HackerTrans
TopNewTrendsCommentsPastAskShowJobs

400thecat

no profile record

Submissions

The SpaceX IPO will be the theft of the century

montanaskeptic.substack.com
142 points·by 400thecat·letzten Monat·120 comments

Chromium browser tries to read sensitive files: –/.ssh –/.gnupg –/.dbus /boot

bugs.debian.org
13 points·by 400thecat·vor 10 Monaten·3 comments

comments

400thecat
·vor 24 Tagen·discuss
the Play store reviews for Curve are attrocious, especially the most recent ones. Looks like Curve is absolutely unusable, for many reasons
400thecat
·letzten Monat·discuss
How do you use voice-to-text? You mean, in the browser? I am only familiar with Claude Code, which I have installed on remote server, and there obviously, voice-to-text does not work. I have to type, which is tiring.
400thecat
·letzten Monat·discuss
yes! Michael Munger expressed it beautifully: "anything that is going to happen has already happened"
400thecat
·letzten Monat·discuss
An S-1 full of fantasies, insiders who will pocket millions, index companies that have changed the rules: it's all a recipe for regular people to have their pockets picked.
400thecat
·vor 2 Monaten·discuss
I noticed you only respond to comments that are positive (or neutral). The majority (and the most insightful) comments here are negative, but you seem to ignore them.
400thecat
·vor 2 Monaten·discuss
can you please give me a real-life example of an application, on a typical linux laptop or typical linux server, which userspace application would use this CRYPTO_USER_API ? None that I looked at seem to use it: openssl, pgp, sha256sum
400thecat
·vor 2 Monaten·discuss
can you please give me a real-life example of an application, on a typical linux laptop or typical linux server, which userspace application would use this CRYPTO_USER_API ? None that I looked at seem to use it: openssl, pgp, sha256sum
400thecat
·vor 2 Monaten·discuss
is CONFIG_CRYPTO_USER_API needed for hw acceleration for cryptsetup (dm-crypt) disk encryption ?
400thecat
·vor 3 Monaten·discuss
I completely agree with you. The only thing I would add is, that prediction markets are not necessarily oracles for predicting the future. They can just as well be used for hedging: imagine, hypothetically I really do not want Trump to win. I can bet on Trump, not because I want or expect him to win, but to hedge my position (perhaps my business would suffer if Trump wins)
400thecat
·vor 8 Monaten·discuss
is there any danger this data is biased? Everything good gets corrupted eventually (amazon reviews, consumer reports, ..). is it possible they get some kickbacks for positive reviews ?
400thecat
·vor 8 Monaten·discuss
> a noticeable amount of LLM output sounds like I’m getting answers from a millennial reddit user

LLM was trained on data from the whole internet (of which reddit is a big part). The result is a composite of all the text on the internet.
400thecat
·vor 9 Monaten·discuss
you can configure Alt+Left to go up level
400thecat
·vor 9 Monaten·discuss
how would that help? either they check the returned boxes or they don't. sending back 1 shoe does not fools the inspection
400thecat
·vor 10 Monaten·discuss
I assume upstream. Hard to imagine that Debian would be adding this "feature" themselves.
400thecat
·vor 10 Monaten·discuss
Package: chromium Version: 138.0.7204.49-1~deb12u1

I am experiencing very weird and suspicious issue on debian 12.

For context, I am using grsecurity + RBAC, which gives me the possibility to see what files each program wants to access. My issue is not caused by RBAC. but RBAC brought my attention to this issue.

SO, I have upgraded chromium browser to: 138.0.7204.49

and suddenly when chromium starts, in addition to trying to access the usual files in my home, such as ~/.config/chromium or ~/.cache , it now tries to access sensitive folders on my system:

~/.ssh/ ~/.gnupg/ ~/.dbus/ /boot/

(while ~/.dbus is not as immediately alarming as the others, Chromium accessing this when it didn't before is still a change in behavior that deserves scrutiny)

this never happened before. I am sure, because the RBAC rules that I am using would have alerted me.

this is highly suspicious and potentially a serious security issue !

this issue was originally reported on chromium 138, fixed in next version, and now it's back in version 140.0.7339.80
400thecat
·vor 10 Monaten·discuss
I think, firefox allows you to display url without uncicode
400thecat
·vor 10 Monaten·discuss
more alarming than .help domain is the domain registration just few weeks ago. I got scammed just last week when paying with credit card online, and only later when investigating discovered several of identical eshops with different .shop domains registered just months ago if domain is less that year old, it should raise red flags
400thecat
·vor 2 Jahren·discuss
which IRC channel ?