For some reason wifi vendors typically ship devices without any radio firmware at all, but leave it up to the driver to load it. Rendering the device 100% useless without loading some external proprietary blob.
The problem is that many wifi adapters require loading a binary blob at initialization time. "Burnt-in" firmware is practically the same as hardware, which you already trust since you bought it.
Not so much for the firmware blobs the vendor maintains in the "linux-firmware" kernel.org repository and that are absolutely required for the device to function.
Yes, because the CIA would never lie to us, right?
They would never poison a Russian ex-spy to make Putin look bad?
I don't think this attack was orchestrated by a US entity. Or Russian for that matter. But when an entity that's hell-bent on controlling the worlds information gives a blanket statement about something without proof, I can only assume it's a lie.
> A party which aggressively blocks and filters anything critical of the government, the installation of key-loggers, face recognition cams, firewalls, and a huge system of monitoring social media
I'm sure you're aware of this, but I'd like to point out that U.S. (and many of its allies) has all those things as well, apart from the aggressive filtering.
As an "old-school" sysadmin I have the opposite view: it's difficult to find jobs that don't require AWS these days.
I know perfectly well how to provision and scale a large infrastructure and can give you 99,999% availability in any application, BGP if needed.
Yet no one is interested in that. Sure I can write Ansible scripts and Terraform policies, but it's a miniscule part of my skillset and doing it on AWS is just boring compared to building the backend that powers it.
With Ubuntu, every time you want to fix something with your car, you roll it into the garage, pop open the hood and get to work. It's intensive labour, results will vary, and undoing a change can be really difficult.
With NixOS, it's like 3D printing a new car every time. You'll design a model, press a button, and the car gets built from scratch. If you don't like it, tweak the design a bit, and print a new car. If the new car breaks, just go back to the previous known-good one, which is already in your garage. You can even take the design documents to your friend and generate an exactly identical model.
I started using notmuch[1] a couple of years ago and cannot imagine living without it. It can do free text search on almost a million emails (and probably much more) in a fraction of a second. I subscribe to a lot of mailing lists and add various tags on each making for some very powerful search queries.
E.g "from:torvalds and to:linux-ext4" to bring up all emails ever with those properties. Add some free text and/or "tag:foo" to narrow it down.
Actually, pass has great support for teams. Dropping one or more GPG keys in ".gpg-id" will encrypt the passwords for the various identities. This works globally or per sub-folder.
I use dedicated subkeys for work and mobile so that I don't have to share my main key, or indeed every password with every device.
IIUC it's not possible to opt out at this time (short of reverting the patches). Linus expressed some concern about it: https://lkml.org/lkml/2018/1/3/797
You started this thread to warn about the risks of running untrusted JavaScript before the appropriate mitigations are in place, yet you expect people to open a PDF from misc0110.net with no additional context?
Hard drives don't have that problem.