TheFuzzStone

6K posts

TheFuzzStone banner
TheFuzzStone

TheFuzzStone

@thefuzzstone

Agorist ┃ FOSS enthusiast

Katılım Mart 2017
5.3K Takip Edilen2.5K Takipçiler
Sabitlenmiş Tweet
TheFuzzStone
TheFuzzStone@thefuzzstone·
Nostr: npub1testfxupzps79vj8nc3qwhtrvrj9cgygfuztsh387szqhx3hee0s345l24
Magyar
1
1
22
4.7K
TheFuzzStone retweetledi
GrapheneOS
GrapheneOS@GrapheneOS·
Android's security policy for the past several years has been to backport patches for Critical and High severity Android vulnerabilities to the past 3 major yearly releases. Moderate and Low severity patches including most fixes for privacy weaknesses have required upgrading to the latest releases. Google recently informed OEMs of greatly reduced security support for older releases of Android. For the vast majority of discovered vulnerabilities, only Critical severity issues deemed to be an imminent risk will be backported at all and only to the most recent 2 major yearly releases (16 and 17). Externally reported vulnerabilities will currently still follow the same policy for backports as before. High and Critical severity vulnerabilities reported to Google by external parties will be backported to releases going back around 3 years (currently 14, 15, 16 and the current latest stable 17). Android Security Bulletins already omit Moderate and Low severity patches. They're already dated 2-4 months after the vulnerabilities were disclosed to OEMs and allowed to be shipped. Only Samsung flagships and Pixels ship any of it 'early' on practice. Only GrapheneOS ships the full set 'early'. The vast majority of vulnerabilities are now being discovered internally by Google for Android and Chrome. These are largely being discovered with AI. The subset deemed Critical severity and an imminent risk will be backported to 16 and 17. Bare minimum security support for older releases is over. Bare minimum Android security patches now require being on Android 16, 16 QPR2 or 17 and quickly moving to Android 18 when it's released. Once Android 18 is released, it will be the only release with current High and Critical severity patches. Serious support for older Android releases has ended. Android 17 is the only Android release with the current set of disclosed Moderate and Low severity patches. Android 16, 16 QPR2 and 17 will soon be the only releases with the current set of disclosed Critical and High severity patches too. Once Android 18 is released, it will be the only one. Vast majority of Linux kernel vulnerabilities aren't covered by Android Security Bulletins, externally disclosed patches are backported very slowly and Android Security Bulletins come 2-4 months later than when Android patches can be shipped. If you want bare minimum patches, use iOS or GrapheneOS. We're going to need to do a lot of work with Motorola and Qualcomm to provide serious patches for GrapheneOS devices. We're going to need more developers. After the launch of the new devices with GrapheneOS support, we want to repeatedly port to the latest Linux LTS branch among other major changes. Google is completely overwhelmed by the massive torrent of vulnerabilities discovered by AI models. They've done repeated cycles of layoffs and buyouts crippling their ability to handle it. The change to the schedule for Android Security Bulletins is also extremely at odds with this new reality. Google switched to a performative Android Security Bulletin system with vulnerabilities listed 2-4 months after they're shipped. They're pretending as if not open sourcing patches protects people from OEMs not patching them. Our community has people successfully reverse engineering binary patches. Google needs to start open sourcing QPR1 and QPR3 releases again along with open sourcing security preview patches shortly after disclosure to OEMs. Otherwise, we'll just hire people to start doing reverse engineering work in an official capacity to start publishing the changes as open source early.
English
25
105
997
37.9K
TheFuzzStone
TheFuzzStone@thefuzzstone·
@nym Are you planning to add VLESS + Reality + Vision?
English
0
1
4
351
Nym
Nym@nym·
They banned encryption. It got stronger. They banned VPNs. Usage doubled. They tried to license the printing press. It survived. They built the Great Firewall. VPNs went through it.
English
20
78
552
16.1K
Monerica
Monerica@MonericaProject·
@thefuzzstone @btcmap MoneroMaps isn't better, it took 10 minutes to make and has 11 listings. But it has to start somewhere. What exact feature is missing?
English
1
0
0
38
Monerica
Monerica@MonericaProject·
Do you want to see the Monero Maps prototype become a real website?
English
5
3
14
1.1K
Pavol Rusnak
Pavol Rusnak@PavolRusnak·
Fuck European Parliament Fuck Chat Control Use Signal
English
79
96
1.7K
45.8K
TheFuzzStone
TheFuzzStone@thefuzzstone·
@MonericaProject @btcmap I hope the UX/UI turns out great, and that you'll be able to monetize the app in an ethical way so that it truly benefits people, and so that users and merchants see the value in adding it to their map.
English
1
0
2
82
TheFuzzStone
TheFuzzStone@thefuzzstone·
The drama surrounding MoneroKon is over. @(ajs) got what he wanted—more attention from the community, and... well, more people simply showed their distrust of him. Looking forward for MoneroKon 2027. 😌
English
2
1
10
497
TheFuzzStone retweetledi
Unstoppable | Privacy Wallet
Unstoppable | Privacy Wallet@unstoppablebyhs·
STORY FROM THE TRENCHES : ENGINEERING @ UNSTOPPABLE WALLET About a month ago, one of our internal reporting algos flagged a swap where the user received significantly less than promised. That immediately became our top priority. >> First, we refunded every fee we earned from that swap. >> Then we worked with the provider to identify the root cause and improve their execution. But we didn't stop there. We upgraded the swap engine itself. >> Now every provider is continuously scored based on how closely they deliver what they promise. >> If a provider repeatedly under-delivers, we automatically reduce the rates we display from them until they improve. One bad swap became an industry-first protection. That's how we build. Be Unstoppable.
Unstoppable | Privacy Wallet@unstoppablebyhs

BEWARE: The Missing Problem Every Wallet With Crypto Swaps Has Ignored First, let me tell everyone that No-KYC swaps are great! We love them but there are problems. Anyone who's used them long enough knows they come with problems. Over the last few months we've been quietly solving them, one by one. Software is our domain and we like nothing more but to get to the very essence of the problem. Here are soem of the things we delivered just recently: → Impartial risk scoring to minimize asset freezes bringing the freezes nearly to 0! → No metadata leakage before you commit to a swap. This has massive benefits to the swapper. → Work with providers to establish pre-screening practices to reduce post-deposit KYC and rejections Today we're introducing another first of its kind feature that aims to fix industry wide problem. Most wallets simply show you whatever quote a provider returns. We go one steps further. If a provider consistently delivers less than promised, we automatically sanction them. Here's how it works: → We compare every quoted amount with what was actually delivered. → Providers that repeatedly under-deliver receive an automatic penalty. → Their displayed quotes are reduced until they improve. Even if a provider returns a $100 quote, we'll show less if their track record proves they rarely deliver what they promise. The result? >> Providers that keep their promises naturally rise to the top. >> The users often get more than what they expect, nbot the other way around. >> Providers are encouraged to underpromise but over deliver for visibility. At the very least, underdelivering has a negative impact on visibility. Because the best quote means nothing if it's never actually delivered. Your wallet should protect you! We are here to deliver and protect your interests. Be Unstoppable!

English
5
1
29
3.5K
TheFuzzStone
TheFuzzStone@thefuzzstone·
The FOSS community is very fragile. First and foremost, this is because many FOSS developers have a mental block about making money from their projects. Another group of FOSS developers either fears cryptocurrencies or despises them for religious/political reasons. As a result, we have great FOSS that survives on a bowl of rice (without butter - that's for the bourgeoisie) and a slice of 3 days old bread. In my lifetime, I've paid more for FOSS than some people have paid for proprietary apps. I'm not complaining. I'm proud of it. But, it's not always easy… I have to go to GitHub, open an issue, and directly ask them to add a Monero and/or Bitcoin wallet - and offer to make the first donation myself… And how pleased I was (and at the same time surprised) to see that some of the FOSS developers whose work I use were happy to receive a 50~200 USD donation via XMR! So, if you're a FOSS developer for Linux/Android, please don't make me waste my time asking you to accept a donation from me! First things first, publish your FOSS on @zapstore_, and be sure to add your Monero wallet address to the README - trust me, people will donate to you! A colorful meme that sums up most of the FOSS community (unfortunately).
TheFuzzStone tweet media
English
4
6
37
1.2K
TheFuzzStone
TheFuzzStone@thefuzzstone·
Waiting for Chat Control 2! 🇪🇺💪🏻 Ursula will protect the children! And the goyim will enjoy!
Mullvad.net@mullvadnet

Chat Control 1 is back. Despite the European Parliament voting down the legislation twice this year, the Council of the European Union and parts of the Parliament today managed – through an urgent procedure – to extend it for another two years. The law was originally introduced as temporary legislation, so that its effectiveness could be evaluated. At the end of 2025, the European Commission itself concluded that it was not possible to determine whether the law had any measurable effect. Even so, it has now been pushed through. Some of today's amendments could have stopped the law. And a majority of the voting MEPs wanted to do so. By a margin of 314-276, the Parliament voted to reject the proposal through these amendments. However, since it was an urgent procedure, 361 votes were required. As a result, the majority lost today and Chat Control 1 was passed. The urgent procedure was a dirty play by the Council and parts of the Parliament – it’s a procedure not meant to be used on legislation already rejected by the Parliament. For now, Chat Control 1 will remain in effect. This means that tech companies may continue scanning communications without a warrant or suspicion. However, the real battle is Chat Control 2. Unlike Chat Control 1, it would require all providers to scan communications, and to do so far more extensively than Chat Control 1 ever has.

English
1
0
5
272
TheFuzzStone
TheFuzzStone@thefuzzstone·
Chat Control passed!😌🇪🇺💪🏻 Let the goyim enjoy that democratic democracy!
English
1
0
7
227
TheFuzzStone
TheFuzzStone@thefuzzstone·
If the next MK7 is organized by the bad actor (AJS), I won't attend the event, and I'll also warn all my friends and speakers (whom I know) that AJS is nothing but a bad actor.
BawdyAnarchist@BawdyAnarchist_

MoneroKon "Emergency Meeting" --- There's broad consensus that @OrangeFren did great with MK6, and he's the clear favorite to organize MK7. @ajs_xmr unanimously lost a vote that *he* called for MK7 organizer, but then 2 days later, literally went rouge. With no warning, started kicking various people from groups he controls (many of which have nothing to do with MK), killed the MoneroKon room <--> IRC bridge, and today shut off the MK servers. He called an "emergency meeting," falsely framing this as "profit vs non-profit." However, he abandoned his obligation to organize MK6 and had minimal involvement with MK5. When @OrangeFren proposed to pick up the torch, organizing MK6 on a compressed timeline and assuming the full entrepreneurial risk, @ajs_xmr consented. @ajs_xmr also proposed a personal compensation of ~$40k for himself for MK7 (now it's an hourly-rate proposal), and has plans for *his own* LLC to conduct MK7. --- Importantly: There's consensus that a pure-volunteer model has become untenable due to growing size. Spearheading Kon is huge time investment. So it's not even a contentious proposition that *someone* will make profit/income for their efforts. This is reasonable. However, @ajs_xmr framing this as "profit vs non" is a red herring and hypocritical. Another crucial false framing, is that a narrow group voted to "convert MK into a privately controlled commercial enterprise." We absolutely did not. We ONLY voted that @OrangeFren organize MK7 (a vote ajs organized). --- Setting aside his unprofessional and legally-questionable behavior, a diverse group of participants have converged on the core of the issue. MoneroKon is creative-commons. Anyone may use the name. However, there are socials, domains, and infrastructure which are under ajs exclusive control. The main proposition is this: **Stewardship/control of these resources should be separated from entities organizing MoneroKon.** The steward should be skilled with infra, and grant access to future MK organizer(s) based on community sentiment. I'm writing this post, because on Saturday, at 1600 UTC, the "emergency meeting" ajs demanded, will commence in: #monero-community:monero.social" target="_blank" rel="nofollow noopener">app.element.io/#/room/#monero… --- My hope is that we can remain focused on the primary issues at hand, and not be distracted by red herrings. 1. Should control of the infra/socials be separated from entities organizing future MoneroKons? - Which physical person and backup will be the primary custodians for the MK resources? - Should the secondary custodians that @ajs_xmr kicked, be fully restored on all infra he controls? - Discussion regarding incentives/structure, to motivate good faith by the primary custodians. 2. Does the community wish to restore @OrangeFren's access to the MK socials/website, for the purposes of organizing MK7?

English
0
0
11
624
TheFuzzStone
TheFuzzStone@thefuzzstone·
@BawdyAnarchist_ @OrangeFren @ajs_xmr If the next MK7 is organized by the bad actor (AJS), I won't attend the event, and I'll also warn all my friends and speakers (whom I know) that AJS is nothing but a bad actor.
English
0
0
4
135
BawdyAnarchist
BawdyAnarchist@BawdyAnarchist_·
MoneroKon "Emergency Meeting" --- There's broad consensus that @OrangeFren did great with MK6, and he's the clear favorite to organize MK7. @ajs_xmr unanimously lost a vote that *he* called for MK7 organizer, but then 2 days later, literally went rouge. With no warning, started kicking various people from groups he controls (many of which have nothing to do with MK), killed the MoneroKon room <--> IRC bridge, and today shut off the MK servers. He called an "emergency meeting," falsely framing this as "profit vs non-profit." However, he abandoned his obligation to organize MK6 and had minimal involvement with MK5. When @OrangeFren proposed to pick up the torch, organizing MK6 on a compressed timeline and assuming the full entrepreneurial risk, @ajs_xmr consented. @ajs_xmr also proposed a personal compensation of ~$40k for himself for MK7 (now it's an hourly-rate proposal), and has plans for *his own* LLC to conduct MK7. --- Importantly: There's consensus that a pure-volunteer model has become untenable due to growing size. Spearheading Kon is huge time investment. So it's not even a contentious proposition that *someone* will make profit/income for their efforts. This is reasonable. However, @ajs_xmr framing this as "profit vs non" is a red herring and hypocritical. Another crucial false framing, is that a narrow group voted to "convert MK into a privately controlled commercial enterprise." We absolutely did not. We ONLY voted that @OrangeFren organize MK7 (a vote ajs organized). --- Setting aside his unprofessional and legally-questionable behavior, a diverse group of participants have converged on the core of the issue. MoneroKon is creative-commons. Anyone may use the name. However, there are socials, domains, and infrastructure which are under ajs exclusive control. The main proposition is this: **Stewardship/control of these resources should be separated from entities organizing MoneroKon.** The steward should be skilled with infra, and grant access to future MK organizer(s) based on community sentiment. I'm writing this post, because on Saturday, at 1600 UTC, the "emergency meeting" ajs demanded, will commence in: #monero-community:monero.social" target="_blank" rel="nofollow noopener">app.element.io/#/room/#monero… --- My hope is that we can remain focused on the primary issues at hand, and not be distracted by red herrings. 1. Should control of the infra/socials be separated from entities organizing future MoneroKons? - Which physical person and backup will be the primary custodians for the MK resources? - Should the secondary custodians that @ajs_xmr kicked, be fully restored on all infra he controls? - Discussion regarding incentives/structure, to motivate good faith by the primary custodians. 2. Does the community wish to restore @OrangeFren's access to the MK socials/website, for the purposes of organizing MK7?
English
4
4
41
3.7K
Pavol Lupták
Pavol Lupták@wilderko·
Chat Control 1.0: Ve čtvrtek rozhodnou nepřítomní poslanci Evropský parlament ve čtvrtek rozhodne o plošném skenování e-mailových komunikací a messengerových zpráv. reporteri.substack.com/p/chat-control…
Čeština
5
12
89
6.2K
TheFuzzStone
TheFuzzStone@thefuzzstone·
The Pixel has terrible battery life and terrible CPU. I don't understand why they're trying to replace a regular laptop with makeshift alternatives that look like a... regular laptop, but will clearly perform worse. I definitely wouldn't use something like that. But the project is interesting. youtube.com/watch?v=KxX4x6…
YouTube video
YouTube
English
0
0
1
415
TheFuzzStone
TheFuzzStone@thefuzzstone·
@schmidt1024 No. Because you'd have to be a total goy to buy a car newer than ~2017 with such advanced telematics systems.
English
0
0
2
50
Cake Wallet
Cake Wallet@cakewallet·
We’ve been building self-custodial payments with cutting-edge financial privacy for the last eight years, and now it’s time to bring that expertise to a new arena. Meet Radar, where we’ve combined the best of Signal with the best of Bitcoin Lightning!
Radar.Chat@RadarChat

Your messages. Your Bitcoin. Together, at last. Radar brings private messaging and self-custodial Bitcoin Lightning together in one seamless experience, and because it's built on Signal's incredible network - the people you already talk to come with you.

English
13
46
234
12.8K