I stick to extensions that Mozilla has manually vetted as part of the Firefox recommended extensions program.
> Firefox is committed to helping protect you against third-party software that may inadvertently compromise your data – or worse – breach your privacy with malicious intent. Before an extension receives Recommended status, it undergoes rigorous technical review by staff security experts.
Those were some examples, not an exhaustive list. What about hauling a load of mulch or topsoil, you're not doing that in your nice minivan. Or a bed-load of tree limbs and cut brush? I do that a few times a year. Hauling furniture, firewood, lawn mowers, trash. An open truck bed is the most flexible configuration in my experience. Of course it's not perfect for everything.
A utility trailer could do a lot of that too, if you have a suitable tow vehicle. Sometimes the extra space taken by a trailer is inconvenient.
That seems a bit absurd. Surely many parts of the game won't likely have bits of code that interact with architecture in unique ways. Especially if you wrote the game in relatively portable code to begin with (as WoW almost certainly was).
I mean idk, maybe windows arm64 is a uniquely nasty target. But i'm skeptical.
> The rise of inequality (centralisation of power and wealth) and the rise in private debt. [...] present situation and the control system is cycling into instability. [...] this time around.
Your explanation assumes the article is trying to explain a recent phenomenon.
The article actually discusses a puzzling pattern spanning a huge time interval.
You probably point at the right problem (inequality, centralisation of power and wealth), but this article actually indicates this problem has been going since before any of us were even born.
The Silverado EV does have a big battery, but for actual real world use you’re keeping it within a band of about 60% (20-80) so 400 is really 240 with an emergency reserve. (This is common to all EVs).
You lose about half your range towing so you’re still going to drive two hours, stop for 30-45 minutes, repeat.
So it’s still far from compelling for anyone towing or doing truck stuff.
You don't explain the connection at all. You're just injecting your political world-view into the cause so you can hawk your preferred political solution.
Ive helped my friends move many times. We just rented a uhaul and did it in way fewer trips (one, generally). If we did the same in a regular pickup it would have been a lot more work and a lot more time just to "save" $50 or so.
The vast majority of people don't have horses.
The vast majority of people don't have a fifth wheel.
I've tossed canoes on top of a focus hatchback. You don't need a truck to go canoeing. A canoe is like 50lbs, you don't need a few tons of towing capacity to carry a canoe. I've also gone camping in small cars. Get this, I've gone camping with just what I've carried in person for many miles! You don't need a few tons of towing to go camping.
I comfortably carry multiple kids and a spouse in vehicles other than a pickup truck. In fact, other vehicles have generally been comfier and easier. In the minivan the little kids can easily get in their seats and buckle up on their own. In the truck I had as a rental, there was practically no chance they had to climb in on their own, much less open the doors.
And yet trucks make up the majority of the most sold vehicles in the US.
> Urban VPN is operated by Urban Cyber Security Inc., which is affiliated with BiScience (B.I Science (2009) Ltd.), a data broker company.
> This company has been on researchers' radar before. Security researchers Wladimir Palant and John Tuckner at Secure Annex have previously documented BiScience's data collection practices. Their research established that:
> BiScience collects clickstream data (browsing history) from millions of users
Data is tied to persistent device identifiers, enabling re-identification
The company provides an SDK to third-party extension developers to collect and sell user data
> BiScience sells this data through products like AdClarity and Clickstream OS
> The identical AI harvesting functionality appears in seven other extensions from the same publisher, across both Chrome and Edge:
Hmm.
> They look really legitimate on the outside
Hmm, what, no.
We have a data collection company, thriving financially on lack of privacy protections, indiscriminant collection and collating of data, connected to eight data siphoning "Violate Privacy Network" apps.
And those apps are free... Which is seriously default sketchy if you can't otherwise identify some obviously noble incentives to offer free services/candy to strangers.
Once is happenstance, twice is coincidence, three (or eight) times is enemy action.
The only thing that could possibly make this look any worse is discovering a connection to Facebook.
The Kobo Libra Color is within your size range and has pen support. You can run Koreader on it and some other things, it's not like, a linux device though. I do think you can run arbitrary scripts through the program that manages alternative readers like Koreader or Plato.
Don't be rude. "Real person" here might live in any country of the world.
And also, why extension for vpn? I live in country where almost everybody uses vpn just to watch YouTube and read twitter, and none of my friends uses some strange extensions. There are open source software for that - from real vpn like wireguard, to proxy software like nekoray/v2raytun. Browser extension is the last thing I would install to be private.
I don't think so, not like it was once upon a time. I had a manual 6-cylinder I bought in about 2002 for around $14000, no leather, 2wd extended cab. That's like $25k in today's dollars according to Google. If they made a basic truck for even $40k as EV it might sell a lot better, but I am pretty sure they are all about selling 60k+ trucks for profit.
1) anti-market. China was likewise taken to the WTO in 2018 and agreed to end their restriction on market access/forced tech transfer, implemented in 2020/2021. Tesla is however still the only foreign automaker operating without a forced JV to this date.
2) restricting market access (and subsidies) to foreign automakers isn't exactly pro-market -- especially to those who were already in China and manufacturing products that local "champions" weren't able to mass-produce. All domestic, foreign Automakers forced to source inferior, yet also costlier, batteries. ie, anti-market.
3) demonstrates Chinese consumers wanted GM Velites with LG, but their choice was denied. Limiting 1.5B consumers' choice in the name of promoting national "champions"? anti-consumer and anti-market. Definitely picking winners and loser, or foreign over domestic.
4) just another example of arbitrary safety regulation restricting market access to foreign companies. ie, anti-market.
re: subsidies. China's EV subsidies have been around since 2009; renewed/extended every 2-4 years. That's also in addition to provisional subsidies thrown around time to time, eg, ICE-to-EV conversion subsidies between May-Dec 2024 to prop up slowing EV sales.
EU is quite silly with countervailing measures against China's dumping/anti-subsidies. Despite 100+ ACTIVE counter measures, the EU Commission still think the targeted approach against China's anti-market/mercantile practices can work. The EU should also consider imposing country-specific tariff rate of 100%, akin to Biden's tariff.
China's export ban against Sweden has shown that their NEV initiatives aren't really aimed at addressing environmental problem or benefiting their population.
> Validate what? You're just moving the responsibility to whatever answer you give here. If you say "validate the exec name is firefox-bin" then the next person who comes in will say "I hate $your_new_fangled_ipc, you can make it dump all your secrets by renaming your exec to firefox-bin". (This is just an example).
I'm genuinely kind of surprised people are tripping up on this. Obviously, what you validate is up to you, but you can. Why stick to just the base name? Why not the absolute path? Bonus points for ensuring it's a root owned file in root owned paths. You could special case Flatpak, or specific mount points, or go crazy and add signatures to binaries if you want. The policy would obviously vary strongly depending on the system, but if you were dealing with a secure booted system with dm-verity, or something similar, well then this mechanism should be fairly watertight. It's not really the end of the world if there are systems with different security characteristics here.
You can really get creative.
(It is worth noting, though, that this could be bypassed various ways trivially, like with LD_PRELOAD, so to be a true security boundary it would need more thought. Still, this could definitely be made improved numerous ways.)
> The more I think of it, the less sense this makes. If you already have a system where applications cannot read each other's data, what is the point of secret service? What is the security advantage?
Well, the obvious initial benefit is the same thing that DPAPI has had for ages, which is that it's encrypted on-disk. Of course that's good because it minimizes the number of components that will see the raw secret and ensures that even other privileged processes can't just read user secrets. Defense in depth suggests that it is a feature, not a problem, if multiple security mechanisms overlap. Bonus points if they'd both be sufficient enough to prevent attacks on their own.
An additional case worth considering is when the home folder is stored elsewhere over a network filesystem, as in some more enterprise use cases.
> If you want to encrypt with TPM, fingerprint, or anything else, that's encryption, which is separate from storage (you can encrypt the password with say a PCR but the application gets to store the encrypted password in any way they want).
It would be ill-advised to have each application deal with how to encrypt user data. They can store keymatter in the keyring instead of the data itself if they want to handle storage themselves. (I'm pretty sure this is actually being done in some use cases.)
> Password encryption in the desktop keyrings are for the situation for when every application can read each other's data files easily (again, as in the desktop). In which case, it may make sense to use encryption so that such data is not (trivially) accessible from any other application (otherwise https://developer.pidgin.im/wiki/PlainTextPasswords applies) .
That page exists to explain why they don't bother, but part of that is that there just isn't an option. If there actually was an option, well, it would be different.
> If your applications are already running sandboxed, a keyring sounds to me like useless complexity? Just make each application store its data into its sandbox. What's the threat vector here, that super-user-that-can-escape-sandbox can read into the sandboxes and extract the password?
The threat vector is whatever you want it to be, there are plenty of things this could be useful for. The reality is that Linux desktops do not run all programs under a sandbox and we're not really headed in a direction where we will do that, either. This is probably in part because on Linux most of the programs you run are inherently somewhat vetted by your distribution and considered "trusted" (even if they are subject to MAC like SELinux or AppArmor, like in SuSE) so adding a sandbox feels somewhat superfluous and may be inconvenient (i.e. file access in Bottles is a good example.) But, even in a world where all desktop apps are running in bubblewrap, it's still nice to have extra layers of defense that compliment each other. And even if something or someone does manage to access your decrypted home folder data, it's nice if the most sensitive bits are protected.
> Yes sure, another problem resulting from the lack of standarization. But my point was -- standarize (write a spec), instead of adding more to the problem by creating yet another competing standard which will obviously NOT solve the problem of lack of standarization.
The reason why people don't bother doing this (in my estimation) is because DBus is demoralizing to work on. DBus isn't a mess because of one or a couple of issues, it is a mess because from the ground up, it was and is riddled with many, many shortcomings.
And therein lies the rub: if you would like to have influence in how these problems get solved, you are more than welcome to go try to improve the DBus situation yourself. You don't have to, of course, but if you're not interested in contributing to solving this problem, I don't see why anyone should be all that concerned about your opinion on how it should be fixed.
> Waiting in line in a library app is annoying, but the waiting signals demand, which drives the library to buy more copies to circulate.
This is not true for digital libraries. They do not "buy more copies" to circulate. They don't physically send you an USB Stick with a copy of the book and you send that back without making a copy. They can send everyone "in line" as many copies as they want. Whats the size of an ebook these days? 1MB? How many trillion copies could you make in a day?
You have to wait in line to hopefully someday maybe be allowed to read a copy of a book while meta torrents a petabyte of books for their AI usage. This is nothing but a humiliation ritual.
I also love the Harmony remote in my living room. It's imperfect, but it's plenty good enough. It flows well and works predictably. It's easy to reconfigure.
And no matter what bizarro-world co-dependent cacophony of AV gear I manage to pile up together, any person can pick up the remote and watch TV or play a game or whatever.
I will be particularly unhappy when Logitech finally pulls the plug on Harmony servers.
At that point, I'll definitely need something different.
But IR codes are only part of the puzzle. And that is perhaps the easiest part to solve: We've already got lots of databases with IR-stuff available. There's databases focused on RC5, and the sleepy LIRC project, and some other things (all of which tend to be very Old Web in appearance).
License-permitting, it's simple enough to use this work as a foundation onto which newer codes can be placed.
That just leaves making the Harmony hardware interface work (hah, hahah -- and it's a dead-end anyway), or developing a new open-source remote to rule them all (which actually might not be too terrible of a task).
That all covers the first 90% of the problem.
The remaining 90% of the problem is just creating software that has a usable UI and actually works.
For those that don't drive in town, noting beats gas or diesel.
Companies need to build a stepping stone truck. Dino-powered generator on an electric platform. Get most of the upside to electric performance, while getting the speed gas refilling.
The electric LDV and GWM utes are meant to be pretty great. I reckon they will take over everywhere else and then come for the US with a US specific model.
> Firefox is committed to helping protect you against third-party software that may inadvertently compromise your data – or worse – breach your privacy with malicious intent. Before an extension receives Recommended status, it undergoes rigorous technical review by staff security experts.
https://support.mozilla.org/en-US/kb/recommended-extensions-...
I know that Google hates to pay human beings, but this is an area that needs human eyes on code, not just automated scans.