Different Operating Systems call it different things. Windows calls it Alternate. Even if it was only used when the primary was down, DNS doesn’t provide any sort of guidance or standard on when to switch between primary and secondary. Is one query timeout enough to switch? How often do you reattempt to the first DNS server? When do you switch back? With individual queries, you can timeout and hit another NS server, but that’s a lot easier at an individual level than to infer a global system state from one query timing out.

And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you’re letting ads through randomly.

Past vulnerabilities doesn’t mean there is active mpdern vulnerabilities especially ones in widely tested operating systems that’s exploited by as many apps as people claim are listening when security researchers also regularly reverse engineer and analyze the source code of popular apps to figure out what they’re doing. You can decompile Android apps pretty easily to see what they’re doing. Some are obfuscated so it takes some effort.

Its one thing to claim there’s some a system level bypass for the icon that the NSA uses to spy on its enemies, it’s another thing to claim that it’s being exploited on a wide scale by a tech companies on different apps, iOS and Android, multiple versions/devices.

The reality is that we leak tons of info through other mediums that are easier and cheaper to collect than through microphones.

Here’s a good reason why you should run an ad blocker. Block the Google Analytics script from loading entirely.

Google Analytics gives you insights on what pages people visit, how long they spend, what kind of browsers and devices they use. That can give them data on what pages are important to customers and what screen sizes to support

I’d rather they self host this data vs use Google Analytics, but there are benefits.

They started charging money for Docker Desktop for companies and they have been adding pull limits on Docker Hub.

The laptops are manufactured in Taiwan. There’s so much unpredictability in the tariffs so they’re delaying until it settles down. Tariffs are going to impact US companies and US residents.

I stopped using it to pay because then I’d have to set up a PIN, and then type in the PIN every time I want to use it

This shocked me when I went from my Galaxy Watch 3 to a Galaxy Watch 6. I used to only have to put a PIN when I wanted to pay, but now it’s anything on the watch?

Because of that, I also disabled the payment app.

but completely backwards in thinking that an undocumented bluetooth backdoor is worse than the worst vulnerability found since the invention of the internet

Right HeartBleed was way worse than this, not on the same level. I wasn’t claiming the opposite.

I was responding to the comment that appeared to suggest they were on the same level.

No way they’re on the same level. Heartbleed allowed for remote memory reads. This requires you to have access to change the firmware and just gives you some more APIs to control the WiFi system and possibly bypass firmware verification.

The companion post, I Went To SQL Injection Court, goes into detail about the court process and witness testimony. One of the interesting things is just how different computer people think about security vs lawyers. Somebody might say that having a schema would help a malicious actor a small amount, and a lawyer will jump on that to deny the request. The idea that the schema would help a malicious actor is the same as a map helping a bank robber. The vault security and security guards are the relevant factors for this, not the map.

I’ll keep this in mind the next time I’m an expert witness in a computer case (based on this, I hope I’m not.)

In this context, SKU refers to a variant of this product. That is the correct acronym as I understand

Which stops malicious usage, but doesn’t stop cases where web pages over use pushState as users move around instead of replaceState. I’ve seen maps that would add to the history every time a user moves around the map.

I’m on Wayland and KDE/Plasma. It worked on GNOME, but sadly not on Plasma.

How many users are using browsers that are old enough they don’t even support JS? It’s one thing to disable it for security/privacy (which the OP was talking about), because those users are probably more tech savy.

Do these old browsers not support DuckDuckGo?

One place it would be useful is if you are worried about somebody breaking into your home and stealing your computer. Don’t store the key on the home computer, instead store it on a cloud server. The home computer connects to the cloud server, authenticates itself with some secret, then if the cloud server authorizes, it can return the decryption key.

Then if your computer gets stolen or seized, it’ll connect via a different IP and the cloud server can deny access or even wipe the encryption key.

this doesn’t protect against all risks, but it has its uses.

Example: https://www.ogselfhosting.com/index.php/2023/12/25/tang-clevis-for-a-luks-encrypted-debian-server

Unfortunately, unscrupulous companies can build shadow profiles that bypass cookie and storage based isolation techniques like this.

Your browser gives off a lot of information. See here for some of the information they can use: https://amiunique.org/

You’re best off blocking things with uBlock Origin vs something that just isolates.

No, the cable isn’t going to implement the protocol. You need endpoints that are able to talk that protocol. That might be done with a firmware update or require new hardware.

I could connect a smart plug and disconnect it if below -15, if that would help

If you didn’t know already, many smart plugs are not rated for the amount of power that fridges and other compressor based appliances. They can overlosd the plugs and cause failures or fires. Also shutting off a compressor mid cycle increases the wear.