Terminal stage of console

  • 2 Posts
  • 63 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle


  • Telegram’s servers are located in US, Singapore, Netherlands (and maybe some other countries) from what I’ve gathered. And all chats that are not E2EE’ed are stored there, encrypted at rest at best with keys in the same database, or somewhere else that can still be accessed in automated way. Maybe it is not even encrypted at rest.

    The point is, all those countries are either in 5 eyes or have information sharing agreements with 5 eyes countries. So as far as I’m concerned, TLAs can still have their fingers in those pies, in addition to Telegram’s overall shadiness and Russian ties. So maybe you get KGB strongman keeping a watch over your chats too.

    This is not something I’d have much confidence in to be honest.




  • Even taking this claim at face value, we would have to solve plant based diet issues, such as insufficiencies in some vitamins (e.g. B12), complexity of getting sufficient amount of essential amino acids (esp. omega-3) and omega-3, slow but steady reduction in an overall amount of nutrients present in both vegetables and fruits etc.

    And if we say that the answer is to “engineer” foods: fortify grains with vitamins, come up with “equivalent on paper” diary replacements (e.g. oat “milk”) etc, then we need to ask ourselves whether this is actually the answer? Can we effectively reduce foods to a small number of “key ingredients” and add them everywhere? Is this sustainable? What about the environmental impact of running all those factories that “engineer” plant-based alternatives to the foods our ancestors ate for generations?

    I do not know the answer, I’m no scientist, nor proponent of any specific way forward. I just read stuff. The only thing that I do believe is that there is no silver bullet.

    Books I find very interesting:

    UPDATE: Corrected that Omega-3 is indeed not an amino acid











  • For MFA apps, Google Authenticator seems to be the norm.

    I personally use OTPAuth with sync disabled and regular backups. Mostly because it is easier to organise and back up.

    Regarding hardware security keys as part of MFA, you can either get yourself dual USB-C / Lightning or USB-C / USB-A keys from Yubikey. Then just buy a USB-A to USB-C dongle (or vice versa) and keep it on your key chain. That’s mostly what I do, not ideal but does the job.

    I also use OnlyKey for some passwords, especially encryption passphrases on some servers and laptops. I usually need to enter them on boot, and it just takes too long to do that manually and I’m lazy.


  • I agree with you on most of the points. Some security is better than nothing. More security is better than less, layers and all.

    Regarding data breaches and malware, and threat models in general. We should not forget phishing too. People voluntarily entering their credentials on a website masquerading as their bank etc.

    With all of that, having your credentials split over multiple applications and devices actually saves you from an endpoint compromise and evil maid attacks, at least in a sense of limiting the fallout.

    Regarding VeraCrypt and “FREE”. While it is, again, better than nothing, VeraCrypt is fiddly, not always works consistently on all operating systems (I look at you, MacOS), and is susceptible to key logging. I prefer actual certified hardware with physical keypads instead. It is not free and has its own downsides, but it is just something I find more appealing.


  • As a rule of thumb, do not put all your eggs into one basket. No software is infallible and vulnerabilities can be uncovered and exploited in both open and closed sourced applications.

    That’s being said, as long as you don’t store all information necessary for a successful login in your password manager, you should be fine.

    So storing credentials for your bank account is fine, as long as it is also protected by MFA and you do not use the same password manager for handling that.

    You can store PIN codes from your debit cards in the password manager as long as you do not store card number / expiration / CVV2 there too.

    Personally, I keep passwords in a password manager, MFA tokens in a separate authenticator, MFA recovery codes go to FIPS 140-2 certified encrypted USB sticks (3 separate copies). I do store debit card PIN codes in my password manager, but only alongside the last 4 digits of the card number.