They dropped support for legacy extensions that were arguably more powerful than the new content blocking framework which is basically a list of links bundled as an app.
For example, a popular ad blocker uBlock Origin no longer works on Safari 13. Read here for explanation and recommendations.

How is this different from companies (in USA no less) requiring users on their networks to do the same thing, i.e. installing and trusting a company-issued CA certificate that is used to sign MitM-ed HTTPS sites for purpose of malware inspection, etc?

Browsers should pay more attention at their trusted CA list, not blacklisting user installed private root CA certificates.

The situation described in TFA was a case of active MitM proxy.

My understanding from reading the article linked in TFA is that it was not even a trusted certificate.
https://www.zdnet.com/article/...

As a user you really have no options here. Your ISP is already MitM-ing your traffic, they just offer you a convenience of not having browser certificate warnings/errors.

Tomorrow their government can issue a new self-signed root CA and update the instructions for citizens to install and trust that. I don't see how browsers blacklisting untrusted certificates solves the problem.

The cable emulates keyboard when connected to computer, opens a terminal, writes a small stage1 script that fetches stage2 RAT software off the Internet. Exits the terminal and closes window. It happens so fast that you'd only see a window pop up for a split second.
The stage2 software connects to command and control servers. That's it.

Cable has such limited functionality required that an 8-bit microchip can do that.

The cable does not have an IP address. Implementing a functional TCP/IP stack on 8-bit AVR chip would be quite a challenge.

So, I'm assuming it detects as USB HID when plugged in, drops payload via opening terminal and typing in code. That is essentially the backdoor. When done it disconnects data lines, bypassing the 8-bit microprocessor and making it a regular data cable.

Any way to not trust USB HID devices by default in MacOS, Windows?

Decided to give it a go on iPhone.

I use Hangouts with Google phone number (voip). It works quite well and integrates nicely with Apple's CallKit.

* Google Voice is crippled Hangouts functionality. Why would they cut the Google talk functionality (or whatever it's called nowadays) - chat, voice and video between gmail users?

* No way to browse Google Voice application (like settings, messages, etc) while in call. This works just fine in Hangouts, but hey, it's Google. Probably a new dev team rewriting everything from scratch and reinventing the wheel.

* Finally it crashed on me while I tried a combination of sending myself SMS messages to Google Voice number while in Google Voice voip call. The call suddenly disconnected and when I started application it asked me if I want to send crash report.

Uninstalled and reconnected my Hangouts to Google phone number voice calls and SMS messages.

Only for very small values of n. Things get a bit more complex when n > 3.

The anonymous 4chan poster’s lower bound from TFA is n! + (n – 1)! + (n – 2)! + n – 3.

Thanks. Amazing tip.

Is there is a way to force this from iCould in case your phone gets confiscated?
Now I imagine they can remove phone's network access by putting it into airplane mode or Faraday cage, then I would expect a feature "require lock code if can't contact iCloud servers for 24 hours" or similar. Apple should already have something similar in place for stolen devices. You can disable them from iCloud. But what happens if device has no network access to check policy?

https://sensor-js.xyz/demo.htm...

Indeed it works on my iPhone. Javascript can read Orientation, Accelerometer (including gravity) and Gyroscope sensors in real time.

What do I do? System architecture. Networking and security. No one in this house can touch me on that.

But does anyone appreciate that? While you were busy minoring in gender studies and singing a capella at Sarah Lawrence, I was gaining root access to NSA servers. I was one click away from starting a second Iranian revolution.

I prevent cross-site scripting, I monitor for DDoS attacks, emergency database rollbacks, and faulty transaction handlings. The Internet heard of it? Transfers half a petabyte of data every minute. Do you have any idea how that happens? All those YouPorn ones and zeroes streaming directly to your shitty, little smart phone day after day? Every dipshit who shits his pants if he can't get the new dubstep Skrillex remix in under 12 seconds? It's not magic, it's talent and sweat. People like me, ensuring your packets get delivered, un-sniffed. So what do I do? I make sure that one bad config on one key component doesn't bankrupt the entire fucking company. That's what the fuck I do.

http://siliconvalleyism.com/si...

Very similar story here. I bought PS3 for Bluray functionality and Linux factor. Did I run Linux on it? No. But I knew I could if I wanted. Until they removed the functionality.
I bought 0 games, because I didn't buy PS3 for gaming. I never logged into PSN.

If you want car analogy it's like buying a pimped out 4x4 offroad SUV but never going offroad with it. Then company silently removes 4x4 capabilities but you can only get compensated for it if you used your vehicle offroad at least once... What the actual fuck?

"If you have to fill out cloudflare captchas when browsing, then maybe."
Maybe... just maybe.
In my case Google simply refused to work. They have a landing page that basically says "fuck you", not even a captcha. Interesting thing was that sometimes it worked. I tracked it down to the IPv6 version of google.com. Turned out that when it did work it was the IPv4 version that worked.
I'm using Comcast with native IPv6 via DHCPv6 prefix delegation. Probably some other subscriber was participating in botnet with IPv6 address and Google decided to ban a large prefix. It's not like IPv4 when you can ban just a single address and every other device behind NAT is automatically banned. How do they decide prefix length of IPv6 to ban? I have no idea. The problem is they have banned more than just that 1 offender.
So, yeah, you could say that IPv6 makes things worse...

My personal anecdotal data (Android devices):

* LG P509 (3.2" screen, Android 2.3) - Have 2 of those. Going strong with some old Cyanogen Mod version (7 I think) but I'm not really actively using them..

* Google Galaxy Nexus: Obsoleted by manufacturer. Also had cracked screen, the crack was small initially but then got bigger and bigger. Don't remember dropping it. OLED burn-in. Battery was not holding charge after 2 years but at least it was serviceable. Overall rating: crap (mainly due to poor screen). Granted it has been my best experience with Google Nexus line.

* Google Nexus 7 1st gen: Faulty charger circuit (took a day to fully charge, common issue). I configured it with encrypted file system, but little did I know then that Google released it without even testing it. Eventually it got slow to a point where a single operation would take 5 seconds to refresh screen - no TRIM support for encrypted fs driver, slow software encryption are the culprits if anyone is interested. Got rid of this shit the first chance I could (traded in for $50 BestBuy giftcard).

* Google Nexus 4: This is the biggest garbage of them all. Faulty hardware design - no cpu heatsink (or was it gpu?), battery too close to cpu and gpu. More info about this here: http://forum.xda-developers.co... . When you run any cpu-intensive app it would overheat so much that it gets uncomfortable to hold phone. Charger circuit would cut off battery charging due to high temperature. If you are not on charger it would reboot the phone at some point. That's how hot it was getting. The cpus are binned slow, nominal, fast. Luckily mine was "fast" so I was able to significantly undervolt this (yes, had to recompile the kernel) to make it somewhat better. It still randomly shuts down sometimes but not as bad as it was. Oh yeah, obsoleted by manufacturer (no updates).

At this point I stopped buying Android crap.

Personal anecdotal data (Apple devices):

* iPad 2: Still going strong with latest iOS. Granted the OS upgrade has made it very slow but this is only when you are starting apps or in main screen. Once app loads it's OK. Switching between apps is slow. I can't wait for it to die because it is super slow and I hate the low resolution screen but it just keeps on going.

* iPad Mini 2 - Have 2 of those. My favorite. Going strong.

* iPhone 5S - Have 2 of those. Going strong.

I know this is very anecdotal but I haven't had a single Apple device fail or require some tinkering to make it work.

This is a good solution but is there a way to add exceptions for some sites? If yes, which browser is this?
I don't want to go through extra verification when logging into my online banking site because the cookies are missing or having to log into e.g. slashdot every time I restart the browser.

Maybe a feature to override cookie TTL can solve this. Force maximum lifetime of cookie to be 30 seconds (configurable) except for whitelist hosts.