Skip Navigation
Jump
Microsoft and Google are at war again
  • Sadly there would still be wars, as some see "the other side losing" as a win. Even if both sides are completely destroyed.

    8
  • Jump
    The CUPS Vulnerability
  • That was a possibility with this exploit, but realistically that doesn't affect nearly as many people as "All GNU/Linux systems".

    1
  • Jump
    M4 Mac Mini Power Button Has New Bottom Location
  • "But it looks bad and could be bad for the battery!"

    Every other wireless mouse has it in the front, Apple has no valid reason to leave it at the bottom.

    21
  • Jump
    The CUPS Vulnerability
  • Even there, if the stars align (network access, cups being used), you still need to convince the user of the device to switch printer.

    4
  • Jump
    The CUPS Vulnerability
  • As far as I'm aware, the exploit requires someone to try printing using a malicious networked printer. It is a vulnerability, yes, but it affects essentially nobody. Who tries manually printing something on a server exposed to the internet?

    Although for local network access, like in a corporation using Linux on desktops, the vulnerability is an actual risk.

    7
  • Jump
    Bitwarden update: sdk-internal now GPL, sdk/sdk-secrets to remain proprietary but not used in clients
  • If this was the case, the phrashing around the issue would've likely been different. Yet bitwarden remained very vague, and even locked github comments on the issue.

    Especially considering that a move like this alienates their core target demographic (people who use FOSS), they would've been much more open and much quicker if it wasn't intentional.

    I will personally be switching, likely to KeePassXC.

    3
  • Jump
    What do I need to watch out for when buying an unlocked phone on the used market?
  • GrapheneOS developer is very toxic, if you trust him is up to you. I prefer not running his code on my personal devices, especially after him blaming large parts of his community for coordinated harassment. Watch Louis Rossman's video on it.

    Although for security-focussed custom roms on the google pixel, like Calyx or Divest, you can re-lock the bootloader, so there's less security risk. A factory reset is required to unlock it again, similar to a factory bootloader lock.

    0
  • Jump
    Update: Bitwarden posted to X this evening to reaffirm that it's a "packaging bug" and that "Bitwarden remains committed to the open source licensing model."
  • Was yes. They have introduced an "internal sdk" into all their clients with no available source code. That's what everyone's complaining about. They call it a "packaging bug", but in reality Bitwarden clients are just no longer open source.

    4
  • Jump
    Lots of PCs are poised to fall off the Windows 10 update cliff one year from today
  • VR "works", but as someone who uses it, I can't reccomend it for now.

    Compatibility is wildly different between headsets. And no matter which route you take, you will need to tinker and troubleshoot. There is no plug and play solution right now.

    If you want to plug in your VR headset, and just play some games, stick to Windows for now. If you're fine tinkering around, there's always SteamVR, but also check out Envision and Monado.

    As for desktop games, you can find what works on ProtonDB. Most games work fine, with the exception of games with kernel level anti-cheat.

    2
  • Jump
    Lots of PCs are poised to fall off the Windows 10 update cliff one year from today
  • SteamOS is not the same as its base Arch Linux. If you want something slightly easier but still Arch-based, try EndeavourOS (but please not Manjaro).

    If you have the time, try switching on your own terms within the next year. It's almost guaranteed you'll run into issues, but trying to dual-boot now rather than later gives you all the time you need to figure it out before MS forces you on Windows 11.

    23
  • Jump
    Ventoy Update
  • According to Jim Starkey, the person who coined the term, "Blob don't stand for nothin'." However, it is often referred to as a "Binary Large OBject", meaning a large file with content not easily readable by people.

    With an open source project, you have source code which is turned into executables/"blobs" by the compiler. As long as you trust the compiler, you can (functionally) know the content of the blobs by looking at the source code they were made from.

    In the case of Ventoy, several "blobs" are included from an unknown or vague origin. This is a great way to bundle malware, as seen with the XZ backdoor from earlier this year. As such, the original creator of the linked issue is requesting they are built/obtained at compile time, so either the content or origin of these files can easily be found.

    11
  • Jump
    Chrome Canary just killed uBlock Origin and other Manifest V2 extensions
  • DuckDuckGo's webbrowser is somewhat unique, in the sense that it isn't its own browser at all. It's a "WebView", using the OS built-in webbrowser with a coat of paint.

    This means it's Blink/Chromium on Android and Windows, and WebKit on iOS and macOS.

    13
  • Jump
    Chrome Canary just killed uBlock Origin and other Manifest V2 extensions
  • Yes. There's only 3 major browsers. Chromium (Chrome), Firefox, WebKit (Safari). Nearly every other webbrowser is a fork of one of these, most are forks of Chromium, including Opera. As such, most webbrowsers will be affected by the change.

    56
  • Jump
    What the hell Proton!
  • Still doesn't make a VPN the "magic all in one solution" it claims to be. And SNI is encrypted on newer servers using encrypted client hello (ECH).

    In terms of privacy, you're switching around which entity gets to see a ton of details. Do you trust random public wifi enough, given modern security standards? Or do you trust a VPN company more, despite false advertising?

    Use HTTPS and DoH (Becoming a default on some Android versions), and the average person will be just fine without a VPN.

    1