Piero Bosio Social Web Site Personale

How Hard Is It To Open a File? via @PolyWolf https://lobste.rs/s/fbfu56 #security #unixhttps://blog.sebastianwick.net/posts/how-hard-is-it-to-open-a-file/

Please consider me, @apocheir https://kimcrawley.com

Last night I was watching a video from a YouTuber I enjoy. He’s likeable and reviews all kinds of smartphones. I find it relaxing, it makes me smile. In yesterday’s video, he showed his partner switching from an iPhone to Android and sharing his impressions.At one point, the partner started saying that iOS is "dumber2 in many ways, specifically talking about the keyboard, because "Apple’s privacy is stronger, so they spy on you less". To me, that’s a feature, not a bug.He went on to say it’s absurd, that he would actually like Amazon Alexa, Google, Android, iOS, and so on to know everything about him, so they can make things easier and provide more convenient features.I was honestly stunned. So I went to check the comments and... they were all focused only on the fact that, "finally", he introduced his boyfriend in a video.As long as this is how the average user thinks, big tech will keep their balance sheets locked tight and their hands on everyone’s data.#Privacy #Security #OwnYourData

#Toxic #Trump " Trump turns totally toxic for Europe’s far right“Proximity with the United States in the current context did not go down well with Hungarian voters,” said a senior official from France’s National Rally party"#Russia #China #USA #Security #News #Iran #Israel #War #EU #NATO #UN #Nuclear #Weapons #Politics #Pentagon #WW3 #Lebanon #WarCrimes #Incompetence #Lebanon #Gaza https://www.politico.eu/article/trump-turns-toxic-europe-far-right-le-pen-national-rally-france-orban-defeat-hungary/

@Some_Emo_Chick Least surprising headlines in the universe for $100 Alex

Brocards for vulnerability triagehttps://blog.yossarian.net/2026/04/11/Brocards-for-vulnerability-triage#security #oss

yes, this happened:Apr 8 23:46:59 skapet sshd-session[69515]: Failed none for invalid user Can't locate List/Util.pm in @INC (you may need to install the List from 175.199.67.164 port 51226 ssh2(and several times more, of course) #ssh #bot #botnet #passwordgroping #passwordguessing #sshgropers #cybercrime #security Background: "Badness, Enumerated by Robots" https://nxdomain.no/~peter/badness_enumerated_by_robots.html and links therein

The #VeraCrypt and #WireGuard maintainer accounts have been locked out by Microsoft. They are now unable to deliver Windows updates.https://cybernews.com/security/microsoft-suspends-veracrypt-wireguard-accounts-maintainers/#security #cybersecurity

OpenSSH 10.3/10.3p1 released! https://undeadly.org/cgi?action=article;sid=20260407084719 #openbsd #openssh #ssh #security #cryptography #networking

Okay, so comsec folks, I have two questions:1) How does this compare security-wise with Jitsi's protocols? 2) Have we heard anything more about the politics of this one since that one red-flag event a year or two ago?https://www.itsecurityguru.org/2026/03/31/proton-launches-encrypted-video-conferencing-and-unified-workspace-to-take-on-google-and-microsoft/ (I'm thinking immediately of @cyberlyra and @hen but there are many others who may have insights)#security #privacy

Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md#HackerNews #FreeBSD #RCE #Security #CVE-2026-4747 #RootShell #CyberSecurity

Dangerzone works like this: You give it a document that you don’t know if you can trust (for example, an email attachment). Inside a sandbox, Dangerzone converts the document to a PDF (if it isn’t already one), and then converts the PDF into raw pixel data: a huge list of RGB colour values for each page. Then, Dangerzone takes this pixel data and converts it back into a PDF.It has been independently audited and apart from the obvious use by journalists and similar professions, even every day users can be most often targeted by attachments that carry payloads of malware. This is exactly how bad actors bypass firewalls, and secure messengers like Signal.I would not necessarily put every document I receive through this process as it does at least double or triple the size of the file (converts every page to an image). But from anyone you don’t know, this is a useful tool to have ready to use. Everything is processed locally on your machine, and it will install on Linux, Windows, and macOS.See dangerzone.rocks/category/unca…#Blog, #opensource, #security, #technology

@brian_greenberg I'm hardly surprised. I'm forced to use MS Outlook for my .gov e-mail account, and I'd call it the worst piece of software I've ever used except that I sometimes have to also use MS Teams. And every time I curse Outlook, I think, how does the agency even try to migrate to another platform when the contract expires?

📢 Il convegno nazionale Dev. Conference Italia prende il via. Abbiamo già definito il programma, che verrà reso pubblico nei prossimi giorni sul sito web ufficiale. Tanti i temi trattati: ❤️ Open Source & Linux ❤️ Sicurezza ❤️ Didattica & Informatica ❤️ Sviluppo di software ❤️ Software in ambito medicale ❤️ Sovranità digitale ❤️ Fediverso @devconf@citiverse.it https://devconf.it #devconfita #boostmedia #opensource #conference #security #devconf

@Larvitz exciting indeed! Would be great to see these projects in the FreeBSD ports collection ❤️Cc @wiktor

Jail chroot escape via fd exchange with a different jailCVE-2025-15576"Note that in order to exploit this problem, an attacker requires control over processes in two jails which share a nullfs mount in which a unix socket can be installed."https://www.freebsd.org/security/advisories/FreeBSD-SA-26:04.jail.asc#freebsd #jails #security

Chrome a rischio: due estensioni che prima erano “sicure” ora rubano i tuoi dati📌 Link all'articolo : https://www.redhotcyber.com/post/chrome-a-rischio-due-estensioni-che-prima-erano-sicure-ora-rubano-i-tuoi-dati/#redhotcyber #news #malware #security #chromemalware #cybersecurity #hacking #dataprivacy #navigatorisicuri

@Tutanota and me that always said there is a simple way to do this without the need to rely on any third party crap to verify your identity.blockage at isp level of dns and vpn until the landlord proved he is adult (witch is stupid but hey), and once he ask the disablement of the blockage he signe (electronically) that he will manage the computer in his home (once ok the dns lock is lifted)for mobile it can be managed phone by phonewould be much more effective than the app / os level crap.

A kiddie and their script, part N of N!Mar 9 17:54:52 skapet sshd-session[97161]: Failed password for invalid user %company% from 20.83.3.189 port 17677 ssh2#scriptkiddies #sshgropers #passwordguessing #cybercrime #ssh #security And if you need some reading material, https://nxdomain.no/~peter/hailmary_lessons_learned.html (or g-tracked https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html)

@Jeremiah yeah I am staying with 1password because I'm afraid of migrating all my passwords and 2FA to Proton... all eggs in one basket sort of problem like, what happens if my account is compromised or I lose access to it? Best to keep passwords private from email/calendar/drive IMHO... and moving them to Bitwarden will take significant time so the slight price increase is ok for me as I value my time more. But keeping an open mind and may change stance in the future.Pricing aside, I love the UX/UI of 1Password across devices (computer / phone) over other offerings...