How do you know where your data is going? (2/2)

@patrickcmiller humm ..., yes, I was talking to somebody the other day that had to do an exam that was online, after I started asking about it they read something that said the exam software would have access to the whole browser including history, at which point I just said "nope, not for me" and though I would be wiping a laptop and using the install just for that exam only. Unfortunately though not everybody has the ability to do that 😕. (1/2)

A Sale of 23andMe’s #Data Would Be Bad for #Privacy. Here’s What Customers Can Do.

Apparently 23andMe is considering selling off its assets - including user DNA data - to a third party.

Taking this opportunity to highlight that transferring of user data between acquired and acquiring companies happens more often than you think.

#privacy #privacymatters #23andme

https://www.eff.org/deeplinks/2024/10/sale-23andmes-data-would-be-bad-privacy-heres-what-customers-can-do

@avoidthehack Interesting, the best way to protect your data is to not supply it in the first place 🙄

@aikensource @cloudflare I use #dnscrypt and dnscrypt-proxy and enable relays, it can take a little while to start when it checks latency but once it's running i've never had any issues. I also front with #unbound to forward specific domains to local nameservers

@stux I missed this 😕 are there any recording / replays available?

😀 https://posts.rat.pictures/@hannah/113080583317793217

@catsalad I would be interested to know how much virtual memory those tabs are using, especially with the heavy pages of today

@kalleboo Is this because some regs require them to have an earth? even know those chargers are class 2 appliances so they just stick some earth cable on, that probably isn't connected anyway, and call it a day?

@Blort @tchambers I use #ElementX mainly for the sliding sync functionality, I think that is being included in the main #element client at some point though, it used to take ages for messages to show if I was on a bit of a dodge connection which was slightly annoying

@stux I never got the internet talk, had to figure it out for myself

@koehntopp sounds like a standard case of managers without technical experience getting involved with technical aspects when they should just stay out of it #crowdstrike

@thephd from what i’m reading it seems like #crowdstrike ended up finding a way to workaround microsoft codesigning in kernel side and used that to sideload unsigned and untested code at ring0. Actually this issue wouldn’t happen if the driver was written in c#, followed the microsoft validation process to get the certification for the new code and they actually did a test before pushing an update worldwide. Everyone is blaming C because it’s trendy and all the Rust kids feel strong there. PD: writing kernel code with rust implies adding lots of unsafe blocks which means null derefs can also happen. Imho the whole issue is way more complex than just “pick a memory safe language”

#Crowdstrike is obviously human failure, but the human failure is not using mental ad blockers.

Seeing all the absolute shit that gets peddled to starry eyed security "professionals" and mediocre sys admins who get completely blinded by the sales pitches and fail to properly assess the cost of complexity, think vendors are their friends and just can't wait to buy the next silver bullet to solve their problems.

And this is something I'm saying as someone who used to sell these silver bullets.

@karlemilnikka @eliasr they have? humm, I haven't seen that

I'm sorry but CrowdStrike's "technical details" post is well below the expected standard in our field. What kind of logic error was it? More importantly, what was your QA process like? Why did CI not catch it? Why was there not a staged rollout? These are the absolute basics that should be expected.

https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/

why you should always run security software in containers and VM's, where it can't do any halm #Crowdstrike

Proud to complete my first day of work here at #CrowdStrike, just published my first update.

Didn't have time to test it on a local machine but surely it'll be fine.

#YOLO

Anyway, I'm off for an awesome weekend in nature hiking in the bush!
See you all on monday! ✌️

😃

argh, first #solarwinds and now #crowdstrike when will we start to learn? 😕

@matrix native sliding sync 🥳