Yep, especially because chip manufacturing has such a massive barrier to enter.

Old device? Ooh, that’s suspicious.

And as we all know, they’re going to say that not using a Genuine™ Android® Operating System is extremely suspicious.

Don’t overthink the metaphor. These things are fragile and fall apart. The “door with a lock” is the “guarantee” (wink wink) that the operating system won’t let programs see memory they shouldn’t be allowed to. Putting your valuables in a safe instead of sitting in the floor would be encrypting the passwords in memory in the metaphor.

Also, cyber security and physical security are very different. With cyber security you need to understand that there are orders of magnitude more people looking for simple problems. Like a criminal checking every door in the world automatically, just looking for ones that are unlocked. Someone not being a “target for master criminals” isn’t really applicable for this. Besides, that’s a critique of what level of security an individual should have, but pointing out the flaw in Edge is a critique of something that claims to be secure that isn’t.

This is sort of like saying “I leave my valuables in plain sight by my door because it has a lock on it and door locks are trustworthy.” I’m not super into cyber security and stuff but it seems like one of the most common problems is programs managing to get access to memory they shouldn’t have access to. It seems to happen all the time! Just like many locks for you door are trash.

I think the problem is, or at least one I see a lot, is that climate change is already happening, but because it’s gradual and there’s already so much unpredictability you can rarely just point at something specific and say “that’s because of climate change.” And the constant naming of it as “global warming” has done so much damage too, because now when the new weather is cold you still have skeptical conservatives saying things like “global warming my ass!”

A poisonous and heavy metal just spewing everywhere in the sky. And the conspiracy theorists ignore that and fall for fake bullshit.

As trash as LinkedIn is, I’ve gotten three of my last four jobs through there and a ton of leads and offers. Yeah, I really couldn’t imagine getting banned. That freaks me out.

How much collateral do you need for a loan though?

I couldn’t imagine putting significant volunteer work into something that is not at least licensed under Apache, or more ideally at least LGPL.

From the email thread

It’s just that instead of drowning in the CVE/CVSS noise, we need a high-quality signal for CVEs that matter the most. Things that would certainly have been CVEs even prior to Linux CNA setup. They may not score the highest per CVSS, but in many cases - like in this one - your team has the knowledge that an issue is to become high-profile, so a timely direct heads-up to linux-distros would be appreciated. Where by “timely” I mean, say, a week (and never more than 14 days) before planned full public disclosure. We don’t normally like to sit on semi-embargoed issues with public fixes, but we did introduce an exception for “Linux kernel issues concurrently or very recently handled by the Linux kernel security team” specifically to accommodate the way your team works.

How does this sound to you?

Nope, sorry, we are NOT allowed to notify anyone about anything “ahead of time” otherwise we will have to tell everyone about everything. That’s the only policy by which all the legal/governmental agencies have agreed to allow us to operate in, so we are stuck with it.

From the policy

As such, the kernel security team strongly recommends that as a reporter of a potential security issue you DO NOT contact the “linux-distros” mailing list UNTIL a fix is accepted by the affected code’s maintainers and you have read the distros wiki page above and you fully understand the requirements that contacting “linux-distros” will impose on you and the kernel community. This also means that in general it doesn’t make sense to Cc: both lists at once, except maybe for coordination if and while an accepted fix has not yet been merged. In other words, until a fix is accepted do not Cc: “linux-distros”, and after it’s merged do not Cc: the kernel security team.

It sounds like what you’re describing and what the email thread are discussing are pretty different. The email thread was asking to know about things prior to disclosure. You seem to be saying that they should have directly notified the distros list when the fix was up instead of just posting the article or whatever on their site. Two very different discussions.

I think there’s a place for that, but it really shouldn’t be your only one.

The Scottish thing is a scam because they aren’t even legally allowed to sell souvenir plots of land. Like obviously nobody in their right mind thinks it makes you a Lord or Lady, but they don’t even sell you the land!!!

Depends on what they’re selling. If it’s not a necessity and more of a luxury then people will buy a lot less when prices rise a lot. They’re losing it because people are buying less of their products, not because the company is paying the tariff.

I’m posting this from the men’s bathroom.

If you want to create a safe space for men, nothing is stopping you. Be the change you want to see instead of complaining about women doing it. How do you think they got it? They made it and fought for it.

Flipendo!

aggressive shushing

Omg yessss that’s it lmaooo thank you so much!

Please no cracking cold ones in the silent study room. Please silently drink from a flask.