• 1 Post
  • 79 Comments
Joined 1 year ago
cake
Cake day: March 6th, 2024

help-circle



  • My old community garden used a Signal group which worked really well.

    I’m currently part of a bushcare group which I believe use Facebook but not sure how active it is. We have a regular monthly schedule which I show up to in-person.

    I can second the annoyance of people using Facebook groups for everything. I can’t control what I see on Facebook so I won’t use it. I’ve found other groups impossible to join for this reason - like my local bike user group. Real shame because I’d like to join but I found the in-person meetings were largely discussing things in the Facebook group.


  • Hmm I don’t usually chill my water but I heard that helps a lot. Might start doing that myself.

    The taste is very noticeable unchilled. I noticed after rinsing when brushing my teeth. I heard the water was bad in the western suburbs and it was about 24 hours later that I started noticing the taste in Brisbane’s south (I guess the water towers get filled at different times).




  • Graphene shills have been banging on this point for donkey’s ages. Reality is that many people use phones that are out of OEM support and many OEM ROMs are bundled with questionable software (Oppo, Samsung etc.) There are some decent criticisms to be made about LineageOS, but others to be made about Grapheme, like its Google-suggestive configurations, which is quite bad for security and privacy. Graphene says this is all optional and not part of the OS, but doesn’t include any equivalent F-Droid installer.



  • My original reply to the OP’s question, thoughts and experiences with GrapheneOS, was along the lines of “I think GrapheneOS is Google-centric” and you disagreed saying that GrapheneOS was a “blank slate”. Honestly I think you’re being a bit defensive and maybe a little gaslighty which is why I downvoted.

    GrapheneOS provides fairly prominent links to a Google Play installer or the relatively obscure Aurora Store. The Aurora Store client app is FOSS but the store is quite literally a proxy for the Google Play Store. The apps in the screenshots on Ausora Store’s homepage are mostly apps that use or require Google Play Services. This is all very Google-centric.

    If Google Play wasn’t an important part of GrapheneOS, it could just not contain a prominent link to the Google Play installer. Or it could contain a link to install a fairly prominent app store that offers an ecosystem outside of Google Play. But it exclusively steers users to the Google Play ecosystem as a part of the default, packaged experience, hence my original reply to the OP.





  • Even with a 10% pay cut the VC will be remunerated over $1,000,000 per year, even despite the university’s poor financial performance.

    Having worked at a university the waste is in plain sight. Vendor lock-in, consulting fees (especially with the Big 4), high executive pay, and compartmentalisation between professional and academic staff are high on the list.

    In my area (different university) there was a constant stream of poor decision making. Moving to the cloud? Let’s hire a consultant to tell us what to do, and then do it in the worst possible way, instead of using internal capabilities! I suggested that the contract include provisions for “best practice” as listed by the vendor (HashiCorp) but this was ignored. The consultant gave us spaghetti Terraform code and an inefficient, high cost subscription layout.

    The professional and academic staff barely talk in my experience. Academics do their own thing as much as possible. Professional staff throw solutions over the wall, mostly because of the existence of the wall in the first place.

    The university was looking at using “crotch sensors” (motion sensors under the desk) to measure desk utilisation, spending money on “smart” ambient sound solutions etc. in the executive building, and other high cost solutions looking for a problem, at the same time as freezing staff and threatening redundancies. I was denied training but offered access to an LLM subscription (GitHub CoPilot) along with other IT staff, because AI is the going buzzword being parroted by the executives.

    The higher education sector seriously needs an external review… and a proverbial kick up the bum.




  • Here’s the actual paper of the technology (Prio) that it’s based on.

    Some problems stand out:

    • It requires that the organisations (Mozilla and ISRG) not collude to decrypt the secret share (probably reasonable)
    • The paper suggests registering end users to protect against Sybil attacks.
    • The scheme requires the organisations to correctly withhold results from advertisers until there are sufficient results.

    I’m not overly familiar with the tech stack but I’d be concerned about browsers using a persistent UUID to send impressions to Mozilla’s API.

    The biggest elephant in the room is that seemingly nobody wants the damn thing. It offers nothing to users, except maybe a good feeling inside that they’re supporting AdTech. It offers AdTech less than the current deal where they can collect obscene amounts of personal information for targeted advertising.



  • Yeah, I usually follow the Greens and warm to MMT thinking, but using interest rates to improve housing affordability is just a really big misuse of a big lever with broad consequencess.

    Now, they didn’t talk about it at all in their media release and maybe it hasn’t even been considered by Aus Greens, but a big theme in The Green New Deal in the US is looking at fiscal policies that may reduce inflation, like continuing to reduce dependence on petroleum through electrification and public transport infrastructure (every person who catches PT is reducing oil demand), and improving healthcare through universal healthcare like we do here. Of course construction may be the limiting factor when it comes to inflation, but a wartime-style focus on construction supply is basically what is being proposed by MMT proponents.

    Back to Australia and the Greens, if they were talking about price stability and alternatives to higher interest rates I might be more supportive. I can think of another political candidate also calling for lower rates in the US - Donald Trump. The reality is that it’s politically popular to deliver lower rates risking future price inflation.


  • PSA: if your financial institution/government/<other website> is using SMS codes (aka PSTN MFA) for multi-factor authentication they are practically worthless against a determined attacker who can use SIM swap or an SS7 attack to obtain the code. Basically you are secured by a single factor, your password. If your password is compromised it may be sold via black hat marketplaces and purchased by an attacker who would then likely attempt to break that second factor.

    The best way to protect yourself is to use a unique password; a password manager especially helps with this. Sometimes institutions will offer “Authenticator” (TOTP) as a second factor, or PassKey authentication, both secure alternatives to SMS codes.

    Here in Aus I’m working with Electronic Frontiers Australia to try and force some change within government and financial institutions (via the financial regulator). Most banks here use SMS codes and occasionally offer a proprietary app. One of the well-known international banks, ING Bank, even uses a 4 pin code to login to their online banking portal. 😖

    Unfortunately SMS codes are a legacy left from old technology and a lack of understanding or resourcing by organisations that implement it. Authenticator/TOTP tokens have been around for 16 years (and standardised for 13 years), and PassKeys are relatively newer. There is a learning curve but at the very least every organisation should at least provide either TOTP or PassKeys as an option for security-minded users.