Mastodon: https://mastodonapp.uk/@TiffyBelle
This thread is about KeePass and my comments relate to that. If you pull KeePass2 from the repos in Debian, for example, it’s going to pull the Mono runtime to execute it as well because it’s been built, like most C# apps, for JIT compilation. I doubt it’s even possible to compile KeePass2 using AOT compilation.
This is what the C# KeePass application looks like using the Mono runtime in Debian:
This is KeePassXC:
You can see which has better native integration into the desktop out of the box.
Obsidian is really good. Very feature-rich and customizable.
I personally prefer Joplin for a couple of reasons. It’s fully open source and while it has less features and customizability, I also feel it keeps out of my way more to allow me to focus purely on taking notes and not messing around with other features. Obsidian encourages me to play with its extra features more, which for my case usually just reduces the productivity of my note-taking.
Probably just a me-thing. I tend to gravitate to more straightforward and minimalist solutions generally.
Microsoft doesn’t own the standard. It’s actually an open standard maintained and contributed to by a whole host of technology companies. This is contrary to the old BIOS method which was originally proprietary to IBM.
The fact they have such wide authority in signing is a product of how wide-reaching their market share it. They essentially mandate that OEMs include their signing keys in the signature database if their systems are to ship with Windows, thus making them a de facto authority on what gets signed. This was a point that made a lot of people in the FOSS community uncomfortable and still does to this day, although if one wants they can actually take full control of the Secure Boot process by replacing the Platform Key (PK) with their own. This gives ultimate control to the owner of the machine as they can then replace the Key Exchange Keys to allow them to replace Microsoft’s keys within the signature database (db). This completely removes reliance on any third party signatures and enables ditching the first-stage Shim bootloader from the boot flow entirely, since the owner could just sign whichever bootloader they wanted to use directly with their own key in the database. As it would require manually signing everything from the bootloader to the kernel and its modules though, including re-signing them after updates, this is definitely a much more involved way of doing things although arguably even more secure as the system would be entirely locked down to only binaries signed by its owner at that point.
As to why they don’t sign GRUB, it’s about licensing. Since GRUB is GPLv3, there are provisions in the license that Microsoft interprets as potentially mandating them to disclose their private key to facilitate users installing modified versions of it. Ubuntu came to the same conclusion when contemplating how to deal with Secure Boot back in the day, where they wanted to provide an alternative to the Microsoft keys by having Canonical’s keys also shipped with firmware, although proliferation of their keys is a lot less widespread and in some peoples’ eyes not all that much different than just using VeriSign’s service for the Microsoft keys anyway.
Booting the kernel directly via EFIStub from the firmware is certainly an interesting idea, although it sounds like a potential pain to manage updates. Will definitely take a look down that rabbit hole though. =)
Good question! There’s a few reasons, I guess:
All boils down to my enjoyment of doing weird nerdy things though, ultimately. =)
I prefer the KeePassXC fork as it’s written in C++ and not C# so it has better native integration with OSes like Linux, but yeah these are really good solutions with no subscription requirements or necessity to upload to any cloud service.
You’re right, but HTTPS implementation added real, tangible benefits that everyone could understand. I think ECH is a little more abstract for the average user, which is why I compared it to DNSSEC which has notoriously poor buy-in.
Obviously I hope ECH becomes a well-implemented standard. I’m just rather cynical that it’ll be the case.
All well and good, but sadly this relies on the hosts managing DNS to include specific entries in their DNS configuration for keys to use during the encryption process. Unfortunately the vast majority of hosts probably won’t be bothered to do this, similar to DNSSEC.
Turned out, this model was hard coded to only allow a boot entry named “Windows Boot Manager” to be loaded by default.
Holy moly that’s absolutely shocking. Yeah I didn’t quite realize how scuffed various UEFI implementations were until I encountered this issue and started looking around. Wild.
In part because some of my education research led me into looking at how data was being used by social media and big tech and led me to a greater understanding of just how much was being collected and how it was being shared and used.
After learning about the landscape of data collection, I decided I wanted to minimize my part in it.
Unless you’re using the TOR Browser or Mullvad Browser, you’re already fingerprintable with a high degree of accuracy for those determined enough. If you’re that worried about fingerprinting, you should probably be using one of those.
There’s no magic number of extensions that would be considered “safest” from a fingerprinting perspective. Any you add will likely adjust your fingerprint in its own way. But as I said, since you’re probably uniquely identifiable anyway you can’t really get “more unique.”
With that said, it’s best to keep your extensions to a minimum for other reasons too. Each extension represents an increased attack surface and you have to trust more developers to not be implementing exploitable code directly into your browser. Generally, I find UBlock Origin to be enough and maybe an extension for your password manager or a few other things. I don’t generally run more than 5.
Supporting the Chromium monopoly is a valid point, but there’s also a reason why a lot of browser companies, even those who market their browser at more privacy-conscious individuals such as Vivaldi and Brave, choose to fork Chromium over Firefox/Gecko. A good portion of that reason is Chromium’s superior security architecture that is a lot more battle tested and mature; the rest of the reason often comes down to compatibility and mobile-readiness.
A lot of people are wary of any browser engine attaining a monopoly since IE achieved this back in the day. It’s not exactly a like-for-like comparison though, since Chromium is actually open source and IE/Trident was not. For that reason, anything problematic can be stripped out by those who fork it which is exactly why we have browsers like Brave, Vivaldi, Ungoogled Chromium, and others who remove anything that feeds data to Google from their releases. The option also theoretically exists to hard fork the project entirely and take it in a different direction which was never a possibility in the IE days, although that would be a monumental effort.
I get it if people want to support Firefox/Gecko for philosophical reasons. In an ideal world there would be several projects of equal maturity to the browser engines we have today. Realistically though, for all intents and purposes, the vast majority of the world is already using Chromium in some flavor or another and it’s a project that has a lot of the world’s best browser engine developers contributing to it. As a user, I care most about using a secure, privacy-respecting browser that I find innovative which caters to my needs through its features rather than fighting a philosophical battle that’s already been lost. Naturally if you find Firefox does cater to all your needs though, more power to you.
Brave and Vivaldi are very different companies. I don’t use Brave specifically because I’m not comfortable with the fact that, essentially, they’re an advertising company primarily looking to push their crypto.
It’s true that using a Chromium base poses some additional privacy challenges. Due to its customizability, it’s certainly possible to harden Firefox to a better level than any Chromium-based browser currently; projects like Arkenfox certainly help with this, as well as the tweaks ported to the browser by the TOR Uplift project. With that said, stock Firefox as shipped by Mozilla isn’t exactly privacy friendly without going to lengths to harden the browser. Mozilla collect an absolute ton of telemetry by default, complete with a unique identifier attached to each download. FF also comes with pre-installed addons with questionable privacy policies like Pocket.
I think concerns about fingerprinting are somewhat overstated, or at least over thought about. The reality is there’s an absolute ton of metrics that can be used to fingerprint a browser by advanced scripts and if a site wants to fingerprint you it will, and it doesn’t really matter if you’re using FF or Chromium. The only realistic way of avoiding this is by using browsers like TOR or Mullvad, which aim to all have the same fingerprint so you’ll be able to blend in with the crowd. Preventing naïve script fingerprinting is the best you can ever hope to do on any other daily driver browser, and addons like CanvasBlocker for Firefox or JShelter for Chromium are typically enough to prevent fingerprinting by opportunistic scripts.
Vivaldi is an awesome browser and the people and company behind it continue to inspire me with confidence that they’re truly committed to providing a Chromium-based browser that is as privacy conscious as it can be.
Swing and a miss, bud.
I’ve tried all three and I currently use the free ControlD Ads & Tracking DNS resolver and I’ve been very happy with it. It filters a fair amount of garbage domains in my experience and I don’t want to spend time finely tuning the blocklists a DNS resolver uses. I use it over Adguard DNS because I noticed it blocks a few more domains in my observation.
I think most people talk about NextDNS because of the level of customizability it offers, if you want to finely tweak the blocklists and whatnot your resolver uses. It also has a pretty good web interface showing you all kinds of stats and whatnot.
You also have to keep in mind that ControlD is newer in comparison to either NextDNS or Adguard DNS by a few years, so there’s likely less people discussing it as it’s a little less known.
And FF containers are still no match for advanced fingerprinting.
The only way to protect against advanced fingerprinting is to use the TOR Browser or Mullvad Browser, to blend in with everyone else who shares the exact same fingerprint using those tools. The best you can do outside of those is to protect against less advanced scripts.
I mean, I consider Mastodon pretty “customizable” in the sense that you state. It’s easy to follow individual hashtags surrounding specific topics, groups that people use to post about a specific topic or individual users. My home timeline is pretty much all topics I’m interested in due to who and what I follow.
Similar to Lemmy really. Your subscribed feed should be exclusively topics that interest you from the communities you subscribe to.
I am absolutely not, but this may have changed as I don’t have access to real-time information as my knowledge was last updated in September 2021.
Fully agree. I started using OnlyOffice about 6 months ago but wouldn’t go back to LibreOffice at this point. I feel the interface is way more intuitive and helps with productivity.
I’m a fan of the LibreOffice project too, but they need to invest some time in improving the interface. The Word 97 look isn’t cutting it for me anymore and even with “ribbon mode” enabled it’s vastly inferior to OnlyOffice’s UI.