Quoting: Caldathras

Quoting: LoudTechie

Quoting: Caldathras

Quoting: LoudTechieTor-browser and if I remember correctly firefox have their own download folder sandboxing.

Regarding Firefox, not to my knowledge. On my systems, Firefox defaults to my Download folder. No sandboxing that I'm aware of -- unless this is a feature I have to enable.

Yeah it should default to your download folder, but can you look beyond it. Can you work in your document folder.
Tor-browser maintains its own seperate folder, but I thought firefox limited itself to only the download folder.
Based on what you said I would assume the answer is no, but I still wanted to clarify what I meant.

By default, Firefox automatically places all downloads in the Download folder but I can go into settings and choose a toggle that lets me choose whatever folder I want to download to, on the fly - Documents, Music, Videos, other drives or any combination of subfolder.

Now, on Android however, I am definitely sandboxed to the system's Download folder. It cannot even maintain a virtual Download folder on the SD card (unlike Vivaldi and Chrome).

thnx, than firefox isn't sandboxed on linux.

View this comment - View article - View full comments

Quoting: F.Ultra

Quoting: LoudTechie

Quoting: Caldathras

Quoting: LoudTechieTor-browser and if I remember correctly firefox have their own download folder sandboxing.

Regarding Firefox, not to my knowledge. On my systems, Firefox defaults to my Download folder. No sandboxing that I'm aware of -- unless this is a feature I have to enable.

Yeah it should default to your download folder, but can you look beyond it. Can you work in your document folder.
Tor-browser maintains its own seperate folder, but I thought firefox limited itself to only the download folder.
Based on what you said I would assume the answer is no, but I still wanted to clarify what I meant.

Problem here though is that sandboxing will not protect against this. Sandboxing protects against malicious userspace or userspace code with open exploits in them IF and only IF there also are no privilege escalation vulnerability in the running kernel.

That's exactly my point.
The comment I reacted to questioned whether this exploit is even usefull for compromising consumer devices, because when you have user access, you have full access to all the data.
I showed these examples to show that even on consumer devices root is helpfull.

View this comment - View article - View full comments

Quoting: Caldathras

Quoting: LoudTechieTor-browser and if I remember correctly firefox have their own download folder sandboxing.

Regarding Firefox, not to my knowledge. On my systems, Firefox defaults to my Download folder. No sandboxing that I'm aware of -- unless this is a feature I have to enable.

Yeah it should default to your download folder, but can you look beyond it. Can you work in your document folder.
Tor-browser maintains its own seperate folder, but I thought firefox limited itself to only the download folder.
Based on what you said I would assume the answer is no, but I still wanted to clarify what I meant.

View this comment - View article - View full comments

Quoting: Purple Library Guy

Quoting: LoudTechie

Quoting: Caldathras

Quoting: tohur

Quoting: eggroleWhen these things happen (I suspect it is only a matter of time) IMHO the only valid response is to boycott the companies restricting access. Petitions and voting new "leaders" in doesn't seem to work. Violence is always an option, but a terrible one.

Boycotting a few companies into bankrupcy sends a clear message. And given how much hemming and hawing goes on about economics and GDP, I think it is the only language these people understand. Want to restrict the internet, suffer economic losses. All of a sudden the legislature becomes much more receptive and the companies themselves will start actually pushing back because it will now be existential.

people that think voting folks out doesn't work is why we have lazy a$$ people UNWILLING to hold their representatives accountable.. those fools get paid to be in office you threaten their livelihood they will listen when enough people are threatening them

You'll have to correct me if I'm wrong, as I am writing from a Canadian perspective, but there are a lot of countries whose politics are based off the British parliamentary system, just like Canada. At least for Canada, there is no recall option. In other words, the voters can only hold their representative accountable at election time. The politicians know that voters have short memories and tend to gamble quite confidently that the voters' anger will have cooled off by the time the election rolls around. It usually does.

Other issues come up, some politically manufactured, that distract the general voting population from the offense of an individual politician. Generally, the political parties are very careful not to stir up the voters' ire close to election time. So, it is not as simple as "lazy people being unwilling to hold their representatives accountable" -- although it does happen from time to time that a constituency's memory is longer than expected.

There's for most countries no recall option(for obvious stability reasons), but there're several control options, which does affect their ability to function and often even their income.
There're the spread out elections on different levels of government, which all preform checks and balances on each other.(on average 1 par year in Canada)
There's the ability to appeal to the other arms of the trias political.
There's the ability to track how your government has wronged you and remind others when the election does come up(freedom of speech), I'm actually quite surprised how few people do that, since everybody can write and people are quite publicly opiniated.

Your boss can't fire you any moment he likes, yet you still fear his power.
The same is true for politicians.

The accusation here's not laziness, but fatalism. I don't have absolute power, so I have no power, so I should take all the abuse.

It's a continuum, of course. Somewhere on one end would be full direct democracy or at least some kind of perfect representation of what people really want, based on excellent information, somewhere on the other end would be an illusion of choice that is completely ephemeral, with the fix in before anyone got close to a polling station, and the question is how close we are to the bad end. Not close enough to make the political process completely pointless, but certainly close enough to be uncomfortable.

A lot of European countries have proportional representation, which is nice; we should have that in Canada, but don't. The US of course has a less democratic system than most places that call themselves democracies, with just two parties holding a stranglehold on the political process. With only two political parties, and until the loonies took over the Republicans almost no daylight between them on economic issues, it becomes very hard to say that meaningful political choice is on offer. Add in all the money, and, well.

One thing we direly need in Canada is media reform--there is very little choice, most of the newspapers are owned by one company which in turn is owned by a US hedge fund, there's like, what, two private TV stations, and then you've got social media which is the same billionaire-algorithm-skewed doomscape as everywhere else, except on top of that Zuckerberg has explicitly dumped Canadian news sources from the algorithm. Such a media landscape puts a lot of "soft" constraints on what kind of policy can be offered.

Improvement is indeed always nice.

My wishlist contains in descending order:
Journalistic reform we have many independent news media, but only a few places for journalists to sell their discoveries, which has been weaponized in the past. There's some competition and the truth leaks through the cracks, but I would love some stronger discovery marketplace competition.
Amendment and proposal power for the EU parliament.
More transparency in the national or european juridical branch.

About the social media doomscape.
This is for a large part, why I'm partly happy with the DSA(digital services act).
It's protecting our media landscape without being protectionist or trifling protected speech.
I must clarify here that I agree with the ECJ that cooperate speech isn't protected by Article 10(freedom of expression).

View this comment - View article - View full comments

Copy Fail was for me a big thing, because it's for so far I can remember the first Linux specific n-day vulnerability that showed commoditization.

Explanation:
I've seen many attacks and attack attempts on Linux specific things.
The others all used zero-days.
This is the first time I see miscreants use an n-days in the Linux ecosystem.
I suspect this proofs I don't run an anti-virus scanner company, because it probably has happened before.
Yet, I don't know these examples.

View this comment - View article - View full comments

Quoting: Ehvis

Quoting: ShabbyXHowever that something must be untrustworthy for there to be a threat. Most of what you use is from distro packages, so should be fine. Steam games aren't (closed source), so you just have to cross your fingers and trust the developer.

True, but the funny thing is. Can those really do much more damage with a "Fail" or a "Frag" than they could do without it? If you're serious about security and do everything you can to separate things, the answer would be yes. But in practice it is most likely a no.

If you run a virus scanner it will most likely keep the Anti-virus killer at bay.
Tor-browser and if I remember correctly firefox have their own download folder sandboxing.
Apache sandboxes itself.
Python enforces sandboxing beyond calling user.
All flatpacks are sandboxed beyond calling user.
It's true that not all sandoxed perectly and obtaining user access is already a great breach, but if you want to have an indication what it limits simply run
 cat /etc/passwd
Each of the lines is a seperate user, which when it obtains root access suddenly can read your files.

Edit:
With the exception of root and your personal account ofcourse.

View this comment - View article - View full comments

Quoting: Caldathras

Quoting: tohur

Quoting: eggroleWhen these things happen (I suspect it is only a matter of time) IMHO the only valid response is to boycott the companies restricting access. Petitions and voting new "leaders" in doesn't seem to work. Violence is always an option, but a terrible one.

Boycotting a few companies into bankrupcy sends a clear message. And given how much hemming and hawing goes on about economics and GDP, I think it is the only language these people understand. Want to restrict the internet, suffer economic losses. All of a sudden the legislature becomes much more receptive and the companies themselves will start actually pushing back because it will now be existential.

people that think voting folks out doesn't work is why we have lazy a$$ people UNWILLING to hold their representatives accountable.. those fools get paid to be in office you threaten their livelihood they will listen when enough people are threatening them

You'll have to correct me if I'm wrong, as I am writing from a Canadian perspective, but there are a lot of countries whose politics are based off the British parliamentary system, just like Canada. At least for Canada, there is no recall option. In other words, the voters can only hold their representative accountable at election time. The politicians know that voters have short memories and tend to gamble quite confidently that the voters' anger will have cooled off by the time the election rolls around. It usually does.

Other issues come up, some politically manufactured, that distract the general voting population from the offense of an individual politician. Generally, the political parties are very careful not to stir up the voters' ire close to election time. So, it is not as simple as "lazy people being unwilling to hold their representatives accountable" -- although it does happen from time to time that a constituency's memory is longer than expected.

There's for most countries no recall option(for obvious stability reasons), but there're several control options, which does affect their ability to function and often even their income.
There're the spread out elections on different levels of government, which all preform checks and balances on each other.(on average 1 par year in Canada)
There's the ability to appeal to the other arms of the trias political.
There's the ability to track how your government has wronged you and remind others when the election does come up(freedom of speech), I'm actually quite surprised how few people do that, since everybody can write and people are quite publicly opiniated.

Your boss can't fire you any moment he likes, yet you still fear his power.
The same is true for politicians.

The accusation here's not laziness, but fatalism. I don't have absolute power, so I have no power, so I should take all the abuse.

View this comment - View article - View full comments

Quoting: Purple Library Guy

Quoting: LoudTechie

Quoting: Purple Library GuyThere is a cynical side of me that says the buzz surrounding "Gizmo sales crash site, gizmo sells out in hours" is bigger than the buzz surrounding "gizmo sells this many units out of a large stockpile" even if the second number is bigger. So, what's the motivation to fix it?

Larger Gizmo sales numbers mean larger income and thus happy investors.
Costs pr value, gains hard cash value.

Yeah, but the point is, the initial sales are not all the sales. If you can get big buzz at the beginning, get more notice, that's a ton of free publicity which will help maximize sales in the only slightly longer term. Sorry, I thought that was implied by my commment.

True, but that makes it a balancing act depending on the total percentage you expect initial sales to be of your year 1 sales.
In this case the truth of your hypothesis should become pretty apparent in a short while.
If Valve catches up with demand fast(~<6months) it was calculated in otherwise it wasn't, because scaling up hardware production requires time.

View this comment - View article - View full comments

Quoting: TangoBaker

Quoting: LoudTechie

Quoting: TangoBakerWizardry on an Apple II was pretty much my first PC game. That and the original flight simulator.

I remember some other game about a space fleet moving around a galaxy and assaulting planets where you had to decide how many resources you had to allocate for air battles and then for the ground assault, but that may just have been something someone wrote.

I think the game you're refering to is X-Com: UFO defense/UFO: Enemy Unknown.

Also I'm gonna be a frustrating nitpick.
The original flight simulator and Wizardry were also something someone wrote.

Yes, technically true, which we all know is the best kind of true. I actually meant someone in the same computer lab or who shared the same system on a regular basis. Before PCs, you would occasionally find something on the mainframe, have no idea where it came from and find it was someone's pet project.

And this was long before X-Com. It would have been '82 or '83, and was mostly text based. The disposition of your forces was presented in boxes around the screen and you could recruit from the worlds you had conquered to replace losses. Aside from that, the only other thing I remember is that there was a planet named "Alhambra" or something similar. I've searched for it for years and never found anything about it but there was a lot of stuff from back then that is essentially lost.

Wild times.
I'm way too young to have experienced that.

View this comment - View article - View full comments

Quoting: Cley_FayeDamn. It really feels like we're walking backward at neckbreaking speed. It was not too long ago that Europe was seen as a bastion of freedom against a handful of totalitarian countries, and now, we're full steam ahead toward the destruction of freedom of speech and access to public resources everywhere.

It's heartbreaking. If we let even a handful of countries finalize their implementation of all this mess, it'll only serve either as an incentive for other to follow tracks, or even worse, as a justification to do so.

Hopefully we can stop this. I can't do much for what's happening in the UK, but all this already made me more aware of the options we have as EU citizen, even if they're quite… limited. Petitions and all that jazz.

Still, it's very worrying.

The scary part is that you're wrong and Europe 's bastion of freedomness's only increasing.
Europe suffers from some democratic backsliding for certain, but partly thanks to people like you it's less fast and somewhat corrected compared to most other places, which are in general experiencing even worse democratic backsliding.

While the English are certainly suffering some grimm times, it's nothing compared that other self proclaimed bastion of freedom the USA.
Also the Polish are slowly working their way up from a broken rule of law.
The Hungarians at least have a chance, since the last election.
The Spanish are slowly weeding out corruption.
In Italy a constitutional power grab got stopped by referendum.

That having said not everything is hunky dorky on the continent:
The EU is propping up a Serbian dictator, because of a desire for silicon.
The dsa is being weaponized to force age verification although limited by the EU's own data minimization laws.
The Danish really want to install backdoors on everybody's phones. Luckily the Eu pushes them back.
Russia is running a tech crackdown.

View this comment - View article - View full comments