umami_wasbi

(Rant)

At somepoint, HSBC decided KDE Connect installed via F-Droid is less secure.

Then it decide non-whitelisted keyborads are a security risk. Only Gboard and Samsung Keyboard is confirmed within the whitelist.

I understand the point that risk can be introduce at various points, yet this is simply too much. Yeah there are people phone infected by malware but from Play Store. Not a single time I heard one ever happened on F-Droid distributed apps, at least not from the official repo. Also, I will put more trust on an open source keyboard than any proprietary keyboard.

Furthermore, I'm shocked that an app can read my app list, and current keyboard (introduced in Android 14). This just make building a profile much easier as I belive everyone almost have an unique set of apps they like. I don't think any apps need such functionality. Why the f it needs to care what input devices I uses? This make me worry more about untold (aka burried deep in Privacy Policy) data collection.

There is "block instance" under "settings > blocks" but what does it do? I added a few onto the list but it seems does nothing to remove contents links to the instance.

What I want to achieve is to block all users post from specific instances when spams are high.

How come this wasn't getting more attention?

There are reports in Registar's comment section that Malaysia didn't only redirect DNS traffic, but took active measures to block VPN, and MITM DoH where Cloudflare's DoH returns local ISP certificate.

In fact, some ISPs like Maxis and Yes were already blocking VPN (I see a lot of complains on Lowyat.net about Maxis blocking VPN, and I was using Yes WiMax and experienced the blocking firsthand. I couldn't connect to PPTP endpoints and L2TP endpoints caused the modem to disconnect from the network and reboot).

They were outright trying a MITM redirect attack on those using DOH. Many reported error messages saying that Cloudflare's DOH server were practically returning the certificate for Telekom Malaysia's DNS servers.

Even with many new technologies, I ralized that I not as safe and free as I want to be, maybe you too.

If $70 +$10/mo can get me through all those annoying CAPCHAs, I will gladly pay. Of course, if cheaper or even free solutions exists, I will use it. My only requirement is it work 90%+ of the time.

tl;dr: only applies to NY Eastern District, and likely only US citizen can enjoy

I want to check if my Lenovo T480 is afftected by the recent PKFail, but have no idea how to extract the bios firmware for validation. Can someone detail the steps? Thanks.

Just wonder what if my mail server went offline for some periods, and the sending party couldn't deliver.

Will there be any consequences except I don't get the mail? I tried searching but they all in the perspective of a sender and get a bounce, rather the other way around.

Saw they have promotion £1/mo without setup when paid for a 12mo contract for the lowest end VPS. Anyone use it before?

Just planning to run frp on it. https://github.com/fatedier/frp

LOL