I just carry a small sling bag I wear across my body that contains the big 3 + hand sanitizer. Although I usually keep my car fob in my pocket so the proximity detection works when I grab the door handle to automatically unlock it. It feels so much better to have almost nothing in your pockets once you get used to it.

I bought my first carbon steel pan (a wok specifically) last week and I did a bad job at seasoning it for the first time. I had to scrub the shit out of it with steel wool and vinegar to reset. My second season was a little better but it’s still not fully non stick. I hope it will just naturally get better as I keep using it.

I use it as a temporary fix if I’m very hungry while I’m out and about and can’t get a meal immediately. It’s more filling than a pure chocolate bar because it has nuts.

What a headline.

3. Migrate away from Short Message Service (SMS)-based MFA

Then they should force banks and other financial institutions to actually implement it. Migrating away from SMS MFA doesn’t work if the service provider doesn’t offer it as an option in the first place.

I had a similar experience a long time ago when I worked for a telco. We got on a bus and they took us to visit a tower, their NOC, and other sites. It was pretty interesting. That’s also where I learned they literally have a dedicated dashboard just to monitor the CEO’s mobile signal and data speeds, to make sure it never falters. So from his perspective, the service is great! For everyone else, not so much.

It was Antergos for me, before the project was shut down.

Oh wow I think I had an account with them but it was so long ago I don’t remember my account details nor any of the photos I uploaded.

you generally don’t magically get things like API keys and database credentials from buckets

Oh you underestimate how clueless some people can be. One of the highest priority checks of cloud SOCs is to just routinely scan for public buckets, because people expose (accidentally or intentionally) stuff on their test or sandbox accounts a lot, and it’s not surprising to find keys and secrets in there. Obviously a simple SCP policy of denying API calls to make a bucket public will easily solve this problem, but then again, even big companies screw that up too.

Applying Occam’s Razor, I assume this is publicly exposed buckets and lack of (or misconfigured) resource-based policies on those buckets, which is probably like the most common reason for these breaches.

I’m a Dune fan and work in security, so I’d say both!

They knew what they were doing when they didn’t include the game title in the headline.

I just use a paper towel to grab the handle (if there’s no foot pedal). What’s annoying is when there’s no trash can near the door to toss the paper towel while exiting.

The EFF also has merch: https://shop.eff.org/

Wow I think this is the first time I’ve seen this meme template used so appropriately.

It sounds to me you are dealing in absolutes. When someone gives advice saying you don’t need to worry about that based on your threat model, that’s exactly that, nothing political about it. That’s the point of a threat model, so you can balance privacy with convenience and allow yourself to prioritize what you need to protect. It doesn’t mean you don’t care about privacy at all.

You also need to remember that security/privacy is only a fraction of the tech industry. Not everyone involved in tech is privacy conscious, just like why there are appsec teams to make sure devs code securely.

When you start talking about “grapheneos, qubesos, intel me” to the average person, you will obviously be looked at as either a nerd or a paranoid person depending on how you approach the subject. Imagine a non-techie person posts in this community saying they want to start taking steps to improve their privacy and asking for advice. Responding with a wall of text about “grapheneos, qubesos, intel me” will just scare them away. That’s why the first thing people respond with is “What is your threat model?”, because you want context to give proper advice to fit their needs. Going nuclear on the first step is overkill and unnecessary.

Taking tiny steps to improve privacy and not going full hermit doesn’t mean you don’t care about privacy. Don’t let perfect be the enemy of good.

I was trying to find him in the picture.

Metal vocalists hate him!

I never said I used AhaDNS. I just mentioned it because the last time I checked (years ago), they had a lot of filters to choose from. I personally use Mullvad’s DoH now.