2026-03-25T01:54:52Z https://yabu.me Daniel J. Summers ~ East TN, USA https://yabu.me/npub1za0u4ztucv9zdnvt2p2jujjtgtjvc3hktq23ptld957fq25kslmssg6q06 https://fedi.summershome.org/media/fa357e69-6643-45df-b03e-48840fc738ee/xbox-avatar-gray.png https://fedi.summershome.org/media/fa357e69-6643-45df-b03e-48840fc738ee/xbox-avatar-gray.png https://yabu.me/nevent1qqsgyu3xf6qfqgxa7k6hl5drf4umuth2ycjmj05p5yqu3n86vxarn2gzyqt4lj5f0nps5fkd3dg92tj2fdpwfnzx7evp2y90a5kneyp2j6rlwle7yag In reply to <a href='/nevent1qqstr84x6ph0nsmhkrt97ajdffm2s23qaaj5cpmqd4rmd4ul2jcn5vssuh5up'>nevent1q…h5up</a><br/>_________________________<br/><br/>anymore, it seems. It used to be about freeing up time used by busywork, or providing a wider view of things. The computer works for you; now, we work for the computer. 2025-10-30T20:21:15Z https://yabu.me/nevent1qqs8hume0t22y03ufqdd2uyntfm78wqu2cdqkerckjc7j6rwm6v85sgzyqt4lj5f0nps5fkd3dg92tj2fdpwfnzx7evp2y90a5kneyp2j6rlwmvctgx In reply to <a href='/nevent1qqsqlcjm9zhtuzxsshv4jdk89nesfult2k5u0mx9xdun2v7jrccs4ug4jkrw2'>nevent1q…krw2</a><br/>_________________________<br/><br/>Yeah - that&#39;s the rub. One of the things that I&#39;ve done throughout my time in tech is adjust details up and down (in a 100-foot view vs. 50,000-foot view) to help folks understand things at their level. The risk of SMS second factors - i.e., the entire process is only as strong as its weakest factor - is something for which I currently don&#39;t have a good answer. I feel like one has to be out there - I just haven&#39;t found it yet. 2025-07-06T00:50:50Z https://yabu.me/nevent1qqsr2palznqag7kmk45d8d3lk8av45vy7cd08fs8r90tpxkv39s0x7qzyqt4lj5f0nps5fkd3dg92tj2fdpwfnzx7evp2y90a5kneyp2j6rlwkf9h0p In reply to <a href='/nevent1qqsw0ag78qxtm0mrsjqd2c742z5fvqfd3lfrdt2evak4safmf2jzstg7qwwn0'>nevent1q…wwn0</a><br/>_________________________<br/><br/>I guess this is the distinction. I completely agree with &#34;highly spoofable&#34; - I&#39;d even go so far as to call it eminently spoofable. But, if risk = vulnerability * (threat / likelihood - as a decimal number no greater than 1) - any number times 0 is 0. <br/> <br/>SMS spoofing/cloning are non-zero risk, even for folks who celebrated a holiday yesterday - but, how do we communicate that to the average user in a way that gets their attention, but isn&#39;t so catastrophic that it fades into the background noise of &#34;everything is going to get you eventually&#34;? <br/> <br/>This is a genuine question I&#39;ve had, as a security-conscious developer, for several years. The vulnerabilities are real - security professionals can provide chapter-and-verse for that. Communicating the threat, though, is where the industry comes up short. &#34;This is like bathroom graffiti!&#34; doesn&#39;t land with most folks. IOW - if the given is &#34;these ignorant users believe their data is not at risk&#34; - do you have ideas of how we can convince them that they&#39;re wrong? <br/> <br/>What I&#39;ve done, up to this point in my career, is make my stuff as secure as possible. I&#39;d love an out-of-the-box take, though, that breaks through the tech-bubble noise and convinces people not to panic, but to actually consider their risk and adjust their behavior. :) 2025-07-06T00:38:23Z https://yabu.me/nevent1qqsv3c9uwern2mxluuzxczuj3j9xzs2srp64tuya5h74dqthtzl5g8gzyqt4lj5f0nps5fkd3dg92tj2fdpwfnzx7evp2y90a5kneyp2j6rlw88y6z7 In reply to <a href='/nevent1qqs0mszgaeyzw5fpkyua7j8p73uq22el2f6uepw9gv9xhz8df5zf7scq9jxem'>nevent1q…jxem</a><br/>_________________________<br/><br/>I&#39;d forgotten about SIM swapping (and cloning). That&#39;s definitely a more likely scenario, depending on where you are! 2025-07-05T15:31:03Z https://yabu.me/nevent1qqs82x4jwadcy92z96rh5lfc7c22f080z45p3eja72v3xdt23klxcgszyqt4lj5f0nps5fkd3dg92tj2fdpwfnzx7evp2y90a5kneyp2j6rlwghs2gf Thinking about SMS security <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub10usx3fj7rf0l8w86d2zjkxy9cnxrrh4qwt206r72p0q33m5ecxss7np5pu" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>Sir Ryan Bemrose</span> (<span class="italic">npub10us…p5pu</span>)</a></span> <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub142axprcsl9sppvwjs5jjpmeuj3trgxv00s3yvptkyntc04tx4res23ccwa" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>Princess Pheonix of The Lotus</span> (<span class="italic">npub142a…ccwa</span>)</a></span> <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1d85tf7a4t8zzw4ajtrpm026ylhwd6hs9202gcwh3w2gk8mwrrs0qcup88k" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>PhoneBoy of The Lotus 🪷</span> (<span class="italic">npub1d85…p88k</span>)</a></span> - it&#39;s my understanding that SMS is unencrypted w/in the network where it&#39;s sent (so phone-company secure), and that the biggest risk is rogue connection points that may trick the phone into connecting to it. People may underestimate how likely they are to encounter one of those (&#34;who would want MY data?&#34; LOL), but has that threat model changed? <br/> <br/>I agree on the levels of security by content, but it also needs to be the highest level of security that content would need; otherwise, the presence of a certain level of security implies the value of the content being secured. I agree that should be baked in at the design level, not layers bolted on afterwards; but, do you not see some of those as pragmatic steps to save the uninformed masses from themselves&#34;? 2025-07-05T15:13:44Z https://yabu.me/nevent1qqs22vj0xylhxernk9zjgycfng6kvqqng62x56eqcrq3fxtthdq9q2szyqt4lj5f0nps5fkd3dg92tj2fdpwfnzx7evp2y90a5kneyp2j6rlwn9g0at A while back, <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub108hte8kclgqxjqrmg0remdz3l06wtmr2w09lt5acxhje9lk7a3js5zp7er" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>FortyTwo™</span> (<span class="italic">npub108h…p7er</span>)</a></span> asked if anyone could write an RSS reader that could be used on an internal network, using vanilla PHP and SQLite. I thought that sounded like fun, and 5 months ago, the first beta was done. Long story short - v1 was released today! <br/> <br/><a href="https://git.bitbadger.solutions/bit-badger/feed-reader-central/releases/tag/v1.0.0">https://git.bitbadger.solutions/bit-badger/feed-reader-central/releases/tag/v1.0.0</a> <br/> <br/>It&#39;s designed for self-hosting, and will work with PHP 8.2+. 2024-11-22T02:21:15Z https://yabu.me/nevent1qqsfuljsjnuhlvr39j0utrzzkfuleh746cd5hf5dljd0cwp6samurqczyqt4lj5f0nps5fkd3dg92tj2fdpwfnzx7evp2y90a5kneyp2j6rlwszmfjl In reply to <a href='/nevent1qqsdhhkccwgwmdmqkh6ljhpj2s7smr5e34agtmy24yyd605lljyz83g0m26hp'>nevent1q…26hp</a><br/>_________________________<br/><br/>LOL... well, if you&#39;re going to phrase it that way, I&#39;m not going to disagree with you. <br/> <br/>As Jonah Goldberg likes to say, &#34;Trump isn&#39;t Hitler; Hitler could have repealed Obamacare.&#34; 2024-08-13T19:05:52Z