Yeah that's what I'm curious about; I'm used to copying code snippets or codes from websites by clicking a button (presumably through some browser API?), but am just now realizing that this in itself has security implications.

Using noscript or some such JS blocker would prevent this but break a lot of other things in the process. That's why I'm wondering why the API isn't locked down via some user prompt.

Why isn't the default behavior for browsers to not allow access to the clipboard? Similar to how it prompts you for access to camera/microphone

Edit: On a per-site basis, like if you use the Zoom website it asks you for access to the webcam, would something like this work for clipboard as well or would it break stuff?

Goddamn you for making me chuckle

Bring back the ice buckets :(

No joke, I thought for a second you were referring to Infinite Solutions and were trolling hardcore. I haven't thought about that in a long time.

sware on me scrum

Honestly it's not that weird a question when making idle chit chat. It becomes weird when that's the only thing you ask, follow it up with "Okay", and then proceed to do it six more times.

Whoa whoa hold the phone - King Tut died?

Or like - don't unmute? Seriously he starts off talking on mute and someone makes a conscious decision to turn on his mic

I thought his smallest problem was his hands

Thanks for calling attention to this. Oftentimes when a patent is applied for there is no intent to implement it. This is actually a clever way to get ahead of the direction of the market and license to other manufacturers.

Having said that, it's still Ford, and once it's generally accepted for this type of ad to be displayed they'll jump on it real quick.

"Bluesky! You didn't file your paperwork last night."

Make sure you back up all email and IM communications and don't rely exclusively on server-side retention (provided your DLP policy allows for this.)

If it ever comes down to it and you are facing the possibility of being the scapegoat for a security incident, your attorney can review the relevant policy and determine whether or not and when you can use these to demonstrate that you communicated your concerns to management and stakeholders.

Depending on who you reached out to and who was included, absence of a response to your various methods of communication can be used to establish acceptance of risk by leadership.

Usually?

Indifferent take: Jacobin is a publication.

I hear you, but there's no reason to be angry.

When I first learned of the issue, my first thought was, "Hey our update policy doesn't pull the latest sensor to production servers." After a little more research I came to the same conclusion you did, aside from disconnecting from the internet there's nothing we really could have done.

There will always be armchair quarterbacks, use this as an opportunity to teach, life's too short to be upset about such things.

Let me tell you about my mother

Crowdshite haha gotem

sungloc.utus

What about this scenario:

• you keep your main garage door, side doors, and windows locked
• provide a key to anyone who wants to borrow your lawnmower or whatever
• someone discovers a window you mistakenly left unlocked and starts using it to take stuff without using a key

Would this be considered breaking in? Probably. Here is where the analogy breaks down; if I were to leave the front door of my house unlocked, even if there's a welcome mat outside, anyone who enters without my knowledge or consent can be charged with breaking and entering (yes, even though no actual breaking is involved).

The interesting thing with public APIs is that there are generally terms and conditions associated with creating an account and acquiring a key, though if you are hitting an unauthenticated endpoint you technically never agreed to them. In this particular case with Authy, it would probably be argued that the intent was to acquire data by exploiting a vulnerability in the custodian's system and use it for nefarious purposes or profit. I'd call it a hack.

To build on you analogy: if you left your garage door open and people came in and started taking your things, is that not stealing?