> I usually use the -c option to copy/paste my passwords
In X11 it's also possible to get passwords typed automatically with xdotool, which I call through an xmonad package. The only thing I'm missing is more powerful autocompletion.
Thanks. There wasn't any manual page or --help output, so I gave up on it, but now this may be the best option I know of. But, yeah, I could have just `cat /bin/passmenu`.
"Safe" in security is always relative. Safe from a military hacking attack? Probably never. Safe from random scriptkiddies? Yeah, probably even if you don't run Zoom with a separate user, as long as you got the rest of your shit together. Safe from people buying/using 0days? Seems so, since this issue was never actually disclosed (yet) so it's not really a 0day, so it'll be harder to for people to exploit.
You'd need to understand who/what are your threats to understand if you're "safe" or not.
Depends on a lot of things. If the 0day is an RCE they would need another privilege escalation exploit. How easy that would be depends a lot on how your system is setup.
But the short answer is probably not. Unless you are running Qubes or something, if someone can exploit an RCE then they can probably own your system.
No, as this discussion points out you should use the browser version if at all possible. The snap version would also offer a little bit more sandboxing probably if you're willing to edit the config for how much access it has to your system.
> Owning my computer is still relatively possible. I can build a computer from parts which I can choose, and have a choice in which operating system to install on them.
Where can I find, how can I build a computer---that isn't 13 years old---with open firmware of which one doesn't reasonably suspect that the NSA put a backdoor into it?
Don't worry about NSA. If the NSA finds your computer interesting, they can remotely hack it using one of a 100 zero-days exploits, without ME. And if you are running non-ME system, it's even easier for them to hack you unless you are working with the CounterNSA.
Surely this depends on the system being run and the programs running on it. Are you claiming that a basic installation of OpenBSD is wide open to the NSA? Even if that is true, I would think that fewer vulnerabilities are better than more, and that vulnerabilities that cannot be found because their source is secret are worse than those that can be found.
> since a lot of normal interactions such as banking almost requires you to have such a phone.
I can get by without carrying a microphone-and-camera equipped computer controlled by someone else around, and so I don't; but, if I want to return something I bought on the Internet, I don't get a receipt; and, if I want to go to a bar, there's a risk I won't be allowed to pay. (There is a law against the latter problem, but it is not enforced.)
> and, if I want to go to a bar, there's a risk I won't be allowed to pay.
Are there situations where paying without a smartphone is not practically possible? In the Netherlands people sometimes pay with smartphones, but these use the same infrastructure as the ubiquitous debit cards, so it is not an issue here. (Cash on the other hand…)
In Norway, some businesses use Corona as a pretext and say that credit cards are dirty too. What's the cash situation in the Netherlands? Aren't businesses legally bound to accept cash?
Supermarkets, sure, but plenty of small businesses require one of the so-called contactless payment methods these days — a trend that started pre-corona. This means either a debit card or a smartphone with a virtual debit card on it. It is a point of concern that this excludes people without a bank account, but as this doesn't impact essential services it is tolerated. I don't think we have a law that mandates cash, but of course supermarkets would face criticism if they closed the last cash register (there is always one that accepts both kinds of payment).
These payment terminals and the Dutch debit cards are by now all suitable for this type of contactless payment: you either lay the card on top of the terminal or hover it there, or hold it near the side (depending on the model); it can be done completely without terminal and card touching, and of course only the card carrier touches the card (i.e., you don't hand it over as is sometimes done with credit cards).
Credit cards are rarely used for payments in shops here, and are often frowned upon by merchants (and often refused). It's all debit cards (either as a physical card or virtual in a smartphone) and some cash — although covid may well proof to put cash that much closer to the grave.
