BuoyantCitrus

Two parts that stuck out for me were:

"There's no hiding from it. They can turn your phone into a camera. They can turn it into a microphone. You can turn the power off, they can still use the device. It's the most intrusive thing that exists in the world today."

and

He also learned from the April 2023 affidavit that the RCMP had ordered an ODIT on his union phone during the time he was engaged in collective bargaining conversations that year. He says this breached not only his privacy, but the privacy of some 19,000 union members.

It's concerning what a few billionaires are doing but there are way more of us so if everyone is doing small things it can add up.

One easy one is noticing where businesses you deal with get their boxes. My favourite coffee roastery used to use Uline boxes but is switching suppliers after they learned the back story on those guys: https://www.propublica.org/article/uline-uihlein-election-denial

What are some other small ways you've found to push back on the attempted coup of our southern neighbour?

Language matters.

The President is empowered by a Congress controlled by a narrow majority. Rather than the individual they have chosen, I am pissed at the Republican party. And disappointed in the American people. The guy? He was always that way and would have continued to be so at a safe distance from the levers of power without his enablers.

It is the American and especially Republican relationship with Canada that is important in this situation. Those are what endure, that person is only momentarily significant. So, where we can choose the narrative, I think that's important to focus on.

Plus I suspect he likes the sound of his own name.

I've blithely assumed that backups / snapshots of my home dir (including my Thunderbird profile) were covering my email. But it occurs to me it may be more difficult than expected.

I have message synchronization on for any folders I care about ("for offline use"). What I was assuming this meant was that if my mail host disappeared or mysteriously deleted an important folder, I would still be able to switch to a backup, start TB in offline mode (via a commandline parameter), and copy those folders to a local folder at which point I could reconnect and drag them back to my new host, a local imapd I use as an archive, or wherever.

But ...would that actually work? Anyone recover email from offline folders? How'd that go?

Edit:

Well, there can never be too many reminders to verify our backups and I'm all for that but that's less what I was after. I was specifically thinking about the scenario when an IMAP host somehow loses an important folder or disappears entirely. How would it go to recover from a sync'd folder in tb? What caveats would there be? Would attachments show up?

But ya, this post was silly, it's easy enough to try. Yes it works, yes the attachments come with. No major issues in my limited test.

However, I did learn one annoying thing: there is no command line option to start Thunderbird in offline mode. So in the case where the folder was deleted on IMAP I'd either have to:

• disconnect from the network before running the app
• quickly toggle offline before it finishes connecting and deleting the folder
• use the pref to prompt if you want to go online every time you start

I think for as rare a scenario as this is it's fine to just disconnect but I'm a bit surprised it really doesn't seem to have a flag for it.

cross-posted from: https://lemmy.ca/post/1926125

Too many perfectly usable phones are put into a questionable security situation by lack of vendor support for keeping key software up to date.

But what's the actual risk of using an Android phone on a stock ROM without updates? What's the attack surface?

It seems like most things that'd contact potentially malicious software are web and messaging software, but that's all done by apps which continue to receive updates (at least until the android version is entirely unsupported) eg. Webview, Firefox, Signal, etc.

So are the main avenues for attack then sketchy apps and wifi points? If one is careful to use a minimal set of widely scrutinised apps and avoid connecting to wifi/bluetooth/etc. devices of questionable provenance is it really taking that much of a risk to continue using a device past EOL?

Or do browsers rely on system libraries that have plausible attack vectors? Perhaps images, video, font etc. rendering could be compromised? At this point though, that stack must be quite hardened and mature, it'd be major news for libjpg/ffmpeg to have a code-execution vulnerability? Plus it seems unlikely that they wouldn't just include this in webview/Firefox as there must surely be millions of devices in this situation so why not take the easy step of distributing a bit more in the APK?

I'm not at all an Android developer though, perhaps this is very naive and I'm missing something major?

Too many perfectly usable phones are put into a questionable security situation by lack of vendor support for keeping key software up to date.

But what's the actual risk of using an Android phone on a stock ROM without updates? What's the attack surface?

It seems like most things that'd contact potentially malicious software are web and messaging software, but that's all done by apps which continue to receive updates (at least until the android version is entirely unsupported) eg. Webview, Firefox, Signal, etc.

So are the main avenues for attack then sketchy apps and wifi points? If one is careful to use a minimal set of widely scrutinised apps and avoid connecting to wifi/bluetooth/etc. devices of questionable provenance is it really taking that much of a risk to continue using a device past EOL?

Or do browsers rely on system libraries that have plausible attack vectors? Perhaps images, video, font etc. rendering could be compromised? At this point though, that stack must be quite hardened and mature, it'd be major news for libjpg/ffmpeg to have a code-execution vulnerability? Plus it seems unlikely that they wouldn't just include this in webview/Firefox as there must surely be millions of devices in this situation so why not take the easy step of distributing a bit more in the APK?

I'm not at all an Android developer though, perhaps this is very naive and I'm missing something major?

cross-posted from: https://lemmy.ca/post/653849

I'm trying to follow conventional wisdom and have more and more of our portfolio as straight up VGRO but want some more US exposure (though I am aware there are arguments in favour of a home-country bias). I was also interested in picking a USD fund as not only do they tend to have a lower MER but also get an extra boost from witholding tax exemption if I hold them in an RRSP.

An S&P 500 fund seems the way to go, but it seems awfully slanted towards giant tech megacaps. Apple alone is over 7% of VOO. With a P/E over 31 it's hard for me to feel like there's not extra risk with the concentration here--is it really such a safe bet to think the largest company in the world has that much more growth ahead of it? And VGRO already has a solid chunk of cap-weighted exposure.

And so, after my inexpert research failed to dissuade me, I'm probably going to use an equal-weight ETF like RSP or EUSA for this portion---there are no penny stocks on the S&P 500 and it doesn't seem to perform much worse (and indeed better depending how far back you test). At this point I'm more comfortable with either of those than VOO and will probably do this just for the irrational psychology, but I do wish there was something that combines an equal weighting with a screen for quality (something like SPHQ) as a big drawback seems like for as much concentration risk as it avoids it also keeps rebalancing more and more into failing companies as they crash and burn.

Anyone else subscribe to a similar reasoning and incorporate an equal weight fund into the passive portion of your portfolio? Which one did you go with?

Allied Properties sale of their data centre portfolio to KDDI includes 151 Front Street W., the site of TorIX which is the main Internet Exchange Point for the country. While that's not necessarily an issue, I kinda figured it was at least a little bit notable but I've not seen it mentioned aside from an investment context.

Unfortunately, it seems like it's less consequential than it should be because Bell Canada apparently still refuses to peer at TorIX and only connects to other ISPs through the US which means that eg. if I'm on Rogers in Toronto and you're on Bell, any communications between our computers have to flow through American controlled systems even though we're in the same city because that's how Bell chooses to have things set up.

Whereas, for pretty much everything else in Toronto, it'd move between networks via TorIX. Which is now in a building owned by a Japanese company instead of a Canadian REIT.

Could be worth making an extra effort if you're expecting a refund, especially with interest rates higher these days.