1. Software has bugs.
2. Bugs which interface with and execute untrusted code are high risk.
3. Browsers are obscenely large pieces of software, which connect a user’s system with random websites which execute JavaScript.

Browsers are one of the most important things to update on your computer.

We can talk about whether browsers should be as complicated as they are, but implying security updates are a intended as a vector of control is conspiricist thinking.

The reason you don’t get security updates backported to your older release of choice is simple: it is so much work.

Waterfox seems like a good choice, just don’t go around thinking that companies are making security updates in order to sneak in unwanted, they make security updates because they are terrified of being responsible for a major incident.

If any were it’s not like we would know, secrecy being rather important to that kind of activity.

Wasn’t that OrangePi?

I just want a diversity of architecture styles to be common, I love areas that are an eclectic mix of styles; it makes me feel like so many different people care about the area.

C because it’s what is used for low-end linux & embedded work.

Shell scripts because they’re the caulk that holds a Linux distro together.

Rust when possible because it’s how I wish systems programming could be.

I was a “ironically” racist as a young teen, it took me till my early adulthood to realise that being ironically racist is just being racist, and the edgy “humour” that is made at others expense isn’t funny or clever, and is incompatible with the kind, empathetic person I wanted to be.

Cringing at my teen self pushes me further into deprogramming myself from that shit, but I’m encouraged by the adage “if you don’t look at yourself from a decade ago and cringe, you wasted that decade”.

The specifics matter, but generally no.

When an actual fraud investigation is being done into something major like a casino laundering money, my government tends not to turn it into a media circus until after investigations are underway.

When a politician tells me they want to ‘tackle fraud’, especially welfare fraud, I hear “I want to arrest people for being poor”. It sounds like a dog-whistle to me, because every time I hear it used, it’s by people bearing a “the cruelty is the point” mindset.

I actually think this is more an attempt to exploit Trump’s worldview; he’s well-known to view inter-state relationships as purely transactional, and from that lens it seems like a good deal.

Thing is, depending on how the war goes either Russia or the US will take everything they possibly can from Ukraine; it may well be that offering Trump something the US was probably going to try to take anyway is just about the smartest way to turn somebody who was initially hostile to continued aid into someone personally invested in the outcome.

Cost to manufacture is not more than wages, but cost to purchase a good is always more than the total cost of labour needed to produce it, so long as profit exists.

The money isn’t free so much as redistributed from taxation elsewhere, think of it as the same as subsidising industry except only to the workers of that industry (instead giving it to owners and expecting the savings to trickle downwards). You could also consider it an income tax rebate with more fine-grained control of who gets it.

It doesn’t seem particularly ground-breaking of a concept; I see the value in investing money into necessary but unprofitable industry though my concern is that if you subsidise wages of a business with a profit incentive, management may lower wages to compensate.

I disagree about rejecting funding from intelligence agencies. I hate the concept of their existence, as well as what orgs like the CIA have done (and proceed to do) but given the fact of their existence, they do have legitimate reasons (in this case I mean reasons that align with Signal’s current goals rather than in order to change them) to fund Signal, and if that results in funding secure software, all the better.

In addition to the downsides mentioned here about privacy regarding Google, there is a major upside to using this service: it offloads all of the authentication logic to google, so in theory it reduces your risk surface area, or it may be more accurate to say it concentrates your risk to your Google account.

You’d like to hope most websites use using common security best practices and keep on top of things but the amount of websites I had accounts on (on websites I had long forgotten) which have been pwned over the years tells me otherwise. Using google auth sets your account security to be exactly as secure as your Google account.

While I think the cynicism is well-earned, we should pay attention to when we’re proven wrong and highlight when companies do something right. Bitwarden’s fuck-up gave them an opportunity to signal that they’re not intending to build a wall for their garden, and they took it.

My parents treated my device access something they had to keep a keen eye on. They were good at manually making sure I wasn’t sitting around having my brain rot, but their spying on what I was doing into my teens left me with some trust issues.

They briefly tried to use technological solutions to control my access and monitor me, but all that served was to make me very good at circumventing them. Outsourcing parenting to a computer program doesn’t work, and kids notice when you try.

Did the citizens of that country take the loan? No

Did they benefit at all from the loan? No

Did the world bank make any effort to ensure the above were answered ‘yes’? No

When you make a leveraged loan are you supposed to be guaranteed that the it was risk free? No

If leveraged loans could be made risk-free ‘breal your legs’ style the way the world bank does to countries, banks would be offering loans to every punter who wanted to bet on the dogs.

If it’s a G502/702, they’ve got a very fucky scroll wheel & middle click; it’s actually a lemon, but since nothing else works with the wireless pads they’re the only options.

Yeah in the short term there are going to be a lot of lose/lose scenarios for them, but this is the stupid prize for playing stupid games with what they released.

I hope they stock it out, games like No Man’s Sky show both that a developer who cares enough to try can earn back the trust of a player base, and that the process to do so requires a lot of work.

I recently bought a 7800 XT for the same reason, NVIDIA drivers giving me trouble in games and generally making it harder to maintain my system. Unfortunately I ran headfirst into the 6.6 reset bug that made general usage an absolute nightmare.

Open source drivers are still miles ahead of NVIDIA’s binary blob if only because I could shift to 6.7 when it released to fix it, but I guess GPU drivers are always going to be GPU drivers.

I’m sure the developers are competent, but the reason I care about the design decisions is the same reason the electric brakes on cars don’t interface with its infotainment system; the interface inherently creates opportunities for out of spec behaviour and even if the introduced risk is tiny, the consequence is so bad that it’s worth avoiding.

If you have to have an airbag be controlled by software (ideally the mechanism is physical, like a pull tab), it should be an isolated real time device with monitoring your accelerometer and triggering the airbag be it’s only jobs. If it’s also waiting to hear back from another device about whether your subscription ran out before it starts checking, the risk of failure also has to consider that triggering device.

It can be done perfectly, but it’s software so of course it has bugs.

That information changes none of my issues; if you don’t see the plethora of potential implementation bugs involved, either you don’t code professionally or you shouldn’t be.

Yes, but also from an implementation perspective: if I’m making code that might kill somebody if it fails, I want it to be as deterministic and simple as possible. Under no circumstances do I want it:

1. checking an external authentication service.
2. connected to the internet in any way.
3. have multiple services which interact over an API. Hell, even FFIs would be in the “only if I have to” bucket.