HackerTrans
TopNewTrendsCommentsPastAskShowJobs

twleo

no profile record

Submissions

The Control Plane Was the Point: Revisiting Autofz in the LLM Era

yfu.tw
1 points·by twleo·13 дней назад·0 comments

KeePassXC Responds to ProtonMail's Encryption Claims for Password Manager

twitter.com
38 points·by twleo·3 года назад·6 comments

comments

twleo
·9 месяцев назад·discuss
I don't need another desktop app...

The only thing I miss is the official API for the scheduled sending feature.

That's the only thing I would open the webpage app to do.
twleo
·3 года назад·discuss
https://github.com/epitron/mitm-adblock

or

https://github.com/barre/privaxy
twleo
·3 года назад·discuss
Looks good. I hate how IOS does, especially with certificate pinning, so I cannot use my ad-block http mitmproxy to block ads in Apps.

EDIT: thanks for people clarifying that pinning is done by Apps and not by IOS.
twleo
·3 года назад·discuss
Open source does not magically make your software more secure. Community needs to audit the code if they are going to use it instead of trusting blindly.
twleo
·3 года назад·discuss
That's why we should isolate Chromium from Google. Chromium should be lead by third-party like W3C.
twleo
·3 года назад·discuss
Hard Pass for closed-source browser.
twleo
·3 года назад·discuss
Me too. The only con is that Monaco does not have bold variants.

Fortunately, someone has created them!

https://github.com/vjpr/monaco-bold
twleo
·3 года назад·discuss
Code should be self-documented. And editor should have a good mechanism to help you understand the source code. Emacs does better in this angle than Vim by far. You can find the documentation for every variable (describe-variable) and functions (describe-function) easily and jump to their source codes.
twleo
·3 года назад·discuss
mu4e: [0]

Because I live in Emacs!

[0]: https://www.djcbsoftware.nl/code/mu/mu4e.html
twleo
·3 года назад·discuss
That is one of my questions too.

Use a low entropy things (I guess user's password would be not larger than 20 characters nowadays even using password managers) to encrypt a high entropy strings (PGP key).

Looks pretty weird to me.
twleo
·3 года назад·discuss
Hmm. I rely mores on server-side filter rules because I don't use native Mail client.
twleo
·3 года назад·discuss
Even if all the decryption resides in the app/web browser side, they can just silently change the code and inject some scripts to hijack the encryption routine.

Although they are open-source and can be scrutinized by anybody, it does not means that's what is run on the server side.

(Just say they have the capability; no accusation)

So at the end of the day, the question is whether you trust Proton or not. Encryption might not help in that case.
twleo
·3 года назад·discuss
For other functionality, I will say nothing because it takes time to implement features and Proton is not as big as Google.

But for PGP? You should treat it seriously, considering your target customers.
twleo
·3 года назад·discuss
It hurts the trust mostly.

If they cannot handle basic things like PGP correctly, how should I trust other part of their software. Especially they are a "Privacy-first" company.

"Privacy" becomes a marketing term nowadays.
twleo
·3 года назад·discuss
iCloud filter rules is so weak...
twleo
·3 года назад·discuss
There is also a 2-year old issues: https://github.com/ProtonMail/proton-bridge/issues/180

Proton makes it hard for open-source software developer to send patches and they don't care.

https://git-send-email.io/#step-2

Some quote from it.

> Be advised that Protonmail is generally known to be a pretty bad email host. They will munge up your outgoing emails and your patches may fail to apply when received by the other end. Not to mention their mistreatment of open source and false promises of security! You should consider a different mail provider.

Glad that I jumped out the ship only after one week so I can get full refund lol
twleo
·3 года назад·discuss
Until Intel let me use ECC RAM on Consumer-grade CPU, I will use AMD without second thought.
twleo
·4 года назад·discuss
Proton should be responsible no matter it uses the third-party open-source/propriety components or not.

If they decide to use third party libraries, that's their responsibility to review those libraries and include them to their code base.

Not "it's not my fault; it's others fault"
twleo
·4 года назад·discuss
> Bridge is open source, and as a result relies upon open-source components

I don't get it. Bridge is open source does not imply it should relies upon open-source components.

> Addressing this issue at the source requires replacing the core IMAP library.

Why building an IMAP library from scratch instead of fixing/forking go-imap? Even a temporary fix to go-imap when you are developing gluon? Another repetitive work which does not guarantee the mentioned issues will be resolved completely.
twleo
·4 года назад·discuss
Free-tier ProtonMail does not have the privilege to use this buggy bridge.