Forgot your password?
typodupeerror

Comment Re:This is why "responsible disclosure" isn't (Score 1) 28

This isn't the first, or the tenth, or the hundredth time this has happened to some security researcher dealing with some company.

It's absolutely not even the thousandth time a researcher has submitted an invalid report, then whined about not getting paid for it.

Comment Re:We want to keep the backdoor a bit longer (Score 1) 28

Google Non-Specialist: Nice Catch!
Actual Engineering Team: It's not a bug. Proxied access through a Service Account is the whole point of what this product does. Maybe our docs should have more warnings or we should put in another layer like the competing tool if people are going to get confused and shoot themselves in the foot.
Google Non-Specialist: Invalid, but we'll keep a case open to idiot-proof already acceptable behavior.

This is correct. Mod parent up.

Comment Re:Seems defensible. (Score 1) 28

How would it have damaged Google to (a) give credit where it's due and (b) cut a $50,000 check?

For a report that isn't a vulnerability? Well, it would have cost them $50k, and they'd have gotten nothing for that money -- other than to encourage researchers to submit invalid reports.

Comment Re: You know it kind of bugs me (Score 1) 118

It may be that you define their pre-installed apps as not crapware, but that's a judgement call, not a statement of technical fact.

Oh no! You can't remove... *checks* the app for moto actions, and an app for notifications!

What I'm talking about is bundled apps like Faceboot. They can be removed.

You don't even buy a Moto phone unless you want Moto actions, so yeah it's a judgement call, but if you already made the call to buy Moto, then you've already made the other call as well.

Also, a bunch of Google Apps. Moto bundles those as well. You apparently don't consider them crapware, but other people disagree.

As for Facebook, etc, there's another class of "virtually pre-installed" apps (I forget what the actual term is) which aren't actually part of the system image. Instead, the system image has a list of apps the device will automatically download and install after factory reset, so they're present by default but you actually can remove them. Whether Facebook is really pre-installed, virtually pre-installed or not pre-installed depends, of course, on the OEM and how much Facebook is paying them.

Google's terms mandate, of course, that even pre-installed apps can be disabled. OEMs are not allowed to block that.

Comment Ban violent games? Good luck with that... (Score 1) 100

Not being much of a gamer I haven't followed this story (at all!) so the headline and initiative name "Stop Killing Games" made me think it was 1.3 million signatures from people who want to ban games in which people are killed. "No way that's going to pass," I thought. People love virtual murder.

Then I figured out that it's the killing of the games people want to stop, not the games that include killing.

Vaguely related, I had a serious EverQuest addiction ~20 years ago (the reason I gave up on any but the most casual of gaming), and I noticed a few weeks back that it's still available on Steam, and free to play, so I downloaded it and logged on, and even found my old character still there (though with zero gear because I gave it all away when I quit playing). The UI is dramatically different, but the general content seems the same. It's no longer very interesting to me, though.

Comment Re: You know it kind of bugs me (Score 1) 118

Moto phones bought direct have no unremovable crapware.

The pre-installed apps are just as unremovable on Moto as any other (unless you unlock the bootloader; some Motos have unlockable bootloaders). It may be that you define their pre-installed apps as not crapware, but that's a judgement call, not a statement of technical fact.

Comment Re: You know it kind of bugs me (Score 1) 118

Phones that run stock Android are usually pretty good at letting you uninstall/disable anything you don't want.

Disable, yes. Uninstall, no. If it's pre-installed it's part of the system image, which is mounted read-only and protected with fs-crypt. Actually modifying that would require root access to remount it rw and to disable fs-crypt.

That would also, of course, completely destroy the Android security architecture, leaving you wide open to all sorts of attacks. If you want to do that, get an Android device that has an unlockable bootloader (e.g. Google Pixel), unlock it, then do whatever you like. And be sure not to hire any evil maids.

Comment Re:For what? (Score 1) 67

Interesting, that explains a lot. Until now, I thought I might want to try Cursor, but I already have VS Code with Claude and GitHub Copilot, so why bother!

The integration is a little better in Cursor; the main difference being the in-line edit diffs. But I bounce back and forth between Claude Code and cursor, so I end up just using the git diff view to look at changes about 80% of the time, so it's not much better.

Honestly, my reason for using it is that I have separate Claude and Cursor token budgets -- though I set Cursor to use Claude so I'm using the same model both ways.

Comment Re:Well, let's face it (Score 1) 54

You don't need it on consumer hardware

Except for, you know, illegal immigrants, legal immigrants, naturalized Americans and even American born, and all the other people targeted by their governments.

If your government breaking into your house and applying hardware-level attacks to scrape your secrets out of the RAM of your running computer is seriously part of your threat model, it's almost certainly very, very far from your biggest concern.

Also, you should probably consider turning your computer off.

Slashdot Top Deals

A list is only as strong as its weakest link. -- Don Knuth

Working...