These are exactly the kind of questions that came to my mind too.
Russinovich's post offers scarce details on how it was done. I would be interested if the "AI decompiled" code was compared to actual disassembler output to verify accuracy (or if the model used some external disassembler tool for it? Shrug.)
.. of the largest providers, aka Gmail and MS (Outlook/Hotmail/whatever domains they have). Maybe Protonmail too, if you are lucky.
Microslop has been blocking wide network ranges for a long time, and probably for good reasons too.. The problem is that there are almost no mitigations. My own server ended up on such blocked range some years ago and trying to rectify it was like talking to a stone wall.
Maybe do something about all the scam advertisements on your (Google/Alphabet) platforms. No? Thought so.
Indeed
I would not be surprised if it is for something nefarious like the AI training fad or selling the information. And/or for providing the data to law enforcement at request.
While I generally think Rust (or some other "more secure" language) is better, I do agree very much with the "security guys who happen to like rust" sentiment.
While using Rust can almost inevitably improve a number of other security-related aspects, it does not protect vs. timing and sidechannel attacks that are very important in cryptography. Casual re-implementation of an algorithm might easily reintroduce such issues.
Issues like that might stay buried for a long time, apart from the "three letter agencies" that will most likely do their own private analysis in any case.
The death clock for it is already probably ticking. Gone in a year or few. Investing any time on it would be a waste.
The pessimist in me thinks that if anything is to be learned of past history of Firefox development, the next step after removing a feature from core and into extensions is to deprecate / remove the API(s) this extension relies on to function. Or at least the APIs that enable it to work in a comfortable manner vs. UI experience.
Personally I use RSS feeds of 7 different blogs (wow, blogs still exist?) in order to easily follow when new posts are made. It's not much, but at least I don't have to manually check them out, quick browse through live bookmark menu is enough.
Actually some sources say that it has been in the "North Bridge", e.g. what has been known as "Platform Controller Hub" ( https://en.wikipedia.org/wiki/... ) for some time. For example, see ME references in https://www.intel.com/content/...
However, it is stated in the above Wikipedia article: "Beginning with ultra-low-power Broadwells and continuing with mobile Skylake processors, Intel incorporated the clock, PCI controller, and southbridge IO controllers into the CPU package, eliminating the PCH for a system on a chip (SOC) design." This makes it unclear whether also the ME component has been integrated into the CPU package in SoC style in these newer CPUs (assuming that it has been there in the first place.)
.. case sensitive filenames by default?
Just wondering. I know HFS+ can have case-sensitivity, but not sure if it is on by default. And some people seem to be discouraging that, based on quick googling.
I see that you don't realize that randomizing, etc. just makes your "signature" more unique. And if you give less information, it makes you more unique too.
The best way to be less unique would be to be very average, or at least look like the majority - e.g. probably the average Windows installation with basic fonts, etc. and most common version of Firefox/Chrome (which varies as time goes by).
Personally I read at -1, Raw and Uncut because I'm a masochist and often find some funny stuff down in the gutter.
I usually read at +3 or +4, but I give extra +5 score to flamebaits. I started doing it years ago after reading about the idea from somebody else. Those posts are funny/interesting often enough that I haven't reverted it.
Maybe then we'll get proper application whitelisting / sandboxing by default in a desktop OS. And, hell, why do applications get the run of every file I use under my account? Should they not have to request such things first? Even on Unix-likes, if you get on as my user, you can trash all my data - why?
The answer is functionality. Let's consider the example of Android, an OS with a fairly recent security model, built on top of Linux which provides for chroot. Why not put apps into their own chroot jail by default? Seems like a good idea, right? How do you explain to Grandma why she can't upload photos from her camera's image gallery to Facebook? Oh, you'll solve that problem by putting the photos in a public directory? Okay, that eliminates the functionality concern, but now you're right back where you started with exposure to ransomware....
Not necessarily. This can be solved by having a standard privileged file open/save dialog that grants the access automatically to apps based on user input. Of course that limits the UI designs in some ways.. I wrote some ideas 11 years ago how something like this could be done. Partially obsolete nowadays though but still could be doable (except for the web browser parts - web security seems to be a lost cause already). Perhaps once these kind of worse malwares start happening people would finally implement a more secure desktop. There's no reason why I shouldn't be able to easily run whatever program I want without it breaking my computer.
Take everything in stride. Trample anyone who gets in your way.
