varsock

The article discusses the use of targeted advertising data by government agencies, particularly focusing on how a technology consultant demonstrated the security risks posed by Grindr's data to national security agencies. It highlights the widespread availability and potential surveillance applications of advertising data, as well as the government's interest in obtaining and utilizing such data for intelligence purposes.

Why is this worth the read? It goes into detail how these data exchanges work and the mechanisms of obtaining such data. We often hear about the result of these actions, but how these actions are performed are described within.

(clear your cookies to read the paywalled article)

Hey everyone,

I wanted to poll the community and pick up tips on DIY cable labeling and management.

At work, we label both ends of Ethernet cabels using a Brady Label maker. They are awesome but run about $200 USD.

I don't need such an expensive device to create (one-time) 40ish labels.

I was hoping for DIY suggestions that balances durability and ease of installation. Was thinking tape, sharpies, or even thick zip ties etc. Some forums even suggested bread ties (but I'm concerned they will fall off in hard to reach places). And sharpies are great but can wear on some materials (like those plastic sticky tabs for books and notes)

What are some pros and cons of approaches you guys have tried?

EDIT:

I was pointed to this video which suggests you:

1. Grid up a piece of paper so each rectangle's height is the size of a circumference of a cable. It will later be wrapped around the cable.
2. Then hand write the labels.
3. Cut out each label/rectangle.
4. Then use clear masking tape slightly larger than the label to secure it to the cable by wrapping it around the circumference of the cable.

The finished product looks like those shrinking labels where the label is flush against the cable and text is behind a clear film and can't be smudged.

For those that suggested borrow the label maker from work or print them at work: that has occured to every one of our engineers on staff and now our printers are locked away and are signed out bc we would always find them either low on ink/toner or more frequently out of lable paper. Yes, ordering those supplies is negligibly cheap for a budget at work but the issue lied in whenever you picked up the label maker at work, you immediately had to either change the roll or ink. sigh this is why we can't have nice things :)

Below is a disturbing amount of information data brokers have ammased from buying your data from trackers in ads and apps.

"a staggering amount of sensitive and identifying information about consumers," alleging that Kochava's database includes products seemingly capable of identifying nearly every person in the United States.

... can access this data to trace individuals' movements—including to sensitive locations like hospitals, temporary shelters, and places of worship, with a promised accuracy within "a few meters"—over a day, a week, a month, or a year. Kochava's products can also provide a "360-degree perspective" on individuals, unveiling personally identifying information like their names, home addresses, phone numbers, as well as sensitive information like their race, gender, ethnicity, annual income, political affiliations, or religion, the FTC alleged.

... target customers by categories that are "often based on specific sensitive and personal characteristics or attributes identified from its massive collection of data about individual consumers." These "audience segments" allegedly allow advertisers to conduct invasive targeting by grouping people not just by common data points like age or gender, but by "places they have visited," political associations, or even their current circumstances, like whether they're expectant parents. Or advertisers can allegedly combine data points to target highly specific audience segments like "all the pregnant Muslim women in Kochava’s database," the FTC alleged, or "parents with different ages of children."

For all you USA peeps:

A bipartisan team of U.S. lawmakers has introduced new legislation intended to curb the FBI's sweeping surveillance powers, saying the bill helps close the loopholes that allow officials to seize Americans' data without a warrant.

The bill follows more than a decade of debate over post-Sept. 11, 2001, surveillance powers that allow domestic law enforcement to warrantlessly scan the vast mountains of data gathered by America's foreign surveillance apparatus.

A bipartisan team of U.S. lawmakers has introduced new legislation intended to curb the FBI's sweeping surveillance powers, saying the bill helps close the loopholes that allow officials to seize Americans' data without a warrant.

The bill follows more than a decade of debate over post-Sept. 11, 2001, surveillance powers that allow domestic law enforcement to warrantlessly scan the vast mountains of data gathered by America's foreign surveillance apparatus.

The sudo-rs project improves on the security of the original sudo by:

• Using a memory safe language (Rust), as it's estimated that one out of three security bugs in the original sudo have been memory management issues

• Leaving out less commonly used features so as to reduce attack surface

• Developing an extensive test suite which even managed to find bugs in the original sudo

I have a device that reached end-of-life support and I'm burned out loading ROMs to extend it's support. Upon from my return from the trip I plan on purchasing a new device anyway, so buying one while traveling is also an option.

I'm traveling to a European Market that has stronger privacy rules GDPR and their devices must have lower SAR (regarding phone RF emissions).

Regarding RF and SAR

My carrier frequency bands in my home country are supported by European phones I'm looking at (Android and Apple). But do the phones dynamically manage the RF emission based on locale or are the limited at hardware or software?

Would purchasing the device abroad have an effect I think it does when I bring it home?

Regarding Privacy

This one is tricky, typically the account (gmail or Apple ID) is associated with the locale. If I were to create a new account and set up my device while abroad, will this have lasting effects? I have a friend who have immigrated and set their devices up abroad and their locale is still their OG country. One of them changed locales (for android) because spotify (app) wasnt available in their home country locale. So I speculate this is a solid approach if I were to do so.

I know I might have issues with availability of content (downloading from app stores). But as far as accounts go, my Spotify (and netflix if i stil had it) account is associated with my home country so I will still be able to watch shows in my locale. Being able to download the app is the limiting factor but there are ways to get around that with side loading.

So yeah, if anyone has experience with this and could call out some things I didn't consider or validate my expectations, would be appretiated.

Unit tests are meant to verify the functionality of isolated units of code. When dealing with code whose output depends on the system or system configuration, what are approaches to write effective unit tests? I feel this problem plagues lower level systems languages more so I am asking it here.

I solve this by writing "unit tests" that I then manually compare to the output of my terminal's utilities. It is the quickest way to verify units work as expected but it is obviously not automated.

Making a container or a VM to run integration tests seems like the next easiest way, not sure if there are other cost effective ways.

Scenario

Say I have a function called

get_ip_by_ifname(const char *if_name, struct in_addr *ipaddr)

Inputs:

• string of interface name
• pointer to variable where the returned IP address will be

Returns:

• -1 if interface does not exist,
• 0 if interface exists but has no IPv4 IP
• 1+ if interface exists and has at least 1 ip addr (some interfaces have multiple addresses, only 1st is written to ipaddr buffer)

Test Cases and their dependencies

1. Interface doesn't exist
   • easy to test, use uncommon interface name
2. Interface exists has no ipv4 ip address
   • requires the underlying system to have a unique interface name which I need to hard code and compare to in my unit test
3. interface exists, has 1 ipv4 ip address
   • requires underlying system to have the uniquely named interface with exactly 1 uniquely defined ip address. Both of which I need to hard code into my test
4. interface exists, has 1+ ipv4 ip addresses
   • similar to item 3.

The way I might test something like this works is write a test that logs each case's output to the terminal than run ip -c a in another terminal and compare the info in the 2 outputs. I verify it works as expected manually with very minimal setup (just assigned multiple IP addresses to one of my interfaces).

I would like to test this in an automated fashion. Is there any way that wont be a time sink?

Wanted to share a resource I stumbled on that I can't wait to try and integrate into my projects.

A GPT4All model is a 3GB - 8GB file that you can download and plug into the GPT4All open-source ecosystem software. Nomic AI supports and maintains this software ecosystem to enforce quality and security alongside spearheading the effort to allow any person or enterprise to easily train and deploy their own on-edge large language models.

If you didn't get a choice to work remote, how come?

Drawing attention on this instance so Admins are aware and can address the propagating exploit.

EDIT: Found more info about the patch.

A more thorough recap of the issue.

GitHub PR fixing the bug: https://github.com/LemmyNet/lemmy-ui/pull/1897/files

If your instance has custom emojis defined, this is exploitable everywhere Markdown is available. It is NOT restricted to admins, but can be used to steal an admin's JWT, which then lets the attacker get into that admin's account which can then spread the exploit further by putting it somewhere where it's rendered on every single page and then deface the site.

If your instance doesn't have any custom emojis, you are safe, the exploit requires custom emojis to trigger the bad code branch.