But you can, in fact, be too careful. Availability is one arm of the security triad.
If whatever complex configuration you have set up to avoid exposing something to the Internet is incompatible with something and what you wanted to do can’t be done, or if you look and see that setting all that up would be too hard and don’t bother to expose the service at all, then your security posture is incorrect because your service is just as unavailable as if someone else broke it.
That certainly sounds like a thing you would want, nay need, to fix.
This is just https://xkcd.com/2347/ but the person in Nebraska has been replaced with a new one and neither uses capital letters.
It could probably change the language selector.
If I’m an elite hacker spy who works for the hacker spy division of the Chinese army, am I going to change the system language of the thing I am hacking to Chinese and forget to change it back?
Mostly so they could say they did.
You don’t do the development on the board.
It would definitely reduce the attack surface. And even though Windows has “security” issues patched all the time, rarely are they ones so severe that you can just roll up to a machine and send it a weird HTTP reply and get admin access. Usually it’s stuff like if you have a shortcut file on disk it gets to run code when you look in the folder, or something. Not great for working with downloads, but hard to exploit unless at least one other thing happens (like visiting a malicious page, which then starts a download that the browser accepts).
But the browser calls out to the OS to do a lot of stuff (render images, render fonts, play sounds, etc.). It mostly assumes the OS can do those things without popping open a remote shell because too many emojis were rendered in a row or something. That is not always true, and when it isn’t you want an OS patch to fix it before you go on a site where someone can post the Magic Emoji That Hacks You.
But you are right that you can browse around trustworthy websites on an unpatched system behind a decent firewall for quite a while before you notice something bad happening. But also, a lot of bad things can have been happening for quite a while before you notice.
Why does Anthropic think they need a JS runtime though? Are they just like “well Microsoft has a command line tool for installing JS packages so we need one too”???
Probably only some people need the complexity of the category system, and if it’s off by default, people who don’t don’t need to understand it to accomplish what they want to with their notifications.
I don’t think there can be that high a density of fascists. sh.itjust.works just voted overwhelmingly to defederate some kind of MAGA nonsense instance. Mostly it seems like nice folks overhere who know fascists are bad news.
It might be full of individualists with no grounding in Marxist theory, of the type that much annoyed Vladimir Lennin. I couldn’t tell you because of my poor grounding Marxist theory, and I don’t see that as a problem because of my individualism.
I think it has something to do with your brain playing both sides of the dream. You are coming up with how to react, but you are also at the same time coming up with what happens next. So if you dream a lion and you are like “uhoh, what if the lion tried to chase me, that would be a problem, I’d have to run away,” then you’re now dreaming about a lion that is chasing you and how you are running away.
Or plants. Or whether you should shout at people. Or sort of the concept of women.
Nah, that’s an NPU.
The graphics stack is better, but the security isolation is IMHO solving a problem no one really had, at the cost of breaking a bunch of integration mechanisms people actually used.
You want UI security isolation for something like Android, where most software being run is fundamentally opposed to the interests of the user and wants to steal anything not nailed down, and you also contain things at the file system level. If Facebook could screenshot every other app all the time it absolutely would, and people would download it anyway. To some extent the enforceable promise that it can’t do that is why people are still willing to download it anyway and let it do all the other things it does to compromise a system.
In a distro shipping legitimate software, isolation at the desktop UI level is nice for defense in depth, but not really drawing a real security boundary around any program to the point where a user can trust a machine with malicious software running. It doesn’t matter if I can’t steal Firefox’s pixels if I can echo "export PATH=$HOME/.evil-firefox/bin:$PATH" >>~/.bashrc.
This sounds like a bug in the distro packaging of the module, or maybe in Grub. You don’t want to try and install any kernel package, or make your default boot option any kernel package, that the wifi driver package doesn’t declare compatibility with.
But nobody’s package manager knows to do this by default when the driver package is installed, and most packaging systems might not even be able to articulate that constraint.
Now I’m thinking with portals.
I don’t think it is right to trivialize rape like that.
I don’t think the burden should be on users, but I do think some of the burden should be on the press. If the press just assumes Google is up to no good and never does the investigative reporting needed to show it, we will miss out on having very politically useful evidence.
I don’t think ActivityPub is set up for one server storing and forwarding a whole feed of everything, like Usenet. Right?