Do all versions of Android have this? I’m on Samsung Android 14 and I can’t find this.
Do all versions of Android have this? I’m on Samsung Android 14 and I can’t find this.
Agree that we are behind with GUI support for secure DNS and I like how enthusiastic your are about the script. Unfortunately, this is just a teaser.
Actually, the functionality should be in systemd-resolved or network manager (or elsewhere maybe). And then configured via the default GUI. This will take time.
Have you looked into how existing software handles captive portals. I believe, both Ubuntu (or Gnome or Network-Manager) and Firefox do check for such portals and detect real internet access. (They simple poll some URL http://detectportal.vendor.com and check for the expected return code. Portals usually redirect.)
Now I’m thinking, what if this check could trigger a change to the DNS configuration. That is use DoT when internet is available, otherwise fall back to DHCP announced DNS
That was also my question. A broader question is how to access services on the local network that are announced through local DNS? Like your router’s web interface or any similar device.
Can you have split routing? Most queries go to our preferred DNSoverTLS endpoint, but some go to DNS53 on the local network.
This would also solve the captive portal if the host used to detect captive portals is always resolved locally.
Person who engages in dating also has a job.
The alternative to multiple cores is a single core that runs faster. We tried this and hit a limit. So, it’s many cores, now.
The OpenAI people built ChatGPT, the Microsoft folks worked on Clippy.
I mean if this is his way of coping with his complete fuckup and preparing his people for the withdrawal, this might be a good thing
This. He signals that he wants a way out.
Of course, he’ll try to get or keep as much as possible, but saving face seems more important than victory. There’s hope.
Maybe we can all agree to say on Russia TV that glorius Russia won.
Ignore my ignorance. Are you saying the aircrafts track where they are going by calculating their position from gyroscope data? And this is more precise than GPS?
That’s like using the accelaration sensors in your phone to navigate. Or sailing with compass and nautical maps.
Possible. Tech isn’t even that novel. But still impressive.
I can’t understand what is to be gained by deliberately trying to knock civilian airliners off course.
You don’t deal with terrorists, do you?
GPS is old, the amount of data you get from the satellite is small, essentially satellite id and timestamp. If we would redesign this today, you could include a digital signature.
Sure, but… you can google this to verify … one can probably manipulate GPS by introducing delay, i.e. resend data from a sat that was hear some seconds ago. With this signal the location will be off.
Or no one wants 8GB RAM octa-cores when they have a phone with similar specs in their pockets…
You are not wrong, but you we should understand what class of attacks we are protecting against. Will biometrics stop your maid from using your device? Probably less. Will it stop the FBI? Not so sure.
Now, you may say, an FBI raid is not what you worry about on a daily basis. Agree.
If you are trying to keep the photos on your device safe from snooping, your good. Attacker needs the device and your fingerprint.
When we talk online accounts, I’d count device+fingerprint as one factor. Sure, the maid from the example above can’t login into your gmail without your fingerprint, but most attacks are online. Your device sends a token to gmail, a cookie, a String; that’s like a password. One factor.
Technically, it’s slightly better than a password, because this token can be short-lived (although often it’s not), could be cryptographic signature to be used exactly once (although…), you cannot brute-force guess the token… But IF the token leaks, the attacker has full access (or enough to cause damage).
That’s why I would suggest an independent second factor, such as password. Yes, a password. Not for your daily routine (biometrics+device is much better), but maybe for high-risk operations.
Well
The biometrics only unlock the device
Yes
and give access to the security key
This is the goal, sure, but what does this actually mean on device that’s mostly governed by software?
There’s a chip (like a yubikey) in the device that can hold cryptographic keys.
That’s good because the key cannot (easily) be extracted from the device.
That’s good as long as no one has physical access to your device.
With physical access, you hope that the device’s unlock mechanism is reasonably secure. That’s biometrics OR password/pin.
The ‘or’ is the problem. For practical reasons you don’t want exactly one method hard-wired. You have a fingerprint scanner (good enough), the secure element (good enough) and lots of hard- and software in between (tricky).
I’m not against biometrics (to unlock a device) because it’s convinient and much better than not locking the device at all. I’m also not against device trust (which you need if you want to store crypto keys sonewhere without separate hardware), but the convience of a single-device solution (laptop or phone) comes with a risk.
If an attacker can bypass the unlock method or trick you into unlocking or compromise the device, your secrets are at risk. Having the key stored in the secure enclave (and not in a regular file on the hard disk) prevents copying the key material, but it does not prevent using the key when the attacker has some control over the (unlocked) device.
A yubikey is more secure because it’s tiny and you can carry it on your keychain. The same chip inside your laptop is more likely to fall into the hands of an attacker.
No.
Im pretty sure they are fine with free riders when they are not too many.
Point for you, root is special.
The x permission on directories is exactly for this purpose. You can use the directory. You cannot read (requires rx), you cannot write (w), but you can ‘cd’ and operate on files in the directory.
This is important, you can lock someone out from a directory tree buy not giving them ‘x’ on the root. So, if your home is rwx------, no one but the owner can do anything in your home. This is effective even if some files and subdirectories have less restrictive permissions.
That was less than 24hours ago. Let’s just wait what happens.
Either Microsoft buys Kenya or Sam Altman is promoted to King of Narnia.
Which of those work for phone numbers (SMS validation)? Email is easy.
Just a note: The app ‘Rethink DNS and Firewall’ can do this with any Wireguard VPN.