HackerTrans
トップ新着トレンドコメント過去質問紹介求人

twleo

no profile record

投稿

The Control Plane Was the Point: Revisiting Autofz in the LLM Era

yfu.tw
1 ポイント·投稿者 twleo·13 日前·0 コメント

KeePassXC Responds to ProtonMail's Encryption Claims for Password Manager

twitter.com
38 ポイント·投稿者 twleo·3 年前·6 コメント

コメント

twleo
·9 か月前·議論
I don't need another desktop app...

The only thing I miss is the official API for the scheduled sending feature.

That's the only thing I would open the webpage app to do.
twleo
·3 年前·議論
https://github.com/epitron/mitm-adblock

or

https://github.com/barre/privaxy
twleo
·3 年前·議論
Looks good. I hate how IOS does, especially with certificate pinning, so I cannot use my ad-block http mitmproxy to block ads in Apps.

EDIT: thanks for people clarifying that pinning is done by Apps and not by IOS.
twleo
·3 年前·議論
Open source does not magically make your software more secure. Community needs to audit the code if they are going to use it instead of trusting blindly.
twleo
·3 年前·議論
That's why we should isolate Chromium from Google. Chromium should be lead by third-party like W3C.
twleo
·3 年前·議論
Hard Pass for closed-source browser.
twleo
·3 年前·議論
Me too. The only con is that Monaco does not have bold variants.

Fortunately, someone has created them!

https://github.com/vjpr/monaco-bold
twleo
·3 年前·議論
Code should be self-documented. And editor should have a good mechanism to help you understand the source code. Emacs does better in this angle than Vim by far. You can find the documentation for every variable (describe-variable) and functions (describe-function) easily and jump to their source codes.
twleo
·3 年前·議論
mu4e: [0]

Because I live in Emacs!

[0]: https://www.djcbsoftware.nl/code/mu/mu4e.html
twleo
·3 年前·議論
That is one of my questions too.

Use a low entropy things (I guess user's password would be not larger than 20 characters nowadays even using password managers) to encrypt a high entropy strings (PGP key).

Looks pretty weird to me.
twleo
·3 年前·議論
Hmm. I rely mores on server-side filter rules because I don't use native Mail client.
twleo
·3 年前·議論
Even if all the decryption resides in the app/web browser side, they can just silently change the code and inject some scripts to hijack the encryption routine.

Although they are open-source and can be scrutinized by anybody, it does not means that's what is run on the server side.

(Just say they have the capability; no accusation)

So at the end of the day, the question is whether you trust Proton or not. Encryption might not help in that case.
twleo
·3 年前·議論
For other functionality, I will say nothing because it takes time to implement features and Proton is not as big as Google.

But for PGP? You should treat it seriously, considering your target customers.
twleo
·3 年前·議論
It hurts the trust mostly.

If they cannot handle basic things like PGP correctly, how should I trust other part of their software. Especially they are a "Privacy-first" company.

"Privacy" becomes a marketing term nowadays.
twleo
·3 年前·議論
iCloud filter rules is so weak...
twleo
·3 年前·議論
There is also a 2-year old issues: https://github.com/ProtonMail/proton-bridge/issues/180

Proton makes it hard for open-source software developer to send patches and they don't care.

https://git-send-email.io/#step-2

Some quote from it.

> Be advised that Protonmail is generally known to be a pretty bad email host. They will munge up your outgoing emails and your patches may fail to apply when received by the other end. Not to mention their mistreatment of open source and false promises of security! You should consider a different mail provider.

Glad that I jumped out the ship only after one week so I can get full refund lol
twleo
·3 年前·議論
Until Intel let me use ECC RAM on Consumer-grade CPU, I will use AMD without second thought.