I do not see that as phone-usage, I'm doing an experiment to see how easy / difficult it is to revert the "i need to know the time, so I grab my phone" reflex back to "I need to know the time, so I look at my wrist".
I'm currently reading some books on how easy it is to manipulate peoples behaviour using 'nudging', this to better understand the social engineering tricks used by hackers.
An chapter in one of these books in how social media use tricks to manupale our behaviour that resemble the tricks used by the gambling industry.
One of the things I find intriging is the size of a smartphones today. If you look at it objectively, they are actually so large that most people would consider it to be annoyting: you have to carry it in a bag, in a pocket of your pants -but you have to take your phone out when you want sit-, or ..you carry it in your hands. Have you noticed how many people have their smartphone in their hand when they walk around? But, of course, if you have something in your hand, it is very easy to open it quickly check your notifications; which reinforces the addiction.
So, that's the thing. People do not find it annoying.
So .. as an experiment, I am trying out how easy / difficult it is to break the habbit.
A small sidenote when (or if) I manage to get my garmin vivosmart HR charges, it does rapport activity per week, number of steps and number of floors I went up on foot per day, even without a smartphone app. So that's at least something :-)
One of the reasons I am looking for a new sportswatch is because I try to reduce my smartphone use and I noticed that I actually took out my smartphone just to check the time.
I have an old garmin vivosmart HR but I do have a problem with the charging cable. Plus I am not able to download the healthstats with my linux 'daily driver' laptop.
Perhaps I should just get a cheap regular watch somewhere? 🤔
I don't. I thought the emoji would have made that clear.
I have been doing cybersecurity awareness lately. We are starting to get over the furst hurdle: make people see the signatures of phishing message. But now we are starting with the 2nd hurdle: make people understand that when they write a genuine post, they should avoid these signatures of phishing, in this case, the "time pressure" argument.
The problem is that the more genuine messages have phising signatures, to more difficult it becomes for people to distinguish a genuine posts from phishing. There is also the risk that you genuine posts will get noted as fake (although that is clearly not the case here :-) )
ah. That looks very interesting. And they have a show here in the EU, and it seems to work with gadgetbridge (thx Lambda RX :-))
Thanks!
my daily driver is a ubuntu laptop so I was first thinking about that, but now that you mention a mobile app, ..yes. that would be nice too.
thanks for the food for thought :-)
A URL 'Free up to some-end-date'. ???
Phishing link? 🤔
Hi all,
Simple question. Does anybody know a (not to expensive) sportswatch that is supported by Linux / FOSS software?
(Yes, I know 'FOSS software' is two times the word software) 😀
Hum , interesting point. If you are a hacker, would you not prefer software to be spread out everywhere so people would be even more confused what is the real source for some application?
I guess people would then just depend on their search engine
Well, in principe I do not see that much different between 'curl | bash', 'sudo apt-get install' or installing an app on your phone. In the end, it all depends on trust.
Considering how complex software has become and on how many libraries from all over the internet any application that does more then 'hello world' depend, I do not see how you can do if you are not prepared to put blind trust into some things.
Concerning CrowdStrike, I am just reading an book on human behaviour (very interesting for everybody who is interested in cybersecurity), and I am just on the chapter about the fear of deciding with unknown parameters vs. the fear of not deciding at all. Any piece of software will brake at some point, so will you wait forever to find something that will not have any vulnerabilities?
Obtainium seems to have a very interesting take on this. Thanks for the link! I will check it out 👍
The problem is here is this: how is a user supposted to know if the official website of an application is organicmaps.app, organic-maps.app, organicmaps.org or github.com/organicmaps?
And even if she/he knows, hackers do ways to make you look the other way. The funny thing in this case is that the original author complained that the app was removed from google playstore, and did so on the fosstodon mastodon-server. Although I guess this was not at planned, he made the almost perfect social-engineering post. :-)
@organicmaps@fosstodon.org OK fair point. However, if I look at this from a hacker perspective, you post looks like the ideal opportunity to post a message similar to yours, but pointing to a fake app containing malware. Proposing to people to download an app at some random URL, even if it has org...
Hi all,
Interesting problem. An open-source project gets their app removed from google play, so they post a message on mastodon that -for the time being- you can download the app via direct download.
I post a reply saying that directing people to a direct link is not a good idea, as hackers could start doing the same to spread malwhere, better use an official repo (like f-droid, where they are already on).
A typical problem of somebody who writes a genuine post, but without realising it himself writes something that is very close to what a phishing message would look like.
However, this got me thinking. What you want to avoid is that people get used to the idea that it is OK to download and install apps from a random URL. But if you point people to f-droid, they need to also download the apk for that, and configure the security on your phone that apk's downloaded via <browser> may be installed.
I guess, the later should surely be avoided as most people will then leave that option enabled. (I had to search deep into the security setting to find the option to switch it off again).
What are your opinions on this? What would be the best way to do this and not teach people bad security habbits?
Direct download or f-droid? Other ideas? Is there a good sollution for this?
Kr.
One of the basic elements of a democracy are three branches. In fact, democracy is an inherent instable system where these three branches must keep eachother in check. A natural concequence thereof is that every one of these three branches has the right to conduct and lead investigations.
That the courts can act proactive or reactive is more a cultural element then a core element of democracy. There are quite some countries where judges are part of the investigative process and can unilateral.
As Brazil, as a number of other countries in Latin America, has been in the situation in the past that both the gouvernement and the parlement are controlled by people with a .. euh .. not so good reputation on their democratic values, a judicial branch that acts in a more proactive manner should not be that IMHO unexptected.
Here there are two issues: free speech and the judicial system in Brasil. I'll reply to the later in a different mail.
The freedom of speech is the result of democracy. No democracy, no freedom of speech. It is also inherent part of the democractic process.
On the other hand, it is not the only element of a democracy. and it can also be used against these other elements?
My question to you: can you use a fundamental freedom, granted to you by the fact you line in a democracy, to attack democracy?
Big international companies have no problem to create pseudo "national" versions of services if they can make more money with it.
So there should not be a problem for the social media companies to create versions that meets local legislation.
If you create a product and want to sell it in a certain market, you must also adhere to the laws of that country/region.
Protection of citizens against unjust ruling by a court is a protection-principle of democrary.
Why would you grant such a protection to an organisation aimed at destroying democracy (X/twitter)?
Hi,
Just to put things into perspective.
Well, this example dates from some years ago, before LLMs and ChatGPT. But I agree that the principle is the same. (an that was exactly my point).
If you analyse this. The error the person made was that he assumed an arduino to be like a PC, .. while it is not. An arduino is a microcontroller. The difference is that a microcontroller has resources that are limited: pins, hardware interrups, timers, .. An addition, pins can be reconfigured for different functions (GPIO, UART, SPI, I2C, PWM, ...) Also, a microcontroller of the arduino-class does not run a RTOS, so is coded in "baremetal". And as there is no operating-system that does resource-management for you, you have to do it the application.
And that was the problem: Although resource-management is responsability of the application-programmer, the arduino environment has largly pushed that off the libraries. The libraries configure the ports in the correct mode, set up timers and interrupts, configure I/O devices, ...And in the end, this is where things went wrong. So, in essence, what happened is the programmer made assumption based on the illusion created by the libraries: writing application on arduino is just like using a library on a unix-box. (which is not correct)
That is why I have become carefull to promote tools that make things to easy, that are to good at hiding the complexity of things. Unless they are really dummy-proof after years and decades of use, you have to be very carefull not to create assumptions that are simply not true.
I am not saying LLMs are by definition bad. I am just careful about the assumptions they can create.
As a sidenote. This reminds me of a discussion I haver every so often on "tools that make things to easy".
There is something I call "the arduino effect:. People who write code for things, based on example-code they find left and right, and all kind of libraries they mix together. It all works .. for as long as it works. The problem is what happens if things do not work.
I once helped out somebody who had an issue with a simple project: he: "I don't understand it. I have this sensor, and this library.. and it works. Then I have this 433 MHz radio-module with that library and that also works. But when I use them together. It doesn't work"| me: what have you tried? he: well, looked at the libraries. They all are all. Reinstalled all the software. It's that neither me: could it be that these two boards use the same hardware interrupt or the same timer he: the what ???
I see simular issues with other platforms. GNU Radio is a another nice example. People mix blocks without knowing what exactly they do.
As said, this is all very nice, as long as it works
I wonder if programming-code generated by LLMs will not result in the same kind of problems. people who do not have the background knowledge needed to troubleshoot issues once problems become more complex.
(Just a thought / question .. not an assumpion)
To be honest, I have no personal experience with LLM (kind of boring, if you ask me). I know do have two collegues at work who tried them. One -who has very basic coding skills (dixit himself) - is very happy. The other -who has much more coding experience- says that his test show they are only good at very basic problems. Once things become more complex, they fail very quickly.
I just fear that, the result could be that -if LLMs can be used to provide same code of any project- open-source project will spend even less time writing documentation ("the boring work")
Hmmm .. 🤔 The best way not to make friends with somebody with over 30 years of coding experience: suggest him to use ChatGPT to write a computerprogram 🤣🤣
Hi all,
Perhaps a stupid question. Some time ago, I received a rpi zeroW as a gift, but as I did not have any use for ii I passed it to somebody else in our electronics-group. Now, that person has had a +30 year carreer as self-taught programmer -starting out with BASIC on DOS machines- so he showed of some of his old BASIC applications in dosbox on the pi.
So far so good, but he had an interesting question: Years ago, I wrote a library in BASIC for screen / window applications in DOS. (you know, pop-up text-windows and so on). How do I do that on linux (in C)?
As I myself only do 'backend' coding (so no UI), I have to admit I did not have any answer to that.
So, question, For somebody who has mostly coded in BASIC (first DOS and later Visual Basic) and now switched to C and python, what is the best / most easy tool to write a basic UI application with window-function on linux/unix. I know there exist things like QT and ncurses, but I never used these, so I have no idea.
Any advice?
Kr.
An open question, related to cyberpunk culture.
Considering the possibilities of current social-engineering as used by social media and desinformation, to what degree ido you think it is now possible to 'implant' fake memories into somebody's consciousness, without that person noticing it.
Hi all,
Well, my question is in the title of of post. :-)
Does somebody know if there exists an easy sollution to share files to users (e.g. members of an organisation), based on the fact that the user is known in a SSO (authentik) ?
I know nextcloud would be an option, but that would create a nextcloud account for all the users, .. which is quite overkill for what is needed here.
I know we can probably build something based on apache, PHP or so, .. but if there would be a ready-to-use service for this, that would be nice. (and probably a lot more secure then what I would build myself :-) ).
Kr.
Hi all,
As self-hosting is not just "home-hosting" I guess this post should also be on-topic here.
Beginning of the year, bleeping-computers published an interesting post on the biggest cybersecurity stories of 2023.
Item 13 is an interesing one. (see URL of this post). Summary in short A Danish cloud-provider gets hit by a ransomware attack, encrypting not only the clients data, but also the backups.
For a user, this means that a senario where, not only your VM becomes unusable (virtual disk-storage is encrypted), but also the daily backups you made to the cloud-provider S3-storage is useless, might be not as far-fetches then what your think.
So .. conclussion ??? If you have VMs at a cloud-provider and do daily backups, it might be usefull to actually get your storage for these backups from a different provider then the one where your house your VMs.
Anybody any ideas or remarks on this?
(*) https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2023/
Hi all,
Short question. Does somebody here run authentik as single sign-on provider? (dockerised?)
I'm looking for information on how to best backup a authentik server? Just do a backup of the postgres database and the docker-compose file? Something else? How crucial is the dump.rdb file of the redis container?
Kr.
H all, Somebody here selfhosting jitsi meet?
I am working on a jitsi-meet setup for an organisation, now looking at the options for redundancy.
I have noticed you can configure multiple XMPP servers on the jitsiivideobridge. What is the exact goal of this?
Can you connect a jvb to multiple jitsj servers (domains)? or is this only for making the jitsii backend redundant?
Kr.
With jitsi meet now requireing registration (something I do understand, .. but I just happen not to have a google, MS or meta account), I am looking at selfhosting a jitsi meet for personal use.
Has somebody already done this? What are your experience? What are the hardware requirements? Docker or native? Linux or other OS? (FreeBSD)?
Hi all,
Small question. Does anybody know if there already exists a lemmy community on disinformation (in the infosec area or more broadly)?
Thanks! :-)
Kr.
Hi all,
Had a small chat on #AI with somebody yesterday, when this video came up: "10 Things They're NOT Telling You About The New AI" (*)
What strikes me the most on this video is not the message, but the way it is brought. It has all the prints of #disinformation over it, .. especially as it is coming from a youtube-channel that does not even post a name or a person.
Does anybody know this organisation and who is behind it?
Is this "you are all going to lose your job of AI and that's all due to " message new? What is the goal behind this?
(Sorry to post this message here. I have been looking for a lenny/kbin forum on disinformation, but did not find it, so I guess it is most relevant here)
(*) https://www.youtube.com/watch?v=qxbpTyeDZp0
1.09K Posts, 1 Following, 224 Followers · The Classic Bot of the Dark Future. This bot toots random facts, information and trivia from the Cyberpunk RPGs (Cyberpunk 2013, Cyberpunk 2020, Cybergeneration 2027, Cyberpunk 203X, Cyberpunk RED...) every 6 hours. Sometimes also about the video game Cybe...
I do not think this has already been mentioned. As I guess most of you are also an mastodon (or another fediverse-enabled playform)
More info also here: https://github.com/revengeday/blackhand-mastodon-bot
In this workshop, you'll learn how to receive and analyse radio-signals of the 433 MHz remote-control using different tools: gqrx, inspectrum and urh (Univeral Radio Hacker); and also multiple ways to retransmit (read: spoof) these signals yourself. The workshop requires your own laptop, the 'Drago...
HI all,
For people who live in the neighbourhood of Hanover, Gernany. In almost 3 weeks from now, I will give a workshop "Hacking Radio-signals" in the summer edition of hackover 2023. The exact timeslot still has to be decided, but hackover is the weekend of 14, 15 and 16 July.
In the workshop, we will capture, analyse and decode the signal of a 433 MHz remote-control. You do are required to bring your laptop and have some software installed beforehand.
If you are interested, either drop a message in this thread or contact me at the email-address in the announcement