Anonymouse

Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.

TL;DR: keep your apps updated & don't scan QR codes that you don't trust.

As if anybody here needs a reason to be wary of what you do online, this essay shares how a foreign adversary used back doors that were intentionally put in place to spy on Americans and how the rest of the world probably has the same back doors.

I especially appreciate the phrase "nerd harder" and the quote, "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia".

How can IT folk help politicans to understand?

While reading many of the blogs and posts here about self hosting, I notice that self hosters spend a lot of time searching for and migrating between VPS or backup hosting. Being a cheapskate, I have a raspberry pi with a large disk attached and leave it at a relative's house. I'll rsync my backup drive to it nightly. The problem is when something happens, I have to walk them through a reboot or do troubleshooting over the phone or worse, wait until a holiday when we all meet.

What would a solution look like for a bunch of random tech nerds who happen to live near each other to cross host each other's offsite backups? How would you secure it, support it or make it resilient to bad actors? Do you think it could work? What are the drawbacks?

I thought this group may enjoy this read about a suggestion on an option to take in the Google antitrust lawsuit. Of particular interest is that certain groups feel that the "right" approach is that everyone should be able to surveil the population, Google-style and the choice quote:

The judge repeats some of the most cherished and absurd canards of the marketing industry, like the idea that people actually like advertisements, provided that they're relevant, so spying on people is actually doing them a favor by making it easier to target the right ads to them.

Does anybody have any workarounds for apps that don't work due to "security"? I have a few apps that I need for work that think my phone is rooted (it is not) and refuse to run. One is Entrust Identity Guard. It just won't open ("app keeps stopping") and the other is Service Now mobile ("a rooted device is not allowed").

I had a super fast but small SSD and didn't know what to do with it, so I was playing with caching slow spinning LVM drives. It worked pretty good, but I got interrupted and came back a few weeks later to upgrade the OS. I forgot about the caching LVM, updated the packages in preparation for the OS upgrade, then rebooted. The LVM cache modules weren't in the initfs image and it didn't boot.

I should know better. I used to roll my own kernels since Slackware 1.0. I've had build initfs images for performance tweaks. Ugh!

Where's my rescue disk?

I got hung up on contractions this morning regarding the word "you've". Normally, I'd say "you've got a problem", which expands to "you have got a problem", which isn't wrong, but I normally wouldn't say. Not contracting, I'd say "you have a problem", so then should I just say "you've a problem"? That sounds weird in my head. Is this just a US English problem?

US Senator Edward Markey (D-Mass.) is one of the more technologically engaged of our elected lawmakers. And like many technologically engaged Ars Technica readers, he does not like what he sees in terms of automakers' approach to data privacy. On Friday, Sen. Markey wrote to 14 car companies with a variety of questions about data privacy policies, urging them to do better.

The EFF has a white paper with a proposal to address various online 'harms' systemically.

From the executive summary, "whatever online harms you want to alleviate, you can do it better, with a broader impact, if you do privacy first."

Slashdot also has a pretty good summary if the white paper is too long for you to read.

I haven't seen this posted yet here, but anybody self-hosting OwnCloud in a containerized environment may be exposing sensitive environment variables to the public internet. There may be other implications as well.

Other than TiVo, what options do I have for recording OTA programs? I've been playing with Plex and rip my episodal DVDs, and would like to record, too.

This is a long article about the US CFPB creating a new rule that may help protect your financial data. The interesting stuff is near the end where it sounds like they're putting your financial data back in your hands:

The Bureau will force banks to "share data at the person’s direction with other companies offering better products."

the businesses you connect to your account data will be "prohibited from misusing or wrongfully monetizing the sensitive personal financial data."

I'm not very knowledgeable in this area so I'm wondering what your read is on it.