sneak @sneak@sneak.berlin

if you have a DNS control panel, you should have fields on each RR for tracking a) who added the record, b) when it was added, and c) notes/what it's for. administrators should be able to make the "notes/purpose" field mandatory.

@sengi_app @liaizon yup, you're right, that's how the web works. that's not how desktop software works. downloading and running desktop software is not consent to download and execute arbitrary code i've never seen before.

@sengi_app @liaizon just because a desktop app is "not mandatory" doesn't make it okay to make it do things the user doesn't want. i downloaded this app and ran it, and it connected to your server to download stuff. why is that okay? i didn't want that code, i wanted the code i downloaded from github.

you need to learn about user consent.

@sengi_app @liaizon

auto updates without user consent are RCE! what part of this aren't you getting? if i compromise your webserver i can take over the client with malicious code.

@sengi_app @liaizon

that means that this "desktop" app is actually downloading javascript on each launch and running it locally, granting remote code execution on my computer. that's *way* worse - it means that a compromise of your webserver can read and upload/steal any file on my computer. this is a security nightmare.

bundle the code into the desktop application, and do not make any connections on launch other than to the configured homeserver. you're opening your users up to compromise

@liaizon simple analytics, without advance opt-in consent, transmit my data without my consent, and meets the definition of spyware. apps that transmit my activity *intentionally* without obtaining consent *are* malicious software, and the developer built this, which means they built it maliciously to steal my data.

SN9 test flight imminent, engines being chilled, launch in less than 30 mins:

https://www.youtube.com/watch?v=wfHqbahPKpY

@liaizon @sengi_app

Turns out this app is spyware, it phones home the instant you open it, without consent:

You can't use HomePods (even to just play music via Wi-Fi) without an iCloud account. You can't use iCloud without an Apple ID, and an Apple ID requires a phone number to create.

This means that you can't use HomePods, a wireless microphone you install in your house, without providing Apple and their government partners a strongly identity-linked unique identifier (a phone number).

Cool, huh?

testing out brutaldon as well. i think i like pinafore better, might host my own copy

@surfingalot alternate mastodon html client

the whole fucking society is wiretapped 24/7 and yet they still can't do basic policework.

https://www.christianpost.com/news/fbi-increases-reward-for-rnc-dnc-pipe-bomb-suspect-to-100k.html

testing out pinafore

@Cambria the screen is excellent, they did a reasonably decent job of ripping off the macbook air. the keyboard is crap though. it runs linux like a dream.

those pc idiots who tell you the dell xps is just as good as a macbook air or pro are lying to themselves. the keyboard is crap and the palmrest (top of the bottom case) is plastic.

such a great read, posted by one of the new amazing users on my bbs which launched yesterday:

Extreme Privacy, 2nd edition:

https://mega.nz/file/dZMARD4I#1h6AZ_pDh3eTIgWiB8CF5zsLBruGyete4vEmLINsVEQ

dude, i got a dell

@staticvoidmaine bulletin board system. a place to post/discuss things with weird strangers on the internet