Ethan Black @golemwire@librem.one

The Way Things Work (1994)
Springs

launch time!! 🎉

Lots of Windows users will find themselves in an unsupported state in October 2025. There needs to be a Linux distribution that really helps Windows users switch.

It needs to discover the username of the primary user from the registry or file system. It needs to install on ntfs (or alongside it). It needs to discover the profiles and bookmarks and cookies and stored passwords of local browsers. It needs to port over the Steam library. It needs to discover the SSIDs for local networks and join them automatically. It needs to discern what the user believes he already needs from his existing Windows install and insert free equivalents.

The current advice of "erase everything and start over" is impractical for the majority of computer users, especially those who don't have a second computer.

The delta is too big for normal folk, not because Linux is hard to use but because computers are hard to use.

I'm picturing something that generates a KDE Plasma panel that imitates the Windows Taskbar, down to where the various pinned items were. Or the Cinnamon equivalent I guess. Most people don't care what OS they run; they just want as little to change as possible.

#linuxDesktop #yearOfTheLinuxDesktop #windows #switchingToLinux

Unironically loving the granularity of setting in the #Ubuntu 's reimagining of Windows UAC. All the more reasons to prefer #snap over legacy .deb packages.

I just live hacked Arlene Dickinson
(Dragons' Den star - Canada's Shark Tank) by using her breached passwords, social media posts, an AI voice clone, & *just 1 picture* for a deepfake live video call. Thank you Elevate Conference and Mastercard for asking me to demo these attacks live!

https://www.youtube.com/watch?v=ysu7vEkZdN0

What are the takeaways from this Live Hack video with Arlene?

1. Stop reusing passwords - when you reuse your password and it shows up in a data breach, I can then use that password against you everywhere it's reused online and simply log in as you stealing money, access, data, etc.

2. Turn on multi-factor authentication (MFA) - turning on this second step when you log in makes it more obnoxious for me to takeover your accounts. I then have to try and steal your MFA codes from you (or if you use a FIDO MFA solution like a Yubikey etc, I'm likely just plain out of luck and have to move on to another target)!

3. Recognize that AI has made attacks more believable and scalable - will every or even most hacks involve AI? Nope! Most attacks are simple and leverage your breached passwords to log in as you or they attack via phishing over email, text, call, etc.
That being said, it's important to realize that some attackers will attempt to leverage AI, especially if you have an high threat model. Arlene is a star with millions of followers around the world, because of this she has to be extra politely paranoid about those that reach out with sensitive requests!
If someone with a high threat model (in the public eye, job is to wire money, lots of followers on social media, activist/being targeted, etc) receives a call and they're requesting sensitive info or a wire transfer, recognize that the attacker could believably use a voice clone in that call and could even build a believable deepfake for a live video call.
This is not how all attacks work but it's especially important for those with elevated threat models to recognize that AI can be leveraged in attacks to up the believability with voice clones, deepfake video, etc.

What do I mean "be politely paranoid" in this video?
I recommend verifying that people are who they say they are before taking sensitive actions.
- If you have a high threat model and someone calls you and asks for a wire transfer, use another method of communication to confirm it's them before taking action. Chat them, signal message, email, call them back to thwart spoofing using the number you have on file. This catches me 9 times out of 10 when I'm hacking! This is relevant for your work, when you're buying a house, pretty much anytime you need to send money!
- If you receive an email from a board member asking for a copy of a sensitive document, verify that board member is who they say they are with another method of communication before sending over a document with sensitive work details listed on it.

Stay politely paranoid, folks!

@tylnesh I've tried both Flatpak and Snap, and I rejected #Snap because you couldn't really change your snap repository away from Canonical's repository; that's really bad and is strictly against the Unix and Linux way.

I don't remember Snap's containerization being very versatile anyway, but this is a big step up in that regard since I last tried it. If they fix the Canonical-repo-only flaw, I'd like to try it again actually. I have to use Flatseal to edit file access permissions with Flatpak.

Latest update from @brewsterkahle: "Wayback Machine running strong (yippie!).

Still working to bring http://archive.org items & other services online safely.

@internetarchive
team spirits high, but tired."

Latest update on the DDOS attack from @brewsterkahle (Oct 11 @ 10:22am PT):

"The data is safe.

Services are offline as we examine and strengthen them. Sorry, but needed. @internetarchive staff is working hard.

Estimated Timeline: days, not weeks.

Thank you for the offers of pizza (we are set)."