Does the “Buy European” community disregard software?

Nokia briefly had a couple devices with an apparently FOSS platform: Maemo, IIRC. Then they ditched that to align with Microsoft. And their recent smartphones are apparently based on Google’s Android. That’s not European.

If you must have an Android for some strange reason, then I suppose Nokia or Wiko would be as close as you can get to European. But fuck Android. It’s proprietary and designed for obsolescence.

I would not even announce centralized instances like piefed.ca. It’s part of the Cloudflare giant.

I have not tried much of anything yet. I just got a cheap laptop with a BD which came with Windows and VLC. I popped in a blu-ray disc from the library and it could not handle it… something about not having a aacs decoder or something like that. I didn’t spend any time on it yet but ultimately in principle I would install debian and try to liberate the drive to read BDs.

thanks!

Though I should mention my original motivation with makemkv was to rip blu-ray discs, which has complications that go beyond DVD. But the DVD guide will still be quite useful.

Fun suggestion… could be useful to have as a side hack if congestion becomes an issue but I doubt it would come to that. They have what seems to be a high-end switch with 20 or so ports and internal fans.

The event is ~2—3 hours or so. If someone needs the full Debian (80 gb!), I think over USB 2 it would not transfer in that timeframe. USB 2 sticks may be rare but at this event there are some ppl with old laptops that have no USB 3 sockets. A lot of people plug into ethernet. And the switch looks somewhat more serious than a 4-port SOHO… it has like 20+ ports with fans, so I don’t get the impression ethernet congestion would be an issue.

I think they could do the job. I’ve never admin’d an NFS so I’m figuring there’s a notable learning curve there. SAMBA, well, maybe. I’ve used it before. I’m leaning toward ProFTPd at the moment but if that gives me any friction I guess I’ll consider SAMBA. Perhaps I’ll go into overachiever mode and have both SAMBA and ProFTPd pointing to the same directory.

Two possible issues w/that w.r.t my use case:

• not in official Debian repos – not a show stopper but definately points against it for installation and maintenance burdons across migrations
• apparently read-only access for users. This is fine in simple cases where I would just be sharing with others, but a complete solution enables users to share with others on the same server by uploading. Otherwise everyone with a file to share must run rejetto hfs.

Nonetheless, I appreciate the suggestion. It could be handy in some situations.

oh, sorry. Indeed. I answered from the notifications page w/out context. Glad to know Filezilla will work for that!

I use filezilla but AFAIK it’s just a client not a server.

Indeed i noticed openssh-sftp-server was automatically installed with Debian 12. Guess I’ll look into that first. Might be interesting if ppl could choose between FTP or mounting with SSHFS.

(edit) found this guide

Thanks for mentioning it. It encouraged me to look closer at it and I believe it’s well suited for my needs.

Well it’s still the same problem. I mean, it’s likely piracy to copy the public lib’s disc to begin with, even if just for a moment. From there, if I want to share it w/others I still need to be able to exit the library with the data before they close. So it’d still be a matter of transcoding as a distinctly separate step.

What’s the point of spending a day compressing something that I only need to watch once?

If I pop into the public library and start a ripping process using Handbrake, the library will close for the day before the job is complete for a single title. I could check-out the media, but there are trade-offs:

• no one else can access the disc while you have it out
• some libraries charge a fee for media check-outs
• privacy (I avoid netflix & the like to prevent making a record in a DB of everything I do; checking out a movie still gets into a DB)
• libraries tend to have limits on the number of media discs you can have out at a given moment
• checking out a dozen DVDs will take a dozen days to transcode, which becomes a race condition with the due date
• probably a notable cost in electricity, at least on my old hardware

Wow, thanks for the research and effort! I will be taking your approach for sure.

I’ll have a brief look but I doubt ffmpeg would know about DVD CSS encryption.

Does pdfinfo give any indication of the application used to create the document?

Oracle Documaker PDF Driver
PDF version: 1.3

If it chokes on the Java bit up front, can you extract just the PDF from the file and look at that?

Not sure how to do that but I did just try pdfimages -all which was not useful since it’s a vector PDF. pdfdetach -list shows 0 attachments. It just occurred to me that pdftocairo could be useful as far as a CLI way to neuter the doc and make it useable, but that’s a kind of a lossy meat-grinder option that doesn’t help with analysis.

You might also dig through the PDF a bit using Dider Stevens 's Tools,

Thanks for the tip. I might have to look into that. No readme… I guess this is a /use the source, Luke/ scenario. (edit: found this).

I appreciate all the tips. I might be tempted to dig into some of those options.

Your assertion that the document is malicious without any evidence is what I’m concerned about.

I did not assert malice. I asked questions. I’m open to evidence proving or disproving malice.

At some point you have to decide to trust someone. The comment above gave you reason to trust that the document was in a standard, non-malicious format. But you outright rejected their advice in a hostile tone. You base your hostility on a youtube video.

There was too much uncertainty there to inspire trust. Getoffmylan had no idea why the data was organised as serialised java.

You should read the essay “on trusting trust” and then make a decision on whether you are going to participate in digital society or live under a bridge with a tinfoil hat.

I’ll need a more direct reference because that phrase gives copious references. Do you mean this study? Judging from the abstract:

To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.

I seem to have received software pretending to be a document. Trust would naturally not be a sensible reaction to that. In the infosec discipline we would be incompetent fools to loosely trust whatever comes at us. We make it a point to avoid trust and when trust cannot be avoided we seek justfiication for trust. We have a zero-trust principle. We also have the rule of leaste privilige which means not to extend trust/permissions where it’s not necessary for the mission. Why would I trust a PDF when I can take steps to access the PDF in a way that does not need excessive trust?

The masses (security naive folks) operate in the reverse-- they trust by default and look for reasons to distrust. That’s not wise.

In Canada, and elsewhere, insurance companies know everything about you before you even apply, and it’s likely true elsewhere too.

When you move, how do they find out if you don’t tell them? Tracking would be one way.

Privacy is about control. When you call it paranoia, the concept of agency has escaped you. If you have privacy, you can choose what you disclose. What would be good rationale for giving up control?

Even if they don’t have personally identifiable information, you’ll be in a data bucket with your neighbours, with risk profiles based on neighbourhood, items being insuring, claim rates for people with similar profiles, etc. Very likely every interaction you have with them has been going into a LLM even prior to the advent of ChatGPT, and they will have scored those interactions against a model.

If we assume that’s true, what do you gain by giving them more solid data to reinforce surreptitious snooping? You can’t control everything but It’s not in your interest to sacrifice control for nothing.

But what you will end up doing instead is triggering fraudulent behaviour flags. There’s something called “address fraud”, where people go out of their way to disguise their location, because some lower risk address has better rates or whatever.

Indeed for some types of insurance policies the insurer has a legitimate need to know where you reside. But that’s the insurer’s problem. This does not rationalize a consumer who recklessly feeds surreptitious surveillance. Street wise consumers protect themselves of surveillance. Of course they can (and should) disclose their new address if they move via proper channels.

Why? Because someone might take a vacation somewhere and interact from another state. How long is a vacation? It’s for the consumer to declare where they intend to live, e.g. via “declaration of domicile”. Insurance companies will harrass people if their intel has an inconsistency. Where is that trust you were talking about? There is no reciprocity here.

When you do everything you can to scrub your location, this itself is a signal that you are operating as a highly paranoid individual and that might put you in a bucket.

Sure, you could end up in that bucket if you are in a strong minority of street wise consumers. If the insurer wants to waste their time chasing false positives, the time waste is on them. I would rather laugh at that than join the street unwise club that makes the street wise consumers stand out more.

Don’t Canadian insurance companies want to know where their customers are? Or are the Canadian privacy safeguards good on this?

In the US, Europe (despite the GDPR), and other places, banks and insurance companies snoop on their customers to track their whereabouts as a normal common way of doing business. They insert surreptitious tracker pixels in email to not only track the fact that you read their msg but also when you read the msg and your IP (which gives whereabouts). If they suspect you are not where they expect you to be, they take action. They modify your policy. It’s perfectly legal in the US to use sneaky underhanded tracking techniques rather than the transparent mechanism described in RFC 2298. If your suppliers are using RFC 2298 and not involuntary tracking mechanisms, lucky you.

You’re kind of freaking out about nothing.

I highly recommend Youtube video l6eaiBIQH8k, if you can track it down. You seem to have no general idea about PDF security problems.

And I’m not sure why an application would output a pdf this way. But there’s nothing harmful going on.

If you can’t explain it, then you don’t understand it. Thus you don’t have answers.

It’s a bad practice to just open a PDF you did not produce without safeguards. Shame on me for doing it… I got sloppy but it won’t happen again.

deleted by creator