![](https://lemmy.ml/pictrs/image/a146cb96-f93f-4dc6-a584-5b37adb9d7f8.png)
![](https://lemmy.world/pictrs/image/4271bdc6-5114-4749-a5a9-afbc82a99c78.png)
(probably the most downvoted post i’ve made yet on lemmy 😂)
cultural reviewer and dabbler in stylistic premonitions
(probably the most downvoted post i’ve made yet on lemmy 😂)
If you’re ready to break free of Android, I would recommend https://postmarketos.org/ though it only works well on a small (but growing!) number of devices.
imho if you want to (or must) run Android and have (or don’t mind getting) a Pixel, Graphene is an OK choice, but CalyxOS is good too and runs on a few more devices.
It’s literally a covert project funded by google to both sell pixels and harvest data of “privooocy” minded users. It seems to be working well.
Is it actually funded by Google? Citation needed.
I would assume Graphene users make up a statistically insignificant number of Pixel buyers, and most of the users of it I’ve met opt to use it without any Google services.
/r/shittyaskreddit
wasn’t supposed to be an instruction manual 🙄
E: old thinkpad gang input: take the time to reapply thermal grease to the cpu at some point. It makes a huge difference.
What’s a “gang input”?
😂 it’s an input to this discussion from a member of the group of people (“gang”) who have experience with old thinkpads. and yes, if your old thinkpad (or other laptop) is overheating and crashing, reapplying the thermal paste is a good next step after cleaning the fans.
Indeed, the only thing WhatsApp-specific in this story is that WhatsApp engineers are the ones pointing out this attack vector and saying someone should maybe do something about it. A lot of the replies here don’t seem to understand that this vulnerability applies equally to almost all messaging apps - hardly any of them even pad their messages to a fixed size, much less send cover traffic and/or delay messages. 😦
and later it will turn out that the AI solution was actually two clickworkers in a trenchcoat
xzbot from Anthony Weems enables to patch the corrupted liblzma to change the private key used to compare it to the signed ssh certificate, so adding this to your instructions might enable me to demonstrate sshing into the VM :)
Fun :)
Btw, instead of installing individual vulnerable debs as those kali instructions I linked to earlier suggest, you could also point debootstrap at the snapshot service so that you get a complete system with everything as it would’ve been in late March and then run that in a VM… or in a container. You can find various instructions for creating containers and VMs using debootstrap (eg, this one which tells you how to run a container with systemd-nspawn
; but you could also do it with podman or docker or lxc). When the instructions tell you to run debootstrap
, you just want to specify a snapshot URL like https://snapshot.debian.org/archive/debian/20240325T212344Z/
in place of the usual Debian repository url (typically https://deb.debian.org/debian/
).
A daily ISO of Debian testing
or Ubuntu 24.04 (noble
) beta from prior to the first week of April would be easiest, but those aren’t archived anywhere that I know of. It didn’t make it in to any stable releases of any Debian-based distros.
But even when you have a vulnerable system running sshd in a vulnerable configuration, you can’t fully demo the backdoor because it requires the attacker to authenticate with their private key (which has not been revealed).
But, if you just want to run it and observe the sshd slowness that caused the backdoor to be discovered, here are instructions for installing the vulnerable liblzma deb from snapshot.debian.org.
because i thought the situation described by the post was tragicomic (as was somewhat expressed by the line from it quoted in the post title)
Mattermost isn’t e2ee, but if the server is run by someone competent and they’re allowed to see everything anyway (eg it’s all group chat, and they’re in all the groups) then e2ee isn’t as important as it would be otherwise as it is only protecting against the server being compromised (a scenario which, if you’re using web-based solutions which do have e2ee, also leads to circumvention of it).
If you’re OK with not having e2ee, I would recommend Zulip over Mattermost. Mattermost is nice too though.
edit: oops, i see you also want DMs… Mattermost and Zulip both have them, but without e2ee. 😢
I could write a book about problems with Matrix, but if you want something relatively easy and full featured with (optional, and non-forward-secret) e2ee then it is probably your best bet today.
It only became legal in New York in 2022. Perhaps today most people in the US do live in states where it is legal, but that doesn’t mean they live near a theater that actually does it. This article from a year ago says the largest chain, AMC, has a bar in the lobby of 300 (of their 593 in the US, according to wikipedia) locations but that some of them don’t let you bring a beer into the theater. The second-largest chain, Regal Cinemas, was only serving alcohol in 80 of their 511 locations as of last year.
rare meta w