Ooh, I think I found the paper!

Oof:

The actual bug I planted in the compiler would match code in the UNIX "login" command. The re- placement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user

My new phone runs GrapheneOS and I love it.

One recommendation that I would give people is that it does not need to be an all-or-nothing jump into the abyss. It can be a bit disheartening when you try to get rid of all the privacy-invasive things in your life and you get cut off from your family and friends.

After some failed attempts, the strategy that I have found more successful is that I have new phone that I installed GrapheneOS into, and I keep the older phone with whatsapp. The older phone is in Airplane mode connected to WiFi at my home. It is effectively a landline. I can still use it once or twice a day to check on my family through WhatsApp without having to broadcast my location all day to Meta. This way I don't need to install any sandboxed Google Play services into my new phone. The old phone is the sandboxed Google Play. I also use the old phone for verifications, 2FA, and any other things that I don't want to contaminate my new phone with.

Over time I am finding that my GrapheneOS is perfectly functional. The main difficulty is the chats services that are used by my family, friends, and work-related "group chats". I have convinced some people to join my XMPP server, including my mom (wuhuu), but it is an uphill battle. That's why the other phone is still essential for me.

I think that any step that facilitates verifying the build is a great. If trust is required, then I should simply not release any executables if I want to remain anonymous. I would like to be able to release executables without needing to ask people to blindly trust me. I would like to be able to show them reasonably good evidence that the program is built from the source that I say it is.

If I understand this correctly, signify would allow someone to verify that the executable was built by me. But then they would still have to trust me, because I can also sign the malicious executable.

Finally. Someone noticed 🥹

The creator of the tool is the admin of lemmings.world, and the tool is hosted at schedule.lemmings.world. So, if you have a user at lemmings.world, you can use this tool without having to trust a third-party.

If you don't have a user there, you can create a user in that instance for the purpose of creating scheduled posts. Removing the need to trust two parties rather than one.

And, of course, since the source code is open anyone else can attach this to their own instance! Pretty cool.

Ah, do you mean "hate speech"?

Aah, ok! That at least explains what they could have been thinking.

But, of course, this is a terrible idea!!

Both sides? "Oh yeah, the front looks a lot like the ID I lost, but can you please send me the back side too so that I can confirm?"

Some virus managed to wreck inflammatory havoc around some of my nerves and the right side of my head has been numb since Thursday, my ear in pain, and a zoo of sporadic symptoms come and go 😅 So I have been in the computer a lot. I've been working on setting up a lemmy instance and I also played in the canvas.

As for the rest of the week... I have been procrastinating on thesis writing, and I need to be done before September, so I am trying to find a source of will-power to force myself to write. But this infection is not helping me 😬

Funny thing is that those of who left aren't there anymore to comment that we did leave... So anyone who is still there is probably looking at the others who stayed and saying "See?! The protest didn't work because we are still here!"

1. I purchase Monero through Kraken

2. Not sure

3. It is not exactly the same as KYC, because KYC is about the exchange verifying your identity, keeping a record of who you are, keeping a record of your transactions, and the crypto addressees that they send you funds to.

It depends on what your goal is and who is looking at your finances. If you want to buy hundreds of thousands of dollars worth of Monero to avoid paying taxes, then your bank and potentially the tax authorities will pay attention to a massive transaction leaving your account and disappearing into a non-KYC crypto exchange. So, from that point of view, it is effectively similar to KYC.

But if you are interested in privacy and the per-transaction amounts are not massive, then both the bank and the exchange will still have some record of the transaction tied to your identity. But the bank is unlikely to take notice, and the exchange, being a Non-KYC, will not verify your identity nor is it under the same level of pressure to keep detailed records. Still, some of your information is leaked and it is out there.

Monero is very private, so even with KYC you can pull it off the exchange and your identity is immediately disassociated from it.

Depending on how much you want to buy, and who you know, one way of getting it is to buy it from a friend or an acquaintance.