S1m

@[email protected]
269 Followers
138 Following
796 Posts

FR/EN

Account dedicated to #Offsec/#Infosec/digital stuff

Involved in
#UnifiedPush #MollyIm

Githubhttps://github.com/p1gp1g
Codeberghttps://codeberg.org/s1m/
Liberapayhttps://liberapay.com/S1m/
Bloghttps://s1m.fr
S1m6h ago
Nik | Klampfradler 🎸🚲6h ago

So, for anyone who cares, here's a long-form response, personally and from my POV as head of #Teckids, regarding the discussion around birth date in #systemd:

https://lists.freedesktop.org/archives/systemd-devel/2026-March/052087.html

[systemd-devel] Fundamental concerns regarding the "birthDate" field in userdb

S1m8h ago
LWN.net9h ago

LiteLLM on PyPI is compromised

https://lwn.net/Articles/1064479/ #LWN #Linux #security

LiteLLM on PyPI is compromised

This issue report describes a credential-stealing attack buried within LiteLLM 1.82.8 in the Py [...]

LWN.net
S1m3d ago
Show threadIzzyOnDroidOrg3d ago

10 years #IzzyOnDroid – read our summary at

https://android.izzysoft.de/articles/named/10-years-izzyondroid-repo

The IzzyOnDroid Repository celebrates its 10th anniversary!

While its activities go much further back, 2016-03-21 was the first commit to our repository browser´s code base. Started as a one-man-show, IzzyOnDroid is meanwhile a team. And look what we have achieved since – just in those 2 years as a team!

IzzyOnDroid
S1m3d ago
Sebastian Wick3d ago

Instead of taking any part in the monthly wayland bashing bullshit, you could just read about how electron, one of the last X11 bastions, has adjusted to wayland. Super important work!

https://www.electronjs.org/blog/tech-talk-wayland

Tech Talk: How Electron went Wayland-native, and what it means for your apps | Electron

Electron recently switched to Wayland by default on Linux, bringing dozens of popular desktop apps along with it. Here's what changed and how it affects developers and users.

S1m5d ago
Torsten Grote5d ago

Google has news on what you will need to do for still being able to sideload apps:

* enable developer options
* confirm that you are not tricked
* restart phone and re-authenticate
* wait one day
* confirm with biometrics that you know what you are doing
* decide if you only want unrestricted installs for 1 week or forever
* confirm that you accept the risks
* enjoy the few apps that still have developers motivated to develop for a user-base willing to put up with this

https://goo.gle/advance-flow

S1m6d ago
j-r conlin6d ago
I've been working with this crap for how long and I just, recently found out that if you go under Settings : Privacy & Security : scroll down to Permissions, you can click on 🗨 Notifications and get a list of All the sites where you've agreed to get Push Notifications from. (You can even allow/block them there).
S1mMar 17
postmarketOSMar 17

New blog post introducing the WIP Duranium project (immutable postmarketOS), some of its major features, and explaining why some design decisions were made.  

> Either the new image works, or the system falls back to the previous one automatically. No partially-applied state. No debugging audio when you need to make a phone call and no fussing with a broken web browser when you just want to doomscroll cat photos. It also means developers can reproduce the exact state of a user's device, making it much easier to track down and fix issues.

https://postmarketos.org/blog/2026/03/17/introducing-duranium/

#linuxmobile #postmarketos #duranium

Introducing Duranium: a more reliable postmarketOS

Aiming for a 10 year life-cycle for smartphones

postmarketOS
S1mMar 17
Mullvad VPNMar 10
Mass surveillance and censorship are escalating in many countries right now. There is a global attack on secure encrypted communication. Often, authorities, politicians, and tech companies work together to push for new laws. One example: when Ashton Kutcher (yes, the actor), through his tech company Thorn, tried to introduce total surveillance of all EU citizens through undemocratic and corrupt methods.
S1mMar 16
GustavoMar 16

I found @soatok's argument for E2EE encryption in this post quite interesting:

End-to-end encryption doesn’t just protect the users, it protects the people operating the infrastructure. And that’s why it still matters.

That's pretty much the only reason why http://mega.io/ is end-to-end encrypted: the previous Kim Dotcom project - Megaupload - was seized by FBI and hadn't E2E, making it a easy target. MEGA's encryption isn't good (source: me) but it's good enough to avoid making them an easy target for law enforcement.

Is End-to-End Encryption Optional For Large Groups? - Dhole Moments

One of the recent topics in Messaging App Discourse is whether it makes sense to prioritize End-to-End Encryption (E2EE) when searching for an alternative to Discord. Who’s Saying “No&#…

Dhole Moments
S1mMar 15
Isaac FreundMar 15

River 0.4.0 is released, introducing the river-window-management-v1 protocol!

See my blog post for an in-depth explanation of the protocol: https://isaacfreund.com/blog/river-window-management/

Separating the Wayland Compositor and Window Manager