ranok

joined 1 year ago
MODERATOR OF
[–] ranok@sopuli.xyz 2 points 1 year ago

We got a Baby Bjorn carrier 2nd hand, and it'll certainly go to another family, and another, and another...

[–] ranok@sopuli.xyz 18 points 1 year ago (2 children)

Arrested Development

[–] ranok@sopuli.xyz 2 points 1 year ago

This is pretty misleading due to its brevity, an attacker on the same network can determine what website you're going to but not the content being exchanged. A VPN moves the threat of having your browsing destination determined to the VPN provider from the local network.

That said, modern WiFi encryption does prevent other devices on the network from eavesdropping, so the attacker would have to employ a more involved attack (e.g. ARP spoofing) in order to even see the destinations.

[–] ranok@sopuli.xyz 2 points 1 year ago (1 children)

It runs well enough in Windows Subsystem for Android!

[–] ranok@sopuli.xyz 4 points 1 year ago

I'm surprised not to see https://cryptpad.fr/ here, a FOSS, self-hostable E2EE web based office suite. Not as feature rich as GDocs but offers the basics in a more secure manner.

[–] ranok@sopuli.xyz 7 points 1 year ago

He has been stepping back from Signal over time.

[–] ranok@sopuli.xyz 2 points 1 year ago

LLMs can be super useful if there is an authoritative source of truth. I wrote a Langchain app that takes my Python code, asks ChatGPT to optimize it then uses symbolic analysis to perform equivalency checking. I get to write and have clear simple python code, and then I offload optimization to a bot.

[–] ranok@sopuli.xyz 3 points 1 year ago

I'm the same way, I have only a few apps allowed to push to my Garmin, and it's helpful to be able to archive or delete a useless email or know there's something worth taking my phone out for. I find myself leaving my phone in other parts of the house is more focus-friendly since I'm not getting distracted while able to keep my eyes out for work-related items.

[–] ranok@sopuli.xyz 2 points 1 year ago (1 children)

Do you listen to risky.biz?

[–] ranok@sopuli.xyz 3 points 1 year ago

I installed INCH on all my browsers, it's obviously not 100% accurate, but it is nice to get a visual cue that the article you're reading may very well be AI generated.

[–] ranok@sopuli.xyz 0 points 1 year ago (1 children)

While Chromium itself is a very solid platform, and correspondingly Chrome is a hard exploitation target, it's quite easy to screw up a fork of it. Comodo Secure Browser was a chromium fork that was fixed to an old version of the renderer with known security issues and was built to disable the sandbox. It also added libraries that were compiled without ASLR that worsened security for every application that loaded them.

Chrome has an enormous security team behind it in addition to P0, so bounties on Chrome exploits are around $500k. FF bounties are a fifth of that, which is probably a portion of less security, and a portion of lower target market. Brave could be doing terrible things that without an audit would be unknown. Web3 code is pretty terrible on the whole, so adding that to a secure base may not be great...

[–] ranok@sopuli.xyz 9 points 1 year ago

While Chromium itself is a very solid platform, and correspondingly Chrome is a hard exploitation target, it's quite easy to screw up a fork of it. Comodo Secure Browser was a chromium fork that was fixed to an old version of the renderer with known security issues and was built to disable the sandbox. It also added libraries that were compiled without ASLR that worsened security for every application that loaded them.

Chrome has an enormous security team behind it in addition to P0, so bounties on Chrome exploits are around $500k. FF bounties are a fifth of that, which is probably a portion of less security, and a portion of lower target market. Brave could be doing terrible things that without an audit would be unknown. Web3 code is pretty terrible on the whole, so adding that to a secure base may not be great...

view more: ‹ prev next ›