An RCMP officer and a retired Vancouver cop say not even police are safe from high-tech spyware
Two parts that stuck out for me were:
"There's no hiding from it. They can turn your phone into a camera. They can turn it into a microphone. You can turn the power off, they can still use the device. It's the most intrusive thing that exists in the world today."
and
He also learned from the April 2023 affidavit that the RCMP had ordered an ODIT on his union phone during the time he was engaged in collective bargaining conversations that year. He says this breached not only his privacy, but the privacy of some 19,000 union members.
Especially because it sends money to the party you vote for, which the OPC has upheld: https://news.ontario.ca/en/release/1005286/all-parties-in-ontario-legislature-support-extending-per-vote-subsidy
All the more impactful because we have limits on campaign finance so rich people have to try a teensy bit harder to influence the process.
https://results.elections.on.ca/en/graphics-charts has a chart at the bottom for "Historical Voter Turnout". It goes back to 1866. What I see in this is that giving up so hard on our democracy that you don't engage with it in the simplest way is a pretty recent thing:
1929 set a new all-time low of 57% that didn't get beat until we hit 52% in 2007. And we've been lowering the bar since then:
2011, the next election hit a new low of 48%.
2014 at 51% wasn't much better, in 2018 we at least got 57% to tie the record low that held since 1929.
And last time in 2022 it was 44% and we talked about it a lot. Because that was depressing af. I really hope enough of them heard so we never lower the bar beyond that. And hopefully we can start getting it above 57% on the regular like we managed to do for 78 years.
Look at your boxes, Uline is not only American but the wrong kind of Republican
It's concerning what a few billionaires are doing but there are way more of us so if everyone is doing small things it can add up.
One easy one is noticing where businesses you deal with get their boxes. My favourite coffee roastery used to use Uline boxes but is switching suppliers after they learned the back story on those guys: https://www.propublica.org/article/uline-uihlein-election-denial
What are some other small ways you've found to push back on the attempted coup of our southern neighbour?
Canadian government ends Meta advertising ban, launches up to $100K GST break ad buy
The Canadian government has ended its ban on advertising on Meta platforms and allocated up to $100,000 for a campaign to promote the GST rebate, CTV News has learned.
neutrality/cooperation with China and Russia,
the reality of Russia’s claims of self defense
...WTF? There are way too many Canadians with ties to Ukraine, myself included, that would be offended at the very idea of anything but utter condemnation of Russia's inhumanly brutal invasion. How can an invasion ever be "self defense", that's absurd.
https://en.wikipedia.org/wiki/War_crimes_in_the_Russian_invasion_of_Ukraine
How can abducting children, laying siege to residential areas, rape, torture, etc. be self defense? It's not. It's abhorrent. Russia is worse than Trump.
Cory Doctorow thought that through: https://pluralistic.net/2025/01/15/beauty-eh/#its-the-only-war-the-yankees-lost-except-for-vietnam-and-also-the-alamo-and-the-bay-of-ham
The Republican-controlled US government has decided to impose a 25% tax on American imports of goods from Canada
Language matters.
The President is empowered by a Congress controlled by a narrow majority. Rather than the individual they have chosen, I am pissed at the Republican party. And disappointed in the American people. The guy? He was always that way and would have continued to be so at a safe distance from the levers of power without his enablers.
It is the American and especially Republican relationship with Canada that is important in this situation. Those are what endure, that person is only momentarily significant. So, where we can choose the narrative, I think that's important to focus on.
Plus I suspect he likes the sound of his own name.
False claims of excellence exacerbate mediocrity, and make me feel sad inside.
And not just any Americans. They're owned by Chatham Asset Management, a hedge fund associated with the Republican party that also owns a notably Postmedia-like publication: The National Enquirer (via a360) https://en.wikipedia.org/wiki/Chatham_Asset_Management
Backing up my Thunderbird profile to back up my email
I've blithely assumed that backups / snapshots of my home dir (including my Thunderbird profile) were covering my email. But it occurs to me it may be more difficult than expected.
I have message synchronization on for any folders I care about ("for offline use"). What I was assuming this meant was that if my mail host disappeared or mysteriously deleted an important folder, I would still be able to switch to a backup, start TB in offline mode (via a commandline parameter), and copy those folders to a local folder at which point I could reconnect and drag them back to my new host, a local imapd I use as an archive, or wherever.
But ...would that actually work? Anyone recover email from offline folders? How'd that go?
Edit:
Well, there can never be too many reminders to verify our backups and I'm all for that but that's less what I was after. I was specifically thinking about the scenario when an IMAP host somehow loses an important folder or disappears entirely. How would it g
Oh man, that inflation will get ya, back in the day it was only $20: https://www.youtube.com/watch?v=iH6kUCqIfD4
Aha, thanks for posting this, was a bit dismayed that I didn't see that in the release. Now I see it was a misunderstanding so will wait until December to be disappointed. Well, no, I'm disappointed that I've been able to do this on my thinkpad for years and have had to fiddle with awkward compromises like accubattery if I want to reduce wear on my phone battery.
Anyone happen to know which release the audio sharing feature is scheduled for? Missed that one too.
WebP on pixelfed.social
I see there's an update coming soon that will add support for AVIF (woo!) and I wonder if that'll also coincide with enabling WebP for pixelfed.social? I was hoping to use less platform resources by uploading smaller/better files.
Also, if they're smaller maybe they won't have to be reconverted server-side? It'd be nice if I could optimize them locally from RAW without them being reprocessed but didn't see any guidelines in help that would guide me in doing that. Or will it be re-jpg'd regardless of what I send?
Can we have an alias for bind mounts on the rescue image? Or maybe we do?
I know it's my fault for believing what my neglected laptop told me about its battery but I went ahead an did a kernel update anyway and wound up needing to repair my system.
After a quick search I wound up on https://wiki.debian.org/GrubEFIReinstallOnLUKS per usual.
The biggest hassle of this is having to type out the longish for loop to bind the various vfs to the chroot environment. It was bad enough when it was proc/sys/dev but it's worse these days:
undefined
for i in /dev /dev/pts /proc /sys /sys/firmware/efi/efivars /run; do sudo mount -B $i /mnt$i; done
I realise there are various things that'd automate that if I connected the rescue image to the internet and added a package but that's also hassles as I've really just booted it with the express purpose of reinstalling grub.
But maybe there is already some form of shortcut for this in the system that I've missed? Or some existing ticket/effort to enact one I could +1?
I like using my rotary encoder to prune tabs, what do you do with yours?
My Keychron Q11 showed up recently and I've been super happy with it. Main reason was that my Noppoo Choc Mini finally lost a switch and I don't have any on hand (nor a soldering iron ...yet) but it turns out I actually really wanted the pair of rotary encoders on this and didn't even realise.
Specifically, I've got it bound to Ctrl-PgUp/PgDown so I can scroll through my tabs with it and close them with a click binding to Ctrl-W and that's working out really well.
Anyone else use the knobs like that? I've got the other one set to volume and the vendor had zoom as a suggestion but I wonder what else people do with these?
Bonus newb Q: On the product page they demonstrate binding Ctrl-+ zooming to the encoder via a macro but neither macro13 nor the {KC_LCTL,KC-W} type syntax would let me click "Confirm" when trying to associate it to the knob in Via (eg. it wouldn't let me follow their example). Luc
Best PCIE wifi/bt for Linux at the moment
Last time I needed to add rf to a desktop, Intel AX200 seemed like the chipset to get. But now there are various new standards and the BE200 apparently has issues with AMD systems? So is there something newish from Qualcomm or others that I should be aiming for or would I probably be better off just picking up an AX210?
Since the card might be kicking around a while I'm curious what has the best overall Linux support with as many significant 802.11 standards and Bluetooth codecs as possible for general future-proof-ness. Would also be nice if it had good support for AP mode as that's sometimes handy or I might repurpose it into a router at some point.
One thing that would be useful to understand is the distinction between CMR and SMR
I got a nice deal on the x280 and am happy with it, was also looking at the various X1 carbon. Two criteria I had were I wanted USB-C charging (since I have those chargers around and they can handle these laptops) and a single battery (eg. the T470s I have from work is nice but it has two small capacity batteries that each cost the same to replace as the full size single ones in the carbon and x280). One thing to keep in mind is some of the earlier X1 carbon don't support NVME SSD (I think it started with 5th gen?)
Edit: another thing to consider is soldered RAM. Part of why my x280 was cheap was it's only 8gb and can't be upgraded. Since you're looking at lighter weight things and using FOSS (and perhaps open to tinkering with things like ZRAM) that might be a useful aspect to focus on because there is probably a glut of such machines given how memory inefficient things are lately with every trivial app running a whole browser engine. OTOH, depending how many tabs you tend to have open and how many electron apps you tend to keep floating around, 8gb might start to feel cramped. Especially if you think you might want some VMs around.
More detail / similar concepts if you're not a video person: https://www.centerforbuilding.org/blog/we-we-cant-build-family-sized-apartments-in-north-america
Next time I look for a small laptop to have handy one thing I'm going to be sure to prioritise is: how much battery does it use while suspended? I'd really like to not need to have it switch to hibernate after 30m of sleep or w/e and ideally just plug it in overnight like a phone.
Thanks, cancelled for now. I'll keep an eye out for ways to contribute as we get more organised.
Should I renew my liberapay donations?
Apparently, while it's closed for new donations, liberapay is still going to renew existing ones.
In Small Claims Court, Justice Delayed
While Ontario’s other court systems bounce back from their pandemic-era backlogs, analysis by The Local shows that “the people’s court,” where many low-income people seek justice, is lagging far behind.
Seems like the Landlord and Tenant Board isn't the only part of our justice system falling apart due to provincial neglect.
Big fan of that one, been using it for years.
Do you know about the one for healthcare on the 25th?
They published this in Popular Mechanics in 1912, we've been ignoring this for a long time:
The furnaces of the world are now burning about 2,000,000,000 tons of coal a year,” the article reads. “When this is burned, uniting with oxygen, it adds about 7,000,000,000 tons of carbon dioxide to the atmosphere yearly. This tends to make the air a more effective blanket for the earth and to raise its temperature. The effect may be considerable in a few centuries.
Also, this Wikipedia article has a good summary on the overall arc of our understanding: https://en.wikipedia.org/wiki/History_of_climate_change_science
The app, in the scenario where we're trusting the author/store, is only part of the surface to the extent it's exposed to a potentially malicious payload. eg. a trusted solitaire game using a vulnerable API doesn't exacerbate that vulnerability because it doesn't expose it to untrusted input whereas a PDF viewer would because the PDF could be coming from anywhere...
Really appreciate you taking the time to write that. I have a sense of most of that ("defense in depth" and "threat model" are good lenses to think about such things through for sure!) but what I was trying to get a better grasp on was how much risk from automated attack was a normal person without worries of an "advanced persistent threat" taking on by using a device past EOL. Like you say, "Quantifying how much of a difference it makes is not trivial" so I feel less conflicted to know that you're comfortable with your dad taking that risk.
I would think that the main thing at stake for a typical user isn't just browsing history or email though but rather identity theft since a successful attacker can use the device to get through 2FA.
It seems like the attack surface is limited to RF (bluetooth/wifi can be turned off if one is willing to make that compromise), app install (many just use a small selection of well-trusted apps), and messaging/browser which are regularly updated if the device is properly configured. Apps that aren't pulling in random untrusted content are far less of an attack vector (eg. one's bank app isn't connecting to everything, just to the bank, pinterest is hopefully escaping user content, etc.)
Based on helpful details at the other thread (eg. Project Mainline, baseband isolation) I’m beginning to form the opinion that it is not unreasonably foolhardy for someone to continue to use an unsupported device if they are willing to make the compromises necessary to limit their exposure. Which wouldn't necessarily mean "giving up bluetooth entirely", just not using it when you're in bluetooth range of an untrustworthy party eg. if you just use your headset to make zoom calls at home and are fine not having it on the subway.
Thanks for the reply. Definitely appreciate the point that lacklustre updates mean we need to pay attention even if we're vaguely covered by our vendor. I think you've convinced me to subscribe to CVEs for android too, I've only had alerts for my browser. Really too bad they don't make smaller Pixels.
I don’t think they are things that can be fixed on the app level?
Indeed not. So I'm trying to better understand how vulnerabilities at the system level are exploited. It seems like the attack surface is limited to RF (bluetooth/wifi can be turned off if one is willing to make that compromise), app install (many just use a small selection of well-trusted apps), and messaging/browser which are regularly updated if the device is properly configured.
Based on this thread I'm beginning to form the opinion that it is not unreasonably foolhardy for someone to continue to use an unsupported device if they are willing to make the compromises necessary to limit their attack surface.
Better understanding and mitigating the risks of using a phone that no longer receives system updates
cross-posted from: https://lemmy.ca/post/1926125
Too many perfectly usable phones are put into a questionable security situation by lack of vendor support for keeping key software up to date.
But what's the actual risk of using an Android phone on a stock ROM without updates? What's the attack surface?
It seems like most things that'd contact potentially malicious software are web and messaging software, but that's all done by apps which continue to receive updates (at least until the android version is entirely unsupported) eg. Webview, Firefox, Signal, etc.
So are the main avenues for attack then sketchy apps and wifi points? If one is careful to use a minimal set of widely scrutinised apps and avoid connecting to wifi/bluetooth/etc. devices of questionable provenance is it really taking that much of a risk to continue using a device past EOL?
Or do browsers rely on system libraries that have plausible attack vectors? Perhaps images, video, font etc. rendering
Better understanding and mitigating the risks of using a phone that no longer receives system updates
Too many perfectly usable phones are put into a questionable security situation by lack of vendor support for keeping key software up to date.
But what's the actual risk of using an Android phone on a stock ROM without updates? What's the attack surface?
It seems like most things that'd contact potentially malicious software are web and messaging software, but that's all done by apps which continue to receive updates (at least until the android version is entirely unsupported) eg. Webview, Firefox, Signal, etc.
So are the main avenues for attack then sketchy apps and wifi points? If one is careful to use a minimal set of widely scrutinised apps and avoid connecting to wifi/bluetooth/etc. devices of questionable provenance is it really taking that much of a risk to continue using a device past EOL?
Or do browsers rely on system libraries that have plausible attack vectors? Perhaps images, video, font etc. rendering could be compromised? At this point though, that stack must be quite
Equal weight S&P 500 for US exposure
cross-posted from: https://lemmy.ca/post/653849
I'm trying to follow conventional wisdom and have more and more of our portfolio as straight up VGRO but want some more US exposure (though I am aware there are arguments in favour of a home-country bias). I was also interested in picking a USD fund as not only do they tend to have a lower MER but also get an extra boost from witholding tax exemption if I hold them in an RRSP.
An S&P 500 fund seems the way to go, but it seems awfully slanted towards giant tech megacaps. Apple alone is over 7% of VOO. With a P/E over 31 it's hard for me to feel like there's not extra risk with the concentration here--is it really such a safe bet to think the largest company in the world has that much more growth ahead of it? And VGRO already has a solid chunk of cap-weighted exposure.
And so, after my inexpert research failed to dissuade me, I'm probably going to use an equal-weight ETF like RSP or EUSA for this portion---there are no penny s
A key part of Canada's Internet was just sold to Japanese telco KDDI
Allied Properties sale of their data centre portfolio to KDDI includes 151 Front Street W., the site of TorIX which is the main Internet Exchange Point for the country. While that's not necessarily an issue, I kinda figured it was at least a little bit notable but I've not seen it mentioned aside from an investment context.
Unfortunately, it seems like it's less consequential than it should be because Bell Canada apparently still refuses to peer at TorIX and only connects to other ISPs through the US which means that eg. if I'm on Rogers in Toronto and you're on Bell, any communications between our computers have to flow through American controlled systems even though we're in the same city because that's how Bell ch
Privacy / data retention policy
It'd be nice to (eventually!) see a link laying out a privacy policy for the instance, something like: https://newsie.social/privacy-policy
I'd especially be interested to know how long you associate the IP addresses we visit from with our accounts, who can see that info (and our emails), what other PII you store, and how long deleted posts/accounts are stored for.
(Totally get and very much appreciate that smorks &co have a lot on their plates just getting this place off the ground, not trying to demand additional work, just a suggestion. Seems like it'd take some thinking to balance with eg. a good backup regimen.)
Conestoga mall sold for $270m
...and it's apparently a "trophy"?