but completely backwards in thinking that an undocumented bluetooth backdoor is worse than the worst vulnerability found since the invention of the internet
Right HeartBleed was way worse than this, not on the same level. I wasn’t claiming the opposite.
I was responding to the comment that appeared to suggest they were on the same level.
No way they’re on the same level. Heartbleed allowed for remote memory reads. This requires you to have access to change the firmware and just gives you some more APIs to control the WiFi system and possibly bypass firmware verification.
The companion post, I Went To SQL Injection Court, goes into detail about the court process and witness testimony. One of the interesting things is just how different computer people think about security vs lawyers. Somebody might say that having a schema would help a malicious actor a small amount, and a lawyer will jump on that to deny the request. The idea that the schema would help a malicious actor is the same as a map helping a bank robber. The vault security and security guards are the relevant factors for this, not the map.
I’ll keep this in mind the next time I’m an expert witness in a computer case (based on this, I hope I’m not.)
In this context, SKU refers to a variant of this product. That is the correct acronym as I understand
Which stops malicious usage, but doesn’t stop cases where web pages over use pushState as users move around instead of replaceState. I’ve seen maps that would add to the history every time a user moves around the map.
I’m on Wayland and KDE/Plasma. It worked on GNOME, but sadly not on Plasma.
How many users are using browsers that are old enough they don’t even support JS? It’s one thing to disable it for security/privacy (which the OP was talking about), because those users are probably more tech savy.
Do these old browsers not support DuckDuckGo?
One place it would be useful is if you are worried about somebody breaking into your home and stealing your computer. Don’t store the key on the home computer, instead store it on a cloud server. The home computer connects to the cloud server, authenticates itself with some secret, then if the cloud server authorizes, it can return the decryption key.
Then if your computer gets stolen or seized, it’ll connect via a different IP and the cloud server can deny access or even wipe the encryption key.
this doesn’t protect against all risks, but it has its uses.
Example: https://www.ogselfhosting.com/index.php/2023/12/25/tang-clevis-for-a-luks-encrypted-debian-server
Unfortunately, unscrupulous companies can build shadow profiles that bypass cookie and storage based isolation techniques like this.
Your browser gives off a lot of information. See here for some of the information they can use: https://amiunique.org/
You’re best off blocking things with uBlock Origin vs something that just isolates.
No, the cable isn’t going to implement the protocol. You need endpoints that are able to talk that protocol. That might be done with a firmware update or require new hardware.
I could connect a smart plug and disconnect it if below -15, if that would help
If you didn’t know already, many smart plugs are not rated for the amount of power that fridges and other compressor based appliances. They can overlosd the plugs and cause failures or fires. Also shutting off a compressor mid cycle increases the wear.
These pictures remind me of YouTube thumbnails with fhe style of over emphasized visuals and it makes me wonder if people got accustomed to that style and that makes it easier to pass the BS test.
Just think of all the countries and companies that grab this data, group by email address, then start to identify preferences of people around the world. Its not just for identity theft. The possibilities are endless! And horrifying.
It’s possible, but it costs money to design the hardware so it’s accessible, it has to use a connector which has to be robust against vibrations (is m.2 robust?), then there needs to be a standardized protocol to communicate with the card. Does the car computer need to know how to authenticate against the cell network or does the card? Is it industry standardized or specific to the manufacturer? All kinds of things need to be designed and car manufacturers have no reason to invest in they.
The problem is the cell modem in the car, which is hard to replace. Cars last a lot longer than phones do. When whatever network that the car uses shuts down, then you can’t remote start your car. That’s a marginal cost that the car company has to pay for.
CDs have an advantage over USB drives in that they can’t actually secretly be USB HID devices like a fake keyboard or mouse that runs a bunch of commands when it plugs in. It’s only a storage device.
A super secure environment might then lock down all USB devices to ones known by them and then epoxy all ports and devices.
ICANN specifically set aside all two character TLDs to be for country specific codes. There’s only a few cases where they kept ex countries TLDs around and phased them out over several years. It would be an entirely new precedent if they did keep it. So I wouldn’t depend on it
I have my doubts that a company would be able to just abandon a live and operational nuclear power plant. I’m no nuclear or power engineer, but I am familiar with data center power consumption. There are companies in the region that would absolutely build more data centers, but are power constrained from the utility companies in the area, that are not just for AI, but for general compute. Even then, it’s low carbon production energy. If you have a ton of excess power, just start forcing high carbon production facilities in the area to close and now you’ve greened the grid.
This shocked me when I went from my Galaxy Watch 3 to a Galaxy Watch 6. I used to only have to put a PIN when I wanted to pay, but now it’s anything on the watch?
Because of that, I also disabled the payment app.