Woozle Hypertwin
woozle@toot.cat
re: Touch screen and desktop opinions

@Oggie @researchfairy

KDE lets me scroll vertically and horizontally with the touchpad. ^.^

19 minutes ago
Woozle Hypertwin
woozle@toot.cat

@SecularJeffrey @plwt

See if you can find C300PPM. 🤖

21 minutes ago
Woozle Hypertwin
woozle@toot.cat

@EndlessMason @chrisp @evacide

My understanding is that the browser's sync only works for events that happen after it is set up -- hence "from that moment on".

The sync was created before she browsed for help with her situation -- so those events were synched over.

33 minutes ago
Woozle Hypertwin
woozle@toot.cat

@EndlessMason @chrisp @evacide

Attacker signs into their account.
Attacker sets up sync in browser.

What should happen:

  • Attacker cannot access victim's sync information without logging back into victim's account (which should require a password or other auth) and accepting the sync from there.

What apparently did happen:

  • Somehow, the browser accessed the victim's information from a different login, without her consent or knowledge.
55 minutes ago
Woozle Hypertwin
woozle@toot.cat

@EndlessMason @evacide

The browser shouldn't allow synching between different user accounts on the same device without confirmation from both users.

12 hours ago
Woozle Hypertwin
woozle@toot.cat

@Artists_Ali If I let them have some of my thoughts, will they do something with them? I never have enough time...

15 hours ago
Woozle Hypertwin
woozle@toot.cat

@EndlessMason @evacide

Emphasis mine:

Emma had been careful to only ever use her own device, and she hadn’t noticed any new apps appear on her phone. What she didn’t know was that weeks earlier, during a few unattended minutes with her phone, he had opened the Chrome app and quietly signed it into a Google account of his own.

15 hours ago
Woozle Hypertwin
woozle@toot.cat

@EndlessMason @evacide It shouldn't be possible for that information to cross user-accounts without consent on the sending side.

17 hours ago
Woozle Hypertwin
woozle@toot.cat

@Hey_Beth @KimPerales

I'd place a side-bet that they won't even actually do it temporarily. The Tr💩mp Regime is notorious for claiming they are doing, or have already done, many things which in fact they did not ever do.

18 hours ago
Woozle Hypertwin
woozle@toot.cat

@EndlessMason @evacide

I would have to hope that some of them would have done a security review, noticed the issue, and patched a fix around it.

I always was a hopeless optimist.

18 hours ago
Woozle Hypertwin
woozle@toot.cat

@evacide I wonder if this is also true for any of the Chrome-derivatives like Opera and @Vivaldi. -.-

19 hours ago
woozle shared a status by sundogplanets
Prof. Sam Lawler
sundogplanets@mastodon.social

EXCELLENT The Independent picked up our Conversation article! https://www.independent.co.uk/space/space-mirror-satellite-reflect-orbital-b3013688.html

20 hours ago
Woozle Hypertwin
woozle@toot.cat

@netkitty It's a feature, not a bug. WAI WONTFIX

19 hours ago
Woozle Hypertwin
woozle@toot.cat

@brooke The Foe Zone, of course. That's why military aircraft all have IFFZ (Identification Friend or Foe Zone) transponders.

(They all need a personal episode of The Twilight Zone, if you ask me.)

1 day ago
Woozle Hypertwin
woozle@toot.cat

@Artsyevelyn

Ok. Let me just give you my quick technical evaluation of this, as a long-time web person (but you can skip it if you don't feel it matters), just so you know why I didn't immediately accept the link as proof. ...I'll put that at the end.

Did we settle on a price? Do you want to do half up front, half on delivery?

I can send via PayPal or Venmo, or via my credit-union's pay-a-person service (which is a little more work for the first transaction, but has no fees within the US).

Do you have a preference?

Thanks.

technical security evaluation

The contact info is on one subdomain, the actual portfolio is on another. You could be a scammer with control of the first page, linking to the second one for proof.

On the other hand, they are both on the same root domain -- but I don't know how that site (carrd.co) operates; it could be that you set up an account for scamming (artsbyevelyn) and then linked to another account (ceejayevelynportfolio) to give the first account credibility.

On the other other hand, the page with the portfolio has no other links or identifying info in it, which suggests that this is just a weirdly-designed service, which obviously is not your fault.

1 day ago
Woozle Hypertwin
woozle@toot.cat

@Artsyevelyn I can see I'm going to need to make some policies to avoid being scammed. The most obvious one is that I'll need to see a portfolio page with a link back to the profile that I'm interacting with.

I don't see any contact links on your portfolio page -- am I missing something? Thanks.

1 day ago
Woozle Hypertwin
woozle@toot.cat

@Artsyevelyn I'm investigating.

1 day ago
Woozle Hypertwin
woozle@toot.cat

@Artsyevelyn Okay, I was wondering. Do you have any more information about that? I don't want to go strictly on hearsay, but that would be one obvious reason to be suspended and to claim not to know why...

1 day ago
Woozle Hypertwin
woozle@toot.cat

@Artsyevelyn Yes -- and I was mistaken, that's USD.

1 day ago
Woozle Hypertwin
woozle@toot.cat

@Artsyevelyn Update: apparently that's $120 Canadian, fwiw.

1 day ago