• 8 Posts
  • 7 Comments
Joined duela 8 hilabete
cake
Cake day: aza. 01, 2021

help-circle
rss


On this Giving Tuesday, I thought it would be an excellent opportunity to post my journey getting involved with Linux kernel development. I'm still on the hunt for new clients to work with, but someone I ran into at the Linux conference in Seattle told me kernel development is in demand, especially in the area of security (and might lead to more, better jobs). I decided that this would be the excellent opportunity to document how it's done and encourage others to get involved. The starting point for contributing is following the directions here: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Get_Involved The first step is signing up for the mailing list. The #linux-hardening liberia.chat IRC channel is also available, but after spending hours going around in circles, I discovered registry requires a non-vpn connection. I might head by a WiFi hotspot at some point to do this. Next I'll be showing what I do in order to find bugs to squash!
fedilink

To be fair, Proton’s hands were tied. It was either give up the customer data for a few customers or their business would have to be shut down for all the users relying on it.

In reality the activists made a crucial mistake of not using a VPN. If they used the Proton VPN in conjunction with Proton Mail they would have been safe.


Does KYC really rely on an I.P. Address?
I freelance for a living. Avoided a major freelancing site for a while but times are tight so I decided to finally take the plunge. Lo and behold I needed to verify my identity for the ol' know your customer laws (for the good of the nation and security--yeah, yeah, I get it). No biggie. I'm used to it. Uploaded ID, address, all good. Or so I thought. Then they wanted to know which country I resided in. Um...U.S....as shown on my ID, my utility bill, and social media tied to my account? Yeah, turns out they don't want you to use a VPN. Ever. Not just for ID verification. Kinda dumb because I feel like I'm missing a whole community of clients, all become some nitwits that think that a VPN is somehow a security risk. It's even MORE concerning knowing that other developers WITHOUT a VPN are working with these clients, possibly exposing client secrets over an unsecured connection. Anyone else sick of this VPN related to KYC? Or has anyone found a way to shmooze your way into OK-ing a VPN?
fedilink


Business-Minded Lemmers: what are good fiction books that taught you a lot or made an impact on your thinking?
I love reading! Probably way too much. I'm also an entrepreneur (er--wantepreneur I think they're called?). In any case I often ask other business people if they're reading. Their eyes light up. "Yes," they say, "I'm reading this book on financial leadership." Suddenly all the questions I was doing to ask about the metaphors they noticed or the characters they related to the most shatter to the floor and I scramble for a good thirty seconds to recollect my next "serious" questions like how it affected their outlook on their team, who recommended the book, etc. IMO fiction books are looked down up way too often. But they can also provide just as much--if not more--valuable insight than a nonfiction book. For me, one book that I recall was Hunger (I forget the Dutch author's name, but it was written like a pseudo-autobiography). It was written from the perspective of someone mentally destitute, but complex in character--desperate for love, but unloved by society. Allowed me to step into the character's shoes and experience their world and not see the world so job-driven. So, what are some fiction books that people have drawn inspiration from?
fedilink

I would look for a hosting provider that hosts servers outside a 5-eyes country (which is just about every western country, unfortunately). After doing A LOT of web searching I came across cloudsigma. They have servers in Switzerland, Germany, and the Netherlands. No, they haven’t paid me for this (although, cloudsigma, if you’re reading this…I’m your biggest fan!).


I’d give https://dnt.abine.com (also called Blur…not really sure what to call them) a look. It’s kinda like privacy.com but from what I can tell there’s more privacy and any card you create is client-side encrypted.


I presented an idea at the recent Linux conference. I think I probably botched the talk. :-(

In any case, the idea I was proposing was this…

Just hire people.

The current way of hiring is high risk low reward.

But if you initially hire someone for a small project as a 1099 that’s low risk high reward. Seeing how the handle a small project can indicate how they’ll handle a large one.

Not sure of a left solution…I suppose passing a law that limits the number of interviews a company can do; or creating a public hiring department so that all hiring decisions are decided at a state/local level and then passed on to employer; or shutting a company down if there are too many complaints about their hiring process…but I can imagine a lot of issues with these.


Kind of a long interview, but my first one for my blog. I realize my voice isn't the most dynamic, but I hope James' point got across. What do you think? Did you like it? Anything I can do better for my next interview (besides make sure my internet connection is stable)? I'd also like suggestions on a recorder setup. I tried creating a virtual device in OBS and setting up a professional-looking layout, but that process ate up my CPU so I had to abandon it and just use Jitsi's recording services.
fedilink

Kind of a long interview, but my first one for my blog. I realize my voice isn't the most dynamic, but I hope James' point got across. What do you think? Did you like it? Anything I can do better for my next interview (besides make sure my internet connection is stable)? I'd also like suggestions on a recorder setup. I tried creating a virtual device in OBS and setting up a professional-looking layout, but that process ate up my CPU so I had to abandon it and just use Jitsi's recording services.
fedilink

It can be very tempting to immediately jump on the “ban signal” bandwagon, but I think it would be wise to take a step back and understand where they’re coming from.

In reading the blog post their focus is on user privacy as their top priority. I don’t believe signal would make this decision without privacy in mind. What’s the alternative?

If spammers run rampant, Signal has a bigger privacy nightmare on their hands. Maybe by a miracle you got Grandpa to join you on signal. But a spammer then reached out to him with “hot young singles in your area” and Grandpa just had to click. Now suddenly Grandpa’s retirement savings are gone.

So I’m not saying it’s not worrisome. I’m saying let’s remain open-minded. After all, it’s nearly impossible to have 100% open source software in any stack. You’re either using an AMD or Intel CPU. They’re both closed source, but they allow you to interact with a privacy community.


Ah! Someone beat me to it! Haha. But this is a great idea. Always had mixed feelings about FF sync. Cool to see it can be self-hosted.