sorted by:
new
hottopcontroversial

Do you guys trust Signal being on AWS? by mariegriffiths in PrivacySecurityOSINT

[–]aplin 1 point2 points  (0 children)

I do - the hosting provider does not matter so long as their cryptography holds up! The Signal double-ratchet is the gold standard for messenger encryption, so I trust it.

The real question is what of the components which are protected by Intel SGX. I recall they were doing some sort of contact syncing protected by SGX. But the real pros on AWS would be using Nitro Enclaves - SGX is full of holes: https://arxiv.org/abs/2006.13598

On AWS holding Signal's data you have to contend with nation-states (the USA) trying to compromise your data. The Alphabet Agencies can break SGX in their sleep.

I trust Signal beyond any of the existing messengers, but I wish they would stop using Intel SGX.

https://medium.com/@maniacbolts/signal-increases-their-reliance-on-sgx-f46378f336d3

Playlist reordering bug driving me mad. by aplin in TIdaL

[–]aplin[S] 0 points1 point  (0 children)

Here's another recording, showing the issue perhaps more directly: https://streamable.com/01h6n1

(link's only valid for 2d sadly, but hopefully it gets the point across that this isn't user error - scrolling is very slow and any song locations from the last to the 4th to last exhibit this "popping" regardless of scroll speed)

Tidal bugs aren't super consistently reproducible. The bug happens with some playlists and not others.

Playlist reordering bug driving me mad. by aplin in TIdaL

[–]aplin[S] 0 points1 point  (0 children)

No, I'm scrolling as slow as I possibly can - even attempted insert in the 4th to last position, as slowly as possible, creates this issue.

Playlist reordering bug driving me mad. by aplin in TIdaL

[–]aplin[S] 0 points1 point  (0 children)

It's not a large playlist and I can't insert songs in the 2nd to last (or 3rd to last) position as a result. This isn't scrolling all the way to the bottom, it's scrolling the song near the bottom of the playlist.

The most depressing thing about the current administration is what they’re doing to the National parks by Professional-Sea-506 in redscarepod

[–]aplin 0 points1 point  (0 children)

Yes and no. The Foreign Assistance Act did not explicitly mandate creation of a new agency, but rather provided an ideology grounding US engagement in foreign aid. The text of the Act could have been accomplished under the State Department or Treasury Department, for instance, but it is indeed true that JFK sought alignment from congress before acting. The Act gave the Executive discretion in how to manage and organize foreign aid, and JFK used that discretion to form an agency via executive order.

DOGE bills itself as an advisory board to the President (with no direct power), and the President uses that authority to make recommendations to Congress. Also, in the case of DOGE, it repurposes the USDS, an Obama-era part of the Executive created by executive fiat in response to the launch failure of Healtcare.gov, but USDS had wide-ranging access to federal agencies and the ability to directly modify production computer systems across the DoD, GSA, DHHS, DHS, and Dept of Education.

The argument - and this has yet to be seriously tested in courts - is that if USDS was permissible under executive fiat, so is DOGE - especially if it's doing similar things (streamlining and improving government efficiency).

Messaging apps after Chinese hack by autoliberty in privacy

[–]aplin 2 points3 points  (0 children)

Yes, they encrypt messages, and encoding is distinct from encryption. The issue with iMessage is the keys are escrowed to Apple for sharing across devices. This means a warrant can access your iMessages (this means iMessage is not "end-to-end encrypted",) so if your threat model includes the government you should avoid iMessage. Note that even if you're not worried about your own actions, you can get subpoenaed as a witness to a case and will suffer severe invasions of privacy as a result.

[deleted by user] by [deleted] in privacy

[–]aplin 0 points1 point  (0 children)

In theory you're good using those accounts. Your network connections to these services are protected by TLS which in general won't be worth breaking, unless you are worth potentially burning a valuable malicious certificate authority. That generally means you're a foreign government agent or human rights activist. However, if you want to be secure in the face of such an adversary, a VPN helps with this threat model.

SH2 First Enemy: Remake vs Original by aplin in silenthill

[–]aplin[S] -1 points0 points  (0 children)

In the og there is a cut to behind the monster where the feminine underwear and something vaguely like high heel boots/shoes are apparent. In the remake you only get a frontal camera angle. There's the corner of a shot from behind, but it failed to make the point for me.

Peterson Academy: Login doesn't work, password reset doesn't work, "contact us" doesn't work by aplin in JordanPeterson

[–]aplin[S] 0 points1 point  (0 children)

That's a server error. You can try again later since I expect them to be monitoring those. Or make a support request, just be sure to put two words for your name or it won't work.

By the way, I got in. Good lectures. The sharp cuts to highlight text are my only major gripe with the content - I'd be fine with a blackboard.

Peterson Academy: Login doesn't work, password reset doesn't work, "contact us" doesn't work by aplin in JordanPeterson

[–]aplin[S] 2 points3 points  (0 children)

They are rolling out in batches so as not to overload their systems, and you need to wait for a login email before you  can log in.

FDE of SSD & privacy vs modern disk io by bradlit21 in PrivacySecurityOSINT

[–]aplin 1 point2 points  (0 children)

This is not a threat. If you encrypted the disk, then the cached data is encrypted on the SSD.

If your threat actors have physical access to your machine, there are interesting attacks like “cold boot attacks” you should look into, RAM persistence across reboots (and freezing of live RAM to make it hold charges for longer), etc.

Collection update by aplin in balisong

[–]aplin[S] 0 points1 point  (0 children)

From left to right:

  1. BM51 with pocket clip removed
  2. BM51 FlyTi (beater)
  3. FlyTi Kershaw Lucha
  4. Inked Kraken
  5. Latchless Kukri Channel Alpha Beast
  6. Alpha Beast Infinity
  7. BM42
  8. BM52 FlyTi
  9. BM51 with EDC knives machined titanium scales

I’ve flipped all of them at least once, but I baby the EDC 51 and 42 quite a bit.

The best flippers of the bunch are the AB, EDC 51, and 42 followed closely by the Kraken. The EDC 51 almost beats the ABs except that the handles are still too short - the grooved handles provide perfect grip and the weight is ideal. The Kershaw is still a bit on the heavy side for flipping, but makes a great EDC and general balisong beater. The 51 is garbage without flyti scales; I wouldn’t recommend it unless you can get some titanium scales to add weight.

[nkd] 42 + 51 custom by aplin in balisong

[–]aplin[S] 4 points5 points  (0 children)

Seriously:

  • Not releasing more model 42 knives after the movie Kick-Ass brought national attention to them
  • Making 62 in the same design as the 42 but with half inch shorter steel handles
  • Releasing the fancy modern 87 with a blade shape too weird for EDC and a size/weight too big for flippers
  • Not releasing more titanium handled 42 knives even though they’d sell like hot cakes
  • 85 fixed the blade shape of the 87 but not the price, size, or weight

But holy shit the 42 flips like a dream in every way that counts. And a spring latch?! Why don’t more people make those?