The yellowkey vulnerability might be a backdoor. NightmareEclipse even speculated so in their publication.

This is one of the most insane discoveries I ever found, almost feels like backdoor but what do you know, maybe I’m just insane.

I feel like they are also doing some misdirection and spread false information. I am sure they are wanted by the FBI and NSA by now so not being predictable is safer.

Explanaiton: Microsoft (MSFT) has a bug bounty program. Meaning researchers that find security vulnerability in Microsoft products can send them to the Microsoft security team and get a money reward. However they use AI to look through the submissions and also get slammed by submissions from AI meaning many of the legitimate vulnerability researchers are very frustrated. Submissions get rejected because they are “not a vulnerability” but one month later Microsoft publishes a patch against the vulnerability without acknowledging the researcher.

NightmareEclipse is a … person … who is frustrated by this. And they have A LOT of really really bad vulnerabilities. Because Microsoft did not want to pay them they just release the previously unknown vulnerabilities to the public. No patches exist. The hackers and Microsoft learn about the vulnerability at the same time.

So far they have released ~10 vulnerabilities in one month and claim they have many more with some big drops apparently coming in July.

Because of this, of course Microsoft is getting a lot of shit from big corporations that are afraid they will get hit with some nasty cyber attacks because of Microsoft’s fuckup.

Used saily once: only works through the app, had to contact customer service so they send me a QR code to set it up. (Could not install the app because it claimed my device was not compatible)

Used airalo a lot in ~5 countries: works fully through the browser or app. No hassle to manage esims for multiple devices from a single device.

In all cases, what I looked for: what’s available. Its not like there is much choice. You search for the country and then take the one that fits for the duration you are there. I usually get the smallest data that covers the whole time I am in the country. Unlimited is not worth it if you have WiFi at most places. When i stay for 1+ months its basically always better to get a physical sim. So I get a 3 day esim to cover the first days and then get a sim at a store (not the airport).

We are looooong past the point where “to google something” has been genericized. But nobody is brave enough to risk being sued by google.

The courts will not just declare a trademark to be generic. Someone has to release a product under that name, be sued by the trademark owner and then argue the trademark should be void because it is generic.

That’s just not true. Bottles are made from 4 different plastics that all have to be separated for recycling (bottle, label, cap+ribbon, soft part inside the cap to make a waterproof seal). The ribbon part the cap is attached to is also present in bottles where the cap is not attached and it has to be removed anyway. So nothing really changed there except the part that has to be removed is bigger now.

Despite what right wing nuts that have to be against every progress say, there is literally no downside to this law.

But the biggest improvement is from nature cleanup crews that previously always found the bottles but never the caps.

In the EU bottle caps have to be attached to the bottle so they stay together when thrown away. Everyone working in recycling and especially people working in stuff like river cleanups praise how this is a gigantic improvement. It is universally a good thing.

Even Coca Cola used it in advertising to sell how environmentally friendly they are (by not breaking the law). However they are only doing it in countries where it is legally required and nowhere else.

No, it became illegal to manufacture the necessary products.

But not all. That would be ridiculous!

• ducks are fish
• dinosaurs are fish
• horses are fish
• pterodactyls are fish
• humans are fish

Well they did say it would be possible in 5 years …

Religion is a rationale for other evils. It is in itself not evil.

Patriarchy and racism (and many religions do that too) are all the same thing - chauvinism, the belief in the superiority of the own group. This also includes nationalism, homophobia, xenophobia and any other “I hate you because you are different”-isms

So I’d go with:

1. Chauvinism
2. Capitalism (greed)
3. People who blast music on speaker in public transit

Why does OP have a stick with encrypted data if they do not care about its security?

Yes, maybe its just the porn collection that they don’t want others to see, but maybe its actually important stuff.

I think it is important to inform people about the ways their security can be circumvented and if somebody gives security advice its important to inform people if that advice contains flaws.

OP should know about the potential risks and then decide themselves if that is acceptable to them.

And when talking about encryption, people often forget, that the best way to break it is to never attack the encryption, but attack the way people interact with the unencrypted data.

OP should know about the dangers of decrypting their USB with software that could be manipulated.

Is all that overkill in 95% of cases? Probably? Do we know OP isn’t in the 5% where it matters? No.

Maybe they want to hide something from someone in their household who has frequent access to the USB stick. Maybe they are a journalist that might get searched by police/airport security … we do not know and we shouldn’t make assumptions about their threat model.

That’s why I started the comment with “reasonable approach”

This is a reasonable way to do it HOWEVER this only protects you against data loss in case of a lost USB stick. If attackers get access to the stick and place it back into your possession afterwards, they can manipulate the portable veracryp so you will run their malware to decrypt the data. The malicious veracryp could then either save the password you entered (hidden somewhere on the USB for the attacker after they steal the stick again) or just upload the whole decrypted data to an attacker server.

If you use the portable veracryp you need to make sure it has not been tampered with.

Well actually decrypting the data on any device you do not trust is risky for the same reason. If veracryp is installed on a machine you still have to trust the person that owns that machine to not have manipulated it or to not have been a victim of malware themselves.

TL:DR decrypting the data on any device you don’t control yourself is risky and optimally you could install veracrypt on any device you control.

No. A bubble is when, on paper, money goes up, but no real value (products, amenities, innovations) are created to back it up.

There have been a shit ton of new creations in the last 70 years. A lot of inflated paper money as well but its mostly not a bubble

You dont burn your hardware backdoor on RAM marketed for gamers.

If they have an exploit, they will put it in hardware targeted for servers and workstations/notebooks for corporations

I wouldn’t call it de-shitified but it is getting better. I think also Anna’s archive and syhub should not be underestimated in their effect. If students and researchers are not dependant on journals to do their work, they are more likely to publish open access.

No the point of this discussion is about having one single yes/no question about the standard or a list of features.

Then no browser will be “up to” the last 15 years of the standard as none implement all features.

The problem is that the standard is fucking huge and maybe your browser supports every feature of version 5xx but is missing a feature related to authentication using guinea pigs introduced in v369. So it would only be allowed to advertise compatibility with v368 even though it can do everything except Guinea pigs.

Realistically you would trim the standard to a core set and advertise compatibility with a version of that and then advertise optional extensions. And that’s optional bits if you ask me.