![](/static/66c60d9f/assets/icons/icon-96x96.png)
![](https://fry.gs/pictrs/image/c6832070-8625-4688-b9e5-5d519541e092.png)
https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign
Here’s the actual security advisory, which contains much more information than the fluff article about it.
No relation to the sports channel.
https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign
Here’s the actual security advisory, which contains much more information than the fluff article about it.
People pay for this?
Cutting someone’s brake lines has been a means of assassination for a while. What’s new here is that it could potentially be done remotely, e.g. an attacker in Bucharest targeting a victim in Seattle on behalf of a payer in Moscow.
Other way around. Unsupervised OTA updates are dangerous.
First: A car is a piece of safety-critical equipment. It has a skilled operator who has familiarized themselves with its operation. Any change to its operation, without the operator being aware that a change was made, puts the operator and other people at risk. If the operator takes the car into the shop for a documented recall, they know that something is being changed. An unsupervised OTA update can (and will) alter the behavior of safety-critical equipment without the operator’s knowledge.
Second: Any facility for OTA updates is an attack vector. If a car can receive OTA updates from the manufacturer, then it can receive harmful OTA updates from an attacker who has compromised the car’s update mechanism or the manufacturer. Because the car is safety-critical equipment — unlike your phone, it can kill people — it is unreasonable to expose it to these attacks.
Driving is literally the most deadly thing that most people do every day. It is unreasonable to make driving even more dangerous by allowing car manufacturers — or attackers — to change the behavior of cars without the operator being fully aware that a change is being made.
This is not a matter of “it’s my property, you need my consent” that can be whitewashed with a contract provision. This is a matter of life safety.
This has been going on for over 25 years now.
The kind of people who go into business building censorship software turn out to quite often be the kind of people who think feminism is a hate group, atheism is a cult, birth control is a dangerous drug, evolutionary biology is political extremism, and therapists are child-molesters. As such, it is unsurprising that this software’s behavior has quite often reflected those views.
If you threaten violence to people for calling you a fascist … you might be a fascist.
If someone sells something to you and then takes it back later, that is theft.
Obviously, trivially, blatantly false, because the AI safety people have been at it since long before there was anything to market. Back then, the bullshit criticism was “AI will never be able to understand language or interpret pictures; what harm could it possibly ever do?”
Fortunately, they also killed the mindbogglingly stupid idea of forcibly hiding https://
in the address bar. (It may be off by default, but you can turn it on.)
Also, TCP/IP requires that the server receive your IP address (or that of a proxy, VPN endpoint, etc.) so that it can send the response back. Opening a new browser window doesn’t change that.
Even though going incognito prevents Chrome from saving cookies, site data and your browsing history, it doesn’t actually prevent websites or your internet service provider (ISP) from tracking you and knowing what you’re up to online. This news comes as a shock to many Chrome users but privacy experts have long warned that the browser’s incognito mode isn’t as private as you might think.
Know where else you’ll find that same warning?
On every new incognito window in Chrome.
It’s been there for years —
Your activity might still be visible to:
- Websites you visit
- Your employer or school
- Your internet service provider
One of these, “free credit report”, is additionally full of scams. Here’s the FTC on the issue.
AI safety folks have been warning about the predictable disastrous consequences of turning economic power over to unethical AI systems for many years now, long before deepfakes, predictive policing, or other trendy “AI dangers” were around.
They don’t index Wikipedia. Why not?
Create a new community. Host your own instance.
Some of these names (like OpenVMS) are from before the term “open source software” was coined (which was in 1998). They refer instead to “open systems”, meaning computer systems with published specifications, interoperable hardware, portable software, etc. – things that might seem like obvious choices now, but were not in early business computing.
“Hey, George? Can you send me a hundred bucks?”
“Password ass-sword? Gay geek goat god goon gout, Galaga Gaelic Gorky?”
“Hemp hops hoop harangue horny hope hobags, hyper Hungarian hippies.”
“Infinite Ixian idiots incinerate imbeciles in interesting inquisitorial igloos.”
“Just joking! Jerboas jaunt jerkily, just juxtaposing jinn, janky jobs, and jalopies.”
“What’s the password?”
“Always Swordfish.”
“Okay fine, come on in.”
Put another way, spam sites have become more effective at defeating anti-webspam measures.
For context, check this poster’s other recent works. They have a mistaken belief that they stand in a position of power & authority over the developers of free software they use.
I quit software but I still grow beans!