We have very good reasons to distrust the virology community: Peter Daszak and the fact that he enjoys the support of that community.

-- He organized and signed the Lancet statement against the lab-leak theory, without disclosing his conflict of interest as a collaborator with the WIV.

-- He kept his EcoHealth Alliance 2018 proposal to insert furin cleavage sites into bat coronaviruses at the WIV secret, until it was leaked in 2021. A normal person would think it was obviously their moral duty to release any information potentially relevant to the origin of COVID. This alone made it clear Daszak cannot be trusted.

-- He has claimed that since the proposal was not funded, the work must not have been done. Every scientist knows that if you don't get funding from one source, you often pursue the work regardless.

-- A recent Senate hearing asked him whether he ever asked his collaborator Shi Zengli whether the work went ahead. He said he has never asked her. That's unbelievable unless he deliberately didn't want to know, in which case it's totally irresponsible.

The virology community and the NIH have closed ranks around this guy, so I don't trust them either.

(Former Mozilla Distinguished Engineer here FWIW.)

Parsing WebAssembly modules does represent a small increase in attack surface, and there is additional attack surface if the browser has a dedicated WASM interpreter or JIT compiler. But in Firefox, for example, the WASM optimizing compiler uses the same Ionmonkey infrastructure as the JS engine so there isn't much new attack surface in that JIT compiler. That is very different from say Flash which had its own entirely different compiler.

WASM applications use the same browser APIs as JS does, so there is no new attack surface there. That's a big deal and one of the benefits of WASM's design over say (P)NaCl.

Overall, yeah, WASM adds some attack surface, but not much compared to the rest of the browser. And it's all contained in the sandboxed renderer process(es).

By his own narrative, it wasn't creating PowerShell specifically that got him demoted. It was doing "unassigned" work during work hours.

He details that it was specifically that Microsoft did/does not have the 80/20 type thing some competitors have, where you get some time to free range random concepts and ideas, so some pissy middle manager got mad that he wasn't going through the whole project approval (you know, the let everyone comment on the color of the shed stage) and he got demerits.

*What is YOUR source for this. Do you even have one?*

THE PAPER THAT WAS SUBMITTED. They are very open about the *incredibly* narrow known threat model (basically ASLR pointer obscuring *in the same process*), albeit -- as all papers do -- opining that maybe there is something worse that could be done. These sorts of security papers come out by the dozen per year, and generally no, there isn't any further risk, and the latent risk is negligible to irrelevant.

To be clear, when security researchers are pitching a novel vulnerability, the foundation of their claim is a proof of concept, because the chasm between "well it could...." and the actual can be enormous. No proof of concept. Not even a vague inclination of the knowledge of how to make a proof of concept. And this issue has been very widely disseminated, every hacker group pounding on Augury -- theoretically it is trivial to exploit on an array of pointers -- and no one else has a proof of concept yet. Weird, right?

ROFL. Classic Slashdot. Good god.

"No bias there at all."

Because I have an M1 Mac I have a "bias"? Yeah, not really. I'm typing this on an Intel box. I have servers on AMD, Graviton 2, among many others. That's a modern life.

"Sources are people in the security industry in which I work."

ROFL. Yeah, no you don't. You are claiming ridiculous things.

These sorts of "you know it *could* hypothetically be exploited" (in a profoundly narrow sense) security papers come up by the dozens per month. The overwhelming majority have no real impact whatsoever. This one is particularly spurious.

The "amateur hour" bit in your comment was particularly hilarious, and betrayed that you're just some guy saying dumb stuff.

What source says it's "impossible to mitigate this"? Do you have even one?

Because the notion is preposterous. Not only is this largely a theoretical attack (I'm being generous by not calling it a fully theoretical attack), with extremely little real world consequences, mitigations are *trivial* if it were something real.

"I really want Arm on the workstation and server to succeed."

You seem to know literally nothing about security or chip design, and decided to post some tosser, laugahble anti-Apple screed. Me, I'll keep using my M1 Mac, and have been using ARM on the server for half a decade now. Hurrr.

They're using a payment processor. Meaning a third-party is converting cryptocoins to real money, and the real money is transmitted to Newegg.

Bitpay added dogecoin a month ago, so now they can milk this with every retailer that has Bitpay as an option.

Stallman is 68 years old. He's had plenty of time to learn social graces with or without assistance.

If he is unable to interact appropriately with other people and unable to learn how, then we can have compassion on him, but he is poorly qualified to be on the board of a public-facing organisation.

He's not referring to the transaction rate there.

Oops, a basic mistake just destroyed your credibility!

You're absolutely right. This just a hyperbolic attack based on a misunderstanding of what PWAs are.

Yes, and it's still there on mobile! The removal of SSB is only for the desktop.

It's a troll post. He doesn't even mention breakthroughs in distributed version control, CI, Rust, machine learning, the cloud, etc, that have changed everything.

https is about much more than just protecting "financial" or "security" information. For example people browsing over http can be redirected to arbitrary destinations as a DDoS attack. See https://en.wikipedia.org/wiki/...

Our first lockdown, at its peak, was stricter than those in Australia, but it lasted a much shorter time. By May 14 we were at "alert level 2" which is mostly normal life, but most of Australia didn't reach a similar level for another month, because community cases kept bubbling up in Australia. It's far from obvious that Australia's approach was a win overall. Compare Australia with NZ here:
https://ourworldindata.org/cor...

Your argument that we should have "changed strategy" is also off base. It has never been clear that Australia was going to achieve elimination, and it certainly wasn't clear before we had already begun stepping down alert levels in NZ.