Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)BP
Posts
0
Comments
160
Joined
2 yr. ago
  • Everyone with more than 1 sexual partner has regrets (bad match, poor decision, etc) and even the people who only have had 1 sexual partner have regrets (wishing that they explored more, found better, etc).

    So there is no winning, only acceptance of who you are, what you choose to do and the refusal to let others to fit us into neat little boxes.

  • My husband says that is the most basic attack (he calls it thermo-rectal cryptanalysis; which is when they stick a soldering iron in your ass and then turn it on and wait until you tell them everything that you keep secret before they turn it off) and is just one example of why physical access is often game over.

    Another involves liquid nitrogen and stealing keys out of RAM.

    Another involves voltage manipulation to get chips to leak keys and why you want only public keys in certain chips (like the BIOS which is just read-only flash memory that has an electrical switch for enabling writing) He likes Libreboot/coreboot.

  • There is no such thing as a secure computer. You can bury it in cement and drop it in the deepest hole in the ocean. If someone needs access to it bad enough, they will get in.

    Computer security is about costs to gain access. If they need physical access, far fewer people can be compromised. If that physical access does not gain them additional access; it forces them to spend man power to compromise more systems physically. Thus making things more expensive.

    The estimated cost of breaching a level 1 system should be $100K, a level 2 system $10 million, a level 3 system $10 billion and the root of your trust $10 trillion.

    White listing is the baseline standard for software running on your computer. If it is not signed by a level 2 system, then it will not run on your computer. The binary itself is reproducible and your package manager can be used to sanity check the build from the server. Your web browser runs in a container which only has access to your downloads folder with write only permissions and the files will be marked as non-executable (not that it will matter as they can’t possibly be signed). The browser is the tor browser and all traffic will be routed unless you login to your bank account.

    I am supposed to use a program called fig to create information for social media accounts. (Name, age, address, username are generated and Keepassxc is to generate a unique, random, strong password and store the output from fig).

    If messaging friends, I use signal and if I need extra message security, I am to shuffle a deck of cards and put the order into a program which uses it for sending a “one time message” then give the deck of cards to the recipient.

    https://www.schneier.com/academic/solitaire/

    Something about one time pads being used for nuclear weapons and submarines and the security of the physical transfer of the one time pads. And embassies getting a hard drive full of just one time pads.

    (I skipped a bunch but that is what I remember)

  • Well I am not a tech but my husband works doing computer security and if I gave his full security speech it would sound insane.

    Short version is: use a password manager (like Keepassxc). Don’t post any pictures. If you are worried about being identified, don’t talk about your personal life.

    As the things that you try to defend against get more advanced: Linux, refusing to use software that you don’t have the source code for, disabling JavaScript, encrypted messaging (signal), encrypted messages (gnupg), one time pads via a deck of cards, bootstrappable builds, offline systems, hard tokens and one way network diodes.

  • About as much as tobacco in 1995.

    It is going to kill a bunch of people.

    Everyone paying attention knows not to use it.

    The regulators are off actively using it and don’t want to limit its use.