Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.

TL;DR: keep your apps updated & don't scan QR codes that you don't trust.

As if anybody here needs a reason to be wary of what you do online, this essay shares how a foreign adversary used back doors that were intentionally put in place to spy on Americans and how the rest of the world probably has the same back doors.

I especially appreciate the phrase "nerd harder" and the quote, "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia".

How can IT folk help politicans to understand?

While reading many of the blogs and posts here about self hosting, I notice that self hosters spend a lot of time searching for and migrating between VPS or backup hosting. Being a cheapskate, I have a raspberry pi with a large disk attached and leave it at a relative's house. I'll rsync my backup drive to it nightly. The problem is when something happens, I have to walk them through a reboot or do troubleshooting over the phone or worse, wait until a holiday when we all meet.

What would a solution look like for a bunch of random tech nerds who happen to live near each other to cross host each other's offsite backups? How would you secure it, support it or make it resilient to bad actors? Do you think it could work? What are the drawbacks?

I thought this group may enjoy this read about a suggestion on an option to take in the Google antitrust lawsuit. Of particular interest is that certain groups feel that the "right" approach is that everyone should be able to surveil the population, Google-style and the choice quote:

The judge repeats some of the most cherished and absurd canards of the marketing industry, like the idea that people actually like advertisements, provided that they're relevant, so spying on people is actually doing them a favor by making it easier to target the right ads to them.

As if you need any more reason to degoogle, consider what would happen if Google removed you from their platform tomorrow. This article some of the problems with putting all your eggs in one basket.

Does anybody have any workarounds for apps that don't work due to "security"? I have a few apps that I need for work that think my phone is rooted (it is not) and refuse to run. One is Entrust Identity Guard. It just won't open ("app keeps stopping") and the other is Service Now mobile ("a rooted device is not allowed").

I had a super fast but small SSD and didn't know what to do with it, so I was playing with caching slow spinning LVM drives. It worked pretty good, but I got interrupted and came back a few weeks later to upgrade the OS. I forgot about the caching LVM, updated the packages in preparation for the OS upgrade, then rebooted. The LVM cache modules weren't in the initfs image and it didn't boot.

I should know better. I used to roll my own kernels since Slackware 1.0. I've had build initfs images for performance tweaks. Ugh!

Where's my rescue disk?

Here's the "Privacy First" pitch: whatever is going on with all of the problems of the internet, all of these problems are made worse by commercial surveillance.

If something like this were implemented in US federal law, what could the downsides be? Like California Proposition 65, the "cookie law" didn't stop tracking, it just made more pop ups. Would this do the same thing?

I got hung up on contractions this morning regarding the word "you've". Normally, I'd say "you've got a problem", which expands to "you have got a problem", which isn't wrong, but I normally wouldn't say. Not contracting, I'd say "you have a problem", so then should I just say "you've a problem"? That sounds weird in my head. Is this just a US English problem?

US Senator Edward Markey (D-Mass.) is one of the more technologically engaged of our elected lawmakers. And like many technologically engaged Ars Technica readers, he does not like what he sees in terms of automakers' approach to data privacy. On Friday, Sen. Markey wrote to 14 car companies with a variety of questions about data privacy policies, urging them to do better.

The EFF has a white paper with a proposal to address various online 'harms' systemically.

From the executive summary, "whatever online harms you want to alleviate, you can do it better, with a broader impact, if you do privacy first."

Slashdot also has a pretty good summary if the white paper is too long for you to read.

I haven't seen this posted yet here, but anybody self-hosting OwnCloud in a containerized environment may be exposing sensitive environment variables to the public internet. There may be other implications as well.

Other than TiVo, what options do I have for recording OTA programs? I've been playing with Plex and rip my episodal DVDs, and would like to record, too.

This is a long article about the US CFPB creating a new rule that may help protect your financial data. The interesting stuff is near the end where it sounds like they're putting your financial data back in your hands:

The Bureau will force banks to "share data at the person’s direction with other companies offering better products."

the businesses you connect to your account data will be "prohibited from misusing or wrongfully monetizing the sensitive personal financial data."

I'm not very knowledgeable in this area so I'm wondering what your read is on it.

I was out walking around and "popping" quests on StreetComplete. I was wondering what the consensus is on the question "Who is allowed to park here?" In this case, it's an ungated parking lot next to a commercial/industrial warehouse with many companies occupying the same space. A few of the parking spots had a sign indicating "reserved for XYZ customers", but most did not. This is not a city-owned parking lot. What's the right answer?

What started you down the path to privacy? Was it a particular event, article, podcast or something else?

I understand the intent, but feel that there are so many other loopholes that put much worse weapons on the street than a printer. Besides, my prints can barely sustain normal use, much less a bullet being fired from them. I would think that this is more of a risk to the person holding the gun than who it's pointing at.

Is there any decent iPod management software for linux available? I have a 6th generation iPod that I use only for music and it's really the last thing that I keep my windows partition around for. The more I use linux, the more unintuitive iTunes feels. I had tried GTKPod in the past and one other, but they didn't support the 6th gen iPods. I'd be happy with just a CLI copy type command!

Is anybody using only IPv6 in their home lab? I keep running into weird problems where some services use only IPv6 and are "invisible" to everyone (I'm looking at you, Java!) I end up disabling IPv6 to force everything to the same protocol, but I started wondering, "why not disable IPv4 instead?" I'd have half as many firewall rules, routes and configurations. What are the risks?

Many of the posts I read here are about Docker. Is anybody using Kubernetes to manage their self hosted stuff? For those who've tried it and went back to Docker, why?

I'm doing my 3rd rebuild of a K8s cluster after learning things that I've done wrong and wanted to start fresh, but when enhancing my Docker setup and deciding between K8s and Docker Swarm, I decided on K8s for the learning opportunities and how it could help me at work.

What's your story?