Recent searches

No recent searches

Search options

Only available when logged in.
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Administered by:

Server stats:

502
active users

101010.pl: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-beta.2

#availability

0 posts0 participants0 posts today
Replied in thread
⠠⠵ avuko

@WIRED @politics-WIRED

“The power to destroy a thing is the absolute control over it.”
— Frank Herbert, Dune

I see AWS touting “sovereign cloud”. Again. Microsoft and Google likewise always play this card.

Even if these cloud companies’ claim they couldn’t “access your keys” was true, they clearly want you to think only about confidentiality.

Why is that?

That’s because otherwise you’d realise your keys (or derivatives) are on their infrastructure. So they can delete them.

And when they delete your keys, all your confidential data turns into random, unrecoverable zeros and ones. Permanently lost. Gone. Kaput.

That’s why the cloud companies do not want you to think for even a millisecond about availability.

And really, how realistic is it that any cloud company would ever willingly destroy their customer’s data, right?
whitehouse.gov/presidential-ac

Good night. Sleep tight.

The White House · Imposing Sanctions on the International Criminal CourtBy the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency
#infosec#CyberSecurity#availability
Replied in thread
Estelle Platini

(continued)

The director of the institution, Pierre Silviet-Carricart, has been charged of the case of sexual assault. François Bayrou asked the investigating judge for a meeting at his place. The discussion was around the risks for the Bayrous' son, then a student at the boarding school. François Bayrou's wife attended the director's funeral in 2000.

At Parliament, on 11th February 2025, François Bayrou was representing the government for the weekly question-and-answer session. When asked about #Bétharram, he stated before the National Assembly that he had "never been informed of any violence, and even less of sexual violence".

@anthropology @edutooters 🧶

#availability#family#adultDomination
Replied in thread
Estelle Platini

François #Bayrou is the current Prime Minister of #France.

In 1996, violence was denounced in the elite catholic school of his constituency. He made an official visit as both the then Minister of National Education and a member of the National Assembly for a seat in Béarn (the province of the school). He told the regional press: "The people of Béarn felt these attacks with a sense of pain and a sense of injustice. […] All the checks were favourable and positive."

#EstelleSays 🧶

#Bétharram#availability#adult
Replied in thread
Jarkko Sakkinen

@rolle @exerra @donovanh

Few things I like in IRC over Matrix, or any other protocol in professional setting:

  1. Does not try to blend #security and #decentralization. By not having security at all is one way to implement a sound security model. This allows to design security properties both by means of infrastructure security, i.e. outside the protocol, and also by tunneling, i.e. inside the protocol (classic example is off-the record messaging). This keep the core protocol compact and sound, and easy to verify for correctness, which is by itself a strong security property.
  2. Has both decentralized and client/server based topology since 1988(!). It is a network of servers, which together form an IRC network.
  3. Protocol messages are both rigidly structured AND still human-readable (unlike JSON), and have a clean specification (RFC 1459).
  4. Features not in the protocol itself can be implemented efficiently with bots, given the ease parsing and producing IRC protocol messages.
  5. IRC network heals fast from failures and has high #availability properties, given the clean and rigid definition of what it does and what it does not do.
#IRC#infosec
Replied in thread
Estelle Platini

#toDo

"28. Member States should instil a culture of the rights of the child and of responsibility of all professionals and adults in contact with children. Member States should consider systematically developing professional protocols and standards on child protection procedures and child protection safeguards, with the aim of ensuring that all organisations working for and with children have robust child protection policies and reporting mechanisms for situations of violence in place."

commission.europa.eu/document/ @eu

European CommissionRecommendation on developing and strengthening integrated child protection systems in the best interests of the child | European Commission
#availability#adult#family
Replied in thread
Erik van Straten

Adam, thank you for your (surprising) answer. You seem to agree with me, I'm summarizing what you wrote (quoted at the end of this toot), I joke you not:

——{
If you don't want to risk losing them, don't use ANDROID passkeys!

Instead, use a third party solution (requiring Android 14+)...
}——
 
 
*GOOGLE AUTHENTICATOR MISTAKE*
Please have a look at the weird distribution of ratings of Google Authenticator (play.google.com/store/apps/det); score : aproximate percentage of voters:

5 : 55%
sum of 2,3,4 : 20%
1 : 25% <——— note!

MOST people who voted "1", appear to have done that because, after losing (access to) their smartphone, they ALSO lost access to their (2FA TOTP-protected) accounts.

According to their reactions, most of them are PISSED; nobody warned them beforehand of this risk that TOTP secrets were not being backed up (this was changed last year; however, insecurily according to, in German, heise.de/news/Google-Authentic ).

Unfortunately, Google is making the same mistake with passkeys.
 
 
*RELIABLE LOGIN CREDS BACKUP*
Note that some security-aware people (such as I try to be) make backups of their TOTP secrets, which is POSSIBLE (I save QR-code screenshots in a password manager).

However, users CANNOT make backups of their Android passkey secrets. Therefore, if there is even the slightest chance of losing passkeys, users should ensure that a -usually PHISHABLE- alternative exists for logging in to each of their passkey-protected accounts.

Unfortunately, way too many people forget or lose "rescue codes" etc. because they hardly ever use them.
 
 
*PROMISING PASSKEY SECURITY*
The PROMISE of passkey security is relatively good, in particular for users who don't know how to choose, install (and properly configure autofill in order to prevent phishing) and use a third party password manager, and know how to backup its database (and actually make sure that this happens).

Therefore I fail to understand why it would be more important to provide an "optimal experience" to SECONDARY users of Android devices, rather than that PRIMARY users risk losing their passkeys.

Also, passwords are NOT deleted on my device when I tap "clear data"; why not?
 
 
*ARNAR WROTE*
Arnar Birgisson wrote in security.googleblog.com/2022/1 :
——{
Passkeys in the Google Password Manager are always end-to-end encrypted: When a passkey is BACKED UP, its private key is uploaded only in its encrypted form using an encryption key that is only accessible on the user's own devices. This protects passkeys against Google itself, or e.g. a malicious attacker inside Google. Without access to the private key, such an attacker cannot use the passkey to sign in to its corresponding online account.

Additionally, passkey private keys are ENCRYPTED AT REST ON THE USER'S DEVICES, with a hardware-protected encryption key.
}——
 
 
*MISLEADING DOCS/INFO*
Google's passkey documentation and your statements are incomplete, confusing and extremely inconsistent.

If passkeys are "encrypted at rest on the user's devices, with a hardware-protected encryption key", why would I care if they are synced to somebody else's account, if the other person DOES NOT POSSESS the hardware-protected encryption key?

Also, you wrote: "when they sign in on a device", "someone else signs in on their device": What Do You Mean?

Maybe someone else using the owner's screen unlock code, or signing in to an alternative Android account, or "sign in to Chrome" (whatever that means - I can imagine "signing in to" (unlocking) a /password manager) and/or switch the Google cloud account associated with the device?

As if granting another user access to your Android account on your Android device is not an extremely stupid thing to do (from a security perspective) anyway?
 
 
*JUST DON'T*
That is, unless you can trust the other user for 100% (which you never can): DON'T DO IT!

For example, your kid or grandchild may obtain access to content that your phone claims the owner is old enough for; spoofed "age verification" is just one of the increasing risks of storing "electronic passports" in smartphone "wallets". They may also steal your identity in many more ways, such as sending emails or messsges in your name, or add their credentials to your accounts (including banking apps).
 
 
*IN FACT, ARNAR AND DIANA WROTE*
Arnar Birgisson and Diana K Smetters wrote in security.googleblog.com/2023/0 :
——{
In fact, if you sign in on a device shared with others, YOU SHOULD NOT CREATE A PASSKEY THERE. When you create a passkey on a device, anyone with access to that device and the ability to unlock it, can sign in to your Google Account. While that might sound a bit alarming, most people will find it easier to control access to their devices rather than maintaining good security posture with passwords and having to be on constant lookout for phishing attempts.
}——
 
 
*CONCLUSION*
When/where did Google forget about KISS?

Why did (when Android 14 was not even available), and does Google promote passkeys - if there are even multiple ways of -unexpectedly- losing them (in my FD article I provided 3 examples) without being able to backup them by yourself?

Suppose a user, now knowing this, wants to switch from Android passkeys to, for example, Bitwarden: how do they transfer them?

Why are you not even interested in the rest of my findings?

Unbelievable.
 
 
On Feb 28, 2024, 23:30, Adam Langley (@agl) wrote:
——{
The other side of having data live on devices and using the account as a sync channel is widespread user confusion when they sign in on a device and are upset to find that their data remains on the device even after they've signed out. Or when someone else signs in on their device and their data syncs up to the other person's account.

I understand that one model isn't going to work for everybody, and Android 14 supports pluggable passkey providers so that nobody is locked into using Google Password Manager. But GPM passkeys are conceptually part of the account and clearing the account does clear them. I'll continue to try and push that our wording is consistent on this point. We'll be replacing the reset flow for passkeys in the coming months to be more specific and narrower in scope. Given that, we can be very clear about the consequences of resetting things. But while we might disagree about how Google Password Manager passkey should work, I know we do have a bug for accounts with custom passphrases. It is at least not causing data loss, but it does make the credentials inoperable. And we just need to damn well fix that and any other issues. We knew about it prior to your report but thank you for the report anyway: clear bug reports are rare.
}——

#passkey#passkeys#Android
Chuck Darwin

Before a drug is approved by the U.S. Food and Drug Administration (FDA), it must demonstrate both safety and efficacy.

However, the #FDA does not require an understanding a drug’s mechanism of action for approval.

This acceptance of results without explanation raises the question of whether the "#blackbox" decision-making process of a safe and effective #artificial #intelligence model must be fully explained in order to secure FDA approval.

This topic was one of many discussion points addressed on Monday, Dec. 4 during the 🔸"MIT Abdul Latif Jameel Clinic for Machine Learning in Health AI and Health Regulatory Policy Conference", 🔸which ignited a series of discussions and debates amongst faculty; regulators from the United States, EU, and Nigeria; and industry experts concerning the regulation of AI in health. 

As #machine #learning continues to evolve rapidly, uncertainty persists as to whether regulators can keep up and still reduce the likelihood of harmful impact while ensuring that their respective countries remain competitive in innovation.

To promote an environment of frank and open discussion, the Jameel Clinic event’s attendance was highly curated for an audience of 100 attendees debating through the enforcement of the Chatham House Rule, to allow speakers anonymity for discussing controversial opinions and arguments without being identified as the source. 

Rather than hosting an event to generate buzz around AI in health, the Jameel Clinic's goal was to create a space to keep regulators apprised of the most cutting-edge advancements in #AI, while allowing faculty and industry experts to propose new or different approaches to #regulatory frameworks for AI in #health, especially for AI use in #clinical settings and in #drug #development

AI’s role in medicine is more relevant than ever, as the industry struggles with a post-pandemic labor shortage, increased costs (“Not a salary issue, despite common belief,” said one speaker), as well as high rates of burnout and resignations among health care professionals.
One speaker suggested that priorities for clinical AI deployment should be focused more on operational #tooling rather than patient diagnosis and treatment. 

One attendee pointed out a “clear lack of #education across all constituents — not just amongst developer communities and health care systems, but with patients and regulators as well.”
Given that medical doctors are often the primary users of clinical AI tools, a number of the medical doctors present pleaded with regulators to consult them before taking action. 

#Data #availability was a key issue for the majority of AI researchers in attendance.
They lamented the lack of data to make their AI tools work effectively.
Many faced barriers such as intellectual property barring access or simply a dearth of large, high-quality datasets.
“Developers can’t spend billions creating data, but the FDA can,” a speaker pointed out during the event.
“There’s a price uncertainty that could lead to underinvestment in AI.”
Speakers from the EU touted the development of a system obligating governments to make health data available for AI researchers. 

news.mit.edu/2024/what-to-do-a

MIT News | Massachusetts Institute of TechnologyWhat to do about AI in health?By Alex Ouyang | Abdul Latif Jameel Clinic for Machine Learning in Health
Vivaldi

What's this? 🤩

We've seen the requests, and now the Vivaldi Browser is available on the #MicrosoftStore. We're happy to see the increased #Availability for our users.

#Microsoft #Windows #Browser

apps.microsoft.com/store/detai

apps.microsoft.comGet Vivaldi Browser from the Microsoft StoreVivaldi is a powerful, personal, and private web browser. It is packed with features – all built into the browser. There are tons of options you can play with, from the super powerful user interface to shortcuts and custom macros. Every time you open the Vivaldi browser, you will discover a new tool or tweak that will make your life easier! Everything you do in your browser is no one else’s business – which is why Vivaldi never tracks its users, collects their data, or willingly compromises on privacy. 🎯 One browser, to get the job done Vivaldi is more than a browser, it’s a productivity super app. Surf the web, exchange emails with the built-in Vivaldi Mail, subscribe to feeds with the Vivaldi Feed Reader, and manage your daily to-do lists easily with its powerful Vivaldi Calendar, all from the comfort of your favorite browser. 🏆 Get the best tab management available Truly epic tab management options are what we’re all about. Organize an unlimited number of tabs into Two-level Stacks to speed up your browsing experience. 👀 View multiple pages at once No need to switch tabs when you can see them all. With Tab Tiling, create split screen views of browser tabs to view multiple pages at the same time. 🗄️ Organize tabs with Workspaces Workspaces are a whole new way to organize your tabs – and your workflow. Think of them like special rooms for each task, whether it's work or shopping. This keeps your work tidy and helps you focus. Combined with the Tab Stacks and Tab Tiling features, managing tabs is now easier and fun. 🔎 Browse any website within the sidebar Add everything from your favorite social apps to weather updates, currency exchange rates and a lot more in the browser’s slide-out Panels sidebar, without really opening a new window. 🛡️ Take back your privacy Unlike many sites that gather as much information about you as possible, we do the opposite. The sites you visit, what you type in the browser, your downloads – we have zero interest and zero access to that data. It’s either stored locally on your machine or encrypted. We do not track you. 🚫 Block ads and pop-ups Pop-ups and ads are one of the most annoying things about browsing the internet. Now you can banish them with a few clicks, with the built-in Vivaldi Ad and Tracker blocker. 🔄 Keep your browsing data on the move Vivaldi is also available on Android, Mac, Linux, and even cars! Pick up where you left off by syncing data across devices.
*
Jonathan’s Handyman Services

I’d like to #introduce myself, my name is Jonathan and I’ve been a self employed #handyman out of #Watermanillinois since 2016. I’ve been in various trades since 2001. I grew up around home remodeling and I blame Bob Villa and Norm Abraham for my love of plaid shirts. I will be moving my business to #Peoriaillinois and am looking for #new #customers I will be posting #pictures of #work I’ve completed over the years as a #visualresume. Message me for prices #availability #introduction

Replied in thread
Christof Schöch

@agspiele Sure, this is a cool move. I like that it is a package and has all these formats. – But I'm not convinced that this is a best practice to follow. E.g., the selected #platform is not a repository with any promise for long-term #availability. #Access depends on an account, i.e. on sharing user data with the platform. – IMHO, a more progressive way would have been to negotiate the #rights (the key hurdle, I suspect), make everything CC BY, and place it on #Figshare or #Zenodo.

TrendingLive feeds
About