maadsharp, to random

Since I started using Codeberg, I've realised how centralised everything is around GitHub (which was buyout by Microsoft), ranging from CI support, identity providing (or both in the case of shuttle.rs), packages and third-party support.

It is worrying, considering the recent controversies with Copilot breaking open source licenses and using projects for learning.

The developer world should drive towards projects like @forgejo and @Codeberg that don't depend on private interests that can let you down at any given point.

duxsco,

@maadsharp @forgejo @Codeberg I am still waiting for the profile README.md to be supported:
https://codeberg.org/forgejo/forgejo/issues/119

I use this to provide info on my #OpenPGP public key. IMO, it doesn't make sense to sign commits and let others guess where to fetch the public key from.

garritfra, to random
@garritfra@fosstodon.org avatar

I did a thing! ✨

Some people don't see the value of using a password manager and keep sharing their streaming service passwords with their friends and relatives in plain text.

This is an attempt to simplify the process of sending encrypted passwords for non-technical users, using local encryption with temporary #PGP keys.

https://sendpasswords.net/

I'd be happy about any feedback and suggestions. Also, feel free to share this with your friends and relatives!

#security #privacy #encryption

kytta,
@kytta@fosstodon.org avatar

@garritfra very cool idea! And quite needed for folks who can't / don't want to comprehend the concept of password managers.

A question here: Any reason why you picked #OpenPGP and not something like #age? The latter has shorter keys which, IMO, will be more appealing for the users.

vanitasvitae, to random German

The 7th. #OpenPGP Summit just started.

vanitasvitae,

Day 2 of the #OpenPGP Summit has begun. We are now summarizing potential session topics in preparation to vote on them.

kushal, to programming
@kushal@toots.dgplug.org avatar

I am sad https://blog.pypi.org/posts/2023-05-23-removing-pgp/ but understand why.

kushal,
@kushal@toots.dgplug.org avatar

@warthog9 I think missing tooling/services focused on usability caused so much harm to the land.

yossarian, to programming

PGP signatures on PyPI: worse than useless

https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless

kushal,
@kushal@toots.dgplug.org avatar

@glyph @gpshead @yossarian I beg to differ on that point. @saptaks & I are building https://tumpa.rocks/

Here is an example where we can have better UX focused tools in the #OpenPGP land.

arstechnica, to random
@arstechnica@mastodon.social avatar

Microsoft is scanning the inside of password-protected zip files for malware

If you think a password prevents scanning in the cloud, think again.

https://arstechnica.com/information-technology/2023/05/microsoft-is-scanning-the-inside-of-password-protected-zip-files-for-malware/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

kikobar, (edited )
@kikobar@acc4e.com avatar

@arstechnica yes, password-protected zip files are just an illusion of privacy.

In fact, these researchers were not using them for privacy, but as a way of sending malware samples to each-other without being stopped by the malware scanners.

What I don't understand is why so many banks and financial institutions are so fond of them. They keep sending sensitive information via email on password-protected zip files where the password is your ID or your birthday... 🙄

Proper end-to-end encryption has been around for decades. 🤷‍♂️

#privacy #security #pgp #openpgp

blake, to random

In case it helps someone else: To change the #OpenPGP smartcard PIN on my #YubiKey, gpg --change-pin does NOT work for some reason. Using gpg --card-edit and putting admin and then passwd into the prompt lets me do it though.

#gpg #gnupg

Goffi, to random French
@Goffi@mastodon.social avatar

#OX (XEP-0373, XEP-0374: #OpenPGP for #XMPP, without security problems of historical XEP-0027) implementation has been merged to #Libervia, thanks to Syndace again, and #NLnet for their funding.

OX doesn't have PFS (https://en.wikipedia.org/wiki/Forward_secrecy) but that means that new devices can access archives, which may be desirable. Also, it can encrypt arbitrary elements.

It is also a brick for incoming feature such as #pubsub #e2e #encryption .

stay tuned

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • JUstTest
  • Durango
  • everett
  • cisconetworking
  • Leos
  • normalnudes
  • cubers
  • modclub
  • ngwrru68w68
  • tacticalgear
  • megavids
  • anitta
  • tester
  • lostlight
  • All magazines
    •