That seems like a concern for the IT department of a large organization, but not something end users should care about.

My Pixel 4a has LineageOS on it, and is installing an update from two days ago right now.

That may technically be true, but it’s currently very normalized. Do we actually want to denormalize it? Should the government know about every trivial transaction?

The alternative is safeStorage, which uses the operating system’s credential management facility if available. On Mac OS and sometimes Linux, this means another process running in the user’s account is prevented from accessing it. Windows doesn’t have a protection against that, but all three systems do protect the credentials if someone copies data offline.

Signal should change this, but it isn’t a major security flaw. If an attacker can copy your home directory or run arbitrary code on your device, you’re already in big trouble.

You’d need write access to the user’s home directory, but doing something with desktop notifications on modern Linux is as simple as

dbus-monitor "interface='org.freedesktop.Notifications'" | grep --line-buffered "member=Notify\|string" | [insert command here]

Replacing the Signal app for that user also doesn’t require elevated privileges unless the home directory is mounted noexec.

I don’t recall Signal ever claiming their desktop app provided encryption at rest.

I’m not sure if they’ve claimed that, but it does that using SQLCipher.

If someone can read my Signal keys on my desktop, they can also:

• Replace my Signal app with a maliciously modified version
• Install a program that sends the contents of my desktop notifications (likely including Signal messages) somewhere
• Install a keylogger
• Run a program that captures screenshots when certain conditions are met
• [a long list of other malware things]

Signal should change this because it would add a little friction to a certain type of attack, but a messaging app designed for ease of use and mainstream acceptance cannot provide a lot of protection against an attacker who has already gained the ability to run arbitrary code on your user account.

Sure: don’t use Mastodon to participate in Lemmy communities.

You can of course, which you clearly already know. Tagging a community in s top-level post even results in a good experience, but subscribing to communities does not, and you can’t vote.

Maintaining accounts on both is a good idea.

That’s what I have on mine too.

I reviewed it. It’s my favorite small headlamp, and also pretty good as a handheld pocket light. The related handheld-only M150 is also nice.

I reviewed it. It’s one of the better options in its class.

I find it important to have some tools with me. Even if I’m really unlikely to use them, being a useful person who can fix stuff and solve problems is a major component of my self concept.

I also find the tools interesting in their own right. Lots of people like trinkets and gadgets, and there may be no explaining it to someone who doesn’t immediately find that sort of thing appealing.

• Old leather wallet
• Flashlight (Skilhunt H150)
• Knife (Spyderco UKPK)
• Pepper spray (Sabre Red, with a pocket clip from a random flashlight)
• Phone (Pixel 4A)
• Keys, and another flashlight (Skilhunt EK1)
• Flash drive (Sandisk 128gb)
• 1.38€

See also [email protected]

As a flashlight nerd, reviewer, and moderator of [email protected], I think I have to go with the Zebralight SC65c HI.

most people see messaging apps like Signal, WhatsApp and other third party apps for personal use only.

In Europe, businesses, especially small businesses often use WhatsApp, to the point of putting its logo next to their phone number on signs. I wonder what creates the perception where you are that messaging apps are for personal use, not business.

Signal, being owned by a nonprofit has a bit more resistance to that than most.

That’s the main reason I recommend it over alternatives with similar technical capabilities, such as WhatsApp.

There’s nothing keeping them from scraping that kind of data now.

The Dutch system is open list proportional representation, with the twist that lists may overlap between districts.

I think Condorcet methods are better suited to voting for individual candidates. It’s certainly possible to have multi-member districts (and I think that’s a good idea), but probably doesn’t pair well with proportional representation.

I like Condorcet methods.

This is a ranked method that’s different from instant runoff, with its defining characteristic being that the winner would beat every other candidate in a two-way race. The biggest downside is that determining the result is more mathematically complex than other methods, which makes it harder to explain and might lead people to mistrust the result.

Condorcet methods benefit candidates few voters hate, which is the inverse of the current and past two US presidential elections. Given a situation where two dominant parties run widely unpopular candidates, a Condorcet method would create a very strong probability that any palatable third-party candidate wins, though over the long term a system using such a method probably wouldn’t have two dominant parties.

I’m not surprised they could. I’ve worked on things that send SMS messages and I’m aware that carriers filter for spam and scams (perhaps not as effectively as one might hope).

I’m surprised to hear of messages being blocked for mere profanity.

Anyway, SMS sucks, default to something else and fall back to SMS as a last resort. Gently encourage your contacts to use Signal.