Past vulnerabilities doesn’t mean there is active mpdern vulnerabilities especially ones in widely tested operating systems that’s exploited by as many apps as people claim are listening when security researchers also regularly reverse engineer and analyze the source code of popular apps to figure out what they’re doing. You can decompile Android apps pretty easily to see what they’re doing. Some are obfuscated so it takes some effort.

Its one thing to claim there’s some a system level bypass for the icon that the NSA uses to spy on its enemies, it’s another thing to claim that it’s being exploited on a wide scale by a tech companies on different apps, iOS and Android, multiple versions/devices.

The reality is that we leak tons of info through other mediums that are easier and cheaper to collect than through microphones.

Here’s a good reason why you should run an ad blocker. Block the Google Analytics script from loading entirely.

Google Analytics gives you insights on what pages people visit, how long they spend, what kind of browsers and devices they use. That can give them data on what pages are important to customers and what screen sizes to support

I’d rather they self host this data vs use Google Analytics, but there are benefits.

They started charging money for Docker Desktop for companies and they have been adding pull limits on Docker Hub.

Personally, I’ve been enjoying cozy games like Dorfromantik, Rail Route, or even Transport Fever 2 (I just play with unlimited money and build great transit networks that I wish existed in my home country.)

The laptops are manufactured in Taiwan. There’s so much unpredictability in the tariffs so they’re delaying until it settles down. Tariffs are going to impact US companies and US residents.

Oh that would be nice. I would use that to just go into the database and fix all my broken music metadata which I can’t see to fix any other way.

https://www.recompile.se/mandos

You’re right. Unfortunately, open-source has proven time and time again to be unsustainable and burn maintainers out

That’s a good reason for people to take the money they would have spent buying a proprietary solution and instead donate that money to an open source project. For me it’s not always about the cost, but what I get out of it. I’d rather the money go to the community and better it.

Its only everything from other instances and communities that the current instance subscribes to. It doesn’t subscribe to the full pipe of everything.

What’s likely happening is people in aggregate generally subscribe to the most popular communities and those communities have the most upvoted posts.

I stopped using it to pay because then I’d have to set up a PIN, and then type in the PIN every time I want to use it

This shocked me when I went from my Galaxy Watch 3 to a Galaxy Watch 6. I used to only have to put a PIN when I wanted to pay, but now it’s anything on the watch?

Because of that, I also disabled the payment app.

but completely backwards in thinking that an undocumented bluetooth backdoor is worse than the worst vulnerability found since the invention of the internet

Right HeartBleed was way worse than this, not on the same level. I wasn’t claiming the opposite.

I was responding to the comment that appeared to suggest they were on the same level.

No way they’re on the same level. Heartbleed allowed for remote memory reads. This requires you to have access to change the firmware and just gives you some more APIs to control the WiFi system and possibly bypass firmware verification.

Back in early 2024, I got a survey asking me why I chose to cancel my prime membership and I gave them multiple reasons.

The companion post, I Went To SQL Injection Court, goes into detail about the court process and witness testimony. One of the interesting things is just how different computer people think about security vs lawyers. Somebody might say that having a schema would help a malicious actor a small amount, and a lawyer will jump on that to deny the request. The idea that the schema would help a malicious actor is the same as a map helping a bank robber. The vault security and security guards are the relevant factors for this, not the map.

I’ll keep this in mind the next time I’m an expert witness in a computer case (based on this, I hope I’m not.)

In this context, SKU refers to a variant of this product. That is the correct acronym as I understand

I use Jellyfin for music mostly and it struggles with metadata. For example, if a song has two artists on it and I edit to correct it, it won’t update correctly and I’ll edit up with the artist “Artist A; Artist B”.

I’m working on adding ActivityPub to my Hugo blog right now. I support RSS, but I figured AP support means that you can get it into your Mastodon feed or even Lemmy feed making it easy to follow. Additionally, commenting (assuming it doesn’t get taken over by spammers.)

Which stops malicious usage, but doesn’t stop cases where web pages over use pushState as users move around instead of replaceState. I’ve seen maps that would add to the history every time a user moves around the map.