Neat, you inspired me to post my cryptography bracelets https://lemmy.ml/post/31555517
utopiah
joined 3 years ago
"We won't get any closer to the goal if we don't start."
such a great line, yes, just take a step! Even if it's hard, you will learn something but if you don't try, you won't.
Like what?
If Collabora has extra features they do not think they need, relying on the lowest dependencies seems like the most reliable and fair choice.
FWIW and even though that's not what you implied Android is far from perfect either, just reading https://www.zeropartydata.es/p/localhost-tracking-explained-it-could right now and... even though Google does try, other, arguably not malware (very arguable!) do manage to go through anyway.
a majority of their computer experience is probably in the browser, with an office suite and maybe an email client.
Exactly, and for whatever is left there is
- Web based equivalents, e.g. NextCloud, ProtonMail
- LibreOffice
- Gimp
- Inkscape
- Kdenlive
- Blender
- Cura
- OBSStudio
- Lutris or Steam with Proton
- Audacity
- VLC or mpv
and finally, the most important "etc" namely you can have a poster on the wall with post-its where they write what they miss, you write down a matching post-it in front. You might not get 100% coverage but I'd be shocked if you don't have 99%. You can also "seed" that poster with existing ones, e.g. https://trustonteachestech.blogspot.com/2017/06/open-source-alternatives.html
My hope is actually that standard compliant (that's the important bit) hardware keys and passkey, e.g. WebAuthn, get more broadly accepted. This way open source and hope hardware solutions, e.g NitroKey, would allow anybody on any OS supporting those standards (which does include Linux without proprietary blobs AFAICT) to work.
Thanks for doing that.
IMHO it's show, don't tell. I'm assuming you have few laptops laying around here but ideally :
- have a working Linux computer and let them play with it. You can have few documents on the desktop to help kickstart the process, few browser tabs opened with e.g. ProtonDB to show that most games do work, etc. A little "trick" you can do is have an email client (Web based or not) opened so that they can (if they want) email to themselves a message like "I wrote this on Linux!" and a link to some documentation your wrote online about the event.
- have another one where you can do an installation live (or play in loop a few minutes video recording where disk formatting, package download and installation, are sped up, easy to do with a VM)
- have yet another one where ... they can install themselves! I'd suggest a VM there so that they don't fear they would wreck your computer
Few "gotcha" I would warn people who are genuinely interested in (as I wouldn't waste time with this for people still doubting) :
- backup your data (documents, family photos, work, etc but NOT games, music, downloaded movies) on a USB stick before you do anything!
- you might have to tinker with BIOS settings but that is not scary BECAUSE you backed up your data
- there are plenty of distributions, even though that's beautiful, ... just pick a popular one at first because that's how you get help more easily
- peripherals are not all made equal, even though the vast VAST majority do work with Linux, they don't have little stickers to help customers buy them so rely on standards (like BlueTooth or WiFi) AND if it's something expensive or bulky, do check online reviews with product name + linux in a search engine like DuckDuckGo.
Now... the actual argument I usually share with people is the browser. Most people don't use their computer, really. They use their browser to connect to the Web THEN do their "work" or entertainment. In that case then it should be no problem because browsers are properly cross platform. I would let them potentially use Chrome (sigh) or Chromium just to show how familiar it is and hope that, as they learn more about freedom, they do consider other browsers, like Firefox or WaterFox, Pale Moon, etc but just like with distributions, starting with whatever is popular and they feel comfortable with.
- for the Lynx (that can't be bought rooted already but takes about 15min to root) I wouldn't buy it right now but wait for their AndroidXR release... and see if that would be rootable. I personally share my Lynx with hardware and software hacker friends nearby because I know it's a relatively rare device.
- NorthStar is AR, not VR, and by default isn't mobile but there are compute pack explorations and opaque covers. Honestly if you are not into hardware tinkering I would not recommend it. If you are though then you probably don't need a lot of hand holding, just connecting with peers to learn from each other.
- SimulaVR https://simulavr.com/ is very tempting but the price tag is quite high and to be honest I worry that they are following the Lynx delivery delay path. I also haven't put my actual hands on an actual product so I can't comment on it.
- Valve itself has been leaving hints for mobile VR and they did IMHO an amazing job with the SteamDeck, namely something reliable (it "just works") while running Linux proper (even though most players will be totally unaware of it) ... but it's Valve. So they will release it, if they ever do, whenever they will believe it's ready. This is also pure speculation! They have not announced anything but they did sell the Index, SteamDeck, SteamVR on Linux, and there are bits of code hinting at a standalone HMD.
I would consider that VERY sophisticated. One needs to basically conduct identity fraud, so have enough information to port your SIM via your phone company. I imagine that if you do not call your phone company with your existing number they have a few extra steps to allow anything to happen.
Anyway, beyond that, which as you shared (thanks for taking the time to put those links) is indeed not infeasible (but still requires targeted work and skills) this is only 1 step out of 2 for authentication against a bank. One still needs to know the bank and the login/password pair the Website requires.
Even once that's done, I believe most banks do not allow large transfers, e.g. above 10K EUR, without another verification. Typically transfers have a daily and weekly limit that can be modified temporarily.
So... IMHO it's sophisticated (in the sense that a "script kiddie" or scammer without technical skills can't do it) and has limited economical value.
I will remember it (again, thanks for pointing it out) but I won't lose sleep over it.
PS: I'm wondering what's the consumer law on this actually because arguably some steps, e.g. no limit transfer or SIM porting would be on failure on the side of companies, not consumer. I wouldn't be shocked if companies had insurance for that and might have to pay back whatever amount would be stolen. Obviously this would be regulation dependent.
solar helps that number even more
Wouldn't that assume you are not using all the electricity coming from your panels?
Private? I'm pretty sure any of the existing means are private in the sense that I, a random stranger, will not know about that transaction.
Do you mean anonymous? Pseudonymous? Hidden from your government or the government where MullVad is established?
I'm not trying to be pedantic here but rather to genuinely understand so that I can try to answer.
That's the kind of things I expect somebody to be into deciphering to have already a ~/Prototypes/deciphers/ directory with a bunch of scripts with the basics and maybe a testing script that iterates through them sorted by probability (maybe based on popularity) and checks output against keywords, e.g. stop words of increasing length then dictionaries.
TL;DR: I bet that person had automated that process.