• 10 Posts
  • 86 Comments
Joined 7 months ago
cake
Cake day: April 20th, 2024

help-circle
  • I simply can’t wrap my head around the thought process behind launching a clusterfuck like this. Y Combinator probably didn’t do their due diligence and simply rode the fading AI Bubble, so I can at least understand how the funding might have been approved.

    But actively leaving your $250,000+/year job to team up with some questionable choices to basically fork two OS projects, change the discord links and generate an illegal licence for that shit show, all while proudly stating, publicly, “dawg i chatgpt’d the license, anyone is free to use our app for free for whatever they want. if there’s a problem with the license just lmk i’ll change it. we busy building rn can’t be bothered with legal” when they are made aware of the fact.

    This is absolutely insane, sounds like someone was about to get fired and decided to use some personal relations and fresh graduates to somehow successfully cash in one last time with absolutely no regard of even the basics. Pretty wild that those guys even managed to figure out how to found a Startup. Probably asked ChatGPT for instructions there, as well.


  • Das stimmt bei richtiger Verwendung schlichtweg nicht und es nützt niemandem, wenn man falsche Informationen herausposaunt. Wie auch im Artikel zu lesen, fand die timing attack auf üblichem Wege, gerade fürs deutsche Rechtssystem aber äußerst kontrovers statt:

    Zur finalen Identifikation verpflichtete das Amtsgericht Frankfurt am Main schließlich den Provider Telefónica, unter allen o2-Kundinnen und -Kunden herauszufinden, wer von ihnen sich zu einem der identifizierten Tor-Knoten verband.

    Bei einer Timing Attack werden, wie der Name schon sagt, Zugriffszeiten und möglichst viele (Meta-)Daten zu bestimmten Paketen statistisch abgeglichen. So kann man auch ohne direkten Zugriff auf die Daten bei ausreichender Datenlage feststellen, wer mit wem kommuniziert.

    Hier wurde schlichtweg jeder o2 Kunde in Deutschland erstmal pauschal überwacht, ob er nicht mit einem bestimmten Server Kontakt aufnimmt. Um dem entgegenzuwirken, kann man natürlich erst einmal über einen (no log) VPN Provider gehen, um gar nicht erst zugeordnet werden zu können.









  • I have an understanding of the underlying concepts. I’m mostly interested in the war driving. War driving, at least in my understanding, implies that someone, a state agency in this case, physically went to the very specific location of the suspect, penetrated their (wireless) network and therefore executed a successful traffic correlation attack.

    I’m interested in how they got their suspects narrowed down that drastically in the first place. Traffic correlation attacks, at least in my experience, usually happen in a WAN context, not LAN, for example with the help of ISPs.




  • Windows, as any operating system, is best run in a context most useful to the user and appropriate for the user’s technical level.

    • Need to run Windows apps/games and aren’t afraid to tinker around if and when something doesn’t work as expected or your software simply isn’t supported? WINE/Proton.
    • Need to run mostly light Windows apps and don’t want to tinker around? VM.
    • Need to run Windows apps/games that don’t rely on Kernel-Level Anti-Cheat, want direct hardware access and aren’t afraid to tinker around, especially if you only have one GPU, and when something doesn’t work as expected? KVM
    • Need to run any Windows app/game without things constantly breaking or the need to tinker around and staying on top of things? Dual-Boot from different disks, utilize LUKS/FDE and be done with it.

  • Why do you keep stating blatantly false info as facts when it is obvious that you’re knowledge of the topic at hand is superficial at best?

    In this comment thread alone you’ve stated that:

    • to avoid “Google Android”, one should use Lineage OS (?)
    • Apps on Lineage are some kind of separated on Lineage OS and not abandonware (??)
    • Lineage OS is not terrible for security, because you haven’t found anything wrong with it besides that small little, insignificant detail of an unlocked bootloader (???)
    • DivestOS has “all the same issues” as GrapheneOS(???)

    Genuinely not trying to stir up shit, I’m curious. Why?



  • 15-20 years ago, I’d have agreed with you. But apart from a select few news sites and exceedingly rare static sites, what percentage of websites most users use day to day actually function even minimally without JavaScript?

    I’m convinced that in practice, most users would be conditioned to whitelist pretty much every site they visit due to all the breakage. Still a privacy and security improvement, but a massive one? I’m not sure.

    Very happy to be convinced otherwise.