it does protect against offline attacks of the server data. But you shouldn't be lulled into a false sense of security.

So when you use Protonmail's webmail to decrypt emails, or you let keybase "escrow" your PGP keys so you don't lose them, be mindful of what you are or aren't protected against.

5/6

vorlon, 7 months ago

@juliank ok but it's impossible to find Alka Seltzer without aspirin in it unless you special order it because Bayer

Not sure where that pseudoephedrine number comes from though, the tabs in our medicine cabinet are 30mg

vorlon, 7 months ago

@juliank in Oregon it's worse, they require a prescription for pseudoephedrine, basically making cold relief inaccessible to anyone for whom that's a burden.

I've never gone to the doctor to get a script for it. That's dumb. I travel enough that I've just bought all of mine out of state and brought it home.

And the 30mg tabs in the cupboard? It's a 96-count box

vorlon, 8 months ago

@Andres4NY the income from the congestion pricing will be earmarked exclusively for funding NYPD enforcement of MTA fares

vorlon, 8 months ago

@foo Checkers also

vorlon, 8 months ago

@juliank we have a lot of options for kimchi here. I don't know if Koreans would consider it good, but I've found one I really like!

I'd offer to bring you some except i don't like their vegan version and can't endorse it 👋

vorlon, 8 months ago

@b9AcE please point users to the documentation of the Devuan implementation of TPM-backed full-disk encryption that was unaffected by this bug

vorlon, 8 months ago

@b9AcE I already know the answer. Just confirming for the public that you don't.

vorlon, 8 months ago

@b9AcE lol go ahead and block me, hater.

I don't agree with the Clevis implementation, but I have respect for anyone trying to tackle the hard problems of improving Linux desktop security.

Devuan is a joke.

vorlon, 8 months ago

@ned have not had capacity to push for this at work but I believe first-round interviews of all candidates should be conducted by Black women, who are compensated appropriately for the job duty, and if they say the candidate is out, the candidate is out, no exceptions.

Not a tech interview. Interviewer need not have a technical background (and this should apply for all roles, tech and not tech). Job qualification for the interviewer role is to be a Black woman who a racist can't hide from.

vorlon, 8 months ago

@juliank I have difficulty imagining what an X-Files reboot would look like. There's a lot of it that just feels inherently pre-9/11 to me.

vorlon, 8 months ago

@juliank ok I guess what I'm saying is I'm not sure how anyone would do a reboot that's worth watching 😁

vorlon, 8 months ago

@juliank thanks for the reminder that I need to get around to figuring out a class action suit against Orrick, Herrington & Sutcliffe, LLP for 1) having my PII, and 2) losing my PII in a data breach.

Who is Orrick, Herrington, & Sutcliffe?

Why, they're the law firm retained by the company managing our employer-provided vision benefits plan in the US TO REPRESENT THEM AFTER THEY LOST OUR PII IN A DATA BREACH

And WHY did this company give our PII to their LAWYERS?

GOOD FUCKING QUESTION