Show newer

Chrome is designed to let google spy on you in order to serve behavioural ads. So it should be no wonder third parties are using it to inject malware into your devices. The only reason these are "exploits" is because someone other than Google, the world's largest advertising company, is using them.

darkreading.com/vulnerabilitie

This is incredibly cool. #Firefox adding on-device translation is a huge step forward for #privacy, and eliminates one of the last reasons I had to use a chromium-based browser.

liliputing.com/firefox-118-bri

SCOOP: Footage from a food delivery robot in Los Angeles was given to the LAPD and used to secure a criminal conviction, according to internal emails I got using a public records request

404media.co/serve-food-deliver

This lightning-to-HDMI adapter designed to look like an Apple product is the worst gadget I have ever tested: It demands your location, browsing data, access to photos, and spams you with ads. Requires power and is detected as a "computer."

It's so bad that I am actually impressed a product like this actually exists. These things are actually out there in the wild. Lots of people say they inadvertently bought on Amazon

404media.co/i-tested-an-hdmi-a

@DosFox@tech.lgbt Beautiful work. You set an excellent example and I hope we see a flourishing of hardware reproduction as processes become more accessible

guys, there's this elephant? in the room? is there --- what's ... the deal with that?

Ugh. Google has patched yet another 0day in yet another media-encoding library that's nearly ubiquitous. Libvpx is in a ton of Linux projects (citation: pastebin.com/TdkC4pDv). Wikipedia says it's used by YouTube, Netflix, Amazon, JW Player, Brightcove, and Telestream. It also appears to be used in iOS.

If anyone has reasons to think this vulnerability is limited to Chrome, please let me know. Preliminarily, though, I'm inclined to think this is yet another vuln under active exploit that's going to make a ton of software vulnerable to RCE exploits.

The 0day is tracked as CVE-2023-5217.

chromereleases.googleblog.com/

This is important. My mother is currently facing substantial issues regarding her arms, making it difficult for her to effectively operate her keyboard for work. Her computer is running on Fedora Kinoite, and she's in need of reliable voice dictation software to facilitate her job comfortably.

While I'm currently assisting her, it's not really a sustainable long-term solution. If anyone is aware of a high-quality speech-to-text software, preferably one that can function offline and is open-source, please do let me know. This is crucial because the content of her work is confidential, and we need a reliable and secure solution.

Boosts are welcomed.

#Accesibility #AskFedi

Has anyone started an "enshittification watch" website?

Like, just list every notable company or service with a slider bar showing where along that curve they currently fall, with links to notes, analysis, and receipts.

Who is resisting, who is at risk, who is sliding, and who is too far gone.

It's clear that it's gotten much riskier to rely on quite a large swath of the commercial tech landscape. If that's the game they're going to play, seems like we should at least be keeping track with intention so folks can make informed decisions.

@zekuzelalem In fact, judging by Jeff's feed it sounds like there are some problems going on at the moment.

@zekuzelalem At least on first glance, the "Log In" button on their site appears to initiate a delegated OAuth2 authentication flow. This means that login page should be for logging in to your own server (check the URL), which then confirms your consent and sends only the listed information ("accounts") to the requesting website. I would still strongly recommend your critical review of their platform, however. Thanks for raising attention to this practice, it's certainly one way to verify ppl...

[Announcing] fossilphant — a static-site generator to self-host your posts from Mastodon archives github.com/swaldman/fossilphan

Check out examples, themes with paging mchange.com/projects/fossilpha or as one tall page mchange.com/projects/fossilpha

My current instance is sunsetting, and I want to make sure the banalities I posted here remain forever public.

If you are in similar straits, I'd love it if you gave this a try!

cc @isomorphismes @jpkoning @mattlehrer @paulgp

#scala

Who's 👏 ready 👏 to 👏 be 👏 disillusioned??? 🙏

In a pinch, I once ran my trailer's lights, furnace blower, and water pump -- sparingly -- through a cold winter night, on that first 1500VA unit. It had no trouble turning that water pump to full pressure even halfway through discharge. Really respectable performance.

Show thread

FWIW my experience with CyberPower UPSes has been excellent; the first PFCLCD1500 I bought went ten years before it blew an IC. Customers are thrilled with them. APC is a speck in the rear view mirror but a Tripp-Lite double conversion unit is likely my next upgrade. Remember ... all line-interactive power supplies have limitations, and a little $40 750VA battery box is no less prone to defects than any other.

CISA, the FBI and NSA just jointly published a report on the threat from deepfakes. It's a fairly comprehensive look at deepfake threats to date, and includes some recommendations for how to spot and anticipate them.

media.defense.gov/2023/Sep/12/

@Lazarou @cstross

hardwired analogue telephones can be altered to allow electricity through to the microphone whilst on hook, sounds in the room are relayed back to the Telephone Exchange and monitored (whilst not altering the normal working of the telephone). It was a common tactic in East Germany (all the phones were wired this way) but did also get used against selected targets (usually political activists) in Western Europe (link below shows this on a UK phone)

flickr.com/photos/rtnvfrmedia/

@YoteDragon My God. It's perfect. I was not prepared for how incredibly you this would be

Apropos of nothing, you should know that Godot Engine is amazing and will make you seriously question why to keep using proprietary game engines.

Show older
Hellsite

The hell site