Pup Biru

the zip file itself might also be generated (you can just tack random garbage into places in the zip format and it’ll be ignored - which is extremely quick to do), in which case the hash would change… the file itself is important in case it’s an exploit in the unzip program itself, but also the contents of the file is important

not entirely true. if the file downloaded, windows does a bunch of “helpful” things with files… these are almost certainly benign (eg rendering thumbnails, getting metadata about certain file types) but almost anything is potentially exploitable (eg overflow in thumbnail generation code could lead to code execution just from browsing a website and then opening your downloads folder in explorer)

drive-by attacks don’t just effect the browser

with that said, it’d be a huge deal if this was the reality of the situation… it’s highly unlikely, but zero days exist, and the possibility is always real

i say this because this has been exploited in the past with exactly the same scenario: preview generation

this part of the DMA only applies to “gatekeepers”, which are very large providers. the biggest barriers to being a gateway are (imo) turnover of > €7.5bn, 45m active monthly users in the EU

now that’s what i call molecular biology!

meta and ctrl switched, because if there’s something apple did right it’s using the thumb as modifier key for copy/paste/etc instead of pinkie finger which is far FAR less able to deal with repeat strain

but i also type programmers dvorak because i got pretty horrible wrist pain at one point so anything to stop me damaging my wrists :p

i mean i assume good luck landing without prior experience in general … surely it’d be easier for someone over the radio to walk you through setting some auto things correctly than walking you through how to land?

+1 davinci… it’s incredible what you get in the free version, and the studio version is getting more and more worth the money in a value add way rather than a need it way

i’m fairly sure it’s untrue yes but didn’t want to comment that because i don’t know for sure, and honestly it’s a little null and void because they definitely do broadcast all kinds of bluetooth stuff which is equally trackable (though i guess with all the wifi location data you can correlate someone in the store to where they live pretty much perfectly accurately where bluetooth info is less useful in that regard)

i’m 99% sure your phone scans for available wifi networks, sees one it knows and then connects, but i could see a situation where it’s 2s faster to just keep trying so for a “good user experience” some shit company decided to start doing it… but i’m pretty sure for apple pr google that’d result in a CVE

to really hammer home this “many ways to hide”: the PDF is kinda just like a container… it contains other things like images (the patterns for example)… these patterns are probably vector graphics (made up of lines rather than pixels)… this means you can magnify them basically infinitely… and they can contain transparent lines and all sorts of things. they could easily embed that same text in the SVG image, at tiny scale (less than a pixel at 100% scale), and make it transparent… no PDF editor is going to touch the image data: it simply doesn’t really understand it to that degree - it’s an image; not a PDF after all… so that information will remain even after you’ve removed all visible/reasonable marks

this is just 1 example of practically infinite places it could be - and remember, this text is just lines in an image! it’s not like you can ctrl+f for the text necessarily… you’d have to go through every image manually and inspect every single line, and even then there are no guarantees (perhaps they encoded that information like morse code in bumps in some lines that are only barely visible at 1000% magnification)

Would or is also a really good way to sniff WiFi passwords. If anybody says “Well yes, I am indeed $HOME_NETWORK_NAME” your phone just hands them the password.

okay that’s very untrue… wifi passwords aren’t really passwords; more accurately they’re pre-shared keys… they are used to generate the encryption parameters used to talk to the AP. the password is never sent over the air, and there’s a 4-way handshake

i think they’re 2 different, but equally important things to protect against

shit companies using your information is almost guaranteed so you want to protect against that, but FDE does nothing for that

but losing your laptop with an unprotected disk can be catastrophic for your life… your entire browser session (so probably your email, and therefor password resets and confirmations), any cloud (or self hosted storage with saved credentials) storage that you have… idk about you, but the contents of my disk are plenty to steal my identity even without needing to social engineer, and with my email and other bits of info that’s plenty to social engineer probably anything up to and including a passport

training an LLM on chats might make you feel dirty, but an unencrypted disk can ruin your life for years and cause problems potentially forever

corpos aren’t who you’re protecting against with encrypted drives… they’re not going to gain access to anything via bypassing your OS: they get everything via software you’ve installed or things like tracking

the main thing you’re protecting against with encryption is theft (or if you think you’re being physically targeted, it also stops them from modifying your system… eg replacing your kernel or a binary that gives them access somehow)

uncommon on earth is common in the galaxy/universe

…button

i KNEW pansexual meant what i thought it meant!

the mozilla foundation is largely responsible for the whole adtech and ai slop nonsense that nobody asked for

the mozilla corporation is responsible for firefox. there is no way to support firefox development

we have meaningless standards for a lot of things… just ask someone on the spectrum what they think of social norms and they’ll have a huge list of things that don’t make any logical sense that people just do

i’m not saying it’s right, but it’s just something that humans do

it’s the same kind of statement as saying that, for example, politicians should wear suits… we tend to have expectations that everyone is dressed to a similar level for the context they’re in. in public, that expectation tends to include a shirt of some kind. shirtless is a similar level of “should have to” as arriving at work or a party dressed too casually

imo in this case the offence wouldn’t be the “a bit rude” part: nobody likely got fired for speaking another language before the rule… the offence would be breaking company policy/rules

yeah viable is such a variable concept

i guess like… i have a friend that is a lab tech, and he vibe coded a stand alone HTML and JS page for their team to take CSV and filter it… the excel process they used before was horrendous… in that case, i guess that’s a viable product: it works, isn’t buggy (or at least bugs will become well known and able to be manually avoided or worked around)… i’d say that’s an MVP but wouldn’t be so if you wanted to productise it