Oh, I know. My passwords frequently hit that limit. Often, I'll be like, "I don't care about this account. It's just going to end up as a throwaway. Let me set a whatever password." And I'll hit that limit.

" The article also points out that "There is no real information" on the likelihood of a bird-flu virus even crossing over into humans."

Then what is this?
https://www.cdc.gov/media/rele...

December 18, 2024-- A patient has been hospitalized with a severe case of avian influenza A(H5N1) virus ("H5N1 bird flu") infection in Louisiana. This marks the first instance of severe illness linked to the virus in the United States...While an investigation into the source of the infection in Louisiana is ongoing, it has been determined that the patient had exposure to sick and dead birds in backyard flocks.

Ditto here. Going on, at least 4 years now. The reddit post says static electricity, but I'm pretty sure the plastic around a port will store more static electricity than a magnet around it. It talks about static electricity due to humid climate but, I live in Taiwan. A tropical island. It talks about exposed pins, but the pins inside a USB port is just as exposed as some of these USB C magnetic connectors. Another thing they point out is, if it's possible, why didn't Apple or MS do it? But they did/do. Apple use to have magnetic connectors to their power cords for mac laptops. MS did (and still might) have magnetic connectors for their surface tablets. So, like, it's impossible and no one does it because it's unsafe, except people do do it and it's still being used for at least 10 years. Maybe someone with an EE degree can explain it to me and/or provide the math. But so far, it seems, like this is more like paranoia carrying cellphones all the time will give you cancer than it is proven facts.

My problem is, if hackers are within your communication systems, how much safer are authenticator apps? If they get the initial key string or if they can extract it from your device, you're done either way. The only difference is, you *may* get a notification that someone tried to get your SMS 2FA message if they failed the attempt. Hell, if they have access to your communication systems, why bother with SMS codes or authenticator apps? Why not just grab the access token of an existing session?

You can't beat a hardware hack. The solution isn't to have MFA up the wazoo. The solution is to secure your systems.

I can't shake the feeling the push for MFA is basically a few large companies going "Yeah, we fucked up and we don't want to responsibility. Let's tell people if they don't use MFA and they get hacked because someone got access to our username/password DB table on our infrastructure, that it's their fault and not ours for having poor security." and everyone else shrugging and going "Well, they have money so I guess they know what they're doing. We should probably do it too."

A lot of states voted to ratify abortion rights into their state's constitution, but at the same time, they voted in the people are are anti-abortion. For a lot of Americans it's not about the politician's policies or their history. They want things, specifically for themselves, but they'd rather someone else, the people they deem not like them, to not have what they need more than both they and the people they deem "others" to have what they want. As such, they'll vote for the people that they think looks like them and will hate like them, even if that person will hate them just as much in return.

Someone said this about Americans. "They hate you more than they love themselves."

Also, Americans, individually, at least, have a habit of saying one thing, saying they'll do one thing, but when times get tough, when it comes time to do the things that they say, they'll chicken out and go for their more base and greedy instincts. As a former immigrant to the US, this has been pretty reliable. So, voting for Harris would have been the good thing to do. It would have been the right thing to do. But it's easier to hate and perpetuate greed than it is to think when you've grown up in a society that's geared around feeding/catering to your entitlement and excusing your wrongs, whatever they might be. And you might go "This will bring them to where I was back in the communism days where I starved and froze. How is that easier?" They know that intellectually. But they don't know that emotionally. Empathy isn't big in the US. They often don't learn something until it happens to them. Because they don't want to think about it.

There will be those that blame Harris for messaging or not talking to "the other side" or whatever. But none of that is true, at least, not this time. Because the message was, this time, from lawyers, other country's news outlets, from media personalities, even Trump himself, just every aspect, if you vote for this man, you will not be able to vote again. This was Trump's own words. But the voters didn't care. They just want to hate and harm others without punishment and not have to think. They want the freedom to be Karens with no impunity.

Only time will tell when they re-learn the lessons from the past that you can't have a functioning economy, government, country or society by doing that.

That's what we're worried about. He'll join and embrace it. Then he'll love it so much that he'll extend it. Then he'll exting--

If buying is owning, then piracy isn't stealing.
Therefore, potential revenue loss is not a cost. Maybe the data is right. Maybe there is a decline of 14~20% of digital sales once a crack is released. But the data doesn't seem to (at least, I didn't see it) consider game sales that happened without denvuo. As in, I don't see anything in my quick skimming that says there's data that represents game sales of games before and after a crack is released on games without denuvo.

I did. My point is that if a file looks like it's trying to inject ads (just by the file name itself), why wouldn't someone, like a security analyst who goes through hundreds of requests a day and, by policy, can't play favorites, think "Oh shit. This might have been compromised like the great suspender had before."? It's written in the policy(or guidelines, I forget which.) that you should try to make it as easy to read (file name and source code) and make it look as un-suspicious as possible.

"If your definition of "a couple of days" means "at least 23 days""
From personal experience, the AMO team has about a 1~2 day turn around for responses. Often the very same day. If you're looking at the first then the last response and there's 23 days in between, that should tell you that the author isn't posting the conversation in between.

3: Those are a dummy replacements for the actual tracker scripts, so that the web page scripts still have the functions to call and don't throw errors, but the dummy functions don't do anything.
Yeah, but imagine if you're looking at a pull request and, in the source code, there's a file named "google-analytics.js" and "mozilla-ad.js". What are you going to think? Security analysts often have to go throw hundreds of code each day and are measured/tracked on their speed (I use to work with trend micro and worked on the tool that measured security analysts' metrics. They're expected to hit ridiculous numbers. We're talking hundreds of events analyzed a day). It's in the guide for submitting an add-on that if you want your stuff approved, you shouldn't make the code (or its file names) the code equivalent of the boy who cried wolf.

7: While seemingly everyone else, including Mozilla, is tracking for the ad industry, we're talking about Raymond Hill, who has been giving the world a usable web experience by disabling tracking and removing ads, fucktons of it, for free, without any tracking or ads of his own.
A lot of people said similar things about the great suspender...until they found out it was secretly bought and then handed over to a company whom injected it with trackers AFTER a new version was submitted to the store.
This isn't a hostile act. It's security.

"According to what he wrote in the github issue, there was no email exchange." The AMO team communicate primarily through the developer portal.

"He got the review, and went straight to pulling the extension from AMO without even trying to reach out to the reviewers."
Yes, because this has happened in the past to large, well-known extensions. Notably, the great suspender.

"I do not know if he has an history of issues with the review process, but in the github issue he does not say anything about previous incidents"
And that's the problem. We don't know. He might be leaving out crucial facts. Here's what I do know.:

Approved by Add-ons Review Team 7 months ago This version has been screened and approved for the public. Keep in mind that other reviewers may look into this version in the future and determine that it requires changes or should be taken down. Thank you!

That is what you see every time you submit an add-on to them (from my own add-ons). They do notify you when it's gonna happen. It's in the terms and conditions that they may need to move quickly if they think they see something wrong. That's how security works. Can you imagine if it was malicious code and they kept it up while they waited for the developer to respond?

2) He said the review process is nonsensical and hostile. Not that the requirements are nonsensical and absurd.
But that's just, like, his opinion. To a flat earther, a globe is hostile. To an anti-vaxxer, vaccine mandates are hostile. To JD Vance, the facts are hostile. 3) already debunked
No, not debunked. It kinda proves my point, in fact. Anyone that's dealt with the AMO team knows that the team goes through thousands of submissions a day. I'm pretty sure the submissions page itself says so as that's what I know from dealing with them. Like, on one of my add ons, I have to write a justification EVERY TIME I submit a new version because I'm using .innerHTML. They literally state that they don't have time to read through and scrutinize every file and line. If you want your stuff to pass easily, make it easy to read, understand and pass. Again, I'm pretty sure the submissions page and/or the guidelines page says this explicitly. This could have been solved with just him renaming the files or folder to something like "google-ad-string-utilities.js"

4) "None of these files are commented or documented." Well true, and while that could have lead the review to the right conclusion, there is no requirement on commenting or documenting the code, so the point is irrelevant.
No, not irrelevant. Again, anyone that's read the guide or the security protocols for submission of add-ons to AMO knows that the easier it is for them to read and understand the code, the easier it'll be for your add-ons to pass. At least once or twice, one of my add-ons were flagged erroneously for something and they went "Can you explain this?" And I wrote back "It's because of this, as per the comments on that function." And then they approved it and it has never been a problem since.

5) "Well if there is a photo of a beach and they say "this picture contains violence", how do you say where specifically they are wrong if they don't elaborate themselves?"
This misses the point completely. When the AMO team goes, "There's something wrong", they tell you which file. The author knows which file because they told him. And in a review like that where they find a problem, they'll go "We have a problem with these files. Why are they there? What's the justification for them?" And, my point is, they're not looking for the answer of "Well, they're here." They're looking for the answer of "Here's why these files exist." Just going "These files exist" tells the reviewer nothing. As to "They should understand code", that's answered in "Anyone that's dealt with the AMO team knows that the team goes through thousands of submissions a day. I'm pretty sure the submissions page itself says so as that's what I know from dealing with them."
Just because it's someone job to clean the floors, doesn't mean you should throw all your food on the floor when you feel like it.

6. Well there is also not machine-generatednor concatenated code either.
What AmiMoJo said.

"I don't know what kind of email exchange there was, and how frequent this kind of behavior from Mozilla has been.?
AMO sends responses via the add-ons/developer portal. That sends an automated email out. You can email reply back, but it goes back to AMO via the ticketing system. In fact, it's easier to keep track via their portal.

"The developer could have done some things a bit differently for this to go more smoothly, but to restate, the point is that he really should not have had to."
As a developer, YOU're asking to get on to THEIR system/platform. If you're asking to go into someone's house and they go "Hey, can you make sure your shoes don't track mud when you come in?" You shouldn't get mad if they stop you when your clothes was painted to look like it was covered in mud. Like, think about this as if you were reviewing a pull request. If you suddenly see new folder with a bunch of files named "Mozilla-ads.js" and "google-analytics.js", none of the code is commented, when asking for a clarification/explanation, you get "These files are here." instead of an explanation, you would reject the pull request too.

"Also, Mozilla could have started by asking for more information, not by making bogus claims."
They do. You're just seeing the last response from AMO that the author has posted.

"In the current state, if I were Mozilla, I would try very hard to not alienate developers."
That's exactly the line a lot of crypto mining/malware add-ons that were disguised as something else said. That's also why there were/are more add-ons that were hidden malware, scams, etc. on google's web store than on the mozilla one. Like, all the things/rules/procedures the author is complaining about? Those came about as a response to this:
https://yro.slashdot.org/story...
and this:
https://yro.slashdot.org/story...
and this:
https://it.slashdot.org/story/...
and this:
https://tech.slashdot.org/stor...
and this:
https://tech.slashdot.org/stor...
Notice how all of those are focused on the google web store. Those impacts were much less, if at all, on the Mozilla side. It's only been 3 years. Do you not remember?
But also, have you see the changes manifest v3 requires you to make on the chrome side? I've stopped updating my add-ons on the chrome side because of all the hassle. Not to mention chrome, and even chromium is getting worse. I've recently switched back to a mozilla variant because of it and have had less problems.

Again, I'm not saying saying AMO team never make mistakes. But if you're walking around dressed like a duck, you shouldn't be mad when someone calls you a duck.

1) I don't see an apology email from Mozilla, as the story claims, in the github issue
2) All the requirements that he's saying is nonsensical and absurd were put into place after several add-ons were found to use minified/compiled code to do malicious things.
3) The plugin's privacy statement says: "Doesn't embed any analytics or telemetry hooks in its code", but, in that very issue, one of the files is named ./web_accessible_resources/google-analytics_analytics.js
4) None of these files are commented or documented.
5) The mozilla add-ons team usually requires explanation for justification not just "where it is".
6) He complains "where is the minification of these codes"? When the statement from mozilla was "Your add-on contains minified, concatenated or otherwise machine-generated code" It's not specifically minification.

Something's not meshing with the author's story. I'm not saying the mozilla team is faultless, they do get stuff wrong sometimes, but all these reasons from Mozilla were justified.

...isn't motivating people, delegating workload, the entire job of bosses and managers? Making sure people communicate are organized, etc.? If they're finding a whole swathe of people not being motivated, doesn't that mean they aren't doing their jobs?

...because of this.

The conversion to manifest v3 is pretty incompatible with the firefox standard. I'd have to do 2x the work to maintain both versions. And that's on top of the new changes the article mentions. And there's also the fact that their manifest v2 to v3 upgrade guide is a mess. I've since switched to Librewolf and have had a better time on the web (and exported my chrome extensions to firefox. Which was easier than upgrading them to manifest v3).