Perfect example of a (part of a) security vulnerability being fixed in a commit that doesn’t immediately seem security related and would never be back ported to a stablestale distro

The code which parses the binary MaxMind database after decompression is well guarded as of 2024 but used to look different, potentially providing more attack surface. There is also an interesting commit where a contributor makes adjustments to the gzip::decompress() function which hints at a stack overflow, as the destination buffer was changed from static allocation on the stack to dynamic allocation on the heap, though it was not exploitable due to checks before it is written to

The problem is not the RSA math itself but that it is both extremely slow and implementing it is particularly susceptible to bugs and side channel attacks https://blog.trailofbits.com/2019/07/08/fuck-rsa/

Framework

It seems like the headline is deliberately written to be funny (I did get a good laugh out of it) and the actual event isn’t quite as nottheoniony. My understanding is that the court faced the question of whether the lawsuit could proceed against the doctor individually, or against the insurance company. It’s bizzare but rather unsurprising and understandable that the lawyers of a doctor faced with such a claim would try, even if it’s likely to fail, to have it pushed via the insurance company.

The court made the right decision of course, but this just seems like business as usual for lawsuits.

Copying is not theft. Letting only massive and notoriously untransparent corporations control an emerging technology is.

Benzene is used to make a large portion of all chemicals in existence, as it is a basic building block of organic chemistry. That doesn’t mean it’s in the final product.

This is an asinine headline capitalizing on scientific illiteracy for clickbait. No different than complaining about dihydrogen monoxide in food.

Accessing printers? Resolving hostnames of internal hosts? I can’t imagine having a lan without mDNS

I don’t think it’s quite as simple as someone just forking it. Realistically, a browser is an extremely complex piece of software that requires a lot of organizational effort to maintain, deal with security issues, etc. Pretty much every other piece of software on a similar scale I can think of (the kernel, KDE, Blender, Libreoffice) has some sort of organization behind it with at least some amount of officially paid work. All the major forks of Firefox or chromium follow quite closely to upstream for this reason (which is also why I’m skeptical of Brave’s ability to maintain manifest v2 long term, despite their probably genuine best efforts to do so).

I do wish that Firefox were developed and funded by an organization specifically dedicated to developing it. This could of course happen if Mozilla dies. But that’s going to require someone starting it, which is not at all a small or cheap task.

I could also see a future where Oracle or IBM buys it 😂🤡

Did you… watch the video? You act as if he’s bashing the fediverse or isn’t a strong supporter of it

Lmfao, this is exactly what conservatives think all socialists are. Tankies are such terrible optics for advancing the left