2·
11 days agoThat one’s especially egregious because the Direct Rendering Manager handles displaying things to the screen, where you might have Digital Rights Management involvement in the form of HDCP support, etc.
- 0 Posts
- 203 Comments
Joined 2 years ago
Cake day: June 22nd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
That’s already how it functionally worked for each major release
Here’s their previous strategy: https://web.archive.org/web/20220917195332/source.android.com/docs/setup/about/codelines
Google works internally on the next version of the Android platform and framework according to the product’s needs and goals
When the n+1th version is ready, it’s published to the public source tree
The source management strategy above includes a codeline that Google keeps private to focus attention on the current public version of Android.
We recognize that many contributors disagree with this approach and we respect their points of view. However, this is the approach we feel is best and the one we’ve chosen to implement for Android.
As far as I can tell, this would really only affect QPRs, since the public experimental branches that get made after they throw the next release over the wall is going away
15·1 month agoOracle happened to it
All the devs went to LibreOffice after that
I agree, but the wording of that is imprecise…
Google reimplemented the same API (which should be legal) but “use” sounds like they called Oracle’s implementation of the function
Oracle tried to argue that writing your own virtual machine with the exact same same interface as theirs (even a clean room reimplementatio, or an improved version) was copyright infringement
If Oracle had won, it would likely have killed things like OpenJDK, WINE, Proton, Rosetta, etc. and would have made licensing around OpenGL/Vulkan very confusing (for a few examples)
Kind of seems like they simply installed this dude’s tarpit from a few months ago
Where did Microsoft put an official announcement saying the statement from an official Microsoft employee, Jerry Nixon, speaking at an official Microsoft conference, Ignite, was incorrect?
Edit:
When reached for comment, [Microsoft] didn’t dismiss them at all
Recent comments at Ignite about Windows 10 are reflective of the way Windows will be delivered
https://www.theverge.com/2015/5/7/8568473/windows-10-last-version-of-windows
Yes, in the sense that every device you own has these same commands
The alarmist of the original was that this was somehow unique to the esp32
If your device has Bluetooth, it has these commands
I agree, but unfortunately, this has become common since Heartbleed, and they seem to be able to sell their snake oil to CTOs…
The article is a security company trying to hype their company with a theoretical attack that currently has no hypothetical way to be abused
The article has an update now fixing the wording to “hidden feature” but, spoilers, every BT device has vendor specific commands.
The documentation of the part just wasn’t complete and this companies “fuzzing” tool found some vendor commands that weren’t in the data sheet
The China part just came from OP
If they’re being shared as disk images, basically every Blu-Ray has an embedded Java program, also
You can even trivially run your own server on an old Raspberry Pi.
I used to run one on a Pi 2 that would regularly have ~100 concurrent users without any hiccups
That’s separate from what OP is talking about. The on-device encryption is decent
For data on Apple’s servers (which they push icloud by anemic device storage…) Apple themselves publish that they give access to user accounts 90% of the time in the US
Finding a searxng instance and entering a random search term, the first 10 pages of results all came from google.
Checking the preferences, there were 4 search, and 6 of the other toggles enabled.
Even enabling all engines and rerunning the search, the first 13 results were listed as google
Is it meaningfully different from this offering if all the results it picks seemingly come from Google?
If I disable all but mojeek and qwant, all the results came from mojeek
That may be the best option right now, but it’s still a far cry from an upstreamed device
They aren’t able to support devices longer than Qualcomm and Google maintain the random out-of-tree drivers for a chipset, and even state such in their “legacy support” for harm reduction
- They don’t offer the government a “backdoor” to make it easy to decrypt user data.
Is what’s being discussed. Since Apple has a backdoor in the default configuration of their phone, they’re able to comply with 90% of all data requests.
The UK is demanding they remove the option to disable the backdoor in their encryption
You can kind-of sort-of use local only, but Apple makes that very inconvenient and almost 0 users do
Your definition of “rolling over” is different than mine. … What would you have them do differently when the warrants issued are valid in the legal sense/approved by a judge?
Again, your comments are agreeing with their decision to not allow full end to end encryption.
I would have them not able to decrypt my data at all
Sure, but if that’s your only concern, then you aren’t really concerned that the toggle is removed in the UK, either
The report is that Apple is removing the user’s ability to disable Apple’s back door, and you asked for evidence that they roll over for law enforcement
If you want governments to have access to a backdoor to what Apple touts as “Privacy,” your initial question doesn’t make much sense
I don’t know about other countries, but Apple itself reports that it provided access to customer accounts at the US government’s request 90% of the time
In the default configuration of iDevices, the US already can
This seems more around the UK wanting to spy on its own citizens more easily
4·2 months agoI’ve gone through and responded to the other top level comments as well, but another massive issue you could add to your edit is that servers can detect
curl <URL> | shrather than justcurl <URL>and deliver a malicious payload only if it’s being piped directly to a shell.There’s a proof-of-concept attack showing its efficacy here: https://github.com/Stijn-K/curlbash_detect
My naive reading is the difference here is HP slapped a discount sticker on it without changing the price.
Where Kohls, et. al. set the price extremely high and then always have it “on sale.”
Now, how companies get away with doing the same thing for Black Friday, no idea