![](https://lemmy.world/pictrs/image/812cece4-7ae0-4d83-806b-202b45848d7a.jpeg)
![](https://lemmy.ml/pictrs/image/d3d059e3-fa3d-45af-ac93-ac894beba378.png)
That’s true, but hardware drivers are a much smaller attack surface area.
That’s true, but hardware drivers are a much smaller attack surface area.
That seems like a concern for the IT department of a large organization, but not something end users should care about.
My Pixel 4a has LineageOS on it, and is installing an update from two days ago right now.
The main thing I’m getting from the article is that adults who try to profit from abusing children on OnlyFans get arrested.
That may technically be true, but it’s currently very normalized. Do we actually want to denormalize it? Should the government know about every trivial transaction?
The alternative is safeStorage, which uses the operating system’s credential management facility if available. On Mac OS and sometimes Linux, this means another process running in the user’s account is prevented from accessing it. Windows doesn’t have a protection against that, but all three systems do protect the credentials if someone copies data offline.
Signal should change this, but it isn’t a major security flaw. If an attacker can copy your home directory or run arbitrary code on your device, you’re already in big trouble.
You’d need write access to the user’s home directory, but doing something with desktop notifications on modern Linux is as simple as
dbus-monitor "interface='org.freedesktop.Notifications'" | grep --line-buffered "member=Notify\|string" | [insert command here]
Replacing the Signal app for that user also doesn’t require elevated privileges unless the home directory is mounted noexec
.
I don’t recall Signal ever claiming their desktop app provided encryption at rest.
I’m not sure if they’ve claimed that, but it does that using SQLCipher.
If someone can read my Signal keys on my desktop, they can also:
Signal should change this because it would add a little friction to a certain type of attack, but a messaging app designed for ease of use and mainstream acceptance cannot provide a lot of protection against an attacker who has already gained the ability to run arbitrary code on your user account.
Kiwi Browser runs nearly every extension that runs on desktop Chromium, including uBlock Origin.
Signal should change this, but it’s typical of the traditional desktop OS security model in which applications running under the user’s account are considered trustworthy. Security-oriented software like Signal should take a more hardened approach, but this is not some glaring security hole.
Sure: don’t use Mastodon to participate in Lemmy communities.
You can of course, which you clearly already know. Tagging a community in s top-level post even results in a good experience, but subscribing to communities does not, and you can’t vote.
Maintaining accounts on both is a good idea.
I find it important to have some tools with me. Even if I’m really unlikely to use them, being a useful person who can fix stuff and solve problems is a major component of my self concept.
I also find the tools interesting in their own right. Lots of people like trinkets and gadgets, and there may be no explaining it to someone who doesn’t immediately find that sort of thing appealing.
See also !edc@sopuli.xyz
Accepting a bribe is, however not an official act. It’s the acceptance of the bribe that’s illegal, not the official act itself.
Reading Justice Barrett’s partial concurrence, which is what the footnote responds to and also included in the linked ruling addresses your concern. Justice Barrett is unambiguously talking about prosecuting the president for accepting a bribe.
The federal bribery statute forbids any public official to seek or accept a thing of value “for or because of any official act.” 18 U. S. C. §201©. The Constitution, of course, does not authorize a President to seek or accept bribes, so the Government may prosecute him if he does so.
One of the things I like about Slashdot’s system is that it requires a reason for a downvote. Of course that doesn’t prevent people from downvoting disingenuously, but it nudges users away from downvoting just because they disagree.
I think for most social systems, the UI I’d use is a report or flag button that pops up a second step with a list of reasons, and like Slashdot, show the most selected reason next to low-ranked posts.
The law doesn’t say they can’t make it difficult to service, just that they can’t deny your warranty because you did.
Have you read the ruling?
Can we stop giving this little shit attention now?