The Quest for Reasonably Secure Operating Systems
The Quest for Reasonably Secure Operating Systems
I never worried on Windows about security as much as I should have, it just so happens I've been lucky to have never been hit with ransomware. By the time...yazomie > tech
like this
iOS 26 doesn't offer privacy settings at all for "Home" app
It appears that even if you don't have the app installed, it is in Settings > Apps. But there's no option at all, to customise its privacy settings.
Downloading the app also doesn't let you customise its privacy settings. In fact, the app then disappears altogether from the privacy settings! It doesn't even appear anymore in the "Hidden Apps". Removing it again however, shows the app popping up again in the settings.
What's more, it's deliberately erroneously labelled as "Start Screen" when you don't have downloaded it.
Ridiculous. One more reason to go to a Fairphone or something like it.
However, you can edit it... but very cumbersomely, only by going to Settings > Siri > App Access ... and then suddenly, you see the app!
This seems like it's straight up illegal.
If by “privacy settings” you mean controlling what system permissions the Home app has, you’re out of luck. It’s a semi-default app and may be more deeply embedded into iOS than is apparent.
If you’re trying to control what other apps have access to HomeKit data, you can find that in Privacy & Security.
Man Charged for Wiping Phone Before CBP Could Search It
adhocfungus likes this.
don't like this
key trick is that it uses edge detection to make a smooth pixel art image
here's an example without edge detection
and here's with it enabled
edit: I spent way too much time on this, but figured out how to make the edge detection method produce sharp images
[2024-10-27] OpenZFS new deduplication mechanism and why you still may not want to use it
OpenZFS deduplication is good now and you shouldn't use it
OpenZFS 2.3.0 will be released any day now, and it includes the new “Fast Dedup” feature. My team at Klara spent many months in 2023 and 2024 working on it, and we reckon it’s pretty good, a huge step up from the old dedup as well as being a solid ba…despair labs
Linux kernel version numbers (Greg Kroah-Hartman's blog)
Linux kernel version numbers
Despite having a stable release model and cadence since December 2003, Linux kernel version numbers seem to baffle and confuse those that run across them, causing numerous groups to mistakenly make versioning statements that are flat out false.Greg K-H (http://www.kroah.com/log/)
The blog post is confusing, but the image is very clear.
5.2.0 was released.
Then 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, and 5.2.6 were released as stable updates. Pretty straightforward.
After 5.2.0 came out, normal development continued toward the upcoming 5.3.0 in Linus’s mainline tree. As bugfixes for real problems (crashes, data corruption, build breaks, security issues, etc.) were written and merged into mainline, a subset of those fixes was then backported to the 5.2.y stable branch and released as 5.2.1, 5.2.2, and so on.
In other words, there is a separate 5.2.y branch, but most of its changes are not developed there first. They are developed in mainline (the code that will eventually become 5.3.0 and beyond) and then cherry-picked back into 5.2.y as “stable” bugfixes. There is no “merge 5.2.x back into 5.3.0”; instead, stable only takes fixes that are already in mainline.
This means that any fix you see in a 5.2.y release should already be present in the mainline code that leads to 5.3.0 (or replaced by an equivalent fix there). So when you move from 5.2.6 to 5.3.0, you should not lose any of the bugfixes you were getting from the 5.2.y stable series.
If semantic versioning is:
MAJOR version when you make incompatible API changes
MINOR version when you add functionality in a backward compatible manner
PATCH version when you make backward compatible bug fixes
then I think that would be on like 3.77.0 or something right now. Not terrible, but honestly prefer it to be like the major upped in the new year every year. It is about 43 years old,so 43.x in 2026. Would be easier to know how old a kernel release is without looking it up.
Would be easier to know how old a kernel release is without looking it up.
I concur, but it would be much easier to make the major version the current year (as many projects do, and Linux should imo) rather than the whole project's age at the time of a release.
Linux is only 34 years old, btw.
(Mexico) Continuing Neoliberal Policies Over Farmers’ Demands
cross-posted from: hexbear.net/post/6980341
cross-posted from: news.abolish.capital/post/1231…
This article by Arturo Huerta González originally appeared in the December 2, 2025 edition of La Jornada de Oriente*, the Puebla edition of Mexico’s premier left wing daily newspaper. The views expressed in this article are the author’s own and do not necessarily reflect those of* Mexico Solidarity Media*, or the Mexico Solidarity Project.*On November 26, 2025, the country’s President stated that “there is no money to pay what the farmers are demanding ” and that “you can’t promise what you can’t deliver.” The government has indicated that “the producers’ request to set a price far above the current market value for all national corn exceeds the government ‘s financial capacity ” and that the farmers ‘ demands “must be adjusted to budgetary availability, as public finances have limits.”
This rhetoric is the same as that of the neoliberal presidents who have governed us since the 1980s. By limiting public spending relative to revenue, the government seeks to curry favor with international rating agencies , the International Monetary Fund, and the national and international financial sector. This has led to a reduction in the size and participation of the government in the economy and a neglect of growth objectives for the productive sector, such as job creation, which the population demands. It is a crime to cut public spending in a context where the economy is not growing and the demands of large segments of the population are not being met.
It should be noted that a sovereign government has no financial limits. Financial resources are available. It’s simply a matter of amending the Organic Law of the Bank of Mexico so that it can purchase government debt directly at a low interest rate. This would allow the government to expand its spending and investment to meet the demands of farmers, promote the substitution of agricultural and manufactured imports, and generate employment. This would not be inflationary, as it would increase production, reduce the foreign trade deficit, and generate revenue to cover debt payments. The government could also reduce funding for failed projects such as the Maya Train, the Isthmus of Tehuantepec train , and the Dos Bocas refinery, and allocate those funds to support basic grain producers, a strategic sector essential for ensuring food self-sufficiency in these areas.
Upon learning of the demands from Mexican farmers, US congressmen sent a letter to the US chargé d’affaires stating that he must defend US agricultural exports to Mexico, as it is their primary market. If the Mexican government agrees to continue importing these products, it will continue to favor US producers at the expense of domestic producers, further jeopardizing self-sufficiency and increasing Mexican dependence on foreign imports.
The government says that the requested guaranteed price of 7,200 pesos per ton for corn is far above the market price and that absorbing the difference is very costly for the government. The problem is that the national price should not be set based on the open market, determined by the Chicago Mercantile Exchange, as this has led to cheap imports displacing domestic production and jeopardizing food self-sufficiency in basic grains. This not only affects agricultural producers but also increases the foreign trade deficit and makes the economy more dependent on capital inflows, which requires setting high interest rates to stimulate them. This, in turn, increases the cost of servicing debt for the government, businesses, and households, and restricts investment, spending, and economic activity.
Farmers are not mobilizing to defend any privileges, as the government claims ; they are demanding the implementation of policies to boost Mexican agriculture and advance food self-sufficiency. Therefore, they are demanding an end to importing basic grains, the provision of affordable credit, and the establishment of fair prices for these products.
The government refuses to do so for fear of inflation and devaluation, which would affect the financial sector, which requires low inflation and currency stability to safeguard its capital. Since the economy lacks the conditions to lower inflation, given low productivity and production lags, it has resorted to stimulating capital inflows to lower the dollar’s value and thus imports in order to reduce inflation. All of this benefits the financial sector and producers from the US and other countries who flood the domestic market with their products at the expense of displacing national producers and without implementing policies that promote economic growth.
The government must work for the benefit of the country, not against it. Domestic production and employment must be incentivized , even if this seems more expensive in the short term, because it would boost economic growth and employment, reduce the foreign trade deficit, and provide workers with income to cope with higher prices. This would prevent the current practice of lowering inflation to benefit the financial sector and US producers of imported goods, which has led to a decline in our industry and production of basic grains. This, in turn, has stifled economic growth, increased unemployment and underemployment, and lowered the population’s standard of living.
The government opposes the farmers’ request to remove staple grains from the USMCA trade agreement because it fears the US will impose further restrictions on Mexican exports to that country. Upon learning of the demands from Mexican farmers, US congressmen sent a letter to the US chargé d’affaires stating that he must defend US agricultural exports to Mexico, as it is their primary market. If the Mexican government agrees to continue importing these products, it will continue to favor US producers at the expense of domestic producers, further jeopardizing self-sufficiency and increasing Mexican dependence on foreign imports.
The President said that “we must be very responsible about what can and cannot be done,” and in this regard, it must be said that economic policy must be responsible in order to satisfy the demands not only of agricultural producers, but also of those who clamor for well-paying jobs, just enough to address the growing poverty and crime plaguing the country. To achieve this, the government must abandon budget cuts and ensure that the central bank serves the growth of the productive sector and employment. Furthermore, trade liberalization must be reviewed, and protectionist policies implemented to favor domestic production. If the government does not increase investment and spending to boost private investment, production, and employment, and if the central bank does not lower interest rates, the economy is headed for a crisis.
Without growth in production and employment, there is no growth. Neoliberal policies must be abandoned . If the government fails to meet the needs of the population and continues to act in favor of the interests of the US and the financial sector, economic and social problems and discontent among affected sectors will worsen, leading to increased protests.
The post Continuing Neoliberal Policies Over Farmers’ Demands appeared first on Mexico Solidarity Media.From Mexico Solidarity Media via This RSS Feed.
El gobierno privilegia mantener las políticas neoliberales, en vez satisfacer las demandas - Alternativa Económica
El gobierno ha señalado que “la petición de los productores de fijar un precio muy superior al valor actual de mercado para todo el maíz nacional rebasa la capacidad financiera del gobiernoArturo Huerta González (La Jornada de Oriente)
@Salamence@lemmy.zip please add the required [Opinion] prefix in the title.
The views expressed in this article are the author’s own and do not necessarily reflect those of Mexico Solidarity Media, or the Mexico Solidarity Project.
Is Europe ready to pull the trigger? Officials whisper about dumping US treasuries if Trump cuts Ukraine deal
Is Europe ready to pull the trigger? Officials whisper about dumping US treasuries if Trump cuts Ukraine d
European governments US Treasuries: European governments are considering a radical economic strategy by possibly selling off US Treasury bonds to counter a feared Trump-Putin agreement that could jeopardize Ukraine's security.Shreya Biswas (Economic Times)
i was going to say something like this.
it's like eisenhower's threat to eden but in reverse and just as empty; they'll never threaten profits or capital and they've also made themselves even more depended on the us.
Florida governor designates Muslim rights group as terrorist organization
Florida Governor Ron DeSantis signed an executive order designating one of the country’s most prominent Muslim civil rights groups, the Council on American-Islamic Relations, as a “foreign terrorist organization,” becoming the second high-profile Republican governor to do so in recent weeks.
CAIR's Florida chapter announced a lawsuit challenging the order at a Tuesday press conference in Tampa, where Hiba Rahim, the chapter's interim executive director, called the order "defamatory and unconstitutional."
The U.S. government has not designated CAIR or the Muslim Brotherhood as foreign terrorist organizations, but President Donald Trump last month began the process of doing so for certain Muslim Brotherhood chapters, such as those in Lebanon, Egypt and Jordan.
The Florida order instructs agencies to take action to prevent CAIR from receiving any state contracts, employment or funding.
CAIR was founded in 1994 and has chapters in nearly two dozen U.S. states.
Army begins to reshape its acquisition enterprise along portfolio lines
“We will leverage taxpayer dollars in a more accountable, flexible and deliberate manner to maximize their value across capability portfolios,” Defense Secretary Pete Hegseth said during an address at the National War College. “We will shift funding within portfolios’ authorized boundaries swiftly and decisively to maximize mission outcomes. If one program is faltering, funding will be shifted within the portfolio to accelerate or scale a higher priority. If a new or more promising technology emerges, we will seize the opportunity and not be held back by artificial constraints and funding boundaries that take months or even years to overcome.”
In that address, Hegseth credited the military services with laying the groundwork for some of the reforms he wants to make department-wide. And the Army started its implementation work last month, naming six new “portfolio acquisition executives.” Each of those PAEs will oversee different “capability areas” with programs managed by what had, up until now, been called program executive offices (PEOs), and will now be called capability program executives (CPEs).
Army begins to reshape its acquisition enterprise along portfolio lines
Former program executive offices are starting to realign their organizations under the new "capability portfolio executive" construct.Jared Serbu (Federal News Network)
Uncovered: Instacart is using AI algorithms to charge customers different prices for the same items. It's not just online. It's in physical grocery stores too.
New Investigation found that some grocery prices differed by as much as 23 percent per item from one Instacart customer to the next. In an inadvertently sent email, the company calls one pricing tactic “smart rounding.”
Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill, CR and Groundwork Collaborative Investigation Finds
Exclusive: Instacart’s AI pricing may be inflating your grocery bill.Consumer Reports
like this
Uncovered: Instacart is using AI algorithms to charge customers different prices for the same items. It's not just online. It's in physical grocery stores too.
New Investigation found that some grocery prices differed by as much as 23 percent per item from one Instacart customer to the next. In an inadvertently sent email, the company calls one pricing tactic “smart rounding.”
Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill, CR and Groundwork Collaborative Investigation Finds
Exclusive: Instacart’s AI pricing may be inflating your grocery bill.Consumer Reports
essell likes this.
Brigitte Macron faces criticism after using sexist insult about activists
The scene filmed on Sunday showed France’s first lady in discussion backstage at the Folies Bergère theatre in central Paris with actor Ary Abittan before a performance he was about to give.
The previous night, feminist campaigners had disrupted his show, wearing masks of the actor bearing the word “rapist” and shouting, “Abittan, rapist!”
A woman in 2021 accused the actor of rape, but in 2023, investigators dropped the case, citing a lack of evidence.
Before Sunday’s performance, Macron is seen in the video, published by local media Public on Monday, asking him how he was feeling. When he said he was feeling scared, Macron was heard jokingly responding, using a vulgar expression in French, “If there are any stupid removed, we’ll kick them out”.
Brigitte Macron faces criticism after using sexist insult about activists
The French first lady’s team says she had intended to criticise a feminist group’s ‘radical method’ of protest.Al Jazeera
Best multi player steam setup?
cross-posted from: lemmy.world/post/39957209
Hello lemmings, I've once again come for your advice. I've built a sff system with a dual boot bazzite os. This will be mostly for my kids playing games and media serving from Big picture in the living room. I'm trying to figure out the best way to set up the accounts. Ideally it would be as close to a console experience as possible but I want to make sure each kid can save their own progress. What's my best option here? Does everyone need their own os account that signs them into steam properly? I've never set up a system for multiple users before.Edit: details
Edit: thanks for all the feedback! I'm leaning towards single system account with multiple steam accounts. Now I just need to figure out how to keep myself signed in on steam so I don't have to put my PW in every time. Thanks a ton!
I'd go with different system acounts. That way their savegames are guaranteed to stay separate.
That's because on PC most games just care about the system user when determining the savegame folder, and don't care about steam accounts.
So, what I'd do is to:
- Give each their own system account
- Set up Gamescope as a session: wiki.archlinux.org/title/Steam…
- Configure the Display Manager to use that session for their users (In GDM, for instance, it's enough to manually select it once on login - GDM remembers the last-used session per user)
- Profit
If your kids are only going to be using big picture mode in steam, then one system account will work. The steam deck only has one system user with the ability to have multiple steam accounts and that works great for multiple users, from my experience.
For anyone interested in a great dual use system for regular desktop use and a console-like experience, I recommend checking out nixos and jovian-nix:
jovian-experiments.github.io/J…
I'm using it on my main PC and it works incredibly well to mimic the steam deck experience using a full desktop on nixos 25.11
What’s a graphical piece of software you wish existed or was better?
Hi Linux Lemmites. Recently finished up school and started working full time and kind of miss working on personal projects. I’m looking to try to make something in rust and try out gpui if I can figure it out or maybe egui. I also want to make something maybe even a handful of people would actually use as I find that motivating, so I ask what would actually be useful to you?
Edit: thank you all very much for the input, I think that maybe doing something akin to a “settings+” would be a fair target for me for a n initial project. If I make anything interesting I’ll make another post in this sub.
like this
Officers at Texas immigration detention facility accused of beatings and sexual abuse
Officers at the large immigration detention camp located at the Fort Bliss army base in Texas are allegedly mistreating detainees, with accusations including beatings, sexual abuse and clandestine deportations of non-Mexican nationals into Mexico, according to a coalition of local and national US civil rights organizations.
In a 19-page letter, addressed to senior government officials at the Immigration and Customs Enforcement (ICE) agency and Fort Bliss military command, the coalition accuses officers at the immigration detention facility on the base, called Camp East Montana, of being “in violation of agency policies and standards, as well as statutory and constitutional protections”.
The advocates called for the immediate closure of the camp, where more than 2,700 detainees are being held in a complex of tents.
“In light of these abuses, we urge the end to detention of immigrants at Fort Bliss,” said the letter signed by eight organizations, including the American Civil Liberties Union, Humans Rights Watch, Estrella del Paso, the Texas Civil Rights Project and Las Americas Immigrant Advocacy Center.
Officers at Texas immigration detention facility accused of beatings and sexual abuse
Civil rights coalition calls for immediate closure of camp, where more than 2,700 detainees are being heldLorena Figueroa (The Guardian)
China’s robots—from 'factory brains' to vacuums that can pick up your socks—are crushing the competition
China’s robots—from ‘factory brains’ to vacuums that can pick up your socks—are lapping the competition
Also: All the news and watercooler chat from Fortune.Nicholas Gordon (Fortune)
like this
reshared this
like this
(ADC) “Smartphone, dopamina e dipendenza: il mio ESPERIMENTO di 7 Giorni”
Caspiterina, De Concimi ha cacciato fuori questo esperimentino pazzo 2 settimane fa e io me l’ero perso… l’ho scoperto solo stasera per caso: 1 settimana senza lo smarfonino (o smarfonone, nel suo caso) per capire se è possibile vivere senza. Non tanto in senso di pratica universale del mondo, perché purtroppo al giorno d’oggi l’avere […]
octospacc.altervista.org/2025/…
(ADC) “Smartphone, dopamina e dipendenza: il mio ESPERIMENTO di 7 Giorni”
youtube.com/watch?v=yKM4mMAxtE…Caspiterina, De Concimi ha cacciato fuori questo esperimentino pazzo 2 settimane fa e io me l’ero perso… l’ho scoperto solo stasera per caso: 1 settimana senza lo smarfonino (o smarfonone, nel suo caso) per capire se è possibile vivere senza. Non tanto in senso di pratica universale del mondo, perché purtroppo al giorno d’oggi l’avere ed usare costantemente uno smartphone è qualcosa di praticamente forzato dall’esterno, sia dalla società che per certi versi dagli Stati, e con ogni anno che passa la possibilità di poter rimanere senza in tal misura si fa sempre più sottile, quindi non è questo il punto del video… Il suo discorso è più che altro sull’abitudine, la dipendenza, e queste minchiatine qui. 😳
È un caso spassoso che, come la sua sfida sia stata di 1 settimana, così io stasera — dopo aver trovato appunto per caso questo video, che credo abbia qualche spuntino di riflessione, e quindi mi è venuta la voglia di postare — stia scrivendo qui dopo 1 settimana intera che non tocco il fritto misto… E beh, di un caso si tratta, perché io non ho affatto mandato a fanculo il telefono, ma semplicemente sono evidentemente a corto di olio, quindi è difficile friggere. (In altre parole, l’anedonia mi distrugge, e quindi col piffero che esce qualcosa da scrivere qui, di lungo e sensato… ma, anche oggi pomeriggio ho applicato il mio fix vietato, e dunque stasera ho la voglia di fare le cose, che wow… però non divaghiamo.) 🙏
Lui avrebbe voluto fare proprio una settimana senza Internet, ma non è riuscito a giustificare il prendersi una settimana di ferie (che sarebbe la conseguenza logica di una tale scelta per lui, visto che il suo lavoro non è raccogliere i pomodori), quindi ha ripiegato sul semplicemente mettere via lo smartphone pieghevole fantastico moderno che ha, e ritornare ai tempi antichi del suo vecchio cellulare Nokia, mettendo la SIM in quello e non usando più lo smartphone per niente; se non per i codici della banca (e zio merdone, le banche e le loro app!) e per registrare pezzi di vlog. 👌
Cosa ne può mai venire allora fuori da questa cosa? Boh; per lui, che può fare a meno di avere certe app molto distraenti sul cellulare (incluse alcune che, nonostante ciò, avrebbero un giustificabile scopo lavorativo, come YouTube Studio; quindi non parliamo solo di minchiatine), decidendo quindi di levarle da lì, allocandole solo al PC e a tempi della giornata più controllati, avendo così un potenziamento dell’attenzione e sprecando dunque meno tempo durante tutti i giorni e quindi nella vita… e, per chi guarda, invece, veramente boh; nel senso, dipende. 🍇
Io, in realtà, grandi problemi con il telefonone in questo senso non sento di averne… ma non tanto perché ne ho in realtà di ben più gravi in altri sensi—ehm, volevo dire, non solo perché non è la prima volta che sento queste cose; quanto più per il fatto che innanzitutto il mio uso dello smarfonone è abbastanza diverso dalla media delle persone della mia generazione (che, le statistiche lo dicono, è comunque quella più fissata), e poi perché tante misure riparative o preventive dell’abuso dello smartphone sono per me normalità da tempo… per una semplice questione di miei gusti e tendenze, in realtà, lol. 😊
Alla fine del video, Alessandrone suggerisce alcune cose effettivamente utili, che per me infatti non sono nuove. Piattaforme social che non aggiungono praticamente nulla alla mia vita non le uso (ma in realtà, curiosamente, come ho già detto, se le iniziassi ad usare non riuscirei ad acquisire l’abitudine; mi scoccerei naturalmente e smetterei senza farci caso)… Il telefono certamente non è il mio unico robo di battaglia, e anzi, a casa non ho davvero tanto la voglia di usarlo quando posso fare qualcosa ugualmente o meglio dal PC (come scrivere)… E beh, a me le notifiche danno proprio fastidio dentro (ma questa sarà altrettanto la potenza del mio autismo), quindi le uniche che permetto al telefono di ricevere in qualsiasi momento sono chiamate ed SMS, nient’altro (mentre, sul tablet, praticamente zero). 😈
In realtà, però, devo ammettere che dei problemi di abitudini zombi li ho pure io, a riguardo… e quindi sì, assolutamente evito di tenere collegamenti rapidi a cose che apro di continuo senza motivo, altrimenti è la fine, ma mi trovo a dover ogni tanto cambiare anche la disposizione del drawer delle app o altre cose di questo tipo, perché sennò non basta… Ma, questo non è tanto un problema di dopamina, visto che mi accorgo che per me pure il fottuto Alt+Tab sul PC è compulsivo; proprio nel mentre di scrivere questo post, l’ho premuto non so quante volte… e l’unica finestra che ho portato in foreground è stata la mia cartella Download rimasta aperta da poco fa, non una app con meccanismo da slot machine. (E no, impostare la scala di grigi non mi aiuta con ciò.) 🥴
Boh, complessivamente l’esperimento è gnam, e… io non lo farei, perché ehh… francamente, a me, lo smartphone, quando serve serve. Se voglio annotare qualcosa devo farlo, e idem se voglio cercare sul web delle robe, o se ho da scattare delle foto e persino modificarle al volo, nonché attuare rapidi momenti di sysadmin e programmazione in giro, visto che un tablet sarebbe troppo grosso e dunque non potrei portarlo ovunque… Però, allo stesso tempo, non è assolutamente la fine del mondo se in un certo momento non posso aprire Pinterest o Telegram per guardare (e pigniare…) i miei memini; basta che ho un manga da leggere, o una console per giocare, e riesco tranquillamente a non morire. (…E sì, sto implicando che se non ho la possibilità di scrivere quando voglio è improbabile io possa sopravvivere; ma insomma, se esplodessero gli smartphone domani userei il 3DS, e se esplodesse tutta l’elettronica del pianeta userei la carta.) 👍
#adc #dipendenza #dopamina #esperimento #smartphone
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
Glauber Braga é expulso do plenário após ocupação da Mesa Diretora
Glauber Braga é expulso do plenário após ocupação da Mesa Diretora
Congressista foi levado por policiais legislativos para fora do plenário após protesto contra possível cassação.Congresso em Foco
China completes 35,000-ton heavy-haul train group operation test, world’s first-of-a-kind
China completes 35,000-ton heavy-haul train group operation test, world’s first-of-a-kind
The world's first 35,000-ton heavy-haul train group operational test was successfully conducted on the Baoshen Railway in North China's Inner Mongolia Autonomous Region on Monday.www.globaltimes.cn
Can DSA Hold Mamdani Accountable? Its Co-Chairs Respond
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
100% Success Rate: All 32 Paralysis Patients in China’s Brain–Computer Interface Clinical Trial Achieve Brain-Controlled Grasping
100% Success Rate: All 32 Paralysis Patients in China’s Brain–Computer Interface Clinical Trial Achieve Brain-Controlled Grasping
This article reports the groundbreaking results of China’s NEO wireless minimally invasive brain–computer interface trial, where all 32 paralyzed patients achieved successful at-home brain-controlled grasping.pandaily.com
Segal Secrets: docs reveal Antisemitism Envoy's big pay day - Michael West
Where Winds Meet: Why China's Wuxia RPG is Winning Over Global Gamers
Where Winds Meet: Why China's Wuxia RPG is Winning Over Global Gamers - RADII
We look at how the epic Chinese RPG published by NetEase is challenging Western critics while captivating players worldwide.Mandy Wong (RADII - Transcend boundaries)
Can people not understand definitions that are longer than 5 words?
I dont understand why people on lemmy are trying to remove the meaning of every specific word related to politics, leaving a million synonyms of the same general thing and no word for a specific ideology
Nazi still has meaning today, but that doesnt stop people from calling any right wing extremist a nazi
Also, whats the point of creating more synonyms?
Your only complaints are:
- "It's icky"
- "ai sucks"
- The image itself is generated, rather than artisinally created
The first 2 are non-points to begin with, and the latter is an incomplete point. Again, there is absolutely no reason why this image needs to be artisinally created. Had OP used wordart and grabbed a stock image online for the background, it would have had the same amount of human input but no AI, yet you wouldn't be calling it into question.
Nobody present is trying to tell you that AI can replace artists making art. You're making the same mistakes the Luddites did in blaming machinery for the ills of capitalism, rather than capitalism itself. The same argument was had when digital art became mainstream over hand-drawn art, and when cameras came into being. Neither digital art nor cameras have replaced traditional art, nor can they, but that doesn't mean digital art and cameras don't have legitimate use cases.
AI has limitations that AI fanatics lie about. AI also has use-cases that people try their hardest to deny. Marxism helps us understand that AI can never replace traditonal art, but can absolutely be used for things like agitprop or stock images.
Requiring that communists spend hours on artisinally producing what is ultimately a disposable image meant to agitate and spark conversation just for you to acknowledge the message is wrong. From a human perspective, requiring this artisinal agitprop in order to acknowledge the point being drivin is deeply anti-human and instead individualist.
Your only point is:
- If it supports my ideology it's inherently good
No.
My point is that technology that eliminates labor is useful, and correctly analyzing where it's useful and where it isn't is important. It is better to save time where we can, such is the purpose of technology that amplifies what labor creates.
Any leftist of any sort should be dedicated to improving technology and production so that we can fulfill the needs of as many people as possible with as little labor necessary. AI can't replace art, but it can certainly help in cases like this, small disposable agitprop memes for sparking discussion (like we are having now).
This is why it's important to have a dialectical materialist outlook and not an idealist one. Metaphysics isn't helpful.
What is the actual difference in output in the use-case here? What changes about the message if this meme was artisinally created, especially if you couldn't tell? This is why it's important to discard idealism and to embrace materialism, idealism adds confusing baggage that clouds our judgement.
Further, it is working. Every other top-level comment is a discussion of the content of the post, not the fact that it was generated.
The difference is whether we're engaging with one another collectively or being engaged by a machine in isolation. If we couldn't tell the difference we would be "cooked" and it would be "so over" as the kids say. This is why it's important to care about the human element, freebasing materialism has apparently caused you to dismiss your fellow man as confusing baggage
Further, this (thankfully) doesn't seem very well-recieved, I would say in large part because it is thoughtless, souless, trite, mechanized slop. It's making a room full of countercultural system-smashers who would otherwise agree with at least the general sentiment stop and think that you suck too
As I said, OP could have grabbed a stock image and wordart and made the exact same image. Is it still intrinsically bad? We interact with machines and use tools all the time to shortcut processes that used to be artisinal. Taking photos of people instead of drawing them by hand did not erase the desire for portraits, but it added the ability to shortcut photography for times where applicable.
As for where you're getting the idea that OP's image isn't well-recieved from, I have no idea. Your top comment is at time of writing 50% upvoted and 50% downvoted, and everyone else is talking about the content of the image. Saying we are "cooked and so over" without further elaboration isn't a point either.
I'm not dismissing my fellow man, especially because I am fighting for the right of tool usage that alleviates artisinal labor from areas it doesn't need to be.
I explicitly said, over and over again, that AI can never take the place of art. OP clearly did not like the idea of hand-drawing agitprop, and so used a tool to shortcut to the final product. I don't see art as a burden to be alleviated, and made the case that AI can exist alongside art without replacing it, just as photography didn't replace hand-drawn portraits.
If you're going to deliberately ignore what others are saying to you and instead make up brand new strawmen to attack, do you actually care about human expression or is this just a trend of emotional reaction?
Top Brazilian Official Warns Trump of 'Vietnam-Style' Regional Conflict If He Attacks Venezuela
cross-posted from: hexbear.net/post/6977610
cross-posted from: news.abolish.capital/post/1231…
A top Brazilian official is warning President Donald Trump that a US military attack on Venezuela could easily spiral out of control into a "Vietnam-style" regional conflict.
Celso Amorim, chief foreign policy adviser to Brazilian President Luiz Inácio Lula da Silva, said in an interview published on Monday by the Guardian that a US military strike on Venezuela would inevitably draw nations throughout Latin America into an armed conflict that would be difficult to contain.
"The last thing we want is for South America to become a war zone—and a war zone that would inevitably not just be a war between the US and Venezuela," he said. "It would end up having global involvement and this would be really unfortunate."
Amorim added that "if there was an invasion, a real invasion [of Venezuela]... I think undoubtedly you would see something similar to Vietnam—on what scale it’s impossible to say."
While acknowledging that Venezuelan President Nicolás Maduro is disliked by many other South American leaders, Amorim predicted that even some of Maduro's adversaries would rally to his side in the face of destabilizing military actions by the US government.
He also predicted that anti-US sentiment would surge throughout the continent in the event of an invasion, as there is still major resentment toward the US for backing right-wing military coups during the Cold War in Chile, Brazil, and other nations.
"I know South America," he emphasized. "Our whole continent exists because of resistance against foreign invaders."
The Trump administration in recent weeks has signaled that it plans to launch attacks against purported drug traffickers inside Venezuela, even though reports from the US government and the United Nations have not identified Venezuela as a significant source of drugs that enter the United States.
The administration has also accused Maduro of leading an international drug trafficking organization called the Cartel de los Soles, despite many experts saying that they have seen no evidence that such an organization formally exists.
Trump late last month further escalated tensions with Venezuela when he declared that airspace over the nation was "closed in its entirety," even though he lacks any legal authority to enforce such a decree.
The Washington Post reported on Monday that Maduro is remaining defiant in the face of US pressure, as he is refusing to go into exile despite the threat of an attack on his country.
According to the Post's sources, Maduro's inner circle of allies "shows no signs of imminent collapse," even as he has limited his public appearances and beefed up his personal security amid fears that he could be the target of an assassination attempt.
From Common Dreams via This RSS Feed.
Trump Claims Venezuelan Airspace Is Closed in Latest Illegal, 'Dangerous Escalation'
"Even if unenforced, Trump’s declaration functions as an improvised, extralegal no-fly zone created through fear, FAA warnings, and military pressure," said the anti-war group CodePink.julia-conley (Common Dreams)
it's the one we've created for ourselves thanks to self re-enforced propaganda.
remember this the next time someone tells you that you MUST vote democrat or republican.
Diaries of Blood, The secret artists within Israeli detention facilities.
cross-posted from: hexbear.net/post/6980575
"I will carry my soul in my palm,
And cast it into the abyss of death,Either a life that pleases a friend,
or a death that angers an enemy."When I asked my uncle Khader Shaat, 47, about the poetry verse that he inscribed on the embroidered, handmade notebook about 30 years ago in Asqalan Israeli prison, he told me that it was the fuel that made him survive.
"Clinging to a life of freedom kept me alive," he said, remembering the notebook he made out of black fabric and framed using many beads.
Khader Shaat was detained when he was 17, sent to prison as a child, and released as a very strong young man.
From 1948 until today, Israel has detained and attacked many iconic, educated thinkers and revolutionaries as a way to suppress their voices, lessen awareness, and hide the truth. But the Occupation doesn't discriminate. According to the 2023 report of the Palestinian Ministry of Detainees and Ex-Detainees Affairs, there are currently 4,850 detainees in Israeli prisons, among them 31 women, including eight mothers and 160 children.
Israel detains these children for nothing more than being Palestinian. You may be walking in the street, performing your prayer at a mosque or a church, doing your job at a company, studying for your exam to a school, or whatever and whenever. The accusation is homelove. They want the young Palestinians to grow up with fear, to stop raising their voices, to never defend their land.
Diaries of Blood: The secret artists within Israeli detention facilities
Palestinian prisoners have a powerful weapon against the Israeli occupation and illegal detainment: art, forged in blood on the prison walls.Eman Al-Astal (Scalawag)
Congress Quietly Kills Military “Right to Repair,” Allowing Corporations to Cash In on Fixing Broken Products
The idea of a “right to repair” — a requirement that companies facilitate consumers’ repairs, maintenance, and modification of products — is extremely popular, even winning broad, bipartisan support in Congress. That could not, however, save it from the military–industrial complex.
Lobbyists succeeded in killing part of the National Defense Authorization Act that would have given service members the right to fix their equipment in the field without having to worry about military suppliers’ intellectual property.
Under one version, co-sponsored by Sen. Elizabeth Warren, D-Mass., and Sen. Tim Sheehy, R-Mt., defense companies would have been required to supply the information needed for repairs — such as technical data, maintenance manuals, engineering drawings, and lists of replacement parts — as a condition of Pentagon contracts.
Congress Quietly Kills Military “Right to Repair,” Allowing Corporations to Cash In on Fixing Broken Products
Both chambers included Pentagon budget provisions for a right to repair, but they died after defense industry meetings on Capitol Hill.Matt Sledge (The Intercept)
☆ Yσɠƚԋσʂ ☆ likes this.
Congress Quietly Kills Military “Right to Repair,” Allowing Corporations to Cash In on Fixing Broken Products
The idea of a “right to repair” — a requirement that companies facilitate consumers’ repairs, maintenance, and modification of products — is extremely popular, even winning broad, bipartisan support in Congress. That could not, however, save it from the military–industrial complex.
Lobbyists succeeded in killing part of the National Defense Authorization Act that would have given service members the right to fix their equipment in the field without having to worry about military suppliers’ intellectual property.
Under one version, co-sponsored by Sen. Elizabeth Warren, D-Mass., and Sen. Tim Sheehy, R-Mt., defense companies would have been required to supply the information needed for repairs — such as technical data, maintenance manuals, engineering drawings, and lists of replacement parts — as a condition of Pentagon contracts.
Congress Quietly Kills Military “Right to Repair,” Allowing Corporations to Cash In on Fixing Broken Products
Both chambers included Pentagon budget provisions for a right to repair, but they died after defense industry meetings on Capitol Hill.Matt Sledge (The Intercept)
Lonewolfmcquade
in reply to yazomie • • •yazomie
in reply to Lonewolfmcquade • • •Lonewolfmcquade
in reply to yazomie • • •N.E.P.T.R
in reply to yazomie • • •What I want out of a secure Linux (or BSD) system is full (top-to-bottom) sandboxing of all components to enforce least privilege. I am want to learn how to make my own distro (most likely for personal use) which uses strong SELinux policies, in conjunction with syd-3 sandboxing, which seems like the most robust and feature rich, unprivileged sandbox in both the Linux/BSD worlds (also it's totally in safe Rust from what i can tell).
Another thing that I would love to make is a drop-in replacement for Flatpak that is backwards compatible but uses syd-3 instead. It has much better exploit protections than Bubblewrap, and is actually an OOTB secure sandbox. I dont know much about the internals of Flatpak, or how to use xdg-desktop-portal, but I am going to start more simple with a Bubblejail alternative. One major advantage of syd is that you can modify an already running sandbox, so theoretical you could show a popup that says something like "App1 is requesting microphone access.", where you could toggle on without needing to restart the app.
Need to get better at coding tho lol
iopq
in reply to N.E.P.T.R • • •sudoer777
in reply to iopq • • •iopq
in reply to sudoer777 • • •aaravchen
in reply to iopq • • •SELinux is used on all the Fedora Immutable distros, and the OpenSUSE Immutable distro.
It's actually much easier to do SELinux in Immutable distros in a lot of ways than non-immutable. Especially the bootc-style ones where even more of the system is defined and prebuilt before deployment.
AppArmor is OK, but the whole issue is that you have to know what to throw into it. That's also its benefit, you can focus in the high risk things and ignore the low risk things. It keeps expanding profiles more and more though, and ironically the ultimate destination is everything being under MAC.
iopq
in reply to aaravchen • • •yazomie
in reply to N.E.P.T.R • • •moonpiedumplings
in reply to yazomie • • •Syd3, and gvisor, a similar project in go aren't really sandboxes but instead user mode emulation of the linux kernel. I consider them more secure than virtual machines because code that programs run is not directly executed on your cpu.
Although syd3 doesn't seem to emulate every syscall, only some, I know rhat gvisor does emulate every syscall.
If you compare CVE's for gvisor and CVE's for xen/kvm, you'll see that they are worlds apart.
Xen has 25 pages: app.opencve.io/cve/?vendor=xen
Gvisor has 1: app.opencve.io/cve/?q=gvisor
Now, gvisor is a much newer product, but it is still a full 7 years old compared to xen's 22 years of history. For something that is a third of the age, it has 1/25th of the cve's.
There is a very real argument to be made that the hardened openbsd kernel, when combined with openbsd's sandboxing, is more secure than xen, which you brought up.
Xen CVEs and Security Vulnerabilities - OpenCVE
app.opencve.ioyazomie
in reply to moonpiedumplings • • •I could use gvisor inside distrobox inside an appVM in Qubes, couldn't I?
Many CVE's for Xen were discovered and patched by the Qubes folks, so that's a good thing...
As for OpenBSD, I thought I mentioned in the blog post that I'm intending to use it as sys-net VM inside Qubes if not as HVM alongside my Linux appVMs, for when I need Linux. The best of both worlds, so to say.
moonpiedumplings
in reply to yazomie • • •to answer your first question, kind of. Gvisor (by google btw) uses the linux kernels sandboxing to sandbox the gvisor process itself.
Distrobox also uses the linux kernels sandboxing, which is how linux based containers work.
Due to issues with the attack surface of the linux's kernels sandboxing components, the ability to create sandboxing or containers inside sandboxes or containers is usually restricted.
What this means is that to use gvisor inside docker/podman (distrobox) you must either loosen the (kinda nonexistent) distrobox sandbox, or you must disable gvisors sandboxing that it applies to itself. You lose the benefit, and you would be better off just using gvisor alone.
It's complicated, but basically the linux's kernels containers/sandboxing features can't really be "stacked".
Linux | Madaidan's Insecurities
madaidans-insecurities.github.ioyazomie
in reply to moonpiedumplings • • •moonpiedumplings
in reply to yazomie • • •No, no, no.
It's no that sandboxing is the best practice, it's just that attempting to "stack" linux sandboxes is mostly ineffective. If I run kvm inside xen, I get more security. If I run a linux container inside a linux container, I only get the benefit of one layer. But linux sandboxes are good practice.
I do agree that secureblue sucks, but I don't understand your focus on Qubes. To elaborate on my criticisms let me explain, with a reply to this comment:
If really, really care about security, it's not enough to "find and patch CVE's". The architecture of the software must be organized in such a way that certain classes of vulnerabilities are impossible — so no CVE's exist in the first place. Having a lack of separation between different privilege levels turns a normal bug into a critical security issue.
Xen having so many CVE's shows that is has some clear architectural flaws, and that despite technically being a "microkernel", the isolation between the components is not enough to prevent privilege isolation flaws.
Gvisor having very few CVE's over it's lifespan shows it has a better architecture. Same for OpenBSD — despite having a "monolithic" kernel, I would trust openbsd more in many cases (will elaborate later).
Now, let's talk about threat model. Personally, I don't really understand your fears in this thread. You visited a site, got literally jumpscared (not even phised), and are now looking at qubes? No actual exploit was done.
You need to understand that the sandboxing that browsers use is one of the most advanced in existence currently. Browser escapes are mostly impossible... mostly.
In addition, you need to know that excluding openbsd, gvisor, and a few other projects almost all other projects will have a regular outpouring of CVE's at varying rates, depending on how well they are architectured.
Xen is one of those projects. Linux is one of those projects. Your browser is one of those projects. Although I consider Linux a tier below in security, I consider Xen and browsers to exist at a similar tier of security.
What I'm trying to say, is that any organization/entity that is keeping a browser sandbox escape, will most definitely have a Linux privilege escalation vulnerability, and will probably also have a Xen escape and escalation vulnerability.
This is just false. Anybody who is able to do the very difficult task of compromising you through the browser will probably also be able to punch through Xen.
This is true actually. Browser exploits are worth millions or even tens of millions of dollars. And they can only really be used a few times before someone catches them and reports them so that they are patched.
Why would someone spend tens of millions of dollars to compromise you? Do you have information worth millions of dollars on your computer? It's not a "utopic notion", it's being realistic.
If you want maximum browser security, ~~disable javascript~~ use chromium on openbsd. Chromium has slightly stronger sandboxing than firefox, although chromium mostly outputs CVE's at the same rate as firefox. Where it really shines, is when combined with Openbsd's sandboxing (or grapheneos' for phones).
Sure, you can run Xen under that setup. But there will be no benefit, you already have a stronger layer in front of Xen.
TLDR: Your entire security setup is only actually as strong as your strongest layer/shield. Adding more layers doesn't really offer a benefit. But trying to add stronger layers is a waste of your time because you aren't a target.
N.E.P.T.R
in reply to yazomie • • •I am excited to see Chimera Linux mature because iy seems like a distro which prioritizes a simple but modern software stack.
Features of Chimera that I like include:
- Not run by fascists
- Not SystemD (dinit)
- Not GNU coreutils (BSD utils)
- Not glibc (musl)
- Not jemalloc (mimalloc)
- Proper build system, not just Bash scripts in a trenchcoat
What I would like:
- MAC (SELinux)
- Switch to Fish over Bash (because it is a much lighter codebase)
- Switch from mimalloc to hardened_malloc (or mimalloc built with secure flag). Sadly hardened_malloc is only x64 or aarch64
- Hardened sysctl kernel policy
Chimera Linux
Chimera LinuxKajika
in reply to N.E.P.T.R • • •What are the pros/cons of GNU coreutils vs BSD utils?
EDIT : from their website : Desktop environment -> GNOME. What a choice, not for me.
yazomie
in reply to Kajika • • •LeFantome
in reply to Kajika • • •First, I use either Niri or KDE Plasma on Chimera Linux. Both are just an “apk add” away. You do not have to use GNOME. There is even a KDE live image so you do not even have to run GNOME once to install if you do not want.
I really like the BSD utils and have come to prefer them. Well written. Sleek. Well documented. The man pages are a walk through UNIX history. They feel “right” to me.
That said, the BSD userland is frequently a pain when interacting with the rest of the Linux universe. You cannot even build a stock kernel.org kernel without running into compatibility problems. The first time I built the COSMIC desktop on Chimera, I had to edit a dozen files to make them “BSD” compatible.
Sed, find, tar, xargs, and grep have all caused me problems. And you need bash obviously. But bash is no big deal because it has a different name.
The key GNU utils are available in the Chimera repos. But you get files named gfind, gtar, gxargs, gsed, etc. so scripts will not find them.
You often have to either add the ‘g’ to the beginning of utilities in scripts or edit the arguments to work with the BSD versions.
I mean, most things are compatible and I bet most of the command-line switches you actually use will work with the BSD utils. But I would be lying if I did not say third-party scripts are a hassle.
If I could do Chimera all over again, I would make it bsdtar and bsdsed (or bsed maybe) for the BSD versions.
Maybe the regular names could be symlinks with sed pointing to bsdsed by default but you could point it to gsed instead of you want. The system Chimera scripts and tools could use the longer names (eg. bsdsed) instead of the symlinks. The GNU tools could be absent by default like they are now. That would be the best of both worlds. The base system would have the advantages of the BSD tools (like easier builds as outlined on the Chimera site), the system could be GNU free if you want, and you could have a system that actually works out of the box more often with third-party scripts.
It pains me to say this. I would prefer not to use the GNU stuff but the GNU tools are the de facto standard on Linux and many, many things assume them. No wonder UUtils aims for 100% compatibility.
Anyway, even with what I say above, Chimera is my favourite distro. The dev can be a little prickly, but they do nice work.
Oinks
in reply to LeFantome • • •PATHmodification:or in script form:
/usr/local/opt/...is probably not the best place to put this but you get the idea, you can make it work with POSIX tools. I don't know that much about Chimera Linux but I'd be very surprised if nobody has thought of doing this systematically, e.g. as part of a distributable package.LeFantome
in reply to Oinks • • •Thank you for the suggestion. I am ashamed to confess that a temporary PATH variable had not occurred to me.
I first ran into these issues creating package templates. Chimera has a beautiful package build system where packages get built in containers and source code gets downloaded into the container and and built against a clean environment. As you point out, creating a package that creates the symlinks as a dependency (along with the GNU utils) could be a viable approach here. Maybe even just in /usr/local. The GNU utils get installed to /usr/bin in Chimera and the container gets recycled for every new package. The distro would never accept such hacky packages but I can use them myself.
For just generally working in the distro at the command-line, your temporary path idea could work well.
Thanks again. I appreciate it!
yazomie
in reply to N.E.P.T.R • • •N.E.P.T.R
in reply to yazomie • • •LeFantome
in reply to N.E.P.T.R • • •Chimera Linux is great. APK and cports are so good I cannot imagine going back to anything else.
Bash is not the default shell though. Chimera uses the Almquist Shell from FreeBSD. Other Linux distros have “dash” which is basically an Almquist variant.
Almquist is lighter than fish and fish is not POSIX compatible.
Bash is available in the Chimera Linux repos of course and is required for many common scripts.
“Not run by fascists”. Sometimes I wonder.
Jay🚩
in reply to yazomie • • •Ironclad
ironclad-os.orgyazomie
in reply to Jay🚩 • • •marcie (she/her)
in reply to yazomie • • •peskypry
in reply to marcie (she/her) • • •yazomie
in reply to peskypry • • •dXq9dwg4zt
in reply to peskypry • • •yazomie
in reply to marcie (she/her) • • •It works decently with just 8 GB RAM, and I'm going to upgrade the RAM.
Secureblue is based on sandboxing rather than paravirtualization, and I'm not sure that's secure enough for me.
marcie (she/her)
in reply to yazomie • • •I do agree it's likely more secure, but the tradeoff for common use cases (gaming, development) is steep. I could see using it solely for browsing and messaging people
You can also just slot secure blue into a qube I believe
non_burglar
in reply to yazomie • • •yazomie
in reply to non_burglar • • •non_burglar
in reply to yazomie • • •You aren't going to like this:
Because if you got yourself pwned by a malicious link in discord, your account highjacked, etc., then having discord in a vm, container, chroot, jail, or whatever won't help you on the server-side api abuse that got you pwned. In this case, you yourself should have been more vigilant.
From your article, and with respect, I think its nice you're thinking more about security, but you're mixing up quite a few concepts, and you should probably make smaller moves toward security that you actually understand, instead of going all-in on qubes with only a vague concept of the difference between sandboxing and paravirtualization.
mub
in reply to non_burglar • • •non_burglar
in reply to mub • • •Yep.
I was hoping not to sound too harsh, I'll have to work on that.
youmaynotknow
in reply to non_burglar • • •KubeRoot
in reply to mub • • •Well, maybe not any, but most ;D
mybuttnolie
in reply to yazomie • • •edit: thought i was funny but it sounds mean now. but i know how you feel, i got pwned once like 10y ago and they sent spam from my skype...
sudoer777
in reply to non_burglar • • •non_burglar
in reply to sudoer777 • • •MouldyCat
in reply to non_burglar • • •non_burglar
in reply to MouldyCat • • •Sure, but if the compromise stays within its own app, like for a browser, sandboxing won't help.
The bulk, and I mean like 95% of the compromises I see are normal employees clicking on things that "look legit".
Excel is now wrapped in a browser. Discord, almost all work apps are all wrapped in a browser. So you can be completely locked down between apps like grapheneos, but if you are choosing to open links, no amount of sandboxing is going to save you.
This is why we deploy knowbe4 and proofpoint, cause people are a liabilities, even to themselves.
FoundFootFootage78
in reply to non_burglar • • •Clicking on things that look legit is a critical part of interaction with computers. Programs should not be installed unintentionally, so first and foremost Office Macros should not be enabled by default (and eventually Microsoft did disable them).
Recently I think the main avenue for malware is to send a PDF with a fake popup for an update, that links to a phishing site and prompts you to download an exe with malware. That kind of thing is a harder issue to solve, but at the very least an OS should probably not let that program update your BIOS.
sudoer777
in reply to non_burglar • • •non_burglar
in reply to sudoer777 • • •sudoer777
in reply to non_burglar • • •Yes, but I never said you won't get pwned. I said that it would limit how it could be done and what damage it could do.
For instance, if you click a link and download something shitty, it can't just steal your auth tokens on GrapheneOS because all of that is isolated to only the program that uses them. Meanwhile on Windows/Linux there are tons of Python scripts that do that. It would take extra steps on GrapheneOS for someone to use social engineering to hack someone's Discord/Bank/etc account, which could be enough to prevent it for some people.
fruitycoder
in reply to yazomie • • •Another step up is the confidential computing project. Requires hardware that supports it though, which sucks, but takes the virtual hardware concept and adds multi key memory encryption on top.
Remember though security without a threat model is just paranoia, so what level of hoops and investment you need really depends on what your threats actually look like.
I personally love containers and Macsec. It limits most of my concerns. I want to mess with confidential containers next, which is to say lightweight VMs in containers with memory encryption set, but thats all future to me. The irony is that I then I have to figure out attestation better for those machines since from the host they are black boxes.
FoundFootFootage78
in reply to yazomie • • •