Discussions related to Infosec.pub

We're happy to announce the release of BusKill v0.7.0!

Most importantly, this release allows you to arm the BusKill GUI app such that it shuts-down your computer when the BusKill cable's connection to the computer is severed.

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Upgrading

You can upgrade your BusKill app to the latest version either by

1. Clicking "Update" in the app or
2. Downloading it from GitHub

Changes

This update includes many bug fixes and new features, including:

1. Adds support for 'soft-shutdown' trigger to GUI
2. Adds a new buskill.ini config file
3. Adds a new "Settings" screen in GUI
4. Merges kivy & buskill config files into one standardized location
5. Fixes in-app updates on MacOS
6. Fixes lockscreen trigger on Linux Mint Cinnamon
7. Fixes background blue/red disarm/arm color to propagate to all screens
8. Fixes --run-trigger to be executed inside usb_handler child process and communicate to root_child through the parent process

You can find our changelog here:

• https://docs.buskill.in/buskill-app/en/stable/changelog.html

Documentation Improvements

We've also made many improvements to our documentation

1. Updated the Software User Guide to include how to arm the BusKill app with the soft-shutdown trigger in the GUI
2. Added a manpage
3. Better documentation on how to build your own USB-C BusKill Cable
4. Better documentation on how to test the buskill app
5. Fixes in Release Workflow
6. Added some additional related projects to our documentation

Soft-Shutdown Trigger

This release now allows you to choose between either [a] locking your screen or [b] shutting down your computer when you arm the BusKill app from the GUI. By default, the BusKill app will trigger the lockscreen. To choose the 'soft-shutdown' trigger, open the navigation drawer, go to the Settings Screen, click Trigger, and change the selected trigger from lock-screen to soft-shutdown. For more information, see our Software GUI User Guide.

• https://docs.buskill.in/buskill-app/en/v0.7.0/software_usr/cli.html

BusKill Now in Debian!

We're also happy to announce that, with the release of Debian 12, it's now possible to install BusKill in Debian with Apt!

sudo apt-get install buskill

Testers Needed!

We do our best to test the BusKill app on Linux, Windows, and MacOS. But unfortunately it's possible that our app doesn't fully function on all versions, distributions, and flavours of these three platforms.

We could really use your help testing the BusKill app, especially if you have access to a system that's not (yet) listed in our Supported Platforms.

And in this release, we specifically would like you to help us test the new soft shutdown feature. Please let us know if it does or does not work for you.

Please contact us if you'd like to help test the BusKill app :)

Pretty much the title. is federation broken? I hardly see comments anymore since about 1-2 days. the “new” page is pretty much stagnant :(

And do they have to be infosec focused?

Hi all. I’ve disabled new community creation and federation until there is a fix for the latest vulnerability

Discussion from here: https://lemmy.ml/post/1895271

Relevance: Infosec.pub may wish to consider defederation temporarily.

Temporary fix in place, but instances remain vulnerable. Post: https://lemmy.world/post/1290412

• UPDATE 2:58 UTC the injected code was removed from the main page, but cleanup efforts are still underway.
• UPDATE 3:11 UTC situation appears to be under control, but browse with caution.
• UPDATE 3:35 UTC main page exploited again! Website is unsafe.
• UPDATE 4:01 UTC reports coming in that other instances are getting owned. One report of comments trying to inject JavaScript into the page.
• UPDATE 4:13 UTC XSS vulnerability in page sidebar is reported relationship to the event is unknown.
• UPDATE 7:17 UTC Root cause was identified a while ago.

In Firefox I am unable to upload images either as the subject of a post, or as a part of the body using the image button. I receive the following error:

SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data client.js:2:1753277
    Hp https://infosec.pub/static/7197474/js/client.js:2
    (Async: promise callback)
    Hp https://infosec.pub/static/7197474/js/client.js:2
    n https://infosec.pub/static/7197474/js/client.js:2

I found a github issue about it but it's really old, so I'm thinking it's not that relevant, even though it pretty much describes the issue exactly:

https://github.com/LemmyNet/lemmy-ui/issues/403

There are some other issues in the lemmy backend repo:

https://github.com/LemmyNet/lemmy/issues?q=is%3Aissue+unexpected+character+at+line+1+column+1+is%3Aclosed

Anyone else noticing this or is it just me?

EDIT: Probably should have checked first but this happens on other instances running 0.18.1, so I guess it doesn't matter, seems to be an upstream issue.

Is there a setting to default all external links to a new tab? I'm used to that behavior from infosec.exchange. I keep finding myself having to reopen infosec.pub after going down a rabbit hole.

As some have pointed out, there was a serious xss vulnerability in lemmy disclosed yesterday. The Lemmy team released a fix a bit ago and I've since patched infosec.pub.

Is Jerry hosting a Kbin instance?

Not getting any response. TIA

Be careful what posts you click until this is patched.

EDIT: Clarify, this server I expect is also vulnerable, hence the choice of community.

There are many communities I cannot view with this account.

[email protected] is one example.

But there are quite a few by browsing the “trending” communities on WefWef.

What gives?

I'm a member of the sim racing community on lemmy.ml.

https://lemmy.ml/c/simracing

If I go directly to that community there is a pinned post:

https://lemmy.ml/post/1703575

But if I browse the community from here on infosec.pub:

https://infosec.pub/c/[email protected]

The post is missing. Other new posts seem to be present and comments are working as expected since I was able to ask a question about said post in a different thread just now: https://infosec.pub/comment/591176

Has anyone else noticed this?

EDIT: In case anyone lands here with weird missing post or comment issues. I found that to work around this you can search for the direct link for both posts and comments which will force whatever instance you are on to find and show them. Probably not a great long-term solution but it works if you just want to reply to one or two people.

Is anyone else facing issues finding and subscribing to communities? For instance, I am unable to find [email protected] in the search. Only Vegan Fitness shows up when i search for "fitness".

Edit: I am able to find [email protected] now. I am still not sure what makes communities not turn up on my search.

Since Lemmy is so new, and the default interface is not always that ... great (yet), ~dispite @[email protected] best efforts~

what app do you use to view posts on here?

I was using wefwef.app and am considering hosting my own. what do you all use?

current Tally:

• Lemmy Native
• Memmy
• WefWef.app
• Jerboa
• Connect
• Boost (not released) -liftoff
• Thunder
• ...

Hey, I'm pretty happy here on infosec.pub. A lot of my interests are related to the subject matter at hand. Most of the discussions online (that I am interested in) are in English, and that works just fine here. However, due to an incredible amount of bad luck, I also happen to be Dutch. Due to that condition, I sometimes want to see Dutch content. Currently, that doesn't seem to be possible on infosec.pub. The option is just not there on the list of languages on this instance. Therefore, I would like to request support for the Dutch language, the label is Nederlands ( see feddit.nl posts for example ) on infosec.pub. Thank you for your time.

What about setting the new language of a post to English? There are people that don’t know how lemmy works that keep on opening new posts and leaving the language to “Undetermined” by mistake so no one can answer them.

For some strange reason I am unable to block most communities. Tried both Firefox and Chrome.

The "Block community" button is replaced with text. Is it a known bug?

This collection of networks offers no end to end encryption. Anyone with administrator access to an Instance can read anything that travels through that Instance’s infrastructure – including direct messages. The level of risk correlates with the number of cross-Instance interactions between users. If users from different Instances communicate, an attacker need only compel one Instance to reveal the direct messages between all of the interacting accounts. The centralised equivalents – Twitter, Tumblr, etc – can cloak their users through governance and resources. In a peer-to-peer network without encryption, there’s no structure, no agreed-upon governance, and absolutely no protection. Compromising or compelling an Instance or its staff means that all of network traffic is laid bare to its assailant.

I’d love to have a discussion on this (now fairly old) article which IMO has yet to provoke the kind of much-needed action on this topic that we, as a community of cypherpunks, are capable of.

Hi, I saw this Beehaw post while browsing All. Anything we need to be concerned about?

EDIT: False alarm, see himazawa's response.

Hey pub-folk, I've recently published my take on the "threadiverse" in the form of a quasi-guide but with some other commentary. Appreciate any feedback, good or bad!

We appreciate the work y'all do

Lemmy and kbin have been... exciting to set up and debug.

There is a new version of lemmy in RC right now that should fix most of the issues we've been seeing, or at least give error messages that indicate what is going on.

I don't seem to be able to comment on any posts on other lemmy instances. For example https://infosec.pub/c/[email protected] . When I try to comment it just spins. I expected issues with lemmy.ml but I've now tried several instances and experience the same problems.

Also comments on many posts don't match what you see if you go directly to the remote instance to view the thread.

Is there some federation issue with infosec.pub?

Somtimes when I post to other instances I have issues when I don't set the language. I think there is normally a "Undetermined" lanuage on lemmy but this instance doesn't offer it. Could this be the root of some UI issues? Is this set correctly and what does it mean for my profile not to have selected undetermined?