Show more

@codesections @alexcleac In all honesty I am not aware but a guess is that Arch, Gentoo, Void and Alpine will give you a different "deep" understandings of Linux. They are all down at a lever where the user in reality chose the path on what to learn.

A pacman - S firefox later and my #pinephone is running the same build as two of my laptops.

Consider this cool. Thanks @ManjaroARM

I'm currently filling out the Stack Overflow developer survey for 2020 (stackoverflow.blog/2020/02/05/)

They have a *bizarre* focus (imo) on asking questions about their site as a "community". Sample question with my answer:

Q: How welcome do you feel on Stack Overflow?

A: I use Stack Overflow to read answers to technical questions that are both posted by and answered by pseudonymous strangers on the Internet. When doing so, I feel neither welcome nor unwelcome.

I read somewhere on fedi that "the S in IoT stands for security." I laughed. Today I told it to two other people as we were talking about smart TVs and people wanting to open their front doors remotely and we all laughed. This joke really keeps on giving. So thank you, whoever posted it first!

There's the POSIX® way and the Plan 9 way

The POSIX® way means meticulously recreating every known Unix quirk while proclaiming this sacrifice happens in the name of compatibility

The Plan 9 way means taking the nice things from Unix and improving on them, while replacing other things with new, clearer solutions

PSA: I see the Fediverse is showing pictures of their .

When you submit your images, please blur or at least cover up the modem plate. The modem contains the IMEI and serial number, which people can use it to do bad things.

@PINE64

For everyone they like Terminal Tools. :terminal:

cmus - Music Player
feh - Image Viewer
scrot - Screenshots
figlet - Nice Fonts

Having a blast setting up a preseed file for a work project :D Ubuntu 18.04 on a dashboard mini PC called a Minix

Really missing a api client in . Would have been a perfect way to learn rust some more and maybe take a stab at developing something more complex than a basic calculator, but it seems no one developed a production ready soap client yet. Not that soap is a great technology, far from it, but some things you just can't get around ^^

No one raps like @Gargron
No one naps like @Gargron
No one federates media
Apps like @Gargron

I have NO idea why this thing got stuck in my head while I was trying to go to sleep, but now you have to deal with it too.

Today I'm feeling so grateful for all the people who do tutorials, informational posts, demos, trainings, wiki, help forums or any other similar things in order to share their knowledge and help others learn. Y'all are amazing souls :blobcatheart: :blobcatheart: :blobcatheart: :blobcatheart: :blobcatheart:

> But it looks like neither FreeOTP nor gAuth use the KeyStore; AndOTP does.

This inspired me to seriously consider switching from FreeOTP to AndOTP. However, I note that AndOTP makes this statement during first-time setup:

> Warning: The KeyStore is known to cause a lot of problems, please only use it if you absolutely have to. If you don't mind entering a password / PIN every time you start andOTP it is highly recommended to use the password-based encryption instead

Show thread

After digging in to 2FA security, and some info from @sheogorath) :

Security against an attacker with temporary access to the phone is extremely implementation dependent. Apps *can* store the secret in a encrypted KeyStore on android. developer.android.com/training

This makes getting the secret out of the phone much more difficult (both for attackers and the user). But it looks like neither FreeOTP nor gAuth use the KeyStore; AndOTP does.

Things might be better in iOS, but I didn't look closely.

Show thread

I now believe that an attacker with access to a phone used for 2FA/OTP-generation could extract the OTP *secret* and then generate future OTP codes after returning the phone. Specifically, if I am reading the spec (github.com/google/google-authe) correctly, it looks like the secret is stored as plaintext in the URI and can be extracted by backup tools (e.g., gist.github.com/kontez/05923f2)

(Of course, this assumes that attackers have full access to the phone)

Is all of that right or am I confused?

(2/2)

Show thread

Hmm, I'm looking into 2FA/mutifactor auth/OTP and realizing that most implementations are *much* less secure than I thought.

Consider someone with gAuth/freeOTP on their phone. My previous understanding was that an attacker needed to access the phone *at the time they wanted to log in*. They could not, for example, steal the phone briefly, get the code, return the phone before it was missed, and then log in later… because the code would have changed.

But I now think that was wrong.

(1/2)

Just in case you thought YouTube was already as bad as it can be:

> On a call with [stock market] analysts, [Google executive] Mr. Pichai said he believes there is “significantly more room” to make money off YouTube’s users.

What's everyone's favorite client these days? I've been using weechat matrix, but it feels a bit odd to be using a python plugin to IRC software to use Matrix

linuxunplugged.com/338

Thanks @linuxunplugged wait they don't have a fedi uhh shit well if you see this thanks

Even if you're not a developer, give back to the community. I do it by getting people to install and explaining why it's a viable . Also, I run which provides various data elements to the project, enhancing their mapping. It's full of quests that earn you points. Install to contribute to the and projects. All are available on . And always send error/crash reports for any software you use.

Our file server at work was starting to look a bit full, so we spent some time the other day going through and deleting files that went back as far as the 'aughts. We found our company website from 2004 and it was comprised of glorious static html pages. Had sed go through and convert any hardcoded links that would try to pull from our current page and put up the old site internally for the employees to check out. Was kinda cool.

Show more
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.