The Iris #Nostr client on #Android now has a "block and mute" function, so I've started using that against the #spambots.
Nostr has some great ideas that are way beyond what either #OStatus or #ActivityPub branches of the #Fediverse are doing, but the spam and the fact that there's a really big #Bitcoin "Maxi" faction there are chasing regular people away.
There were a few private gitea forges, a couple of inactive blogs, and so on. They can keep the current addressbook as a "historical" section, but the the main list should be updated 1-4X per year to prune dead sites.
#Samsung, among others, has leaked their #Android app-signing keys.
> Guess what has happened! Łukasz Siewierski, a member of Google's Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware. The post is just a list of the keys, but running each one through APKMirror or Google's VirusTotal site will put names to some of the compromised keys: Samsung, LG, and Mediatek are the heavy hitters on the list of leaked keys, along with some smaller OEMs like Revoview and Szroco, which makes Walmart's Onn tablets.
...
> What OEMs really need to do is stop using the compromised keys to secure their apps. It's not clear why Samsung continues to use the key. Android's APK Signature Scheme V3 allows developers to change app keys with just an update—you authenticate an app with the new and old key and indicate that only the new key is supported for updates. This is a requirement for Play Store apps, but again, system apps from OEMs are not subject to any of the Play Store rules, so some OEMs are still using the old v2 signature scheme.
> Thankfully, these leaked keys are only for apps and not the keys used to sign OS updates. So even if the v3 signature scheme is not in use, theoretically the affected companies could ship a still-secure OTA update that includes new system apps with new keys, and they could make new corresponding Play Store updates that are compatible with those new keys. That sounds like a lot of work, though.
@thunderbird@k9mail Whoa! Didn't see that one coming! Still, I'm cautiously optimistic about this. #K9 has been great for a long time, but short on marketing and funding. #Thunderbird has more recognition, but no #Android app. The two together could definitely be stronger than their separate parts. Plus, to be honest, I was wondering how long it would be before K9 got in trouble for the name/logo combo. This neatly sidesteps that before it's even a problem!
Turn location OFF and leave it OFF. Nearly all application programs (apps) will still work, but they will periodically nag you, saying they cannot function without it. (Similar to the way several unrelated #Android apps will claim that they cannot work without Google Play Services being enabled.)
Note that many apps added some sort of mapping related functionality, which doesn’t fully work without location. But do you really need to share your music and video choices with nearby strangers?
Believed affected: * cloud platforms * enterprise applications ( which are often written in #Java ) * Minecraft ( which was where the #log4j flaw was discovered ) * #Android apps ( noted by @clacke )
Possibly, other "log4" libraries may have a similar flaw.
I used to open a tab to hashify.me and post things into it as a workaround just in case a form I was typing a long text into would unload from memory as I was flipping tabs for sources and quotes. hashify.me stores text in the URL, so it can survive an unload+reload.
Never again! Now I just copy the partially-written post to the clipboard and I can still go find and copy links and quotes without losing it.
XClipper - Smart Clipboard manager for Android (A smart clipboard manager for Android with synchronization feature.)