/tech/ - Technology

Thought this story was worth sharing. A bit of an interesting case example as capitalism ruining everything in the end no matter how benign it starts out and a good cautionary tech security tip/tale.

https://krebsonsecurity.com/2020/03/the-case-for-limiting-your-browser-extensions/

[b]The Case for Limiting Your Browser Extensions[/b]

>Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month.

>The incident is a reminder that browser extensions — however useful or fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. And as we’ll see, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals.

>The health insurance site was compromised after an employee at the company edited content on the site while using a Web browser equipped with a once-benign but now-compromised extension which quietly injected code into the page.

>The extension in question was Page Ruler, a Chrome addition with some 400,000 downloads. Page Ruler lets users measure the inch/pixel width of images and other objects on a Web page. But the extension was sold by the original developer a few years back, and for some reason it’s still available from the Google Chrome store despite multiple recent reports from people blaming it for spreading malicious code.


Post too long. Click here to view the full text.

I made a mild college CS alarmist post today on /leftypol/ and was asked by a student for advice on what to avoid in school. I'm well aware of how contentious programming can get, often with people disagreeing on what even constitutes fact vs. opinion, so feel free to argue against anything I say or provide your own advice to any potential CS students.

Disclaimer: If you want to be a web-dev, none of what follows is applicable. Offer up your soul to the mad gods of JavaScript and prepare to live out your days in unspeakable agony.

Here is my generalized advice in terms of CS: take any class that is focused on implementation rather than theory. Theory is also very important but it is absolutely useless unless it relates to your actual programming experience. If you are not being assigned large or challenging projects, make your own.

Things to avoid or be skeptical of:
- You are primarily being tested on pen-and-paper. The only time programmers have to write algorithms without a debugger or at least a console to print to is in job interviews. You can fail every single test in algorithms class and still be a boss programmer. Tests like these are more akin to Math exams where you must provide proofs.
- You are being force-fed OOP (Object Oriented Programming), either by an academic ideologue or simply by virtue of using Java which basically forces it. OOP in programming epitomizes "ideology" in Zizek sense, it's an abstract model adored by academics who don't write code for actual users because of its perceived elegance and simplicity. However, real-world code ALWAYS has to deal with reality's messy edge cases, which renders any OOP code into a nightmare. There are about a million other reasons it's bad, there are many good lectures on YT.
- Dynamic languages. If you have never programmed you might not even know what this means. Some examples include Python, JavaScript, Lua, etc. These are good for very small applications, like scripts, support tools, toy programs, hobby use, etc. The problem is that they can often be slow, and generally let you make fatal mistakes that you won't even know about until you actually hit the bug in testing. Compiled languages (C, C++), on the other hand, have a huge amount of rules that the programmer must obey before they even run the program. If all the rules are satisfied, the compiler translates your code to a fast, efficient format that gets directly exePost too long. Click here to view the full text.

Sometimes you just NEED to use a certain social media site for something considering how most-all activity on the internet now goes through about 12 or so sites.

I hate these social media sites, and you probably do to, but their ubiquity among the public means that sometimes you just need to use them for whatever reason.

So, how can you use a social media site whilst maintaining some security?

Obviously you can make a fake account, but what is the best way to do that?
What resources can we use to do this?

Thanks in advance.

Hey so I installed mint on a laptop I got from Walmart after my old one exploded. (literally, buss error) So when I was installing I decided to wipe everything off the laptop in favor of an encrypted partition, well, after I rebooted I noticed something: I still have a working windows partition located on /Dev/sdb1 && yes, that is the actual file name it's located on.

So what gives? Why the fuck do I still have a version of Windows installed and can I get the d of it with out breaking my computer??

Help /tech/

Well, lads, we made it. Congrats.
After the hard won victory of having tech placed back on the top bar I realized something though. We don't have any banners!

In lieu of this, I am creating a thread for the creation of banners && Graphics manipulation in general. This thread, obviously, will revolve around general gimp/photoshop skills, memes and, of course, banners, what-have you.

Enjoy!

>>>/gulag/3941
Our local code monkey has put together a development roadmap and RFC thread for bunkerchan

The thread on /gulag/ is full of feature requests, so let's look at the code over here see if we can help

Where is the gits for the front end?

The backend is vanilla lynxchan IIRC https://directory.fsf.org/wiki/LynxChan but for local dev, changes to the front end are preferred, presumably to try and keep the backend on vanilla

Comrades, I urge you to use and spread XMPP for messaging, wether it’s with your organisation or friends and family. There are many servers you can use at no cost, but installing und operating an own server is really easy for everyone with just a little bit of linux experience.
What are the pros of using XMPP, especially when using your own server?
•A couple of options for strong end2end encryption, to make sure neither the server operator nor the glowies can read your messages
•It’s harder to gather metadata of your communication in a federated network
•There are clients for most of the platforms, and even webclients. Most of them respect your privacy and freedom
•When your server has the right extension modules, modern messaging features like sending files (including images and voice recordings), push messages, group chats (both anonymously or private), synchronization between your different clients/devices and much more are possible

While really clandestine communication shouldn’t happen even in the near of a internet device like a smartphone, it is important to make it as hard as possible for the glowies to gather information about with who or at which times you communicate. The spreading of XMPP can be an important step in doing so.

I'm planning on switching from lubuntu to bodhi, however I need to know whether or not bodhi would work just as well as lubuntu for my system
Specs:
>CPU: Intel Atom CPU Z520 @ 1.333GHz
>GPU: Poulsbo
>RAM: 2gb
It's a really shit acer netbook

The white glass is broken and the screen has moisture, is the whole thing destroyed? Otherwise perfectly functional (!). Client is a friend, apparently this happened before he could replace his damaged case. It's a gift so he can't afford to service it.

I feel like the parts for this will either be chinkshit or more expensive than a decent Android with a free, open operating system for once.

Any advice would be huge.