Perceptes's comments

Submitting this re: the recent discussion about PGP alternatives. It seems right in line with the types of tools that were being suggested for replacing specific use cases of PGP. Written by Tony Arcieri, who is well-regarded in the cryptography community.

I've been using that for years after I switched to Vim from sublime. It has worked just fine for me.

I'd also be interested to hear Thomas clarify this. I saw a recent thread on Twitter where he and bascule were talking about it and it still wasn't super clear, but one specific point I recall is that Matrix has a significant amount of metadata stored on the server side which constructs a social graph. As opposed to something like Signal which has close to nothing stored on the server.

To me this seems like an issue of use case. If my goal is to be able to talk to my family and friends, and I don't care that it's known that I'm talking to them as long as the contents of the messages are private, that is fine for me. For a case with more stringent requirements, I can see Matrix not being a good recommendation in its current design.

I guess one difference here is that often major implementations of HTTPS make the best choices (like operating systems, major browsers, major web server software, etc.), whereas with something like PGP, everyone is using GPG which has only one implementation which is known to be terrible.

I don't know how I never heard about 1Password X. The last time I attempted to switch from macOS to Linux, the lack of 1Pasword was one of the biggest things that made it hard for me.

That said, a browser-based 1Password is really not what I want. I just really don't try web technologies for keeping my passwords safe. If I really was going to use it, this might be the only instance in which I'd actually prefer an Electron version to using it my main browser, just for the additional isolation.

This article by the same author is perhaps not comprehensive, but a good place to start: https://blog.filippo.io/giving-up-on-long-term-pgp/

I'd never heard of Boxcryptor. Does anyone else use this? I'm not sure I understand why I need to sign up for an account to use it if its entire purpose is to do client-side encryption.

Also, it's not quite the same functionality, but this also reminds me: For a long time I've used Knox (by AgileBits, the same company that makes 1Password) for encrypted disk images, but they no longer sell or maintain it. It works just fine, but I should probably find a replacement that's still maintained, at least for security updates. Anyone know a good alternative? VeraCrypt (mentioned in the article) seems like one possibility.

I desperately hope this is true. I have the first MacBook Pro that came with the Touch Bar, and it's the worst computer I've ever owned. The keyboard has failed twice, and the Touch Bar is inferior to the old hardware keys in every way. I hate it. The only reason I got it is because the MacBook Air it replaced was dying and I couldn't wait any more. Assuming this report is true, my only remaining worry is that they won't offer a version of this new Pro without a Touch Bar, or that only a model with a smaller display will offer hardware function keys, like they've done in the past.

Agreed. The French government did exactly this!

It's been a while so the details are not fresh in my mind, but it wasn't the easiest thing in the world. I think most of my trouble came from the general lack of polish on Kubernetes (from a cluster operator's perspective) than from the specifics of the Raspberry Pi. One thing I remember clearly is that kubeadm has completely failed to upgrade k8s from one minor version to the next every time I've tried it. I always end up just saving my k8s resources, blowing away the cluster, creating a new one, and resubmitting the resources to the new cluster.

I have several of them:

* 1 original model that runs pi-hole for the household

* 1 RPi 3 running RetroPie for emulating classic video games

* 1 RPi 3 connected to an official RPi touch screen display that runs a Home Assistant UI

* 4 RPI 3s running as a Kubernetes cluster, mostly just for the fun of setting it up, but I have a few odd jobs that run on them, such as chat bots

I don't have a picture of the cluster all hooked up, but this is what it looks like without any cables attached: https://twitter.com/jimmycuadra/status/846935997619200000

Similar results for me. Does anyone know if it's possible to turn off WebGL, and if so, how? AFAIK I never use it for anything and I'd rather have increased anonymity. (Assuming disabling it prevents it from being used for fingerprinting.)

Edit: Answering my own question. In `about:config`, change the `webgl.disabled` preference from `false` to `true`. This reduced the "bits of identifying information" from WebGL from 11.26 to 2.56.

Edit 2: Apparently the CanvasBlocker add-on is a better solution as it randomizes the data used for fingerprinting on each read, and works for several exploitable APIs, not just WebGL. https://addons.mozilla.org/en-US/firefox/addon/canvasblocker...

Looks like the last line needs to be updated to have the server listen on 8080 instead of 80. (I'm guessing this is left over from before you added the non-root user.)

Did this issue cause all add-on data to be wiped? After updating to 66.0.4, all of the containers I'd created with the multi-account containers add-on were gone and replaced with what appeared to be a default set of containers. I spent a lot of time setting that up—is there no way to get it all back if I don't have some sort of manual backup? And if not, what files do I need to manually back up to make sure I don't lose my data next time?

Edit: To be clear, at no point did I delete the add-ons I had installed.

Please, Mozilla, choose Matrix. https://www.ruma.io/docs/matrix/why/

Not a huge surprise. Here's another security issue with Docker Hub they've let sit for 4 years with no action: https://github.com/docker/hub-feedback/issues/590 (which is apparently a dupe of https://github.com/docker/hub-feedback/issues/260).

This is a good mostly-layman's overview of Matrix: https://www.ruma.io/docs/matrix/

But it does seem to be the case that the same SSH key pair that was used to access Jenkins also provided access to the production infrastructure. Unless I'm misunderstanding the nature of the attack.

The history of TryFrom/TryInto has spanned 3 years, from when it was originally proposed as an RFC in 2016. For a seemingly simple API, it's gone through a lot. Especially unusual was that it was stabilized a few releases ago and then had to be destabilized when a last-minute issue was discovered with the never type (`!`). The never type had been the primary blocker for stabilizing these APIs for the last year or so, but it was finally decided to simply use this temporary `Infallible` type, which would be mostly forwards compatible with the never type itself.

I've followed the issue closely because it's one of the features used in Ruma, my Matrix homeserver and libraries. In fact, for the library components of the project, it was the last unstable feature. With the stabilization of these APIs, I'll finally be able to release versions of the libraries that work on stable Rust. This will happen later today!

It makes me sad that people continue to put their time and effort into supporting these closed communication systems. If anyone else is considering making something like this, please base your efforts on Matrix. It's so much better for us and so much more deserving of our attention.