If someone comes forward with legitimate good security vulnerabilities and you don’t pay out, you’re massively encouraging them to go to shady brokers next time.
It wouldn't have to be the e2e software as the delivery app for the payload or tooling. Regardless it was more about the fact that governments and other actors have options. Phones are just like any other software platform.
It is a self-help book rooted in Jungian theory, widely discredited in modern psychology. His understanding of modern and postmodern philosophy is only deep enough to convince readers with no knowledge of those topics that he knows something about them.
I urge everyone to look at this video. If this is the best the left can do, they are in big trouble. JP is much more convincing than this video is.
Also - I see this a lot - he is attacked on ideological grounds, while his entire argument is that the discourse should be grounded in science, not ideology.
Here's an example: many people seem to think that if you give men and women equal rights and opportunities, that this will automatically lead to 50-50 in STEM, health, politics etc.
The problem here is that extensive research shows that in the societies where the most equal opportunities exist (Scandinavia) the differences between men an women in those areas actually increase. This research has not been refuted by anyone.
Apparently when men and women are free to choose the life they want to lead, they make different choices.
Which leads to the question: should we really push for equity in the sense of equal representation or is that just another form of oppression?
Again: if this video is the best the left can do, they are in big trouble.
There are a load of criticisms you could call out about google, but suggesting that their “one primary platform and single focus (social media)” is about to collapse is not valid; they’re far too broadly invested (from mobile phones to search to email) to claim they’re about to become irrelevant.
> Just go sit somewhere and turn your attention inwards
Perhaps you were born with a natural instinct for what meditation is, what to do when thoughts arise and you go off track, how to sit comfortably, what you’re aiming for and what you’re not.
But I didn’t, I needed to read books to start my development. I absolutely don’t think children should know this.
It is worth remember that unlike those home routers, Ubiquiti's EdgeOS is based on a production major network os, Vyatta, (as is VyOs), and therefor has a lot more scrutiny and bug fixing than those other things, which are often even more complicated by the lack of foss hardware or standardized ways to do things (many routers are stuck on whatever the manufacturer put on it in the factory). I'm sure Ubiquiti's code is probably ripe for fuzzing, etc, but a well configured EdgeOS device I would put against any cisco, cumulus , extremeos, routeros, junos, pfsense, ipfire, etc device any day. The main benefit of something like Ubiquiti being asic offload that wouldn't exist if you did something like pfsense on cots x86.
The real irony of how vulnerable these devices are, is that often they are based on tech that is foss that has updates to fix those issues but has been carefully packaged up inside a blackbox the consumer doesn't get to control and therefor doesnt get those updates.
Yes, nice advertisement and before I read this article I'd have agreed but the bad news is I just verified that my 2 EdgeOS products don't have NX support. Heck, one of them uses the Cavium processor mentioned in the PDFs.
> Ubiquiti's EdgeOS is based on a production major network os, Vyatta, (as is VyOs), and therefor has a lot more scrutiny and bug fixing than those other things
EdgeOS was really based on VyOS... which was based on Vyatta, which was still being used on major production systems even before the brocade acquisition. I have used it in prod myself. I should have said VyOs but still, the point gets across to those not looking to nitpick.
Sounds like they mean “remote” because chromium uses SQLite and JavaScript loaded into your machine comes from a remote source. So because a website can run JS that can exploit chromium they’re calling it an RCE.
Yeah it seems like RCE in the context of Chromium, but not SQLite? I know it’s pedantic but if this is RCE in SQLite because it’s exposed to the network via other software, every vulnerability is “remote” because you may expose it via other software.
Good question, to which I don’t know the full answer. But if you look at their motto “move fast and break things”, insistence on pushing new features as fast as possible, and the recent clash and resignation of their CSO, I’d say google are just more mature about security, and understand their products are entirely reliant on trust of their users.
“and soon Google” links to a complete unsupported fluff piece from November, drawing a loose connection to an activist investors letter.