Perfect example of a (part of a) security vulnerability being fixed in a commit that doesn’t immediately seem security related and would never be back ported to a stablestale distro

The code which parses the binary MaxMind database after decompression is well guarded as of 2024 but used to look different, potentially providing more attack surface. There is also an interesting commit where a contributor makes adjustments to the gzip::decompress() function which hints at a stack overflow, as the destination buffer was changed from static allocation on the stack to dynamic allocation on the heap, though it was not exploitable due to checks before it is written to

The problem is not the RSA math itself but that it is both extremely slow and implementing it is particularly susceptible to bugs and side channel attacks https://blog.trailofbits.com/2019/07/08/fuck-rsa/

The article on theregister stated

Also inside the uploaded source code was some GPL 2 source code, which renders the not-very-open WCL moot.

Winamp published their code as “open source”. Problem is…

1. It wasn’t open source, it was proprietary but you can see the source code.
2. Their custom license didn’t even allow forks, which is against GitHub TOS
3. The codebase apparently contains proprietary code from third parties that they don’t have the right to relicense.
4. The codebase apparently contains GPL code from third parties that they probably didn’t have the right to make proprietary in the first place

This is a standard feature on any IPv6 enabled network if you enable IPv6 Privacy Extensions

Huh, I misremembered then. I stand corrected.

Notable though that there are specific countries (such as India) where adoption is far higher at 72%

Huh weird that it would be removed, that’s a fair comment.

For Web scraping and other activities by so-called “legitimate” companies to varying degrees, this may be the case. But for general bots, they are generally attempting to scan and probe the entire IPv4 range, since it can be exhaustively checked in a reasonable amount of time and the majority of IPs have hosts on them. Enumerating the entire IPv6 space is quite literally impossible without some external list of hosts known to exist, due to the number of hosts. This happens, but it’s a much higher hanging fruit for an attacker so far fewer will bother. So you generally see few to no continuous probes on things like sshd over IPv6 unless you have a domain name. I’m guessing a lot of bots (in botnets) are dumb old technology that doesn’t even have IPv6.

NAT was always a hacky workaround. And although it effectively ends up functioning as a firewall under normal usage when combined with a typical “drop invalid incoming packets” rule, it was not designed to be a firewall and shouldn’t be assumed to always function as one. A simple accept established, default drop firewall rule should do the trick and should be used on both v4 and v6 regardless of NAT (and probably is on your router already).

If your goal is privacy in the sense of blending in, you can still use NATv6 and this is a good use case for it. This is what VPNs like Mullvad use. If your goal is privacy in the sense of being more difficult to track across sessions, you can enable IPv6 privacy extensions which essentially generates a new IPv6 address for every connection your device makes. So in this sense it’s more private than IPv4

Or you could just… learn to use the modern internet that 60% of internet traffic uses? Not everyone has a dedicated IPv4 anymore, we are in the days of mobile networks and CGNAT. IPv4 exhaustion is here today.

Best to set a firewall rule with nftables to block non-vpn traffic from leaving (you should also do the save for IPv4 traffic to prevent leaks in case the tunnel disconnects)

Wait till you hear about the idiots who unironically make that argument for banning Bitcoin too

Framework

It seems like the headline is deliberately written to be funny (I did get a good laugh out of it) and the actual event isn’t quite as nottheoniony. My understanding is that the court faced the question of whether the lawsuit could proceed against the doctor individually, or against the insurance company. It’s bizzare but rather unsurprising and understandable that the lawyers of a doctor faced with such a claim would try, even if it’s likely to fail, to have it pushed via the insurance company.

The court made the right decision of course, but this just seems like business as usual for lawsuits.

Copying is not theft. Letting only massive and notoriously untransparent corporations control an emerging technology is.

This should be the default systemwide.

Is your IPv6 behind NAT (like on a VPN)? See https://wiki.archlinux.org/title/Mullvad#Preferring_IPv6_inside_the_tunnel

Benzene is used to make a large portion of all chemicals in existence, as it is a basic building block of organic chemistry. That doesn’t mean it’s in the final product.

This is an asinine headline capitalizing on scientific illiteracy for clickbait. No different than complaining about dihydrogen monoxide in food.

I think there’s a bit more to it than that.

It’s very unfortunate that this came as a result of a baseless tantrum from Elon. And his arguments are contrary to free speech.

That said… GARM is actually bad, and the world is a better place without it in my opinion. They are frequently involved in censoring legitimate journalism of violent events, anything that’s inappropriate from children, etc. You know how so many YouTubers have to carefully tiptoe around mention of controversial topics, even in non-controversial contexts, for fear of getting demonetized? I understand the POV of avoiding advertising near hate, but the fallout has real consequences when legitimate content is inevitably caught up.

https://www.techdirt.com/2024/08/09/jim-jordan-celebrates-successful-speech-suppression-as-a-claimed-win-for-free-speech/

Another way to see it is that GARM is simply a trade organization by advertisers for advertisers, with one single goal: to maximize profits for the advertising industry. No corporation actually cares about ethics; it’s just that appearing to be ethical is often profitable, and in this case, advertisers believe that avoiding advertising near controversial content is better for their bottom line. If one believes that advertising is one of the most abusive industries in our modern society, it could be seen that anything to make it a little harder for advertisers to extract more profits is a win.

I won’t shed a tear for the advertising industry

My guess is he’s illiterate and thinks that’s her real name

Accessing printers? Resolving hostnames of internal hosts? I can’t imagine having a lan without mDNS

I don’t think it’s quite as simple as someone just forking it. Realistically, a browser is an extremely complex piece of software that requires a lot of organizational effort to maintain, deal with security issues, etc. Pretty much every other piece of software on a similar scale I can think of (the kernel, KDE, Blender, Libreoffice) has some sort of organization behind it with at least some amount of officially paid work. All the major forks of Firefox or chromium follow quite closely to upstream for this reason (which is also why I’m skeptical of Brave’s ability to maintain manifest v2 long term, despite their probably genuine best efforts to do so).

I do wish that Firefox were developed and funded by an organization specifically dedicated to developing it. This could of course happen if Mozilla dies. But that’s going to require someone starting it, which is not at all a small or cheap task.

I could also see a future where Oracle or IBM buys it 😂🤡