@r3pek get ready for the "noisy by nature" hit single: 4Mbs covert channel!
@thegibson that's a shame, I hear their product is pretty legit
Synapse is soooo much better than Dendrite. Users can register, save keys, etc. Installation was also easier, automatic updates are practical.
The difference between the two is like night and day. I haven't set up federation with other #matrix servers yet, but that will come after I set up a publicly accessible web client.
@furmans Show people that Kotlin is a sharper ax, and suddenly a lot more people will think it is worth the time to learn it.
@furmans is there any advantage to Kotlin over Java? Prioritizing paying off technical debt instead of learning the next fad language/rewriting existing code makes a lot of sense.
Since the only argument I've heard for Kotlin is "this project uses Kotlin", I have to say that the advocates aren't making it sound very attractive.
There are also negatives to switching to a less popular language, like fewer people willing to learn it in order to contribute code to FLOSS projects.
re: Virtual Hacker Space - Owncast
@banjofox well I have a couple hours between now and my next hacker meeting. Let me grab my laptop and maybe we can screen share and figure it out together.
re: Virtual Hacker Space - Owncast
@banjofox in general, yes. For own cast in particular... no, I can give it a shot
Virtual Hacker Space - Owncast
@banjofox standing by
@thegibson maybe not compromised, maybe they wiped their tracks. Forensics should be able to tell. Windows has a bunch of timestamp metadata that is difficult to cleanly wipe. If you look at good forensics talks about Windows from about a decade ago, they go into all the details. Part of NTFS, IIRC.
This is the lightest on details I have ever seen on a technical blog. They don't explain the order of operations of the attack. One of the vulnerability descriptions is a definition of a class of vulnerabilities (insecure deserialization) instead of a description. No mention of anything being pre-authentication or unauthenticated...
Are they this clueless about how people are getting compromised, or do they just not want to share that info with defenders?
@teh_dude JNCOs are that style
@thegibson CISA is questioning that number, and seemingly with good reason. As far as I can tell, someone just made it up and now it's being cited as if it's a fact.
In case people didn't see the news about four 0-days being chained together to exploit Microsoft Exchange servers...
This is the same number of 0-days as was used in the Stuxnet attack.
- still can't register for an account using Element on Android
- trying to register via element-web using Android sends you to a "get the app" screen, so can't register that way either
- key storage doesn't work, so keys need to be manually saved/restored to/from a text file each time you log out/in
There may be more issues, but after running into all of those, I gave up.
I've already found the open issues on GitHub for registration and key backup/restoration and added more details such as API endpoints and confirming that it is an issue outside of the docker packages.
It's a bit late to start picking up tickets at this point. That's something I'd like to do on a Saturday morning so I have a large, uninterrupted block of time.
I might make my next task be setting up a CI runner for my own Git server to make future dev work easier to do/test.
I can not recommend any of my friends sign onto Nextcloud, use the web app to sign up, switch to the mobile app that they wanted to use all along, manually back up keys regularly, and manually restore keys each time they log in. I can accept that there is no 2FA (TOTP), but this is too much.
The ability to register for an account and easily log out and back in again are very basic features. These are a must have features. I'm not sure how they weren't the first features implemented.
I like figuring out how things work. he/him
Mostly hackers, mostly in Urbana, IL, talking to each other & our friends on like-minded servers without giving our personal data to the marketing machine.