Old Fucking Punk @lwriemen@librem.one

Researchers at Leviathan Security have released some interesting findings that illustrate why your VPN service may not be as secure as it claims.

From the story:

"VPNs work by creating a virtual network interface that serves as an encrypted tunnel for communications. But researchers at Leviathan Security say they’ve discovered it’s possible to abuse an obscure feature built into the DHCP protocol so that other users on the local network are forced to connect to a rogue DHCP server.

“Our technique is to run a DHCP server on the same network as a targeted VPN user and to also set our DHCP configuration to use itself as a gateway,” Leviathan researchers Lizzie Moratti and Dani Cronce wrote. “When the traffic hits our gateway, we use traffic forwarding rules on the DHCP server to pass traffic through to a legitimate gateway while we snoop on it.”"

More here: https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/

Politico's right-wing tilt has always been clear, but its hit piece on pro-Palestine protest funding -- called out by Rolling Stone, which did actual reporting that Politico couldn't be bothered to do -- was surprisingly tendentious. https://www.rollingstone.com/politics/politics-features/politico-israel-palestine-protests-biden-gates-1235015478/

super excited for this new benefit shirt for ( insta) @breadandroseslaw in collaboration with @pmpress and (insta) @supportericking

Bread and Roses Legal Center is a trans led movement centered organization that disrupts the harm the legal system causes our communities. Bread and Roses mobilizes through organizing, movement support, legal representation, mutual aid, and transformative justice.

Always happy when I get to work with lots of different wonderful folks to make things.

Pick up the shirt at pmpress.org or https://pmpress.org/index.php?l=product_detail&p=1729Z

Disappointed to see The Markup share advice for people to use WhatsApp in its post about preparing your phone for a protest, and that it's coming from "digital security trainers."

Metadata literally kills, and WhatsApp is swimming in it. The metadata they collect includes:

Groups you're a member of, location, personal info (email, phone number, user IDs), contacts and their phone numbers, in-app search history, when you use the app & how often you use it. E2EE alone doesn't guarantee #privacy

It seems to have happened without much fanfare, but about a month ago @purism has released the Librem 5 hardware layouts under GPLv3 (as original PADS and converted KiCad projects), joining the schematics that were already available from the start.

https://source.puri.sm/Librem5/l5-schematic

#librem5 #linuxmobile #kicad #openhardware

This year we launched the first satellite capable of seeing methane emissions, a potent and dangerous greenhouse gas.
Now the fossil-fuel companies are building structures to hide those emissions.
Climate criminals.
#Climate

https://cleantechnica.com/2024/05/03/fossil-fuel-companies-build-structures-to-hide-methane-flaring-from-satellites/

Well, I got my first white supremacist reply from the fediverse after posting an article about Elon from Flipboard.

I reported and blocked the account. I also looked at the instance admin's account and it's clear he's also a white supremacist. So that instance will be blocked on flipboard.com and flipboard.social as well as shared with other instance admins as a problematic instance for them to take action if they also deem appropriate. Took all of 2 minutes to help make the fediverse a bit better for everyone.

And the best thing is that anyone in the fediverse can do this too. Decentralized moderation FTW.

I know this might be unreasonable and extremely 2004 of me, but what if software worked and user interfaces were easy to figure out?

"The escalating authoritarianism we’re witnessing in the crackdown on college campuses is, in part, a byproduct of a media system that fails to hold powerful interests accountable for the lies they tell."

How the media cover protests is often a bellwether for the state of a country's free press:

https://www.commondreams.org/opinion/campus-protests-student-journalism-press-freedoms

Latest comic: Where's the crisis?

(Drawn before events of last week, but still relevant!)

#protest #columbia #gaza #college #firstamendment #cartoon #uspol

Look, when computer science departments have some of the worst learning outcomes of any department on campus maybe they SHOULDN'T be elevated as the experts on how students should "learn with AI" with the only reason being "computers"??? Just saying. I will gladly listen to the absolute heroes in CS who HAVE centered teaching and ARE incredible teachers but I guarantee their colleagues aren't.

https://www.npr.org/2024/05/04/1249153712/united-nations-northern-gaza-famine
"But aid coming through the sea route, once it's operational, still will serve only a fraction — half a million people — of those who need help in Gaza. ...

"Children under 5 are among the first to die when wars, droughts or other disasters curtail food. Hospital officials in northern Gaza reported the first deaths from hunger in early March and said most of the dead were children."

Saddened to think about how much infrastructure relies on the whims of an unstable leader.

A group of US auto-makers recently agreed to switch their cars to the Tesla Supercharger standard. Now Musk has laid off the *entire* supercharger team, putting the future of EV charging at risk.

https://www.theverge.com/2024/5/3/24147402/tesla-supercharger-layoffs-stalled-ev-infrastructure-projects

Fortunately, a new firm supported by auto makers plans significant investments in chargers:

https://www.utilitydive.com/news/ionna-ev-charging-joint-venture-nacs-ccs-bmw-honda-gm/707513/

I remember how nervous I was when (in early 2020) I went to the post office with my #Librem5 📱 to drop off a 📦 and present the barcode on the phone. (Having previously scp'ed the pdf to the phone to show it in evince).

Would the 🔋 last? Would it overheat? Would the display stack hold? It worked.

Nowadays I don't spend a thought: Fill in the data on my laptop, save the pdf, have it synced automatically via #syncthing to #phosh's ticket-box folder and show it at the counter. ✅

#LinuxMobile

I have my doubts about whether an accurate measure that purports to be about developers' deepest experiences can EVER come from the authority that can also fire them.

I really do. It could fill a book, the number of muddying pitfalls of surveys that are risked here: social desirability bias, reference bias, lack of pilot testing, leakage of corporate jargon that constrains responses, top-down constraint on categories, practice effects, task impurity

It frustrates me that people in software space ask us so often what our items are and so little about how we create research practices and communicate with participants. It is obvious to me as a scientist that you need to create a "research situation" if you want to collect "research data." Shoving a link into a bunch of people's inboxes and never doing ANY of the work to explain, situate, contextualize, and make clear to them that their experiences are valued and for what? It's not gonna fly.

But achieving this REALLY does rely on us having an honest relationship between an individual and a data collection situation. People must understand it, be bought into it, and bring trust with them and be motivated (for whatever variety of reasons) to give you an accurate response. There's no substitute; I fear a lot of "research" that at the point of data collection was never in any way understood or believed to be "research" by the people whose responses are supposed to be our insight

I think this is very relevant to all these software organizations who are trying to stretch their new muscles of developer experience. I get asked TONS of questions about what constructs should be measured for developers, but you know what? Too many questions about finding the magic "content" not enough about unlocking a really good reflective self-report PROCESS imo

This narrative is the same for every violent clash at protests in the past ~seven years (maybe longer, idk): a leftist group is peacefully protesting, a right-wing group shows up and openly assaults the protesters for *hours*, and police watch and do nothing. At this point it’s a playbook being run by the violent right and police in implicit coordination, https://www.nytimes.com/interactive/2024/05/03/us/ucla-protests-encampment-violence.html?unlocked_article_code=1.pU0.AUdX.RBfy685XvxHg&smid=nytcore-ios-share&referringSource=articleShare&sgrp=c-cb

At the entrance to the Popular University for Gaza Encampment in Montreal. #VivaIntifada #FreePalestine