HackerTrans
TopNewTrendsCommentsPastAskShowJobs

twleo

no profile record

Submissions

The Control Plane Was the Point: Revisiting Autofz in the LLM Era

yfu.tw
1 points·by twleo·13 dni temu·0 comments

KeePassXC Responds to ProtonMail's Encryption Claims for Password Manager

twitter.com
38 points·by twleo·3 lata temu·6 comments

comments

twleo
·9 miesięcy temu·discuss
I don't need another desktop app...

The only thing I miss is the official API for the scheduled sending feature.

That's the only thing I would open the webpage app to do.
twleo
·3 lata temu·discuss
https://github.com/epitron/mitm-adblock

or

https://github.com/barre/privaxy
twleo
·3 lata temu·discuss
Looks good. I hate how IOS does, especially with certificate pinning, so I cannot use my ad-block http mitmproxy to block ads in Apps.

EDIT: thanks for people clarifying that pinning is done by Apps and not by IOS.
twleo
·3 lata temu·discuss
Open source does not magically make your software more secure. Community needs to audit the code if they are going to use it instead of trusting blindly.
twleo
·3 lata temu·discuss
That's why we should isolate Chromium from Google. Chromium should be lead by third-party like W3C.
twleo
·3 lata temu·discuss
Hard Pass for closed-source browser.
twleo
·3 lata temu·discuss
Me too. The only con is that Monaco does not have bold variants.

Fortunately, someone has created them!

https://github.com/vjpr/monaco-bold
twleo
·3 lata temu·discuss
Code should be self-documented. And editor should have a good mechanism to help you understand the source code. Emacs does better in this angle than Vim by far. You can find the documentation for every variable (describe-variable) and functions (describe-function) easily and jump to their source codes.
twleo
·3 lata temu·discuss
mu4e: [0]

Because I live in Emacs!

[0]: https://www.djcbsoftware.nl/code/mu/mu4e.html
twleo
·3 lata temu·discuss
That is one of my questions too.

Use a low entropy things (I guess user's password would be not larger than 20 characters nowadays even using password managers) to encrypt a high entropy strings (PGP key).

Looks pretty weird to me.
twleo
·3 lata temu·discuss
Hmm. I rely mores on server-side filter rules because I don't use native Mail client.
twleo
·3 lata temu·discuss
Even if all the decryption resides in the app/web browser side, they can just silently change the code and inject some scripts to hijack the encryption routine.

Although they are open-source and can be scrutinized by anybody, it does not means that's what is run on the server side.

(Just say they have the capability; no accusation)

So at the end of the day, the question is whether you trust Proton or not. Encryption might not help in that case.
twleo
·3 lata temu·discuss
For other functionality, I will say nothing because it takes time to implement features and Proton is not as big as Google.

But for PGP? You should treat it seriously, considering your target customers.
twleo
·3 lata temu·discuss
It hurts the trust mostly.

If they cannot handle basic things like PGP correctly, how should I trust other part of their software. Especially they are a "Privacy-first" company.

"Privacy" becomes a marketing term nowadays.
twleo
·3 lata temu·discuss
iCloud filter rules is so weak...
twleo
·3 lata temu·discuss
There is also a 2-year old issues: https://github.com/ProtonMail/proton-bridge/issues/180

Proton makes it hard for open-source software developer to send patches and they don't care.

https://git-send-email.io/#step-2

Some quote from it.

> Be advised that Protonmail is generally known to be a pretty bad email host. They will munge up your outgoing emails and your patches may fail to apply when received by the other end. Not to mention their mistreatment of open source and false promises of security! You should consider a different mail provider.

Glad that I jumped out the ship only after one week so I can get full refund lol
twleo
·3 lata temu·discuss
Until Intel let me use ECC RAM on Consumer-grade CPU, I will use AMD without second thought.
twleo
·4 lata temu·discuss
Proton should be responsible no matter it uses the third-party open-source/propriety components or not.

If they decide to use third party libraries, that's their responsibility to review those libraries and include them to their code base.

Not "it's not my fault; it's others fault"
twleo
·4 lata temu·discuss
> Bridge is open source, and as a result relies upon open-source components

I don't get it. Bridge is open source does not imply it should relies upon open-source components.

> Addressing this issue at the source requires replacing the core IMAP library.

Why building an IMAP library from scratch instead of fixing/forking go-imap? Even a temporary fix to go-imap when you are developing gluon? Another repetitive work which does not guarantee the mentioned issues will be resolved completely.
twleo
·4 lata temu·discuss
Free-tier ProtonMail does not have the privilege to use this buggy bridge.