HackerTrans
TopNewTrendsCommentsPastAskShowJobs

twleo

no profile record

Submissions

The Control Plane Was the Point: Revisiting Autofz in the LLM Era

yfu.tw
1 points·by twleo·vor 13 Tagen·0 comments

KeePassXC Responds to ProtonMail's Encryption Claims for Password Manager

twitter.com
38 points·by twleo·vor 3 Jahren·6 comments

comments

twleo
·vor 9 Monaten·discuss
I don't need another desktop app...

The only thing I miss is the official API for the scheduled sending feature.

That's the only thing I would open the webpage app to do.
twleo
·vor 3 Jahren·discuss
https://github.com/epitron/mitm-adblock

or

https://github.com/barre/privaxy
twleo
·vor 3 Jahren·discuss
Looks good. I hate how IOS does, especially with certificate pinning, so I cannot use my ad-block http mitmproxy to block ads in Apps.

EDIT: thanks for people clarifying that pinning is done by Apps and not by IOS.
twleo
·vor 3 Jahren·discuss
Open source does not magically make your software more secure. Community needs to audit the code if they are going to use it instead of trusting blindly.
twleo
·vor 3 Jahren·discuss
That's why we should isolate Chromium from Google. Chromium should be lead by third-party like W3C.
twleo
·vor 3 Jahren·discuss
Hard Pass for closed-source browser.
twleo
·vor 3 Jahren·discuss
Me too. The only con is that Monaco does not have bold variants.

Fortunately, someone has created them!

https://github.com/vjpr/monaco-bold
twleo
·vor 3 Jahren·discuss
Code should be self-documented. And editor should have a good mechanism to help you understand the source code. Emacs does better in this angle than Vim by far. You can find the documentation for every variable (describe-variable) and functions (describe-function) easily and jump to their source codes.
twleo
·vor 3 Jahren·discuss
mu4e: [0]

Because I live in Emacs!

[0]: https://www.djcbsoftware.nl/code/mu/mu4e.html
twleo
·vor 3 Jahren·discuss
That is one of my questions too.

Use a low entropy things (I guess user's password would be not larger than 20 characters nowadays even using password managers) to encrypt a high entropy strings (PGP key).

Looks pretty weird to me.
twleo
·vor 3 Jahren·discuss
Hmm. I rely mores on server-side filter rules because I don't use native Mail client.
twleo
·vor 3 Jahren·discuss
Even if all the decryption resides in the app/web browser side, they can just silently change the code and inject some scripts to hijack the encryption routine.

Although they are open-source and can be scrutinized by anybody, it does not means that's what is run on the server side.

(Just say they have the capability; no accusation)

So at the end of the day, the question is whether you trust Proton or not. Encryption might not help in that case.
twleo
·vor 3 Jahren·discuss
For other functionality, I will say nothing because it takes time to implement features and Proton is not as big as Google.

But for PGP? You should treat it seriously, considering your target customers.
twleo
·vor 3 Jahren·discuss
It hurts the trust mostly.

If they cannot handle basic things like PGP correctly, how should I trust other part of their software. Especially they are a "Privacy-first" company.

"Privacy" becomes a marketing term nowadays.
twleo
·vor 3 Jahren·discuss
iCloud filter rules is so weak...
twleo
·vor 3 Jahren·discuss
There is also a 2-year old issues: https://github.com/ProtonMail/proton-bridge/issues/180

Proton makes it hard for open-source software developer to send patches and they don't care.

https://git-send-email.io/#step-2

Some quote from it.

> Be advised that Protonmail is generally known to be a pretty bad email host. They will munge up your outgoing emails and your patches may fail to apply when received by the other end. Not to mention their mistreatment of open source and false promises of security! You should consider a different mail provider.

Glad that I jumped out the ship only after one week so I can get full refund lol
twleo
·vor 3 Jahren·discuss
Until Intel let me use ECC RAM on Consumer-grade CPU, I will use AMD without second thought.