Robust Mirror

I’m curious what your problem with enpass was? I got lifetime cheap back when lastpass went to hell and as far as I can tell with Wifi sync they could go out of business entirely and I could still use it.

Silly take. Almost nothing will stop it long term if they want it, illegal or not. And thinking of ideas that potentially could, that a single person could genuinely pull off, is not simple, no matter how serious you are.

God this is beyond ridiculous.

They used ChatGPT to sort over 1,400 National Endowment for the Humanities grants into spreadsheets. Their exact prompt to the AI was “Does the following relate at all to DEI? Respond factually in less than 120 characters. Begin with ‘Yes.’ or ‘No.’ followed by a brief explanation.”

They didn’t define what they meant by DEI. They just asked ChatGPT to figure it out. And then cancelled grants based on whatever it said. Probably didn’t even read past the yes or no.

The government’s defence was essentially ChatGPT did it, not us. When asked if he regretted people losing income, he said he didn’t, because reducing the deficit was more important. When asked if they actually reduced the deficit, he admitted they did not.

They caused real harm, achieved nothing they claimed to be pursuing, and expressed zero regret about it.

Just really horrible all around.

Yeah my backlog is so big now that I could probably be happy without ever buying another game. Of course there are some I still will just from being a fan of the ip or if something really interesting comes out but yeah I’m certainly not rushing out the door to grab it.

Real Debrid type service is super cheap and worth paying for for movies and TV, used with stremio you have a near identical experience to Netflix (superior even in some ways).

There 100% has to be regulation on chargers and ports, maybe a colour system like how usb3 ideally is blue.

You underestimate the number of teens that currently smoke and number of new teens that will take up smoking even under this system.

Sushi doesn’t have to be raw. Sashimi is raw by definition. But yes, that’s what they were aiming for.

Well our parents were/are mostly tech illiterate, were they also bad parents because they couldn’t educate us on it? The new generation have 100x the ability to self educate than we did as well.

They’d last as debris for about 5 years before falling. Atmospheric drag among other things causes orbital decay that cause them to eventually fall to earth without adjustments.

I fully agree, there isn’t a good reason. The issue is that flaw is a systemic one in Windows.

Modern operating systems should be operating under zero trust. The fact that Windows still operates on Intranet Era logic, where if a file is reachable, it’s probably safe, is exactly why these exploits keep happening.

The problem comes down to a Windows API called ShellExecute. When an application like Notepad passes a link to this API, it is effectively saying to the OS, The user wants to open this, figure out how to run it.

Windows looks at it and essentially says, Oh, it’s an .exe on a network share? The user must want to run that software, launch it, rather than, This is executable code from a network location I don’t control, download it and make the user double-click it themselves.

The main reason it does this is for legacy enterprise convenience. Decades ago Microsoft designed Windows so that companies could put internal tools on a shared drive and employees could run them instantly. They prioritised seamlessness over security by assuming the network perimeter was the security boundary, and everything on it was there because they wanted it to be.

Obviously that assumption is dangerous. Like you said, no remote executable should ever be treated as trusted by default, regardless of whether it came from the Store, an SMB share, or a web link. The action of clicking a link should never map directly to execution of code. It should map to retrieval of data. Microsoft basically turned a convenience feature into a permanent vulnerability.

Yeah I get your thought process, but the second vulnerability is actually just how Windows is designed to work. When Notepad follows a link, it isn’t opening a web page, it’s passing a command directly to the OS shell.

Because Notepad is a trusted native application, it bypasses many of the security checks that a browser has.

If the link uses the file:// protocol to point to an .exe on a remote server, or ms-appinstaller to trigger an install, the OS treats that as a direct instruction to launch that software, so it can trigger an app installation prompt or, depending on the exploit, silently side-load malicious packages.

But you need the code to THAT masterlock to use it to open the first masterlock.

Because there’s no market for it. The fact they don’t sell cases with keyboards while they do sell things like backbone makes it incredibly clear not many actually want this. Swipe typing is very fast once you’re good at it.