otter

I recently got a small keychain device for free as a cheap promotional item. It looks like one of these: https://powerstick.com/powertag/

It asks that you install this app: Spot 2.0 Bluetooth Finder

Some concerns right away:

• It requires an account
• It said that my password was too long
• It seems that these apps will need 24/7 access to location in order to work properly, so I'm not comfortable making an account on some app I've never heard of

So my questions:

Q1: If someone is given a similar device, is there a FOSS app that they can use it with? So far I've found:

• BLE Radar (FDroid, GitHub). It looks promising and I haven't played with all the custom profiles yet. While I was able to connect the device and see it on a map, I don't see an option to ring the device from the app. Since it's a key ring, I imagine most people would use it to find their keys in their home, for which the speaker would be helpful.

• iTracing2 (FDroid, GitHub). This one is very minimalistic, and while I could get it connected, it seems to only work in the device > phone direction, where you can press a button on the keychain to initiate an action on the phone (ex. ring the phone)

Q2: If someone wanted to get a good quality version of this, which brands do you recommend? Ideally it would be accurate and be compatible with some FOSS app(s).

I remember seeing Chipolo mentioned in some other thread here, but I don't know if they meet those requirements

As Synology explains in security advisories published two days after the flaws were demoed at Pwn2Own Ireland 2024 to hijack a Synology BeeStation BST150-4T device, the security flaws enable remote attackers to gain remote code execution as root on vulnerable NAS appliances exposed online.

"The vulnerability was initially discovered, within just a few hours, as a replacement for another Pwn2Own submission. The issue was disclosed to Synology immediately after demonstration, and within 48 hours a patch was made available which resolves the vulnerability," Midnight Blue said.

From a different source:

Synology proactively sponsors and works with security researchers as part of product security initiatives. At this year's Pwn2Own Ireland 2024 event, which took place in late October, we successfully discovered and resolved multiple security vulnerabilities.

While these vulnerabilities are not being exploited, we recommend all Synology device administrators immediately take action to secure their systems by updating due to the scope and severity of specific issues.

There are downsides with downloading their app just to input bad data, but it's a fun thought.

edit: While we're at it we might as well offer an alternative app to people.

I posted in [email protected] to collect recommendations for better apps

The post: https://lemmy.ca/post/32877620

Leading Recommendation from the comments

The leading recommendation seems to be Drip (bloodyhealth.gitlab.io)

Summarizing what people shared:

• accessible: it is on F-droid, Google Play, & iOS App Store
• does not allow any third-party tracking
• the project got support from "PrototypeFund & Germany's Federal Ministry of Education and Research, the Superrr Lab and Mozilla"
• Listed features:
  • "Your data, your choice: Everything you enter stays on your device"
  • "Not another cute, pink app: drip is designed with gender inclusivity in mind."
  • "Your body is not a black box: drip is transparent in its calculations and encourages you to think for yourself."
  • "Track what you like: Just your period, or detect your fertility using the symptothermal method."

Their Mastodon: https://mastodon.social/@dripapp

A friend was asking, and it would be nice to have one or two to recommend.

Bonus if it's on Google Play in addition to Fdroid, but not necessary.

Some recommendations in these threads:

• https://lemmy.ca/comment/12756204
• https://lemmy.ca/post/32878118

Some discussion on apps (including non-FOSS) here:

• https://foundation.mozilla.org/en/privacynotincluded/categories/reproductive-health/

Leading Recommendation from the comments

The leading recommendation seems to be Drip (bloodyhealth.gitlab.io)

Summarizing what people shared:

• accessible: it is on F-droid, Google Play, & iOS App Store
• does not allow any third-party tracking
• the project got support from "PrototypeFund & Germany's Federal Ministry of Education and Research, the Superrr Lab and Mozilla"
• Listed features:
  • "Your data, your choice: Everything you enter stays on your device"
  • "Not another cute, pink app: drip is designed with gender inclusivity in mind."
  • "Your body is not a black box: drip is transparent in its calculations and encourages you to think for yourself."
  • "Track what you like: Just your period, or detect your fertility using the symptothermal method."

Their Mastodon: https://mastodon.social/@dripapp

This release has fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.

cross-posted from: https://lemmy.eco.br/post/8758930

If you're using Vaultwarden, you should update because of security fixes.

There is a table of examples in the link. Some I saw include:

Desert

• desert Latin dēserō ("to abandon") << ultimately PIE **seh₁- ("to sow")
• Ancient Egyptian: Deshret (refers to the land not flooded by the Nile)  from dšr (red)

Shark

• shark Middle English shark from uncertain origin
• Chinese 鲨 (shā)  Named as its crude skin similar to sand (沙 (shā))

Kayak

• Inuktitut ᖃᔭᖅ (kayak) Proto-Eskimo *qyaq
• Turkish kayık ('small boat')[17] Old Turkic kayguk << Proto-Turkic kay- ("to slide, to turn")

A lot of these could be TIL posts of their own.

I also wonder if some of these are actually false cognates, or if there is a much earlier common origin with false associations that came afterwards

cross-posted from: https://lemmy.ml/post/22332949

JD Vance said that ‘American power comes with certain strings attached’

Archive link

I saw this post and I was curious what was out there.

https://neuromatch.social/@jonny/113444325077647843

Id like to put my lab servers to work archiving US federal data thats likely to get pulled - climate and biomed data seems mostly likely. The most obvious strategy to me seems like setting up mirror torrents on academictorrents. Anyone compiling a list of at-risk data yet?