Date: Tue, 17 Oct 2023 03:17:36 +0300 From: turistu To: oss-security@…ts.openwall.com Subject: with firefox on X11, any page can pastejack you anytime...
The federal government was tackling the problem of how cities build homes. This includes pushing municipalities to build more fourplex and mixed housing units....
I’ve only subscribed to YouTube Premium for the past two months, and I like the ad-free experience and Music streaming bundled in one price, PHP159 or $3/month. Will this probably my last? Yesterday morning, Google automatically charged me for my YouTube Premium subscription through my e-wallet service....
Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned.
In addition to own new code, bundled copies of libraries in packages introduces net new attack surface which isn’t patched via the regular distribution security patch process. The image decoding lib that allows remote code execution now exists in flatpaks independently from the one in /lib. Every flatpak vendor that contains it has to build and ship their own patched version of it. This is even more valid for any other libraries flatpaks include that don’t exist on the system. The most widely used Linux OSes come with security patching processes, expectations and sometimes guarantees. This new attack surface breaks those and the solution is security sandboxing. This approach has been proven in mobile app packaging and distribution systems. Android is a great example where apps are not trusted by default and vulnerable ones rarely cause collateral damage on otherwise up-to-date Android systems. This is an objective problem with the out-of-band distribution model allowed by flatpak and snap or any similar system, whether you care about it or not personally. It’s a well understood tradeoff in software development. It has to be addressed as adoption grows or we risk reducing Linux security to the levels of Windows where apps regularly bundle dependencies with no sandboxing whatsoever.
Remember how canceling the gas plant was such a big deal? I bet the apologists will be out in force explaining how the fact that we are on the hook for this abjectly corrupt effort to transfer billions of dollars of unearned benefit to Ford’s wealthy developer friends/donors is, “ToTaLlY dIfFeReNt.”...
But seriously, I think it’s clear for anyone who’s following, that we’re way beyond that at this point. I’m pretty sure we already topped the gas plants losses during Ford’s first mandate with the cancellation of green energy projects and such.
Possibly for the tweet by one CUPE account on Twitter which said something like “Palestine is rising” on the eve of the Hamas attack. I think it subsequently got deleted and rightfully so.
VLC was once the best in class. Not only was it a great piece of legacy software, the Android team were so passionate that they took that reputation and all the expectations that go along with it and exceeded it....
Is consider what runs on those chipsets and how long their software support is as equally or even more important than the chipsets themselves. E.g. now we have Tensor G3 devices that run near-stock Android with 7 years of support. Tensor G1/2 have 5 years. Critically this software support translates to third party Android OSes too as they can grab the latest vendor source and firmware from the stock ROMs and use it in their own.
Typically you can compensate for the lack of micro adjustments by varying the dose. E.g. of the next finer step is a bit too fine, drop 0.5-1g from the dose to balance the flow rate. Of course you need a scale for that but I assume you’d want to have a scale anyway, even if it’s a more general cooking scale. Am I wrong?
The difference between pre-ground and grinding at home where you can adjust the grind should be significant. Haven’t used Encore ESP but it should be fine. It seems like the default choice performs well while not breaking the bank. I’m using a Sette 30 but I bought that second hand.
At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.
What could possibly go wrong with running precompiled binaries that were linked to a set of precompiled libraries with a completely different set of precompiled libraries.
Not the locations. The versions. Your libssl-1.0 isn’t the same as mine. There often are differences in major, minor or patch versions. There even are differences in compile options where a feature present in one is not compiled in another. E.g. ciphers available in libssl.
It’s unsurprising given the high level of homeownership in Canada which is leveraged for investment in housing. Over 40% of newly built condos in Ontario went to investors. Most of those investors aren’t corporations either. They’re mom and pops looking for retirement investment.
Statistics Canada confirmed last week that 351,679 babies were born in 2022 — the lowest number of live births since 345,044 births were recorded in 2005....
The survey of 1,500 working Canadians, including 81 per cent full-time workers, found the number who considered themselves financially stressed has jumped by 20 per cent in a year.
Same as sending or deleting messages. An edit is just another message that the clients interpret differently. They modify a previous message instead of showing it as a new one.
As Thomas sees it, “in the South, you have a lot of scared people that don’t know much about a union because they’ve been raised to be against a union.” But he said the Big Three strikes make now a “great time” for the UAW to ramp up organizing, including at nonunion plants.
There should be improvements in the idle battery life department along with the camera. Probably not earth shattering. Pixel 6 Pro is still a completely competent device and likely will be till the end of its update lifespan and beyond.
Every Pixel so far has been supported for as long or longer than it’s official support window. This isn’t a free chat app. It costs a lot and it comes with warranties and expectations for true spec sheets.
How’s the Manitoba NDP in policy direction? Center-left, left, very left? I know there can be significant differences between provincial parties by the same name. E.g. the BC Liberals are a bit like Ontario’s PCs.
With Firefox on X11, any page can pastejack you anytime (www.openwall.com)
Date: Tue, 17 Oct 2023 03:17:36 +0300 From: turistu To: oss-security@…ts.openwall.com Subject: with firefox on X11, any page can pastejack you anytime...
Canadian government is starting to take action in rezoning cities in hopes of building more homes and finally bring back the "missing middle" in housing. (globalnews.ca)
The federal government was tackling the problem of how cities build homes. This includes pushing municipalities to build more fourplex and mixed housing units....
What the heck, YouTube?
I’ve only subscribed to YouTube Premium for the past two months, and I like the ad-free experience and Music streaming bundled in one price, PHP159 or $3/month. Will this probably my last? Yesterday morning, Google automatically charged me for my YouTube Premium subscription through my e-wallet service....
Hackers Stole Access Tokens from Okta’s Support Unit (krebsonsecurity.com)
Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned.
Google Pixel 8 Pro Teardown: The Closest Look at the Unique Thermometer Feature (www.youtube.com)
The Flaws of Flatpak - What do you think about Flatpak Security? (youtu.be)
Are you using Flatpaks?...
Choppier on Pixel 8 Pro versus Pixel 6?
Anyone else come from a regular Pixel 6 over to a Pixel 8 Pro notice that the games are a bit choppier?...
Canadian politicians are starting to grapple with the ramifications of the Israel-Hamas war (www.cbc.ca)
Supreme Court rules environmental impact legislation largely unconstitutional (www.cbc.ca)
Analysis: Canada may struggle to recoup $26 billion cost of Trans Mountain pipeline (www.reuters.com)
Mississauga city council decides against fourplexes, move 'very concerning': federal minister (www.cbc.ca)
cross-posted from: lemmy.ca/post/7083978...
Google Pixel 8 Pro Display test - DXOMark (www.dxomark.com)
cross-posted from: lemdro.id/post/2209246 (!googlepixel)...
Ford's Greenbelt flip-flop could spell legal trouble for taxpayers, lawyers say (www.cbc.ca)
Remember how canceling the gas plant was such a big deal? I bet the apologists will be out in force explaining how the fact that we are on the hook for this abjectly corrupt effort to transfer billions of dollars of unearned benefit to Ford’s wealthy developer friends/donors is, “ToTaLlY dIfFeReNt.”...
The housing crisis is not just a supply issue. Here are two solutions to fix demand (www.theglobeandmail.com)
People are finally talking about shifting income tax to take some of the money out of the housing market:...
CUPE statement on violence in Palestine and Israel (cupe.ca)
What Cloud storage solution do you swear to?
Let’s discuss cloud storage solutions!...
October 2023 Pixel Shipping Megathread
Just got a Google email saying my order has shipped via FedEx from Carol Stream IL....
Lemmy.ca server stats for Oct 2023
Hello all and Happy Thanksgiving!...
VLC used to be epic, now not so much. What do you recommend?
VLC was once the best in class. Not only was it a great piece of legacy software, the Android team were so passionate that they took that reputation and all the expectations that go along with it and exceeded it....
Review: Framework Laptop finally gets an AMD Ryzen config—and it’s pretty good (arstechnica.com)
Coming from an SD 860, Which Chipsets are as Powerful or more Powerful?
Coming from an SD 860, Which Chipsets are as Powerful or more Powerful?...
We Have Here, in Africa, Everything Necessary to Become a Powerful, Modern, and Industrialised Continent: The Fortieth Newsletter (2023) (thetricontinental.org)
How is Baratza Encore ESP as grinding machine for espresso?
Hello again, After getting Gaggia Classic Pro Evo in August 2023, I have been using pre ground coffee from my local coffee shop....
The Response to Google's 7 Year Pixel Update Promise is Getting Weird (www.droid-life.com)
23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews (www.wired.com)
At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.
i hate that it's very often like this (sh.itjust.works)
75% Of Provinces Have Housing Ministers Invested In Real Estate (www.readthemaple.com)
Canada’s birth rate has dropped off a cliff (and it’s likely because nobody can afford housing) (nationalpost.com)
Statistics Canada confirmed last week that 351,679 babies were born in 2022 — the lowest number of live births since 345,044 births were recorded in 2005....
Canadians are facing a ‘financial storm,’ and experts say it’s time to plan ahead (globalnews.ca)
The survey of 1,500 working Canadians, including 81 per cent full-time workers, found the number who considered themselves financially stressed has jumped by 20 per cent in a year.
Stable Android 14 OTA is rolling out now (lemmy.one)
Edit Message in Signal Beta (and stable?) (lemmy.ca)
Edit Message...
Nonunion autoworkers are watching the UAW — and deciding whether they want in (www.nbcnews.com)
Google Pixel 8 and Pixel 8 Pro released. Thoughts?
Google Pixel 8 (128GB): $699 / €799 / £699...
Pixel 8 to have seven years of Android updates (www.theverge.com)
Now this is nice. Hopefully 3rd party manufacturers can also provide a longer life span for the device.
Pixel 8 series MEGATHREAD
Livestream:...
Manitoba NDP win majority, CBC News projects (www.cbc.ca)
Woo!...