We don't know the details of the implementation. In particular, it may only work on unactivated/unregistered phones. (That would be a reasonable protection, anyways.)

Also, I doubt the device itself is the source of the new firmware -- that probably comes from the Apple servers on the Internet, and of course they'd have to be cryptographically signed as they always are. (That said, how do the devices get access? Connect to a specified (or default) WiFi network?)

Either way, assuming that Apple makes it so the forced upgrade only happens when the phone isn't activated yet, the biggest exploit I see here is that an attacker could cause a phone that was turned off to burn through its battery faster by repeatedly turning it on. (And each time the phone realizes that it's already been activated and so this is not supposed to work and turns itself off again.)

id.me certainly works worth a shit.

That said, it's highly intrusive, since it doesn't just verify your age -- it verifies your identity (and your age is just a part of that), or to use the words of the person you were replying to, "it's that any age verification that works worth a shit basically kills privacy online."

I'm not sure how any age verification system could be made that didn't verify your identity, but it's not like we have to go far to find a working system that verifies one's identity (and therefore their age.)

You seem to be suggesting that the cheat detection is just a performance thing? It's not.

There are some forms of cheating that can be detected at the server level, and they probably are. You fired more ammo than you've got? You defied gravity in ways that the game doesn't allow? You took fatal amounts of damage but never entered the code path for death on the client side? Your aim is absolutely 100% flawless? Those sorts of things they can probably detect at the server level.

But there's a bunch of cheats that the server can't detect. You've got a mod that lets you see through walls? That highlights enemies so they'r easier to spot? That shows secrets that your client is aware of but isn't supposed to show you? That looks at what's on the screen and nudges your reticle over towards the face of your enemies without making it obvious? These things generally need to be detected on the client machine.

Now, if they were rendering the entire game at the server and displaying it back -- like you seem to be referring to with PSO2 -- then they wouldn't need to scan that for cheats, because all that code would run on their own servers and be untouchable -- but that is *not* how most people want to play FPS games, especially those who are playing competitively.

In SF, where they basically stopped going after shoplifting, less than 600 people did all the stealing. Most of those people were from out of town and had never lived in SF nor the bay area.

Interesting claim.

I have to wonder where these figures came from -- I mean, if nobody went after the shoplifters, how could we possibly know these things you're claiming?

Do you have a citation to share where I can read more details about how they figured this out?

I may not be the ideal person to ask -- I just read the summary and skimmed over the links given in it.

That said, the summary says "AMD has patches ready for its EPYC 7002 'Rome' processors now", and AMD's response talks about that and "AMD Ryzen 7020 Series Processors", so ... I guess yes?

I've got several Ryzen machines, but most are 2xxx so I guess they're not vulnerable, but one is a 5500 so I guess that is. It doesn't strike me as a large concern in my specific case, but it's easy to see common cases where this would be a huge problem.

They say the exploit can even be run via javascript (and presumably other sandboxed languages that we usually think of as safe), so it could be a viable attack even against a typical desktop machine only used by one person.

Also, even the /. summary makes it clear that Epyc is affected as well.

Well, they dumped 68040 for PowerPC, anyways. Intel came years later.

(To be more precise, they started using PowerPC chips in 1994, and started using Intel chips in 2006.)

They really have used a lot of very different processors over the years -- 6502, 65C816, 680x0, PowerPC, x86/x86_64. ARM.

"I Often Quote Myself. It Adds Spice To My Conversation." --George Bernard Shaw

(note: it's uncertain if he *really* said this, but it is attributed to him.)

I do live in Texas, and what you've described absolutely does happen here. Some people do buy electricity through deals where the price fluctuates with market prices, but many -- perhaps most? -- just pay the same rate per kWh no matter what. I know I do.

However, my electric company is the City of Austin. Austin can't go broke. Instead, they just raise their prices in the future to make up for the loss.

And even if the electric company is a private company, they can't really be going bankrupt either, and the State of Texas basically bailed them out, and people are still paying fees to cover the money lost back in 2021 with regard to electricity and natural gas.

Texas has laws against price gouging -- where you'll get sued by the Attorney General if you raise your prices even by 50% during an emergency -- but we make it OK for energy prices to jump by a factor of 100, when people don't even know about the price change until it's too late, and the state actually seems to encourage this? Clearly, the people who get rich from this are getting a good return on the politicians they bought!

Either 1) energy prices should not be allowed to jump anywhere near this much in an emergency, or 2) the end-users need to know, *in advance*, that the prices are going up significantly so they can adjust their usage accordingly. (And having the electric company pay the massive extra charge isn't any good either. Perhaps it's OK if the difference is 2x or so for a few days, but 100x? No.)

I do understand that these huge price surges encourage producers to be ready to produce in an emergency, but in practice, it's just a windfall for them and they don't seem to find it to be cost-effective to actually change anything to be extra ready for these emergencies.

Not as good as you might think.

We already saw how that turns out in 2021 -- your base bill is indeed 12 cents per kWh, but then you get hit with extra fees, sometimes called PCRF.

Of course, this assumes that the end users know how much turning their A/C on will cost them.

Back in the real world, they generally only learn about it when the bill arrives. Sure, the state might have been telling people to save electricity, but that's not the same as telling people "Electricity prices are going up by a factor of 100 today, and so using your A/C will cost you $1000/day instead of $10/day."

and go to a hotel for a day for a lot less.

Of course, all this does is shift the surprise bill to the hotel owner. And if the hotel owner knew about the higher price at the time, the room would cost $325/day rather than $75/day.

Yes, you are technically correct -- kids will not change their behavior to comply with this law.

But, if the courts don't throw the law out before it takes effect, the social media companies will have to adjust to it somehow, because failure to do so will likely have very expensive consequences for them. So on that level, it will have some effect, even if the kids themselves act like it doesn't exist.

I don't know how all this will ultimately play out, but if it's not thrown out then it will be the social media companies that make changes to comply with it, not the kids -- the kids will look for ways to circumvent whatever obstacles are put in their way, whomever puts them there. And if the law is enforced, it'll be enforced against the companies, not the kids.

Sure, but why?

The game includes lots of "flying around in space" stuff, but it also includes corporate espionage and criminal shenanigans, and this sort of thing sounds like it fits right in.

For the longest time, the package "ghostscript" came with a cool picture of a tiger.

Given that Postscript is actually an executable language, I guess there's a security risk there, though it *should* be tiny in most cases as it's a heavily sandboxed language.

Still, I'm not aware of this ever being considered a security vulnerability, though we certainly noticed the file, and it was often used as a sample thing to print and such.

It also doesn't seem to be included anymore :/

It certainly *should* -- and the text groups are small potatoes (size-wise) compared to the other stuff it archives.