Language Selection

English French German Italian Portuguese Spanish

Security, Digital Restrictions (DRM), and Proprietary Problems

Filed under
Security
  • Best forensic and pentesting Linux distros of 2020

    20.04 LTS and uses the Xfce desktop, and is available as a single ISO only for 64-bit machines. In addition to the regular boot options, the distro’s boot menu also offers the option to boot into a forensics mode where it doesn’t mount the disks on the computer.

    BackBox includes some of the most common security and analysis tools. The project aims for a wide spread of goals, ranging from network analysis, stress tests, sniffing, vulnerability assessment, computer forensic analysis, exploitation, privilege escalation, and more.

    All the pentesting tools are neatly organized in the Auditing menu under relevant categories. These are broadly divided into three sections. The first has tools to help you gather information about the environment, assess vulnerabilities of web tools, and more. The second has tools to help you reverse-engineer programs and social-engineer people. The third has tools for all kinds of analysis.

    BackBox has further customized its application menu to display tooltips with a brief description of each bundled tool, which will be really helpful for new users who aren’t familiar with the tools.

    As an added bonus, the distro also ships with Tor and a script that will route all Internet bound traffic from the distro via the Tor network.

  • Thanksgiving security updates

    Security updates have been issued by openSUSE (blueman, chromium, firefox, LibVNCServer, postgresql10, postgresql12, thunderbird, and xen), Slackware (bind), SUSE (bluez, kernel, LibVNCServer, thunderbird, and ucode-intel), and Ubuntu (mutt, poppler, thunderbird, and webkit2gtk).

  • Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

    AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Arbitrary PHP code executionCVE IDs: CVE-2020-28949CVE-2020-28948Description:
    The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:

    CVE-2020-28948
    CVE-2020-28949
    Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.

    To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2 or .tlz files.

    This is a different issue than SA-CORE-2019-12, similar configuration changes may mitigate the problem until you are able to patch.

  • Financial software firm cites security, control as reasons for moving from email to Slack [Ed: Unbelievable stupidity; Slack is illegal mass surveillance and it’s centralised proprietary software (whereas E-mail can be encrypted, e2e)]

    ASX-listed financial software firm Iress is moving away from email to Slack for communications and its chief technology officer, Andrew Todd, says this is because the app offers improved security and control.

  • Introducing another free CA as an alternative to Let's Encrypt

    Let's Encrypt is an amazing organisation doing an amazing thing by providing certificates at scale, for free. The problem though was that they were the only such organisation for a long time, but I'm glad to say that the ecosystem is changing.

  • Denuvo's Anti-Piracy Protection Probably Makes Sense For Big-Selling AAA Titles

    A hacking team believed to have obtained data from gaming giant Ubisoft has published documents that claim to reveal the costs of implementing Denuvo's anti-piracy protection. While the service doesn't come cheap, the figures suggest that for a big company putting out big titles with the potential for plenty of sales, the anti-tamper technology may represent value for money.

  • Disappointing: Netflix Decides To Settle With Chooseco LLC Over 'Bandersnatch' Lawsuit

    Well, it's been quite a stupid and frustrating run in the trademark lawsuit between Netflix and Chooseco LLC, the folks behind Choose Your Own Adventure books from our youth. At issue was the Black Mirror production Bandersnatch, in which the viewer takes part in an interactive film where they help decide the outcome. The main character is creating a book he refers to as a "choose your own adventure" book. Chooseco also complained that the dark nature of the film would make the public think less of CYOA books as a result. Netflix fought back hard, arguing for a dismissal on First Amendment grounds, since the film is a work of art and the limited use or reference to CYOA books was an important, though small, part of that art. The court decided that any such argument was better made at trial and allowed this madness to proceed, leading Netflix to petition for the cancellation of Chooseco's trademark entirely. This story all seemed to be speeding towards an appropriately impactful conclusion.

  • TPM circumvention and website blocking orders: An EU perspective

    Website blocking orders in IP cases (mostly, though not solely, in relation to copyright-infringing websites) are routinely granted in several jurisdictions, whether in Europe or third countries. The availability of such relief has been established in case law, administrative frameworks and academic studies alike.

    The Court of Justice of the European Union ('CJEU') expressly acknowledged the compatibility of such a remedy with EU law in its 2014 decision in UPC Telekabel. Also the European Court of Human Rights recently found that, although it is necessary that this particular remedy is available within a balanced and carefully drafted legislative framework which contains a robust and articulated set of safeguards against abuse, website blocking orders are not per se contrary to the provision in Article 10 ECHR.

    Over time, courts and other authorities (including administrative authorities in certain EU Member States) have dealt with applications which have: been based on different legal grounds; been aimed at protecting different types of rights; and resulted in different types of orders against internet service providers ('ISPs').

    An interesting recent development concerns website blocking orders in relation to websites that market and sell devices and software aimed at circumventing technological protection measures (‘TPMs’). TPMs offer rights holders an ancillary right of protection and are deployed to protect against infringement of copyright in works that subsist in multimedia content such as video games. TPMs are a cornerstone in copyright protection in the digital age where large-scale copying and dissemination of copyright-protected content is so prevalent.

    [...]

    In light of the foregoing, copyright owners appear entitled to seek injunctions against intermediaries to also block access to websites dealing with TPM-circumventing devices. The legal basis for that can also be, subject to satisfying all the other requirements under EU and national law, the domestic provision implementing Article 8(3) of the InfoSoc Directive.

    All in all, it appears likely that we will see more blocking orders in the future, including orders – issued by courts and competent authorities around Europe – targeting websites that provide TPM-circumventing devices. This is an unsurprising and natural evolution of website blocking jurisprudence. It also serves to show the very flexibility of this type of remedy and, matched inter alia with the loose notion of ‘intermediary’, its inherently broad availability.

  • Prolonged AWS outage takes down a big chunk of the internet

    Many apps, services, and websites have posted on Twitter about how the AWS outage is affecting them, including 1Password, Acorns, Adobe Spark, Anchor, Autodesk, Capital Gazette, Coinbase, DataCamp, Getaround, Glassdoor, Flickr, iRobot, The Philadelphia Inquirer, Pocket, RadioLab, Roku, RSS Podcasting, Tampa Bay Times, Vonage, The Washington Post, and WNYC. Downdetector.com has also shown spikes in user reports of problems with many Amazon services throughout the day.

More in Tux Machines

Free Software Leftovers

  • Open Sesame: How Open Source technologies turbocharge enterprises

    Open source, a revolutionary idea for ICT innovations, also makes sense for business. The key is its adoption to an organisation’s culture and budget If one were to make an internet search for the very active Information Technology and Communication (ICT) areas of innovation, the usual suspects likely to show up are intelligent machines like Artificial Intelligence (AI), Machine Learning (ML), and Deep Learning (DL); human-machine interactions like bots, augmented realities, voice and gesture-enabled interfaces; ubiquitous computing like resilient cloud and quantum computing; and autonomous machines that include the like of drones and self-driving vehicles. Compared to the pace of development a couple of decades ago, today all these areas continue to develop at extremely high velocities. A deep dive into any of the technical areas will show up a common thread: open source.

  • Valetudo is a cloud-free web interface for robot vacuum cleaners

    Once you’ve done the update the Xiaomi app will not work anymore, and you’d only access the robot vacuum cleaner via its web interface which, in most cases, comes with the same features as the mobile app minus cloud connectivity. However, if you change your mind, you can simply factory reset the device to remove Valetudo and continue with the Xiaomi app, at least on Roborock models.

  • Well you look different: Apache CloudStack 4.15 lands with new UI, improved access control • DEVCLASS

    Apache CloudStack (CS), the Apache Software Foundation’s cloud infrastructure project, has pushed out new long term support version 4.15, providing users with a new UI, various VMware-related improvements and a way to define role based users in projects. The software was originally developed in 2008 at what soon became Cloud.com, a start-up that was bought by Citrix in 2011. The infrastructure as a service platform was accepted into the Apache Incubator in 2012 and graduated its process in 2013. Customers include Verizon, TomTom, SAP, Huawei, Disney, Cloudera, BT, Autodesk, and Apple.

  • Daniel Stenberg: bye bye svn.haxx.se

    When the Subversion project started in the early year 2000, I was there. I joined the project and participated in the early days of its development as I really believed in creating an “improved CVS” and I thought I could contribute to it. While I was involved with the project, I noticed the lack of a decent mailing list archive for the discussions and set one up under the name svn.haxx.se as a service for myself and for the entire community. I had the server and the means to do it, so why not? After some years I drifted away from the project. It was doing excellently and I was never any significant contributor. Then git and some of the other distributed version control systems came along and in my mind they truly showed the world how version control should be done… The mailing list archive however I left, and I had even added more subversion related lists to it over time. It kept chugging along without me having to do much. Mails flew in, got archived and were made available for the world to search for and link to. Today it has over 390,000 emails archived from over twenty years of rather active open source development on multiple mailing lists. It is fascinating that no less than 46 persons have written more than a thousand emails each on those lists during these two decades.

  • Daniel Stenberg: everything.curl.dev

    The online version of the curl book “everything curl” has been moved to the address shown in the title: everything.curl.dev This, after I did a very unscientific and highly self-selective poll on twitter on January 18 2020...

  • 17 Free Design Tools for 2021

    GIMP (GNU Image Manipulation Program) is a cross-platform tool for quality image creation and manipulation and advanced photo retouching. GIMP provides features to produce icons, graphical design elements, and art for user interface components and mockups. Price: Free.

  • Adding translations to Guix’ website

    As part of GNU, Guix aims to bring freedom to computer users all over the world, no matter the languages they (prefer to) speak. For example, Guix users asking for help can expect an answer even if they do so in languages other than English. We also offer translated software for people more comfortable with a language other than English. Thanks to many people who contribute translations, GNU Guix and the packages it distributes can be used in various languages, which we value greatly. We are happy to announce that Guix’ website can now be translated in the same manner. If you want to get a glimpse on how the translation process works, first from a translator’s, then from a programmer’s perspective, read on. The process for translators is kept simple. Like lots of other free software packages, Guix uses GNU Gettext for its translations, with which translatable strings are extracted from the source code to so-called PO files. If this is new to you, the magic behind the translation process is best understood by taking a look at one of them. Download a PO file for your language at the Fedora Weblate instance. Even though PO files are text files, changes should not be made with a text editor but with PO editing software. Weblate integrates PO editing functionality. Alternatively, translators can use any of various free-software tools for filling in translations, of which Poedit is one example, and (after logging in) upload the changed file. There also is a special PO editing mode for users of GNU Emacs. Over time translators find out what software they are happy with and what features they need. Help with translations is much appreciated. Since Guix integrates with the wider free software ecosystem, if you intend to become a translator, it is worth taking a look at the styleguides and the work of other translators. You will find some at your language’s team at the Translation Project (TP).

  • Marcin 'hrw' Juszkiewicz: Standards are boring

    Standards are boring. Satisfied users may not want to migrate to other boards the market tries to sell them. So Arm market is flooded with piles of small board computers (SBC). Often they are compliant to standards only when it comes to connectors. But our hardware is not standard It is not a matter of ‘let produce UEFI ready hardware’ but rather ‘let write EDK2 firmware for boards we already have’. Look at Raspberry/Pi then. It is shitty hardware but got popular. And group of people wrote UEFI firmware for it. Probably without vendor support even. [...] At the end you will have SBSA compliant hardware running SBBR compliant firmware. Congratulations, your board is SystemReady SR compliant. Your marketing team may write that you are on same list as Ampere with their Altra server. Users buy your hardware and can install whatever BSD, Linux distribution they want. Some will experiment with Microsoft Windows. Others may work on porting Haiku or other exotic operating system. But none of them will have to think “how to get this shit running”. And they will tell friends that your device is as boring as it should be when it comes to running OS on it == more sales.

Google and Mozilla Embrace More Restrictions

  • Extensions in Firefox for Android Update | Mozilla Add-ons Blog

    Starting with Firefox 85, which will be released January 25, 2021, Firefox for Android users will be able to install supported Recommended Extensions directly from addons.mozilla.org (AMO). Previously, extensions for mobile devices could only be installed from the Add-ons Manager, which caused some confusion for people accustomed to the desktop installation flow. We hope this update provides a smoother installation experience for mobile users. As a quick note, we plan to enable the installation buttons on AMO during our regularly scheduled site update on Thursday, January 21. These buttons will only work if you are using a pre-release version of Firefox for Android until version 85 is released on Tuesday, January 25.

  • Porting Firefox to Apple Silicon

    The release of Apple Silicon-based Macs at the end of last year generated a flurry of news coverage and some surprises at the machine’s performance. This post details some background information on the experience of porting Firefox to run natively on these CPUs. We’ll start with some background on the Mac transition and give an overview of Firefox internals that needed to know about the new architecture, before moving on to the concept of Universal Binaries. We’ll then explain how DRM/EME works on the new platform, talk about our experience with macOS Big Sur, and discuss various updater problems we had to deal with. We’ll conclude with the release and an overview of various other improvements that are in the pipeline.

  • Google muzzles all Chromium browsers on 15 March 2021

    What is the relevance I hear you ask. Well, I provide Chromium packages for Slackware, both 32bit and 64bit versions. These chromium packages are built on our native Slackware platform, as opposed to the official Google Chrome binaries which are compiled on an older Ubuntu probably, for maximum compatibility across Linux distros where these binaries are used. One unique quality of my Chromium packages for Slackware is that I provide them for 32bit Slackware. Google ceased providing official 32bit binaries long ago. In my Slackware Chromium builds, I disable some of the more intrusive Google features. An example: listening all the time to someone saying “OK Google” and sending the follow-up voice clip to Google Search. And I create a Chromium package which is actually usable enough that people prefer it over Google’s own Chrome binaries, The reason for this usefulness is the fact that I enable access to Google’s cloud sync platform through my personal so-called “Google API key“. In Chromium for Slackware, you can logon to your Google account, sync your preferences, bookmarks, history, passwords etc to and from your cloud storage on Google’s platform. Your Chromium browser on Slackware is able to use Google’s location services and offer localized content; it uses Google’s translation engine, etcetera. All that is possible because I formally requested and was granted access to these Google services through their APIs within the context of providing them through a Chromium package for Slackware. The API key, combined with my ID and passphrase that allow your Chromium browser to access all these Google services are embedded in the binary – they are added during compilation. They are my key, and they are distributed and used with written permission from the Chromium team. These API keys are usually meant to be used by software developers when testing their programs which they base on Chromium code. Every time a Chromium browser I compiled talks to Google through their Cloud Service APIs, a counter increases on my API key. Usage of the API keys for developers is rate-limited, which means if an API key is used too frequently, you hit a limit and you’ll get an error response instead of a search result. So I made a deal with the Google Chromium team to be recognized as a real product with real users and an increased API usage frequency. Because I get billed for every access to the APIs which exceeds my allotted quota and I am generous but not crazy. I know that several derivative distributions re-use my Chromium binary packages (without giving credit) and hence tax the usage quota on my Google Cloud account, but I cover this through donations, thank you my friends, and no thanks to the leeches of those distros.

Programming Leftovers

  • Spreadsheet annoyance no. 3: quotes have priority

    In an earlier post I complained about spreadsheet programs: Excel, LibreOffice Calc and Gnumeric. All of them confuse non-dates with dates, and automatically interpret certain number strings with 2 colons as [h]:mm:ss. Grrr.

  • Building your own Network Monitor with PyShark – Linux Hint

    Many tools for network analysis have existed for quite some time. Under Linux, for example, these are Wireshark, tcpdump, nload, iftop, iptraf, nethogs, bmon, tcptrack as well as speedometer and ettercap. For a detailed description of them, you may have a look at Silver Moon’s comparison [1]. So, why not use an existing tool, and write your own one, instead? Reasons I see are a better understanding of TCP/IP network protocols, learning how to code properly, or implementing just the specific feature you need for your use case because the existing tools do not give you what you actually need. Furthermore, speed and load improvements to your application/system can also play a role that motivates you to move more in this direction. In the wild, there exist quite several Python libraries for network processing and analysis. For low-level programming, the socket library [2] is the key. High-level protocol-based libraries are httplib, ftplib, imaplib, and smtplib. In order to monitor network ports and the packet stream competitive candidates, are python-nmap [3], dpkt [4], and PyShark [5] are used. For both monitoring and changing the packet stream, the scapy library [6] is widely in use. In this article, we will have a look at the PyShark library and monitor which packages arrive at a specific network interface. As you will see below, working with PyShark is straightforward. The documentation on the project website will help you for the first steps — with it, you will achieve a usable result very quickly. However, when it comes to the nitty-gritty, more knowledge is necessary. PyShark can do a lot more than it seems at first sight, and unfortunately, at the time of this writing, the existing documentation does not cover that in full. This makes it unnecessarily difficult and provides a good reason to look deeper under the bonnet.

  • Roles, h'uh, what are they good for? | Jesse Shy

    What is a role? Put simply, roles are a form of code reuse. Often, the term shared behavior is used. Roles are said to be consumed and the methods ( including attribute accessors ) are flattened into the consuming class. One of the major benefits of roles is they attempt to solve the diamond problem encountered in multi-inheritance by requiring developers to resolve name collisions manually that arise in multi-inheritance. Don't be fooled however, roles are a form of multi-inheritance. I often see roles being used in ways they shouldn’t be. Let’s look at the mis-use of roles, then see an example of shared behavior. I’m using that word inheritance a lot for a reason, one of the two ways I see roles most often misused is to hide an inheritance nightmare. "Look ma, no multi-inheritance support, no problem. I’ll just throw stuff in roles and glum them on wherever I really want to use inheritance. It all sounds fancy, but I am just lumping stuff into a class cause I don’t really understand OO principals."

  • What Is a Software Developer?

    Software developers are highly sought-after tech professionals, and the demand for their skills is continually increasing. In this Life in Tech article, we’ll provide a general look at the various duties and requirements associated with the role of software developer. Let’s start with a basic description before getting into the nuances and specifics. Briefly, then, software developers conceive, design, and build computer programs, says ComputerScience.org. To accomplish this, they identify user needs, write and test new software, and maintain and improve it as needed. Software developers occupy crucial roles in a variety of industries, including tech, entertainment, manufacturing, finance, and government.

  • Steinar H. Gunderson: How others program

    How do others program? I realized today that I've never actually seen it; in more than 30 years of coding, I've never really watched someone else write nontrivial code over a long period of time. I only see people's finished patches—and I know that the patches I send out for review sure doesn't look much like the code I initially wrote. (There are exceptions for small bugfixes and the likes, of course.)

  • Sensible integer scale for Gonum Plot

    Over the years, I found myself multiple times using Gonum Plot. I do find it as a very good and easy to use plotting tool for Go. The problem I found myself, over and over, dealing with is the tickers scale. If you know before-hand the values that can be expected to be created by the application, it is very straightforward, but the majority of times, this is not the case. I often find myself creating a plotting application on data that track events that have not yet happened and cannot predict their range. To solve the issue, I create a package that has a struct that implements the Ticker interface and provides tickers that are usually sensible. Since this struct only works for integer scales, I called it sit, which stands for “Sensible Int Ticks”.

  • Learn JavaScript by writing a guessing game | Opensource.com

    It's pretty safe to say that most of the modern web would not exist without JavaScript. It's one of the three standard web technologies (along with HTML and CSS) and allows anyone to create much of the interactive, dynamic content we have come to expect in our experiences with the World Wide Web. From frameworks like React to data visualization libraries like D3, it's hard to imagine the web without it. There's a lot to learn, and a great way to begin learning this popular language is by writing a simple application to become familiar with some concepts. Recently, some Opensource.com correspondents have written about how to learn their favorite language by writing a simple guessing game, so that's a great place to start!

  • Getting your 3D ready for Qt 6

    As was previously discussed, since the 6.0.0 release of Qt, Qt 3D no longer ships as a pre-compiled module. If you need to use it on your projects, try out the new features, or just see your existing application is ready for the next chapter of Qt’s life, you need to compile Qt 3D from source. In order to do this, you can do it the traditional way ([cq]make ...; make; make install) or use the Conan-based system that is being pioneered with the latest version of the MaintenanceTool.

  • Qt Open-Source Downloads Temporarily Offline Due To Severe Hardware Failure

    Several readers have expressed concerned that Qt open-source downloads have disappeared but The Qt Company has now commented it's only a temporary issue due to a "severe hardware failure" in the cloud. Qt's open-source online installer and offline packages are not currently working for the open-source options but the commercial downloads are working. While that may raise concerns given Qt's increasing commercial focus, The Qt Company posted to their blog that this interruption around open-source package downloads is due to a reported major hardware problem at their cloud provider.

  • Efficient custom shapes in QtQuick with Rust

    Fortunally, the Qt API provides multiple ways to implement custom shapes, that depending on the needs might be enough. There is the Canvas API using the same API as the canvas API on the web but in QML. It’s easy to use but very slow and I wouldn’t recommend it. Instead of the Canvas API, from the QML side, there is the QtQuick Shapes module. This module allows creating more complex shapes directly from the QML with a straightforward declarative API. In many cases, this is good enough for the application developer but this module doesn’t offer a public C++ API. If you need more controls, using C++ will be required to implement custom QQuickItem. Unfortunately drawing on the GPU using QQuickItem is more complex than the QPainter API. You can’t just use commands like drawRect, but will need to convert all your shapes in triangles first. This involves a lot of maths like it can be seen in the example from the official documentation or from the KDAB tutorial (Efficient custom shapes in Qt Quick). A QPainer way is also available with QQuickPaintedItem, but it is slow because it renders your shape in a textured rectangle in the Scene Graph.

  • Changes to the Rustdoc team

    Recently, there have been a lot of improvements in rustdoc. It was possible thanks to our new contributors. In light of these recent contributions, a few changes were made in the rustdoc team.

  • Rustdoc performance improvements

    @jyn514 noticed a while ago that most of the work in Rustdoc is duplicated: there are actually three different abstract syntax trees (ASTs)! One for doctree, one for clean, and one is the original HIR used by the compiler. Rustdoc was spending quite a lot of time converting between them. Most of the speed improvements have come from getting rid of parts of the AST altogether.

  • Why and How to Use Optional in Java |

    The Optional object type in Java was introduced with version 8 of Java. It is used when we want to express that a value might not be known (yet) or it’s not applicable at this moment. Before Java 8 developers might have been tempted to return a null value in this case.

  • GraalVM 21.0 Released With Experimental JVM On Truffle - Phoronix

    Oracle on Tuesday released GraalVM 21.0 as the latest version of their Java VM/JDK that also supports other languages and modes of execution. One of the notable additions with GraalVM 21.0 is supporting Java on Truffle, as an example JVM implementation using the Truffle interpreter. GraalVM's Truffle framework is an open-source library for writing programming language interpreters. With Java on Truffle, it's of the same nature as the likes of JavaScript, Ruby, Python, and R within the GraalVM ecosystem. Java on Truffle allows for improved isolation from the host JVM, run Java bytecode in a separate context from the JVM, running in the context of a native image but with dynamically loaded bytecode allowed, and other Truffle framework features. More details about the Java on Truffle implementation via the GraalVM manual.

Software: Istio, VLC Media Player, Deskreen and Signal

  • Support for Istio 1.7 ends on February 19th, 2021

    According to Istio’s support policy, LTS releases like 1.7 are supported for three months after the next LTS release. Since 1.8 was released on November 19th, support for 1.7 will end on February 19th, 2021. At that point we will stop back-porting fixes for security issues and critical bugs to 1.7, so we encourage you to upgrade to the latest version of Istio (1.8.2). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

  • VLC 3.0.12 Vetinari - VideoLAN
  • VLC Media Player 3.0.12 Released with Apple Silicon Support

    The VideoLAN team announced the release of VLC 3.0.12 as the thirteenth version of the “Vetinari” branch. The new release features native support for Apple Silicon hardware, the M1 processor in new versions of the MacBook Air, MacBook Pro, and Mac mini.

  • Deskreen Makes Any Device With A Web Browser A Second Screen For Your Computer

    Deskreen is a new free and open source application that can be used to make any device (in the same WiFi / LAN network) with a web browser, a second screen for your computer. The tool runs on Linux, Windows and macOS. With Deskreen you can use a phone, tablet (no matter if they use Android, iOS, etc.), smart TV and any other device that has a screen and a web browser (without needing any plugins; it needs JavaScript to be enabled), as a second screen via WiFi or LAN.

  • Roundup of Secure Messengers with Off-The-Grid Capabilities (Distributed/Mesh Messengers)

    Amid all the conversation about Signal, and the debate over decentralization, one thing has often not been raised: all of these things require an Internet connection. [...] “Blogs” have a way to reblog (even a built-in RSS reader to facilitate that), but framed a different way, they are broadcast messages. They could, for instance, be useful for a “send help” message to everyone (assuming that people haven’t all shut off notifications of blogs due to others using them different ways). Briar’s how it works page has an illustration specifically of how blogs are distributed. I’m unclear on some of the details, and to what extent this applies to other kinds of messages, but one thing that you can notice from this is that a person A could write a broadcast message without Internet access, person B could receive it via Bluetooth or whatever, and then when person B gets Internet access again, the post could be distributed more widely. However, it doesn’t appear that Briar is really a full mesh, since only known contacts in the distribution path for the message would repeat it. There are some downsides to Briar. One is that, since an account is fully localized to a device, one must have a separate account for each device. That can lead to contacts having to pick a specific device to send a message to. There is an online indicator, which may help, but it’s definitely not the kind of seamless experience you get from Internet-only messengers. Also, it doesn’t support migrating to a new phone, live voice/video calls, or attachments, but attachments are in the works.