Samwise

Even a fool, when he holdeth his peace, is counted wise; and he that shutteth his lips is esteemed a man of understanding. #Proverbs 17:28

@cometaj2 @Itsfoss People are far too willing to overlook these serious problems with Mozilla. We need to deal with these insider threats against the open source community if we're going to gain real ground.

It’s not good at all. Firefox and Mozilla, per Mozilla’s manifesto, are embroiled in ESG and DEI, which means they are inherently pressing against Western individual sovereignty and equality before the law. They are also likely receiving financing along that line to promote pressing against those values. I no longer use Mozilla products for this reason.

Firefox just got a boost of 6 million users in Europe thanks to new EU rules giving people more freedom to choose their browser instead of being pushed toward Chrome by default. That’s a huge win for the open web in my opinion. Afterall, Firefox growing again is good news for us. Unlike browsers tied to Google and Chrome, Mozilla Firefox has long positioned itself around privacy, transparency, and user control. It’s also one of the few major browsers developed by a non-profit organization rather than a 'trillion-dollar ad company'. More Firefox users means: • A healthier web not controlled by one browser engine • Stronger competition against Chrome’s dominance • Better support for open web standards • More momentum for privacy-first browsing The web works better when one company doesn’t control how everyone browses the Internet.

If such a paper was published, then the writers need to be shamed into abject humiliation

Apple and Google are gradually expanding their use of hardware-based attestation. They're convincing a growing number of services to adopt it. Google's Play Integrity API and Apple's App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too. Google's Play Integrity API requires hardware attestation for the strong integrity level and is gradually phasing in requiring it for the more commonly used device integrity level. Apple already has it as a requirement. Over the long term, this will increasingly lock out hardware and OS competition. The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature. Banks and government services are the main ones adopting it but Apple and Google are encouraging every service to use it. Apple's Privacy Pass brought hardware attestation to the web to help with passing captchas on their own hardware. Many people saw that as harmless since few sites would be willing to lock out non-Apple-hardware users. Apple and Google are both likely to bring broader hardware attestation to the web. Google's reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems: support.google.com/recaptcha/answ… Banking and government services increasingly require using a mobile app where they can use attestation to force using an Apple or Google approved device and OS. Apple's privacy pass, Google's 'cancelled' Web Environment Integrity and now reCAPTCHA Mobile Verification are bringing this to the web. Current media coverage for reCAPTCHA Mobile Verification misunderstands it and the impact of it. They're bringing a hardware attestation requirement to Windows, desktop Linux, OpenBSD, etc. by requiring a QR scan from a certified smartphone to pass reCAPTCHA in some cases. They could expand it more. Control over reCAPTCHA puts Google in a position where they can require having either iOS or a certified Android device to use an enormous amount of the web. Google defines certification requirements for Android which includes forcing bundling Google Chrome, etc. It's enormously anti-competitive. Google's Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit. It also bans using any other alternative. This isn't somehow specific to an AOSP-based OS. You can't avoid this by using a mobile OS based on FreeBSD instead. You'll just be more locked out. Google's Play Integrity API permits devices with no security patches for 10 years. The device integrity level can be bypassed via spoofing but they can detect it quite well and block it once it starts being done at scale. The strong integrity level requires leaked keys from TEEs/SEs to bypass it. It doesn't provide a useful security feature, but it does lock out competition very well. Services requiring Apple App Attest or Google Play Integrity are primarily helping to lock in Apple and Google having a duopoly for mobile devices. Play Integrity is more relevant due to AOSP being open source. Governments are increasingly mandating using Apple's App Attest and Google's Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them. Instead of governments stopping Apple and Google from engaging in egregiously anti-competitive behavior, they're directly participating in locking out competition via their own services. Requiring people to have an Apple device or Google-certified Android device is anti-competition, not security. reCAPTCHA Mobile Verification will currently work with sandboxed Google Play on GrapheneOS but it clearly exists to provide a way for them to start using hardware attestation on systems without it. People without an iOS or Android device will be locked out when this is required even without that. This isn't about security or any missing functionality. GrapheneOS can be verified via hardware attestation. Google bans using GrapheneOS for Play Integrity because we don't license Google Mobile Services and conform to anti-competitive rules already found to be illegal in South Korea and elsewhere. Services shouldn't ban people from using arbitrary hardware and operating systems in the first place. Google's security excuse is clearly bogus when they permit devices with no patches for 10 years but not a much more secure OS. It's for enforcing their monopolies via GMS licensing, that's all.

Yo @PaloAltoNtwks Might want to update the cert for content-diff ;)

@DolioJ The heretics have become far too comfortable

Jesus LITERALLY SAID: "I am the way and the truth and the life. No one comes to the Father except through me." John 14:6

‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump." 4. Open the dump file and look for credentials. The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking. Thanks to Rob VandenBrink at SANS: isc.sans.edu/diary/32954

The Kill Switch was pitched to Congress as a way to stop drunk driving—but its real-world implications are far more troubling. No government should have the authority to remotely control a vehicle you paid for, or turn it into a tool for surveillance. Stop the overreach. Kill the Kill Switch.

A statement from the @DevuanOrg team: “Since 2014, we chose the hard path: NO systemd. Good reasons for this keep coming. Now it harvests personal data like birthdates, unrelated to computing and ripe for abuse. This is not a feature. It is a boundary. We do not ship surveillance.”

❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design." All of them. Including credentials for sites you won't open this session. Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way. Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them. In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful. What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext. In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running. Microsoft's official response when notified: "by design." The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.

The DOJ has ONE WEEK left to charge Anthony Fauci for the worst cover-up in modern medical history. He lied to Congress about funding gain-of-function research in Wuhan. Millions died. Trillions were spent. And Fauci walked away with book deals and fawning media coverage instead of handcuffs. I re-upped my criminal referral to the DOJ because the evidence is overwhelming, and justice has been delayed long enough. RT if you’re ready to see Fauci behind bars.

@InspiringPhilos @lilyjayofficial So she's just going to film further proof of the Islamic Dilemma for free? Convenient.

Good to know @lilyjayofficial is watching our videos. 😂

@sarahsalviander @aquavitae96 In ye olden days, evangelists traveled great lengths finding fertile soil in which to plant the Gospel. Now the fields "white unto harvest" assemble themselves under your post :D “Come now, let us reason together, says the Lord"

I'm a scientist. I saw the evidence for God and I accepted it. Will that convince skeptics? Unlikely. What Piers says is entirely rational and not a God of the gaps argument. That argument only covers things within the universe that science might conceivably explain. NdGT is wrong here, because ultimately, we don't know how it all started, and we will never know scientifically. I'm as disappointed as anyone that we can't extend science right to the beginning and beyond, but we just can't. Now, I can't absolutely rule out that we might someday determine how the universe went from non-life to life (though I'm extremely skeptical). But if we want to go all the way back to the beginning of everything, that's where we run into the most unforgiving brick wall. Our own scientific theories strongly hint at this with what's called the Planck scale – this is the smallest scale in terms of fundamental units that our physical theories can describe without imploding. We can push our physical theories back, back, back, all the way back to a tiny fraction of a second after the beginning of the universe: 10 to the power of -43 seconds. It's a mind-bogglingly minuscule amount of time. But it's not to t=0 and it's not beyond t=0. Scientists exploring quantum gravity explanations are trying to get around this so we can get ever closer to t=0, but so far have not been able to come up with a coherent theory. If that's a strong hint, then here comes the sledgehammer. Every successful physical theory only describes what happens after the universe comes into being. Science cannot, by definition, describe what caused it; it cannot go beyond t=0. Why? Because the cause is outside the universe. Observation and experimentation are key parts of the scientific method, but how would science ever be able to study something beyond the universe? What method would you use? What instruments? It's not lack of imagination, it's literally impossible. The best we can do is make logical inferences about the cause based on what we do know scientifically and philosophically, which is what Piers did. It's what I do. It's what anyone who invokes the multiverse does. It's what a lot of theologians, philosophers, and scientists do. I don't dislike NdGT. I actually kind of like him, and I appreciate that he distances himself from the atheist label. But, ironically, he's the irrational one in this conversation if he thinks science will close the gap about the origin of the universe. That's not just faith, that's blind faith.

My husband set the standard.

@isaiahhole Eating paint chips may lead to side effects, such as posting moronically on CBR

Being this wrong on the internet is a choice

An “unofficial community-maintained fork of historical GTK2” has been started, and is hosted over at the Devuan project. It is, essentially, GTK2… with a few key updates to allow it to build on modern systems. The core benefit here would be in being able to continue building and supporting GTK2 software (which there is a LOT of), running on X11, on modern systems. No Wayland. None of the GTK3+ bloat. In fact, multiple people are already talking about using this to fork and build pre-GTK3 versions of GTK based Desktop Environments (such as MATE/GNOME and XFCE). The developer makes a point of saying that this is “Not affiliated with GTK or GNOME” and is still searching for the right name. “Good Tool Kit” appears to be the leading suggestion. At the moment it is simply “GTK2-NG”. git.devuan.org/Daemonratte/gt…

This is my Father’s world Oh let me ne’er forget That though the wrong Seems oft so strong God is the ruler yet!

I need someone to convince me not to buy the 25th anniversary UV-5R

"But I don't feel loved by God." Good news. The Lord didn't give us a feeling. He gave us a promise.