Kyle Rankin @kyle@librem.one

@thibaultamartin The problem is that biometrics are not secret but are treated like they are. Unless you are a twin, your DNA is very unique, yet you leave copies of that everywhere. People focus too much on the uniqueness of a biometric instead of how easy it is to copy/approximate/fake.

There are three main categories of authentication:
Something you know
Something you have
Something you leave copies of everywhere you go.

I hope the hard seltzer trend means craft brewers will go back to making beer-flavored beer, but I fear it means they'll just add more soda flavors to IPAs.

Wow, Huawei just accused the US govt of launching cyberattacks to infiltrate its intranet and internal information systems: https://www.huawei.com/en/facts/voices-of-huawei/media-statement-regarding-reported-us-doj-probes-into-huawei (h/t @Viss and campuscodi)

@blacklight447 We disable PM on Librem One as it isn't actually private. Feel free to reach out to us on our community matrix channel though: #community-librem-5:talk.puri.sm

@blacklight447 It's not as bad as typing with a band-aid on my fingertip I suppose, but it would be if my nails were as long as is common among women around here. I'll get used to it, but it's definitely slowing me down a bit while I do.

I've always had very short fingernails but I'm learning classical guitar so I've grown the fingernails on my right hand out a tiny bit. I have a renewed respect for those of you who type every day with long fingernails.

Clowns to the left of me, jokers to the right.

Musical Instruments To Be Exempt From Restrictions On Heavily Trafficked Rosewood https://n.pr/2ZkHlX4

@o It's important to respect copyright/ownership of work, even more so as FOSS supporters, as we want everyone to respect FOSS licenses also.

That said, most media outlets enforce these paywalls with client-side javascript which presents a security hole if your client disables client-side javascript.

This article does a good job on presenting the many different ways that data about your credit card purchases are shared without your knowledge or permission: #privacy https://www.washingtonpost.com/technology/2019/08/26/spy-your-wallet-credit-cards-have-privacy-problem/

This is why attending a Battlebots event is risky--future generations might view it like we view the Roman Colosseum. I'm already going to have a hard enough time explaining my Roomba to future generations. #singularity #ai https://www.independent.co.uk/life-style/gadgets-and-tech/news/youtube-robot-combat-videos-animal-cruelty-a9071576.html

@antonionardella I lean more toward simpler solutions--standard code signing to start, supported by Reproducible Builds so 3rd parties can verify integrity.

@freakazoid You may want to rethink inciting violence or misdemeanor vandalism on a public forum.

"Users who decline to share footage through the app may have police showing up at their door asking them to share in person if online requests don't work out. Law enforcement can also go to Amazon directly with a valid legal demand and bypass the user's consent to access the footage entirely." #privacy https://arstechnica.com/tech-policy/2019/08/dont-call-our-surveillance-products-surveillance-ring-tells-police/

@wsaewyc Yes, the example I just gave in the smilidon issue--a user must choose to *opt in* to the user-provided hashtags by following people. They then choose how they apply them (filters vs searches).

@wsaewyc https://source.puri.sm/liberty/smilodon/issues/6 this is the approach I'd like to take, for instance, for Librem Social.

The main difference between the Webmin RCE and similar build infrastructure attacks in proprietary tools is that since Webmin is FOSS, it has the opportunity to use Reproducible Builds so we all can detect this kind of attack in the future.

https://www.virtualmin.com/node/66890

@wsaewyc I prefer solutions that empower the user to control their own content instead of solutions that put ever greater power into central authorities.