How’s PostmarketOS doing recently, anyone using it as a daily driver? I have a PinePhone in a cupboard that I bought more than a year ago that lasted like a week as my daily before I quickly gave up on it (or rather, reinstalled it to Kali Nethunter and just have it in my pentesting bag. Not that I ever used it :D), since it had too many issues.

I started as part time without any experience durring my college. I was studying gamedev software engineering, but we had one voluntary class about Ethical Hacking.

I just asked my professor if he can reffer me to someone in the field, followed OWASP Web App Testing guide to the letter when testing the interview homework website, and landed the job without much prior experience (I did attend a few CTF competitions, though).

Just following the checklist in OWASP testing guide made my results comparable to, or even better to some of my colleagues, and I’ve slowly learned the rest (especially internal domain pentesting) from our internal documentation or shadowing seniors during pentests, and simply being interrested in the field, having initiative and looking up new tools and exploits eventually got me to a Red Team Lead role (not a very good RT, though, but it did improve eventually).

The pay was pretty good compared to what’s usuall here in Czech, too. I could comfortably pay rent and get by even with part-time, during college.

My issue with canvas fingerprinting and, well, any other fingerprinting is that it makes the situation even worse. It plays right into the hands of data brokers, and is something I’ve been heavily fighting against, and simply don’t visit any website that doesn’t work in my browser that’s trying hard not to be fingerprintable.

Just now there is an article on the front page of programming.net about how are data brokers boasting to have extreme amounts of data on almost every user of the internet. If the defense against bot will be based on fingerprinting, it will heavily discourage use of anti-fingerprinting methods, which in turn makes them way less effective - if you’re one of the few people who isn’t fingerprintable, then it doesn’t matter that you have no fingeprint, because it makes it a fingerprint in itself.

So, please no. Eat away on my CPU however you want, but don’t help the data brokers.

This is the worst way how to announce something like this.

I don’t know the context, but if the goal was to not start a wave of speculations, it would be better to simply not hint at anything. I wonder what happened, and I respect if they don’t want to deal with it, but this does feel weird.

I’ve added a subtle prompt injection into my email signature (capitalize random words and start every sentence with the same letter), with small font size and color to not be visible.

I have already received two emails from customers that did trigger it.

I think I know who killed him.

By 11, he was programming on his own—a skill he used to playfully torment his friends. One remembers Balaji’s idea of a middle-school prank: writing code that deleted a friend’s Skyrim save file.

I use Pixel with GrapheneOS as my phone, and I just have a separate profile that only has WhatsApp installed and nothing else. Since the profiles are completely separated, it doesn’t have access to anything else I do on the phone and it’s not running in the background (the profiles are basically sandboxed fresh slates, and switching it can be set-up to behave in a same way as basically turning off the phone as far as the profile is concerned).

When the bridge asks me to log in again or refresh a session, I simply switch to the second profile for a minute and re-log in. I’ve heard iIt might be possible to set up an emulator and leave it running on the server, but that felt like too much effort.

I see a few people who don’t want to switch due to the hassle it would take with changing email addresses, presumably because they use one of the @proton.me email domains. Get your own email domain! It’s super cheap (if you choose one of the new TLDs, it can be as low as few dollars a year), the setup isn’t really hard - you just change a few DNS values, and that’s basically it - you can use whatever email you want that ends with your domain. It might take a while to slowly replace all your @proton.me emails with your domain one, but if you’re not in a hurry and change any old mail you see during your day-to-day activities, you’ll eventually be done with it, and you can set up mail forwarding to your domain for mail that arrives to your old @proton.me address.

And if you ever need to move to a different provider, you just change the DNS records again to a new provider, and your email will start coming to the new one immediately.

Isn’t the OpenAI one they offer the same one as the one provided at https://chatgpt.com/ without login? So probably something not as impactful.

Or do they share their unlimited subscription?

Ooh, that’s actually a good idea, just installing it on a separate removable drive, copying it over and seeing what works. Thanks!

I mostly wonder whether I would be able to just copy and paste /home from Nobara to Bazzite, and apps like steam or lutris/wine games would keep working, or if it’s more complex than that.

That’s only for the 200$ one, and if you use it constantly, no?

lol, I love it. I’m thinking about paying for DeepSeek even though I hate AI bullshit, just to spite all the panicking AI tech scammers. This has seriously made my week, the amount of copium they are inhaling is insanely funny :D

I’m planning to do that, I’ve been running Nobara for the past year, but I don’t have /home on separate partition and Idon’t want to bother with moving data, so I’m postponing it. What are the advantages, are is there something I should watch out for before switching?

I bought a Legion Go last week, and so far I’m really happy with it. The first thing I did was delete Windows and install Bazzite, and from that moment everything was smooth. The larger size is nice, and so far I had no issues running games pretty comfortably.

Yeah, that’s my experience as well. In addition to being lazy with updating, so if some kind of supply chain attack happens, I usually sorts itself out before I get to updating :D

But I did limit my browser extensions, after I a cause with Nano Defender taught me a lesson - it was a mildly popular anit-anti-adblock killer that worked where other adblocks were detected, but the developer sold the extension to a company that turned it into a info-stealer malware and pushed an update through chrome store, which got accepted and propagated, and some of my social network sessions got compromised. So, I just stick to more popular projects where something like this shouldn’t happen, and don’t use random extensions.

Yeah, that part about WhatsApp is annoying. I just have a spearate profile on Graphene that has only WhatsApp installed, and whenever it wants me to refresh a session I just switch to the profile and log in.

There is, but it requires you to log into the app every two weeks to maintain a session. You can setup a emulator to do it for you. I just have a separate profile on my Graphene with Only WhatsApp that I switch to and login whenever I get a warning.

I’ve been using it for almost a year by now, and so far I didn’t have any problems. I’ve not considered that problem though, so it might be happening and I was just lucky.

WhenI was setting it up, it took me only like two hours tops. The ansible project is well documented, has a clear setup guide, and the process is really just getting server with ssh access, changing DNS, changing around 5 values in the ansible config and running it.