• 0 Posts
  • 22 Comments
Joined 1 year ago
cake
Cake day: September 8th, 2023

help-circle

  • Fyi the syncthing-fork guy (catfriend1) who’s still updating has a donating button on F-droid via Liberapay. It’s up to you if your financial situation allows you to donate, but the more of us help the remaining developers for their time, in particular those of us that rely so much on their work, the better off we’ll be. Let’s give them a little motivation to keep working on this.

    FYI2 syncthing-fork (as written and confirmed in this thread) has an import button for your folders from syncthing Android.



  • The math depends on where you’re living, but what would you mathematically compare here, available required roof area and roof load limits?

    Because the SWH, if put in a place like Cyprus, consumes next to no electricity. Pumps and electronics, but even that is pretty nil if the tank is on the upper floors. So let’s assume a mild sunny climate where the electrical heaters of both the heat pump and the solar heater are off. The heat pump requires power and the water heater doesn’t. As for cloudy days, with proper insulation, a SWH can keep the tank piping hot for a few days.

    Personally i don’t see how a heat pump could beat a SWH in costs and benefits over time. Off the gate it already starts at a disadvantage on environmental impact and upfront costs. When it’s sunny, it loses to solar heating, as it’s free vs very efficient. It probably regains some ground during inclement weather and very cold winter days. There’s also the degradation of the solar panel, which happens at a faster rate than the degradation of the solar heater. So i guess in the end it boils down to how bad the weather gets where you live and yeah, do the math. There’s probably a graph of bad weather days with a point where the SWH becomes less attractive than solar powered heat pumps. But for Mediterranean climates, no contest I’d say. You require less area on the roof for a SWH.

    And this is only considering available roof area/weight limits, because being honest they’re both free sun energy. But you could use the solar power/money/environmental impact elsewhere.


  • From the point of view of efficiency, solar heaters beat pv. With pv you need to convert the sun’s energy into electrical energy, with losses, then convert electrical energy into heat by extracting it from the outside with the heat pump. If you store it in batteries to heat up water later, there’s even more losses. Depending on the outside temperature, there’s a limit to what the heat pump can do, which an internal electric heater inside the water tank takes over to reach usable shower temperature.

    With solar heating the sun heats water, that’s it. Not only you can yield energy from the sun more efficiently, this doesn’t need complex electronics or semiconductors, so it’s also better from an environmental impact point of view.

    And it doesn’t have to be either/or. In my country, solar heating usually comes as a package deal with pv heating. Some companies are making hybrid pvs. Solar panels become less efficient as they heat up, so a hybrid pv would use coolant to keep them within their most efficient working temperature and extract that heat to be used for space heating, using radiators or floor heating or forced air systems, and/or water heating. Having both just makes sense, since it makes your pv needs (and your upfront investment) smaller and the maintenance on solar heaters is much simpler.


  • If i didn’t have a soldering iron, I’d probably grab a diode or resistor leg, snip it just enough to bridge the gap, press it down on the contacts, use super glue to hold it in place on both sides and the middle until it held and hope the glue doesn’t block the contacts.

    But this is an extremely shoddy solution and i doubt it will last long. You have to hold it firmly in place or the glue will get underneath the component leg. The user can’t let it roll around under the finger. I suggest pressing it against the upper side of the contacts in the picture for leverage. Try it out yourself and see if you can do it. Once you verify with a multimeter you get current through, you can apply more super glue on top between the contacts to give it a little more grip, that may make it hold on for longer. Since it’s for a low current application I’m betting just the contact surface of the component leg with the solder blobs underneath will be enough and will not overheat, but i would suggest letting it run a bit just to make sure. You can always make it just a smidge longer in order for the component leg to wrap around the blobs to increase the contact surface, in sort of a C shape.

    A soldering iron for students can be pretty cheap and I’m only suggesting this alternative so you have some sort of low cost solution that doesn’t involve one. Any diode or resistor will do, really, for like 5 cents and superglue for like 2/3€. Or if you want to put it in a kit just send small snips of tin plated, copper clad steel wire, but depending on how many kits you are manufacturing, it might be more cost effective just to use resistor/diode legs harvested from stuff you’ve got lying around.


  • Even if such a thing existed, which given the analysis parameters makes it far too complex for automation (like for instance, how would such a software distinguish between old deleted data still residing in empty space and a vault file hidden in empty space without a follow up analysis of the data itself. It would probably alert the user for something, but the amount of false positives would probably lead an untrained user to ignore the alerts eventually) i would guess it doesn’t, but if it did, it would have to process petabytes every day, from all over the country and the system would have to be maintained, which going by government record of informatics systems, doesn’t seem likely that it would be readily available for everyone that gets stopped at a border stop consistently. It’s like an anti virus search, with all the false positives it comes up with, but 100 times slower, plus the transmission of the entire disk clone file, plus the cloning process itself.

    Moreover the cost of maintaining such a system when 95%+ of the population doesn’t have the know how to use complex data obfuscation measures and LEO rarely obtains information out of these cursory searches for arrests. On published news articles LEO always ends up using snitches, google searches or usage of the TOR network in a given area to catch criminals. Data forensics only come into play later on. Presumably, dollar for dollar, they would probably invest in what works best instead of casting such a wide net.

    In sum, I’m not cleared to know such information, but i am guessing such a thing, while technologically possible, seems economically unfeasible and liable to be used only in specific cases. If i had a border security budget, i would certainly not invest in a mega server to swift through every bit of empty and occupied space of all the randomly selected people for a search that come in through the ports of entry. However i could be wrong.


  • I think you overvalue the skillset of border security. This may seem trivial to you but it’s uncommon to hire people trained to this level of competence and put them at every point of entry. A decent cybersecurity investigator needs a big salary.

    That would probably happen if you were already a suspect of something or a high profile person and they moved in resources for you. No way border security is randomly sweeping for headers and entropy, they basically just look at it with the explorer and clone it, possibly using some software to scan for known security vulnerabilities to access encrypted parts. That would be a court ordered search or a high profile crime investigation, or maybe a really really unlucky day where the expert was already there for another reason, but the rest i agree.

    If your threat model makes you a high profile person, then smuggling data in hidden containers is definitely not the best solution. A non associated personal cloud server is best.


  • Well most recently this year i crossed US borders at the Texas point of entry. I was told expressly to always provide them with my devices, as if i said no thank you i would be denied entry to the US and it would go on the record for future visa applications, which could be denied on grounds of that, thus affecting future assignments. When you get a work visa, you have a time limit to enter the US and if you miss it, you need another. I was told i was completely responsible for any data that third parties could obtain and i would be fired and legally prosecuted if sensitive data was seen by people who did not have security clearance and NDA clearance for the data i was carrying, which border security does not have, even though some US government personnel do have those clearances.

    Fortunately my company provided cloud space for any personal or company data i would be carrying and i wasn’t asked for anything because i came from Europe and i guess they weren’t too suspicious about me, so in the end it wasn’t an issue. Nevertheless, i had to take mandatory corporate training to prepare for any immigration interviews and had to sign specific liability agreements for the data i carry since it is highly sensitive.

    I don’t just work as a liason in the US, but this was the most recent. For the industry i work in, this is pretty standard.

    You can say no, but that doesn’t mean there won’t be consequences, in my case I’d lose my job or lose assignments, which would probably mean I’d be put only on European assignments or demoted to a domestic only position, which would be paid substantially less. So in essence, i can’t really say no nor slack on opsec. Being able to feed my family is more important than protesting on grounds of principle for me. Also i could have issues getting to the US in the future, for any reason that may be, since getting a work visa requires grueling consulate interviews and they check literally everything. It’s one of the most annoying places to get work visas to, even coming from Europe. It took me one year of scheduling and attending interviews to be cleared for it. I was even asked to provide all my personal social media account handles.


  • I guess your company trains to different standards than my company then. A multi national globe operating company can never afford to fire employees for refusing to cooperate with authorities during border checks. At most it can train them to secure data during border crossing.

    If the company i work for did what you suggest, they would fire all their employees in the space of a week or have them all detained or refused entry to countries. They’d lose billions in business. Only a domestic or low volume company can afford having their employees routinely detained at borders in such a manner.

    It just doesn’t make any sense what you’re saying, but you do you bud. All the best.


  • You’re free to do that, but seems like a good way to be put on a list to be harassed more in the future. You make a cop/border agent feel stupid and he/she will make sure to make your life harder.

    The records will show you’re trying different ports of entry and if a border guard doesn’t like you, you will be selected for investigation and getting off that list may take years. Worse, you can be banned from entry for no reason and good luck appealing that.

    Personally i like to treat the customs agents real nice. I call them sir or ma’am, i follow their instructions and i show them a squeaky clean phone and they let me off with a smile at the first port of entry. Being combative with an agent will not change the laws. Moreover if you have obligations to a company, they will not look kindly to this sort of attrition causing delays and will pass you over next time they need someone. This of course means you won’t get paid as much (or, depending on circumstances, at all).

    I agree with the other poster, picking battles is the way to go.


  • They will detain you. I know the US procedure because i was instructed as i worked there as a representative for an overseas company in Europe.

    If you’re a national of the US they will detain you and hold you in detention to ask you questions. During this time your phone will either be cloned or confiscated to be decrypted at a later date. You will be released after a few hours. They will likely not bruteforce it, but rather attempt to use security flaws present in your device/firmware. They will do the same to your laptop.

    If you’re not a national of the US, you will be denied entry and flown back to where you came from. This is common practice in a lot of western countries.

    What you should do is not carry sensitive information across borders, by using a cloud service to sync at your destination or use hidden encrypted containers in your device. Unless you’re involved in terrorism, white collar crime, CSAM or drugs, they will never have people smart enough to find out hidden containers on you.




  • It might sound like a pretty obvious thing, but have you tried changing the tools into the “Tabbed ribbon” that office uses instead of the classic old 90s organization scheme in options ?

    I have come to notice that when people who don’t really work with computers very well, in particular boomers, say that they can’t stand LibreOffice, they mean they don’t like the layout of the tools, because they can’t find anything they need. I suppose they just got used to where everything is with modern office.

    Just change it and see if she will like it better. Usually solves it for the boomers i help. Nothing is holding LibreOffice back more than their default layout scheme. They really don’t know their target audience’s pain points AT ALL. Just goes to show why you need to study your users using the product without being explained anything.

    I don’t get why their default is a layout that has been outdated for 24 years. Nostalgia or what? Only really old people who used computers in the 90s a lot will intuitively find it useful.


  • Mullvad has written a post about it Here.

    FYI

    The desktop versions (Windows, macOS and Linux) of Mullvad’s VPN app have firewall rules in place to block any traffic to public IPs outside the VPN tunnel. These effectively prevent both LocalNet and TunnelVision from allowing the attacker to get hold of plaintext traffic from the victim.

    Android is not vulnerable to TunnelVision simply because it does not implement DHCP option 121, as explained in the original article about TunnelVision.

    iOS is unfortunately vulnerable to TunnelVision, for the same reason it is vulnerable to LocalNet, as we outlined in our blog post about TunnelCrack. The fix for TunnelVision is probably the same as for LocalNet, but we have not yet been able to integrate and ship that to production.

    I gotta say, i am really impressed with Mullvad. They’re not just a VPN seller. They write security compromise bulletins regularly and as soon as vulnerabilities show up and they actively lobby at the EU organs for more privacy laws. They really work and live their identity in every way.


  • From what i read about it, Apple has a walled garden but charges a flat fee for everyone and has no special deals. Everyone pays the same and they make a little money off of the store but also the hardware sold.

    Whereas Google has been caught treating certain parties differently, such as Spotify, something called Project Hug, where they gave extra benefits to parties at risk of leaving the play store, among other unequal dealings.

    So the crux of the question is not about the monopoly itself, but the fact that Google is treating market players differently and throwing its weight around to influence the market to its advantage.



  • NeuronautML@lemmy.mltoPrivacy@lemmy.mlRefute this
    link
    fedilink
    arrow-up
    9
    arrow-down
    1
    ·
    edit-2
    1 year ago

    A dude got caught making bomb threats at Harvard because he was the only one in his university that connected to TOR and they knew from the entry node it had to be from that area. They checked the logs and only one PC had directly connected to the TOR network from that area at that time. The guy wanted more time to study.


  • NeuronautML@lemmy.mltoPrivacy@lemmy.mlRefute this
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    1 year ago

    And a separate flash with your password database, PGP keyring and an encrypted files vault. If you need to go or to destroy/hide evidence, a flash drive is much easier, specially when the task force going after you is more worried about hard drives and laptops and usually gloss over flash drives at least initially.