This is consistent with expected behavior from my point of view. A bug in safari's controls would not infect the website. The site clearly sends a policy and safari clearly follows it. Perfectly sensible behavior.
Of course CSP does not allow a way to say -> browser controls are okay. Hence, a debate is quite welcome on whether such a specification is needed.
Secure boot is in no way bad :-) Ofcourse, it must in fact be the first point on any sane security checklist.
And one of the most common attacks aka. malicious firmware is prevented by using secure boot.
Many other classes of attacks like forcing the microcontroller to delete all its data, opening up the debug JTAG port of the microcontroller, preventing the log of certain security events etc. can be achieved with the right settings.
Though these are just remote possibilities with high levels of complexity, so is changing a production design of a board.
I understand what you mean. But in my remote, the batteries are not arranged in serial; they are arranged in parallel. That being the case, my remote can see both terminals of a given battery. Hence, I fail to see, as to why the mechanism cannot be implemented as part of such devices..
The same applies to my wall-clock (which uses a single battery)
Thanks for sharing. I was wondering, why do we need the sleeve ? Can the voltage boosting module be part of the remote itself ? Isn't that what a dc-dc module does ?
I still don't understand HN's algo. The current 1st post has 301 points in 7 hrs while this post has 301 points in 3 hours but is in the second page ??
Any other projects affected ? Would be nice to start a list of all affected projects. This could also be a case of targeted attack on the gimp account.
You are not paranoid. You could use Chromium which has relatively fewer connections to google servers. You could also look at alternative browsers that have been forked from the chromium project with an emphasis on privacy.
For example: WhiteHat Aviator.
If you are comfortable changing settings of the browser, you could disable most of the google connections from the browser. [The first things I recommend changing is the search URL, disable auto-completion, bad site checking etc.] Then you have the do not track header ..
Of course, if browsing privacy is your biggest concern, the safest browser is Lynx ;) [Though not truly practical for most cases]
Of course CSP does not allow a way to say -> browser controls are okay. Hence, a debate is quite welcome on whether such a specification is needed.