#url

wurstaufbrot@pod.geraspora.de

#Tails 6.8.1

2024-10-10

This release is an emergency release to fix a critical security vulnerability in *Tor Browser.*

Changes and updates

Update Tor Browser to 13.5.7, which fixes [MFSA 2024-51](,https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/) a major use-after-free vulnerability. Using this vulnerability, an attacker could take control of Tor Browser, but probably not deanonymize you in #Tails.

Mozilla is aware of this attack being used in the wild against Tor Browser users.

Fixed problems

For more details, read our changelog.

Get Tails 6.8.1

To upgrade your Tails USB stick and keep your Persistent Storage

  • Automatic upgrades are available from Tails 6.0 or later to 6.8.1.

  • If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 6.8.1 on a new USB stick

Follow our installation instructions:

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 6.8.1 directly:

#URL: https://tails.net/news/version_6.8.1/index.en.html

magdoz@diaspora.psyco.fr

Le client youtube Invidious fonctionne. Mais petit souci, peut-ĂȘtre passager, avec la #redirection d' #URL avec #Invidious.
-- https://invidious.us ne passe plus chez moi, c'est mĂȘme bloquĂ© par uBlock car une page de contrĂŽle veut s'afficher au lieu de celle d'invidious.
-- la page https://redirect.invidious.io s'affiche, mais plus la liste des différentes #instances possibles.
(ça, je pense que ce sera passager :) )

Les instances fonctionnent cela dit, exemple avec celle de la fdn : https://invidious.fdn.fr
Et sinon, les liens Piped fonctionnent aussi.

Ça donne quoi de vot'cĂŽtĂ© ?
Vous connaissez un autre lien de redirection, que les 2 cités ici ?

aktionfsa@diasp.eu

21.02.2024 eID des ePerso nicht mehr sicher?

IdentitÀt lÀsst sich auch hier stehlen

Die Antwort ist JEIN, denn ein anonymer Sicherheitsforscher mit dem Namen CtrlAlt hat zwar ein Beispiel aufgezeigt, wie ein EndgerĂ€t eines Anwenders durch eine ĂŒber eine Pishing Mail erhaltene verseuchte App kompromittiert werden kann. Aber in so einem Fall gilt, wie bei allen FĂ€llen, wo Menschen aus eigener "Dummheit" auf Angriffe hereinfallen - selbst schuld.

Mit dieser schnellen Antwort wollte sich JĂŒrgen Schmidt, Leiter heise Security, nicht zufrieden geben und hat das Problem nĂ€her untersucht. Er geht vom Anspruch des eID-Verfahrens aus, den sich die Bundesregierung mal gestellt hatte und sagt: Doch der Anspruch des eID-Systems war und ist es, eine digitale Ausweisfunktion bereitzustellen, die auch dann noch sicher ist, wenn das EndgerĂ€t des Anwenders kompromittiert wurde – etwa wie hier mit einem Trojaner. Da hĂ€lt die eID ihr Versprechen als unabhĂ€ngiger Vertrauensanker nicht ein.

Im weiteren nennt er zwei Verbesserungsmöglichkeiten, eine davon lĂ€sst sich schnell anwenden. Es wĂ€re bereits eine Hilfe, wenn die Nutzer eine Liste des BSI einsehen könnten, welche Apps und welche Updates vertrauenswĂŒrdig seien und eventuell auch Hinweise zu aktuellen Fake Apps als Warnung. Das BSI prĂŒft diesen Vorschlag zur Zeit.

Der zweite Vorschlag geht ans Eingemachte. Dazu muss man wissen, dass eine ID-Feststellung in der eID App mit einer URL der Form eid://... beginnt. Solche URL-Schemes gelten bereits seit einigen Jahren nicht mehr als sicher, vor allem, wenn sich jede App, also auch ein Trojaner, dort registrieren kann. Sowohl fĂŒr iOS als auch fĂŒr Android gibt es sogenannte Universal URLs, bei denen definierte Deep-Links zum Anbieter den Aufruf einer App triggern, wie Heise Security vorschlĂ€gt. Die Antwort des BSI auf diesen Vorschlag ist wesentlich zurĂŒckhaltender, denn der Ansatz der Universal Links wĂŒrde "das Ziel der InteroperabilitĂ€t und Offenheit/Transparenz des eID Systems deutlich einschrĂ€nken".

Die eID fĂŒr den ePerso war ja vor vielen vielen Jahren aus der Taufe gehoben worden, um auch Firmen die Möglichkeit zu geben eine sichere Identifikation ihrer Nutzer sicherzustellen. Über Jahre gab es praktisch keine sinnvollen Anwendungen und auch heute kommen die immer noch wenig genutzten aus dem Öffentlichen Dienst. Selbst der vor 2 Jahren eingefĂŒhrte und von uns verurteilte Zwang zur Freischaltung der eID in jedem neu ausgegebenen Personalausweis hat die Nutzerzahlen kaum beflĂŒgelt.

Wir zitieren hier gern eine Meldung aus dem Jahr 2010: Notbremse beim E-Personalausweis ziehen „Die ĂŒbereilte EinfĂŒhrung des neuen Personalausweises fĂ€llt der Bundesregierung schneller auf die FĂŒĂŸe als befĂŒrchtet" (Die Linke fordert Verzicht auf ePerso ) und verweisen auf ĂŒber 50 Artikel (s.u.) in denen wir uns mit dem Thema "ePerso" beschĂ€ftigen mussten. Wir geben allerdings gerne zu, dass eine verlĂ€ssliche und sichere Identifikation immerhin eine sinnvollere Anwendung als die ebenfalls staatlich eingefĂŒhrte (und inzwischen beerdigte) DE-Mail mit stĂŒckweise verschlĂŒsselten Nachrichten wĂ€re.

Mehr dazu bei https://www.heise.de/hintergrund/eID-und-AusweisApp-kritische-Sicherheitsluecke-aber-auch-gefaehrlich-9632374.html
und alle unsere Artikel zum ePerso https://www.aktion-freiheitstattangst.org/cgi-bin/searchart.pl?suche=ePerso&sel=meta
Kategorie[21]: Unsere Themen in der Presse Short-Link dieser Seite: a-fsa.de/d/3z6
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/8689-20240221-eid-des-eperso-nicht-mehr-sicher.html
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/8689-20240221-eid-des-eperso-nicht-mehr-sicher.html
Tags: #eID #ePerso #Fingerabdruck #ElektronischerPersonalausweis #ElektronischerPass #IdentitÀtsdiebstahl #Verbraucherdatenschutz #Datenschutz #Datensicherheit #DE-Mail #Ergonomie #Datenpannen #Vertrauen #Pishing #Unschuldsvermutung #VerhaltensÀnderung #BSI #URL #App-Liste

magdoz@diaspora.psyco.fr

#Astuce : Comment voir une page internet directement en mode #lecture.

Pour les pages qui peuvent ĂȘtre affichĂ©es en mode lecture :
-- Pour #Firefox : ajouter devant l' #URL : about:reader?url=

Exemple (Ă  copier-coller) : about:reader?url=https://blogs.alternatives-economiques.fr/zemmour/2024/01/30/breve-analyse-de-la-suppression-annoncee-de-l-ass

-- Sur un autre #navigateur, c'est peut-ĂȘtre ça : reader://
Ă  tester.

Qui veut essayer sur #Chrome and co ?

https://support.mozilla.org/fr/kb/retirer-tout-le-superflu-des-pages-web-grace-au-mode-lecture
ou https://support.mozilla.org/fr/kb/consultez-des-pages-web-en-mode-lecture
Mais surtout, ça supprime tous les #Cookies #Traqueurs !!!.

iconnect@diasp.org

#doh #dns #https #firefox #privacy #url #browser #internet #android #iphone #smartphone #windows #linux
https://wiki.mozilla.org/Trusted_Recursive_Resolver
"All preferences for the DNS-over-HTTPS functionality in Firefox are located under the network.trr prefix (TRR == Trusted Recursive Resolver). The support for these were added in Firefox 62.
network.trr.mode
The resolver mode. You should not change the mode manually, instead use the UI in the Network Settings section of about:preferences"

#aboutconfig #setting

#chromium #bromite #cloudflare

anonymiss@despora.de

#Google #Search Asked to Remove One Billion ‘Pirate’ Links in 9 Months

source: https://torrentfreak.com/google-search-asked-to-remove-one-billion-pirate-links-in-9-months-230807/

Looking more closely at the timeline, we see that a billion #URLs were reported to Google search in less than nine months. For comparison, it took twice as long to go from five to six billion, suggesting that the #takedown volume picked up again after a previously reported decline.

#internet #piracy #copyright #economy #news #url

marcuslibre@diaspora-fr.org

Raccourcisseur URL modifiable

#question

Bonjour Ă  tous,

Je recherche un #raccourcisseur d' #URL modifiable!

J'ai regardé un peu du coté des #chatons évidement, mais rien trouvé

Le seul que j'ai trouvé jusqu'ici est sur OVH, et ça ne dit pas de quoi il se sers !

Si je ne trouve vraiment pas, je reprendrais un petit hĂ©bergement pour y mettre YOURLS, mais si je peux Ă©viter pou l’instant ... đŸ˜ƒïž

Merci


#framasoft #logiciel-libre #raccourcisseur_url

anonymiss@despora.de

Deterring #Scraping By #Protecting #Facebook Identifiers

source: https://about.fb.com/news/2022/09/deterring-scraping-by-protecting-facebook-identifiers/

Most companies use unique identifiers within the URLs of their website. #Identifiers are a way to uniquely reference people or #content such as posts, pictures and videos. Within Facebook, these identifiers are known as #FBIDs and we use them to load content for people.

enter image description here

Every Facebook #link you distribute from your #account can be traced back to you!

#url #uri #warning #tracking #surveillance #meta #internet #economy #politics #id #identification #problem #anonymous #click #news

anonymiss@despora.de

#Facebook Is Now #Encrypting #Links to Prevent #URL Stripping

source: https://www.schneier.com/blog/archives/2022/07/facebook-is-now-encrypting-links-to-prevent-url-stripping.html

Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties.

#meta #fail #software #tracking #surveillance #news #warning #URI #Firefox

magdoz@diaspora.psyco.fr

#ClearURLs sur #Framalibre (pour nettoyer un lien #URL de ses #trackers)
https://framalibre.org/content/clearurls

‱ ClearURLs est une extension vous permettant de lutter contre les outils de surveillance des annonceurs, en supprimant automatiquement les Ă©lĂ©ments de suivi (directement depuis l'URL), afin de protĂ©ger votre #ViePrivĂ©e lorsque vous naviguez sur #Internet.

‱ Par exemple, lorsque vous faites des recherches sur Amazon (ou bien sur d'autres sites web du genre), le site web en question va vous fournir une URL plus ou moins longue (contenant des codes de surveillance) :

amazon.com/dp/exampleProduct/ref=sxin_0_pb?__mk_de_DE=ÅMĂ…ĆœĂ•Ă‘&keywords=tea&pf_rd_i=exampleProduct&pg_rd_p=50bbfd25-5ef7-41a2-68d6-74d854b30e30&ph_rd_r=0GMWD0YYKA7XFGX55ADP&qid=1517757263&rnid=2914120011

‱ Étant donnĂ© que ces codes de #surveillance ne sont pas nĂ©cessaires au bon fonctionnement du site #web, alors ils peuvent ĂȘtre supprimĂ©s sans problĂšme, et c'est exactement ce que fait ClearURLs :

amazon.com/exampleProduct/dp/1903574031237

‱ ClearURLs fait partie des #extensions recommandĂ©es par #Mozilla #Firefox.

#Logiciel #Libre #LogicielLibre

canoodle@nerdpol.ch

Rant: Open Source and the concept of: Release early, release often or publish early & publish often -> continuous development/continuous integration (CD/CI) -> tight loops ok but still - linking to nirvana without redirection & badly written software that everyone uses - another case of - nothing works "ok" - klarer fall von "nichts funktioniert ok"

https://administrator.de/forum/wol-geht-nicht-mit-broadcast-adresse-101944.html

-> it’s catastrophic, when webpages change their url setup


https://www.heise.de/netze/Wake-on-WAN–/artikel/89304/0

because it will result in

“nothing works” “ok”

this does not have nothing to do with luck, but with:

  1. bad url management:
    • wordpress does an pretty good job there, as whenever the user changes the url (more keywords?) it will also redirect from the older past urls to the new url
      • that is how it is SUPPOSED to be for EVERY website of the (not so) “ethernal” part of the internet called www
  2. elastic search seems to be a very very badly written software that does not do any sort of software quality checks?
    • or maybe it’s wrongful integration? (but maybe it just sucks)
    • why is every developer-user using it?
  • PS: as mankind still ponders and evolves (by making mistakes) how to best deal with computers
    • yes someone said “publish early” & “publish often” (doing this with the blog
 also
 often too often and too early X-D)
      • or: “Release early, release often” (wiki)
        • “tight feedback loop between developers and testers or users” (wiki) - yeah sure as a developer that might be a good thing, as a user
 really doubt it
 - there are highly intelligent respected developers that pioneered this concept
 it might work for small teams
 (of one)
        • “This philosophy was popularized by Eric S. Raymond in his 1997 essay The Cathedral and the Bazaar, where Raymond stated “Release early. Release often. And listen to your customers”.[4]”“This philosophy was originally applied to the development of the Linux kernel and other open-source software, but has also been applied to closed source, commercial software development.””The alternative to the release early, release often philosophy is aiming to provide only polished, bug-free releases.[5] Advocates of RERO question that this would in fact result in higher-quality releases.[4]“
      • has this lead to every developer going in the: continuous development/continuous integration direction? (definately sounds like it)
        • it really should be called CD/CI not CI/CD because first comes the development, then the integration (but well hewego: CI/CD@RedHat)
        • still pondering if it’s really a good idea - well if software quality sticks to UNIX principles of K.I.S.S (most do not and have NO IDEA what non-K.I.S.S means for their software-project or company: - it is the difference between: - lost in chaos of complexity = dysfunctionality - vs a lean stream of running smooth software-company - src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html - plus test-driven development: 100.000 use case checks tested afterwards automatic & semi-automatic & manual - than that probably works (but then that is what needs to be done anyway to ensure good software quality) - plus: maybe a feedback channel that does not de-motivate - always say something positive first - then the critique
        • signal.org is a very cool mobile & desktop messenger (that usually works pretty well) but: - what is already annoying: if updates per program are 100MBytes and more
 (always downloads the full thing (signal.org desktop client) no differential updates?)
  • word of advice: never blindly follow “the trends”
    • always think for yourself, “does it make sense”?
      • test it if it works for you, if not, drop it, what’s the point?

imho gotta to do both


#linux #gnu #gnulinux #opensource #administration #sysops #rant #software #quality #mess #archive #heise #url #urls #redirects #ci-cd #cd-ci #CICD #CDCI #dev #systems #system #company #developers #developer #buckminster #buckminister

Originally posted at: https://dwaves.de/2022/02/03/rant-open-source-and-the-concept-of-release-early-release-often-or-publish-early-publish-often-continuous-development-continuous-integration-cd-ci-tight-loops-ok-but-still-linking-to-n/

canoodle@nerdpol.ch

Rant: Open Source and the concept of: Release early, release often or publish early & publish often -> continuous development/continuous integration (CD/CI) -> tight loops ok but still - linking to nirvana without redirection & badly written software that everyone uses - another case of - nothing works "ok" - klarer fall von "nichts funktioniert ok"

https://administrator.de/forum/wol-geht-nicht-mit-broadcast-adresse-101944.html

-> it’s catastrophic, when webpages change their url setup


https://www.heise.de/netze/Wake-on-WAN–/artikel/89304/0

because it will result in

“nothing works” “ok”

this does not have nothing to do with luck, but with:

  1. bad url management:
    • wordpress does an pretty good job there, as whenever the user changes the url (more keywords?) it will also redirect from the older past urls to the new url
      • that is how it is SUPPOSED to be for EVERY website of the (not so) “ethernal” part of the internet called www
  2. elastic search seems to be a very very badly written software that does not do any sort of software quality checks?
    • or maybe it’s wrongful integration? (but maybe it just sucks)
    • why is every developer-user using it?
  • PS: as mankind still ponders and evolves (by making mistakes) how to best deal with computers
    • yes someone said “publish early” & “publish often” (doing this with the blog
 also
 often too often and too early X-D)
      • or: “Release early, release often” (wiki)
        • “tight feedback loop between developers and testers or users” (wiki) - yeah sure as a developer that might be a good thing, as a user
 really doubt it
 - there are highly intelligent respected developers that pioneered this concept
 it might work for small teams
 (of one)
        • “This philosophy was popularized by Eric S. Raymond in his 1997 essay The Cathedral and the Bazaar, where Raymond stated “Release early. Release often. And listen to your customers”.[4]”“This philosophy was originally applied to the development of the Linux kernel and other open-source software, but has also been applied to closed source, commercial software development.” “The alternative to the release early, release often philosophy is aiming to provide only polished, bug-free releases.[5] Advocates of RERO question that this would in fact result in higher-quality releases.[4]“
      • has this lead to every developer going in the: continuous development/continuous integration direction? (definately sounds like it)
        • it really should be called CD/CI not CI/CD because first comes the development, then the integration (but well hewego: CI/CD@RedHat)
        • still pondering if it’s really a good idea - well if software quality sticks to UNIX principles of K.I.S.S (most do not and have NO IDEA what non-K.I.S.S means for their software-project or company: - it is the difference between: - lost in chaos of complexity = dysfunctionality - vs a lean stream of running smooth software-company - src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html - plus test-driven development: 100.000 use case checks tested afterwards automatic & semi-automatic & manual - than that probably works (but then that is what needs to be done anyway to ensure good software quality) - plus: maybe a feedback channel that does not de-motivate - always say something positive first - then the critique
        • signal.org is a very cool mobile & desktop messenger (that usually works pretty well) but: - what is already annoying: if updates per program are 100MBytes and more
 (always downloads the full thing (signal.org desktop client) no differential updates?)
  • word of advice: never blindly follow “the trends”
    • always think for yourself, “does it make sense”?
      • test it if it works for you, if not, drop it, what’s the point?

#linux #gnu #gnulinux #opensource #administration #sysops #rant #software #quality #mess #archive #heise #url #urls #redirects #ci-cd #cd-ci #CICD #CDCI #dev #systems #system #company #developers #developer

Originally posted at: https://dwaves.de/2022/02/03/rant-open-source-and-the-concept-of-release-early-release-often-or-publish-early-publish-often-continuous-development-continuous-integration-cd-ci-tight-loops-ok-but-still-linking-to-n/

canoodle@nerdpol.ch

Rant: Open Source and the concept of: Release early, release often or publish early & publish often -> continuous development/continuous integration (CD/CI) -> tight loops ok but still - linking to nirvana without redirection & badly written software that everyone uses - another case of - nothing works "ok" - klarer fall von "nichts funktioniert ok"

https://administrator.de/forum/wol-geht-nicht-mit-broadcast-adresse-101944.html

-> it’s catastrophic, when webpages change their url setup


https://www.heise.de/netze/Wake-on-WAN–/artikel/89304/0

because it will result in

“nothing works” “ok”

this does not have nothing to do with luck, but with:

  1. bad url management:
    • wordpress does an pretty good job there, as whenever the user changes the url (more keywords?) it will also redirect from the older past urls to the new url
      • that is how it is SUPPOSED to be for EVERY website of the (not so) “ethernal” part of the internet called www
  2. elastic search seems to be a very very badly written software that does not do any sort of software quality checks?
    • why is every developer-user using it?
  • PS: as mankind still ponders and evolves (by making mistakes) how to best deal with computers
    • yes someone said “publish early” & “publish often” (doing this with the blog
 also
 often too often and too early X-D)
      • or: “Release early, release often” (wiki)
        • “tight feedback loop between developers and testers or users” (wiki) - yeah sure as a developer that might be a good thing, as a user
 really doubt it

      • has this lead to every developer going in the: continuous development/continuous integration direction? (definately sounds like it)
        • it really should be called CD/CI not CI/CD because first comes the development, then the integration (but well hewego: CI/CD@RedHat)
        • still pondering if it’s really a good idea - well if software quality sticks to UNIX principles of K.I.S.S (most do not) - plus test-driven development: 100.000 use case checks tested afterwards automatic & semi-automatic & manual - than that probably works (but then that is what needs to be done anyway to ensure good software quality) - plus: maybe a feedback channel that does not de-motivate - always say something positive first - then the critique
        • signal.org is a very cool mobile & desktop messenger (that usually works pretty well) but: - what is already annoying: if updates per program are 100MBytes and more
 (always downloads the full thing (signal.org desktop client) no differential updates?)
  • word of advice: never blindly follow “the trends”
    • always think for yourself, “does it make sense”?
      • test it if it works for you, if not, drop it, what’s the point?

#linux #gnu #gnulinux #opensource #administration #sysops #rant #software #quality #mess #archive #heise #url #urls #redirects #ci-cd #cd-ci #CICD #CDCI #dev

Originally posted at: https://dwaves.de/2022/02/03/rant-open-source-and-the-concept-of-release-early-release-often-or-publish-early-publish-often-continuous-development-continuous-integration-cd-ci-tight-loops-ok-but-still-linking-to-n/

canoodle@nerdpol.ch

linking to nirvana without redirection & badly written software that everyone uses - another case of - nothing works "ok" - klarer fall von "nichts funktioniert ok"

https://administrator.de/forum/wol-geht-nicht-mit-broadcast-adresse-101944.html

-> it’s catastrophic, when webpages change their url setup


https://www.heise.de/netze/Wake-on-WAN–/artikel/89304/0

because it will result in

“nothing works” “ok”

this does not have nothing to do with luck, but with:

  1. bad url management:
    • wordpress does an pretty good job there, as whenever the user changes the url (more keywords?) it will also redirect from the older past urls to the new url
      • that is how it is SUPPOSED to be for EVERY website of the (not so) “ethernal” part of the internet called www
  2. elastic search seems to be a very very badly written software that does not do any sort of software quality checks?
    • why is everyone using it?

#linux #gnu #gnulinux #opensource #administration #sysops #rant #software #quality #mess #archive #heise #url #urls #redirects

Originally posted at: https://dwaves.de/2022/06/03/linking-to-nirvana-without-redirection-badly-written-software-that-everyone-uses-another-case-of-nothing-works-ok-klarer-fall-von-nichts-funktioniert-ok/