Gonçalo Valério @dethos@s.ovalerio.net

Electron makes the life of developers easier, it get it. But the price for users is too high: more risk and a lot more waste of resources. Still prefer proper native apps.

blog.doyensec.com/2018/05/24/e

Doctorow: "if that data leaks, it would allow anyone to break into your kid's cloud and plunder all their private data... Naturally, Teensafe stored thousands of parents and kids' usernames and passwords, without encryption, on an insecure server." #privacy #security

boingboing.net/2018/05/20/utte

A Formal Security Analysis of the Signal Messaging Protocol: eprint.iacr.org/2016/1013.pdf

"We have found no major flaws in the design, and hope that our presentation and results can serve as a starting point for other analyses of this widely adopted protocol."

^ Very good to see. Now, I just wish the code was up-to-par with the protocol.

After watching the video, claimchains might have some interesting ideas, since validating a discovering public keys is still a problem (but didn't dig any deeper yet):

media.ccc.de/v/34c3-9094-moder

Good communication skills are essential, even more when you work remotely. Improving them isn't as easy as it might seem.

monades.roperzh.com/getting-be

Here is the link with the details about the openPGP/s-mime issues reported by EFF:

efail.de/

It looks like the problem is on how several clients handle the decryption (they do some actions they shouldn't, trying to render HTML) and not on the encryption technology itself.

I think this could have publicized using better words.

Meanwhile disable the HTML rendering of your client, if you want to read encrypted emails.

Something to think about: "Laws of Tech: Commoditize Your Complement"

gwern.net/Complement#2

🤔 iframes and clickjacking continue to be a problematic topic. One more example, now involving Google:

blog.innerht.ml/google-yolo/

Be careful with the dependencies you include on your project. Examples like this:

blog.npmjs.org/post/1735268075

keep showing up. Using an automated tool to continuously check them might be a good strategy (an old post of mine listing some examples: blog.ovalerio.net/archives/129)

Just read that "GitHub provides an RSS feed for all user-facing changes made on the platform". This really is a nice idea.

blog.github.com/changelog/

`pipenv` might be a nice and clean solution for python's environment and dependency management problem.

imgs.xkcd.com/comics/python_en

Here is a nice introduction to it: realpython.com/pipenv-guide/

Seems to be wonderful news for anyone that supports open standards and decentralised applications (with interoperability in mind). Let's hope they contribute back and don't close down the federation. If everything goes well, will be a good example for others to follow.

matrix.org/blog/2018/04/26/mat

"The new terms asserted that Eventbrite staff had the right to 'enter and remain' at any event organized with the platform, record the entirety of the event with video and photography... and retain copyright over everything recorded." arstechnica.com/information-te

#privacy #security

Never stopped using it, it is open and very useful. Glad it is having a kind of comeback, or at least a little more attention:

neflabs.com/blog/rss-renaissan