Fennec is on fdroid. It's Firefox without the branding. Also Mull which is a hardened version.
AmaryllisBlues
joined 3 months ago
To elaborate on fixed price vs cost plus contracts: starliner was a fixed price contract of $4.2 billion. Which means NASA gave boeing $4.2 billion to develop starliner. Any costs incurred over that amount would not get billed to NASA and comes out of boeing's pockets.
How defense/aerospace usually operates is cost plus. At the end of/during development, no matter how much money it costs, boeing gets to bill NASA for all development costs plus an additional fee.
Aerospace/defense is full of so many inefficiencies and delays that the ending cost of development is always much more than the initial pitch.
You could leak a whole lot worse things than helium. But fuck me you can do a whole lot better. They didn't replace the leaky valve prior to launch because it was "too involved" to do so.
They didn't have to. If you launch when the turtle is sleeping in their shell and near the top part of the earth, it appears as if there is no turtle. Clever camera angles are much cheaper than video edits.
Fuck that water shit. REAL men drink mountain dewwwwwwwwwwww
Please add me. I plan on putting one together when you get the BOM. I am an electrical engineer, although most of my professional experience is in software. My EE experience is more as a test engineer than a designer.
All of those are valid concerns. I think this is more the answer I was looking for out of my initial question. I was concerned about people saying signal a large security risk or barely grants any privacy.
I think my understanding I have gotten out of has been issues related to metadata, signal's poor record of open source, and I also agree that centralization is bad.
I'm hesitant to say that there isn't an application for signal. I think I would still recommend signal to my family, who aren't very tech savvy, as a drop in replacement for sms/whatsapp because the experience is largely what they would expect out of a messaging app. But I think going forward, I agree that matrix is looking like a good option. And briar is really good if anonymity is a concern.
I want to say thanks for your patience in talking with me. I did learn a lot.
So a compromised device is not unique to a US based company. A warrant can be issued to seize the device and that could happen with any other messaging service. It is fine to not like signal, and there are several reasons not to do so.
What I do have an issue with is the idea that signal is insecure or that federal agencies can very easily peek at your messages. Because that is not how encrypted messaging works. Signal does not have access to your private key. Your private key never makes its way to the signal server. Which even if the server was not running the code they have published, a NSL still wouldn't let the government decrypt your message. Signal can be forced to disclose your public key, time stamps of your message, who you are texting, etc. But not the content of your message. Nor can they be forces to disclose anything that would give someone access to said content. Again because signal does not have access to that information. If you are concerned that signal could be publishing binaries that don't reflect the source code, you can build the published source code and use that. But when your threat model is at that point you are beyond the scope of the original post.
The difference between signal and lavabit when it comes to key disclosure laws is how the services were set up. Lavabit required encrypted communication with the server to access, send, etc your emails. Which means the server side needed a private key that a NSL could force them to disclose. Signal is a little different. Private keys are held by the users and never make it to the server. Where yes a user could be forced to disclose that key, but again that could happen with any messaging server. It is not unique to the service you're using being based in the US.
And this is also completely ignore the fact that signal utilizes double ratcheting which provides some inherent protection for compromised private keys (assuming you and the other person are deleting messages automatically). I would also like to mention that the signal protocol/double ratcheting/how signal does messaging is not unique to signal. It is utilized by a large number of services including matrix.
Don't you need the private key to decrypt messages? Those never leave the device. That's what happened with lavabit. They were forced to disclose the private key. But if that key isn't leaving your device, you need a compromised device/person on the other end to decrypt your messages.
view more: next ›
I'm not really sure if you want advice or to vent. If you don't want job advice, please ignore the rest of my comment.
An option is looking at remote work that is technical, but not related to your degree/what you want to do. It won't be a fun experience but it helps pay bills.
Something like data entry or technical writing doesn't have much of a barrier to entry other than having a technical degree.
Another option is assembly/factory type work. This one is very location dependent, but there are stuff like PCB houses where if you know how to solder, you can probably find work. Or welding or something since you're a MechE. It isn't great pay, but it is usually more than retail.