The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains brief physical access to it, researchers said Tuesday.
The cryptographic flaw, known as a side channel, resides in a small microcontroller that’s used in a vast number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.
What secret thing did we just sign? Oh, it is our new employee that will help us further improving our platform in the coming months. Thank you all for your financial support which makes this possible.
Read about this and other human factors in our recent blog post:
https://blog.codeberg.org/letter-from-codeberg-software-is-about-humans.html
In 2020 two academics published a paper looking at how The Guardian has been mainstreaming the Far Right. At the core there is one problem (this is my simplification): the conflation of Far Right concerns with 'the people'. By default whatever the Far Right says has be taken more seriously than anything even left of center (let alone further left) which is also why the Guardian often uses 'populism' and 'the far right' interchangeably.
Something I really like about Forgejo is how seriously they are taking software freedom.
- They use Forgejo itself as their git forge, not GitHub
- No reliance or linking to proprietary corporate services such as Patreon, Twitter, Facebook etc. They use Mastodon and Liberapay.
- No Dockerhub, their OCI images are on Codeberg.
- No Discord! (really hate how many FOSS projects use it)
- Their documentation does not recommend proprietary developer tools such as VSCode or Sublime Text.
- They recently switched to a copyleft license
Very refreshing, considering how many other popular git forges are either proprietary or "open-core"
#Forgejo #Codeberg #FOSS #Git #GitHub
Microsoft has confirmed that Windows 11 users will not be able to uninstall the controversial “Recall” feature, despite earlier reports suggesting otherwise. Recall, part of the Copilot+ suite announced in May, automatically captures screenshots of user activity on the operating system including sensitive information such as passwords or financial data https://digitalmarketreports.com/news/25091/microsoft-recall-feature-on-windows-11-not-removable-after-all/ Do yourself a favor and get rid of Windows from your life—enough of these greedy companies. #privacy #security
@GuerillaOntologist On the Linux side, Purism is the only one I've seen offering pay as you go bundles. (Again, not as cheap for the phone, $60/mo for 12 mo.) They are also the only one I've seen offering service (AT&T network currently). Theirs is privacy focused (all phone numbers registered in their name).
@GuerillaOntologist
True. The cheapest Linux option is still ~$150.
New Samsung $35 total? Smartphone? Subsidized by carrier?
The mosquitos in our dense Massachusetts neighborhood are very intense. It's not *obvious* where they are breeding, but a very plausible hypothesis is in the same clogged gutters that the neighborhood birds use as bird baths.
Getting up there to clean the gutters is not at all straightforward, though.
I feel like a topic that should be discussed but that I never hear about is user-serviceable housing.
@ttpphd By democratizing environmental destruction, AI finally allows any one of us to pollute on the level of a billionaire with a private jet
@waldoj
My work is connected to plastics recycling. It does happen, but what's useful for recycling is pure truckloads of all the same type and color of plastic.
Which means mostly post-industrial waste: the leftovers from a manufacturing plant. Or you can do stuff like collect all the clear stretch-wrap from retail shipping and compress that and recycle it.
But post-consumer is hard because it tends to be many different kinds mixed together. Sorting them all out is necessary and expensive.
I have an old laptop with an unusable screen. It has 2GB of RAM. I don't really need another desktop computer, so I want to turn it into a home server.
Things I'd like a server for: an instance of #Friendica or #Streams, host my own website, an IMAP server, a Euphoria/#Heim instance (https://github.com/CylonicRaider/heim).
Friendica's hardware specs say 2GB is the minimum for full functionality.
I want to do all these things, but maybe on different servers.
What should I do?
(boosts welcome)
Happy #LaborDay! In this piece from 2020, our staff investigates #bossware– tech that bosses use to surveil and control their workers, and how to protect yourself.https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers
We have begun work on the first episode of InterRebellium which we hope to release this fall. We’re beyond stoked to be making these connections and collaborating with anarchists around the globe for this project.
We’re still looking for collaborators with videography skills in all of the countries so please don’t stop sharing within your trusted networks or if this sounds like you get in touch through crew [at] sub [dot] media or on any of our social media accounts.
This project seeks to tell the story and examine the lessons learned from the global wave of uprisings from late 2018 through 2020. We hope to interview participants in these struggles to elevate the voices most qualified to tell these stories. It’s our hope that by spreading this knowledge on a global platform and to a new generation of militants we can be better prepared for the next one.
With the money raised we have already purchased some gear for comrades on location and in the diaspora of the country of the first episode and they will be filming some interviews this week. In the meantime we’ll be compiling footage.
We want to say a huge Thank You to everyone who liked, shared and donated already. Without you this project simply would not be possible.
#ShlaerMellor, #FunctionPointAnalysis, #punk, #environmentalist, #unionAdvocate, #anarchosocialist
"with a big old lie and a flag and a pie and a mom and a bible most folks are just liable to buy any line, any place, any time" - Frank Zappa