Pinned toot

@U039b

As I committed myself since May 2018, I publish each first of the month a new technical article about anonymity, privacy and digital autonomy. (today is the 10th I know ...)

For the month of November 2018, it is an article about OpenVPN. It explains in detail how to setup a very highly secure configuration with Elliptic curve, certificate verification and other security improvements.

blog.mirabellette.eu/index.php

Pinned toot


I published as I committed an article the tenth of each two months. It is about the blog itself and what I did for the community during this period.

Especially:
* What I achieved during this period
* What I accomplished for the community
* How are the blog and services popular
* Balance sheet of the period
* Some words about what I think for the next period

Today, it is about the months of July and August.

blog.mirabellette.eu/index.php

Petit article intéressant sur @nos_oignons et ses hébergeurs :
nos-oignons.net/Actualit%C3%A9

Au passage, il y a un nouveau nœud de sortie, hébergé par @Aquilenet \o/

Mozilla a publié ses comptes 2017 (et les documents pour le fisc US) :

mozilla.org/en-US/foundation/a

Les PDFs sont en bas. Le premier truc que je constate comparé à 2016, c'est le salaire de Mitchell Baker qui passe de 1 à 2,3 millions de dollars.

=> Je vais demander une augmentation de 130% à mon patron moi 🤔

@ LineageOS users: Some readers asked why they get daily updates for their LOS system.

Most likely, the build server is configured to create "nightly builds" regardless of whether there are any actual changes. This results in daily updates that only update the creation string.

Go to download.lineageos.org/ and check the changelog of your device to see if something was changed. Updating once per month is mostly sufficient.

#lineageos #los #android #update

Don't believe everything you read online about #ProtonMail - reddit.com/r/ProtonMail/commen

> As many of you may be aware, earlier today, criminals attempted to extort ProtonMail by alleging a data breach, with zero evidence. An internal investigation turned up two messages from the criminals involved, which again repeated the allegations with zero evidence, and demanded payment. We have no indications of any breach from our internal infrastructure monitoring.

#infosec

Ou pourquoi faire des trucs « sécurisés » en JS, c’est la merde…
Mais là, version XXXXXXXXXL… 😱
pastebin.com/bwvqHhbA

@U039b

As I committed myself since May 2018, I publish each first of the month a new technical article about anonymity, privacy and digital autonomy. (today is the 10th I know ...)

For the month of November 2018, it is an article about OpenVPN. It explains in detail how to setup a very highly secure configuration with Elliptic curve, certificate verification and other security improvements.

blog.mirabellette.eu/index.php

C'est vachement pas con l'outil de vérification de compte de Mastodon. Du coup je viens de certifier que mon blog est bien à moi !

New post about: Malicious code and abandoned websites

What happens when a website service disappears and a malicious user comes along and takes over the endpoint? That's what happened with "New Share Counts" recently.

How do we make this better?

ryandaniels.ca/blog/malicious-

#privacy #security

X.Org X server vulnerability affects CentOS, Debian, Ubuntu, Fedora and other Linux operating systems:

zdnet.com/article/new-security

– CVE-2018-14665
– attackers can elevate privileges and/or overwrite any files on the local system, even crucial OS data
– update to X.Org Server 1.20.3

#xorg #xserver #vulnerability #flaw #linux #debian #ubuntu #fedora #centos #infosec #cybersecurity #security

Recap: XMPP – admin-in-the-middle.

infosec-handbook.eu/blog/xmpp-

XMPP admins can transparently:

– see and arbitrarily modify all of your contacts, MUC memberships/affiliations and vCard data
– monitor your activity and devices
– log and read your password in cleartext
– log and read cleartext messages and other file types
– impersonate your contacts
– delete messages
– …

In our opinion, the only way to privately and securely use XMPP is hosting your own server.

#xmpp #privacy #security #infosec

Denmark is the first country to require businesses to encrypt emails containing sensitive personal information end-to-end, starting January 1, 2019.

tutanota.com/blog/posts/denmar

Hello everyone,
I made some update of the blog: blog.mirabellette.eu/

Could you please give me some feedback about it?

Do you find it clear? Easy to read?

How do you think I could improve it?

Thank you very much for your help :)

Thanks! More options to add in user.js Show more

As I committed myself since May 2018, I publish each first of the month a new technical article about anonymity, privacy and digital autonomy. (today is the 6th I know x))

For the month of October 2018, it is an article to understand why I failed to install Firefox Accounts Server, what I think about it and some documentation about how to install it.

blog.mirabellette.eu/index.php

Feel free to share it if you find the article interesting or the blog interesting.

The exact list of domain name you could block in order to forbid mozilla firefox telemetry:

telemetry-coverage.mozilla.org
www.telemetry-coverage.mozilla.org
telemetry-coverage.r53-2.services.mozilla.com
telemetry-coverage-1699465515.us-west-2.elb.amazonaws.com

*found in the article linked


When Mozilla Firefox is forcing you to share your personal metrics data in opposition to the GDPR.

Feel free to configure your local dns to forbid the resolution of telemetry-coverage.mozilla.org.

dustri.org/b/mozilla-is-still-


I published as I committed an article the tenth of each two months. It is about the blog itself and what I did for the community during this period.

Especially:
* What I achieved during this period
* What I accomplished for the community
* How are the blog and services popular
* Balance sheet of the period
* Some words about what I think for the next period

Today, it is about the months of July and August.

blog.mirabellette.eu/index.php

Show more
La Quadrature du Net - Mastodon - Media Fédéré

Bienvenue dans le media fédéré de la Quadrature du Net association de défense des libertés. Les inscriptions sont ouvertes et libres.
Tout compte créé ici pourra a priori discuter avec l'ensemble des autres instances de Mastodon de la fédération, et sera visible sur les autres instances.
Nous maintiendrons cette instance sur le long terme.