drspod @ drspod @lemmy.ml

Posts

13

Comments

760

Joined

4 yr. ago

What did he lie about? What was the larger case about?

that's a link to a telegram post, for the benefit of anyone who would prefer not to load the telegram website from wherever you're browsing from.

This would work better as a wiki, creative commons licensed, with a database that's available for download separate from the website frontend (like wikipedia has).

was this UAV safe?

Good luck alt-tabbing to the one you want.

This is what workspaces are for.

You need to put yourself in the shoes of a non-technical person who doesn't know how to evaluate the relative security of all the tools that are out there available to them. If you are posting your pre-alpha untested software with a title like "Anti-forensic and secure messenger" then there are many people who will read that and think that it's on an equal footing as the other tools they have heard of. The vast majority of people are not software engineers, and even fewer are cryptographers.

this project is still in heavy development so without it getting professional security audit i wouldn’t recommend using it for sensitive stuff.

You've got to lead with this.

Well a professional security audit would be at the top of the requirements for an established product that has a userbase and some kind of funding, but as a solo developer the least you can do before releasing your software to the world is to have at least one other person who has some experience in security look it over - that's what I was asking.

If you can tell people that your software is secure and "anti-forensic" (!) then you must be pretty confident in your understanding of security systems to release that without even a single code review by a peer.

yt-dlp

Anti-forensic and secure? Those are bold claims. If you're the only person working on the project, have you at least had someone else look at the code to find any obvious security vulnerabilities?

That's it, I'm calling the police.

Let he who is without sin cast the first stone.

a ISO

If you're going to just post straight-up clickbait, the least you can do is put the TLDR in the post summary.

I think the whole thing is AI generated.

Trying to monetize the piracy of your users. That's a bold business strategy.

Look, I know a lot of people could be using the sharing feature to share material that is in the public domain or that they own the copyright to, but let's be honest: most of that sharing would be considered an "unlicensed public performance" by the MAFIAA.

It appears to spawn a curl process to send the email by constructing a string using user-supplied values. I don't know what checks Guile Scheme does on system calls, but I would guess you are vulnerable to command injection here. That's not ideal for something you want to deploy as a micro-service.

libcurl has bindings for Guile, you should use those instead: https://github.com/spk121/guile-curl

Again, nothing to do with Microsoft's cloud platform.

Oh I see. That's just measuring tracking scripts on websites. It's not particularly relevant to what is discussed in the article (data sovereignty of cloud providers).

I could also edit the URL manually, it's just an obnoxious way to respond to a question.

You're going to link me to youtube shorts?

Please, no.