Show newer
Marcus boosted

My paper was rejected from a top-notch #infosec academic conference—reminds me of my good’ol days as a PhD student…

The comments were surprisingly positive though and most likely it just wasn’t the right venue. If anyone knows of a computer security/engineering academic conference or journal that’s more “hand-on” and less “theoretical”, I’m all ears!

One benefit of storing the certificate inside CWA/CCTG instead of having it as a picture on your phone is that it's harder to access by other apps. If you run untrusted apps on your phone (i.e. installing stuff from playstore instead of foss apps by trusted developers through a trusted distribution channel) then this might be a preferable option.

Show thread


You currently need to use the closed source (👎) or to verify the validity of your own certificate (or ugh, read the spec and do it manually I guess... this seems to be collecting relevant docs:

If you've done that you can use to carry around the code, or just make a photo of it, or whatever, it doesn't really matter. 🤷.

Let's hope CWA addw the verification part in one of the next versions or the CovPass sources are published...😕

Show thread

Also (assuming they build reproducibly) they should be made available through f-droid, ideally identical with the upstream developers signature but veryfied to build from the published sources by an independent party. This is not possible without published sources obviously.

We did manage to do the right thing with . Why is it so hard to keep doing that? 😠

Show thread

* It's really not acceptable that the source code of and is not yet published.

Those apps used in the wild as of yesterday and you cannot really study or verify them yet. I'd really like to check implementation details of the certificate validation in them... 😕

Show thread

* /#CCTG don't currently verify the cryptographic validity of the scanned cert. (They are not meant for vaccination status verification, the app is for that) but this is still unfortunate as you really want to check your own cert's validity before presenting it.

Show thread

A few observations about digital vaccination certificates:

* It's really just a static QR code, you can import it into your app, but you can also make a picture of it and save it into your phones gallery. Or carry the original paper copy around.
* This unfortunately means it's easy to "steal" other peoples certificates by just scanning their code when they have it open in their app.
* The certificate will not be for your name but will that *always* be verified?

It now works on 🎉

There's still work to do in making it use the codeberg name + icon instead of the generic gitea label:

Show thread
Marcus boosted
Marcus boosted

Briar 1.3 was released! It features image attachments, profile pictures, disappearing messages and a re-organized settings screen.

Marcus boosted

We are looking for software developers!

If you live in or would like to relocate to Germany, it might be for you.

We do mostly JS w/ types and Java but also a lot of other things.

There's a lot of freedom and we don't suck.

You can write GPL code for a living!

boosts welcome!

If you run your own synapse, you can fix youtube url previews like this:

(It'll also fix twitter image previews.)

Nice, without even thinking about it my workflow for forking a github project has become: Import the project to :-).

Marcus boosted

I sincerely expected not to like the new floating tabs in the #Firefox #proton redesign. I was pleasantly surprised, it's actually quite nice.

Marcus boosted

Nach einer Kurzprüfung von LibreWolf würde ich mal sagen, dass ist der beste Browser, den man aktuell auf dem Desktop verwenden kann, wenn einem Datenschutz und Sicherheit am Herzen liegt. Details im Browser-Check morgen.

#LibreWolf #Datenschutz #Sicherheit

Marcus boosted

You can force a profile or post to appear on your Fediverse instance by pasting its URL into the search box.

When you click search, it will look for that profile or post on the remote instance and display it on your instance. This makes it easy to interact with it, follow it etc.

This paste-and-search method works on most Fediverse platforms such as Mastodon etc. It is very useful if a post or profile hasn't federated to your instance yet.

#FediTips #Fediverse

Marcus boosted

Implenting "Sign-in with Codeberg" functionality for my services... proves somewhat challenging, even though it *should* be supported by all the parts involved:

Marcus boosted

@Bubu We send lots of emails on behalf of our clients at We send way more emails to GMail than any other provider. Currently, the clients with most volume are covid-19 test centers and public swimming pools. I'd assume both attract a sample of the general population that's more independent on tech-savviness etc. than most online services without a offline-world use

Show older – a Fediverse instance for & by the Chaos community