Melllvar

Looks like compatibility hacks for various websites.

Interventions - are deeper modifications to make sites compatible. Firefox may modify certain code used on these sites to enforce compatibility. Each compatibility modification links to the bug on Bugzilla@Mozilla; click on the link to look up information about the underlying issue.

User Agent Override - change the user agent of Firefox when connections to certain sites are made.

https://wiki.mozilla.org/Compatibility/UA_Override_&_Interventions_Testing

The value of the DNS is that we all use the same one. You can declare independence, but you’d lose out on that value.

Why Windows doesn’t have an ‘expert mode’ (2003)

For some reason this specific graphic has always been one of my favorite parts of this movie.

Edit: I love the internet sometimes https://www.youtube.com/watch?v=94jIQm0YcCs

Does the library provide ethernet jacks for patrons to use? If not then I can understand why a librarian would be surprised.

Install SponsorBlock.

To the boiler room of hell. Allll the way down.

You Linux users sure are a contentious people.

Fun fact: The Windows executable format is originally based on an old Unix executable format.

Partner represents and warrants that it shall not introduce into WhatsApp’s Systems or Infrastructure, the Sublicensed Encryption Software, or otherwise make accessible to WhatsApp any viruses

The technical definition of a “computer virus” is actually quite narrow, and true viruses are rare these days because they are passive and slow compared to more modern malware types.

A strict, literal reading of the text says that all other kinds of malware are acceptable.

I tend to support this idea. If inputting copyrighted materials isn’t infringement then neither should taking the output be.

That’s kind of the point.

Clementine originally forked from Amarok 1.4 because Amarok 2.0 changed too much.

E-mail is a lingua franca. It’s used not because it’s superior, but because you don’t have to worry about whether your recipient is using the right software setup to receive your message. It’s the lowest common denominator of internet messaging and can only be replaced in that role by a new lowest common denominator.

• A company that rejected basic email would necessarily be rejecting some percent of legitimate messages and/or increase their IT costs. While this doesn’t mean it’s impossible, it would be at least be a painful transition. Users will hate it.
• Adding PKI just amplifies the software setup problem because now you have to worry about primitive selection, centralized authorities, key lifecycle management, etc. And there’s no way for the sender and recipient to negotiate security parameters, so they have to be agreed on in advance, something basic email doesn’t need.
• PKI is too finicky and abstract for the average user to understand or care about. We can’t reasonably expect them to make good decisions about a subject that even professionals and large organizations struggle to understand. A big reason for email’s longevity and success is that the average user doesn’t need to understand it at any technical level.

Even the researcher who reported this doesn’t go as far as this headline.

“I am an admin, should I drop everything and fix this?”

Probably not.

The attack requires an active Man-in-the-Middle attacker that can intercept and modify the connection’s traffic at the TCP/IP layer. Additionally, we require the negotiation of either ChaCha20-Poly1305, or any CBC cipher in combination with Encrypt-then-MAC as the connection’s encryption mode.

[…]

“So how practical is the attack?”

The Terrapin attack requires an active Man-in-the-Middle attacker, that means some way for an attacker to intercept and modify the data sent from the client or server to the remote peer. This is difficult on the Internet, but can be a plausible attacker model on the local network.

https://terrapin-attack.com/

Usually you can, though the setting might be listed under something like “show diagnostic during boot”.

As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment.

So, does disabling the boot logo prevent the attack, or would it only make the attack obvious?

Part of my job is to review security footage for reported incidents.

If there is a long-lasting visual cue that the event has or has not happened yet (e.g. a window is either broken or not), then a binary search is very useful.

If the event lasts only a moment and leaves no visual cue (e.g. an assault), then binary search is practically useless.

Sysinternals Process Monitor can do boot logging.

deleted by creator