I believe Fwupd can also update your Secure Boot certificates.

Well, both the Flathub website and KDE Discover list this, so this seems like a GNOME issue and not a Flatpak issue.

Flathub:

KDE Discover:

Also, a backdoor in this particular program can steal your PGP keys.

Now you can make that decision. Evolution is also available from the Debian and Arch (and others) repos without sandboxing, if you'd prefer it to have access your whole system.

You can also remove those permissions with the Flatpak cli, or Flatseal.

It's in no way like Android where "OpenKeychain" were forced to define a protocol and now reading a key prompts the user.

I don't see why this couldn't be done with Secret Service, just no one does so no one expects it. You should email one of the mailing lists for GnuPG if this bothers you though.

Oh, and one of the few dozen local privilege escalations found by AI in the mountains of trash of our great kernel completely negate all of this.

Well yeah, sandboxing/containers/namespaces were never guaranteed to be fully isolated, there's a reason all the cloud companies settled on VMs over containers. It's just one line of defence that you otherwise wouldn't have.

I found a post on the forum:

https://forums.truenas.com/...

This is only their old build system which they weren't using themselves, the rest of the OS will remain open source. However they also said some worrying stuff about including "proprietary pieces of the OS".

That guy is a tech reviewer on YouTube, it probably makes for good content, and he may not have even bought it.

Possibly mTLS, which you'd configure in your reverse proxy. You could email them the certificate and instructions on installing it. I believe for Chromium browsers on Windows you basically just double click the cert and click through the wizard. Firefox I know has a thing in the settings for importing the cert. Android you just tap on the cert and make sure it opens with 'Certificate Installer' if it gives you the option.

This isn't about Firefox, and there are zero mentions of Firefox in the article. This is about Mozilla screwing over their volunteers by replacing their human written translations, with inaccurate machine translations written by a closed source LLM.

Someone would say something like 'you can unlock a secret page on Facebook, just press F12 and paste this in', and the snippet would upload the victim's session token to the scammer's server. So that they can use the account to promote a crypto scam or whatever.

But that means that someone else's server is used whenever you leave your home network.

I'm pretty sure syncthing does NAT hole punching, so someone else's server is only used for initial connection, after that, your data goes directly to your devices.

If you aren't already aware, Dave Plummer isn't who he seems:

Dave Plummer: The Man Who Scammed Millions (in 2006) - YouTube

He's also abused YouTube's DMCA system to remove that video a few times.

It's infrared, it's designed to work without a distracting white flash going off for every car, just an infrared flash. As it's outside our normal colour spectrum, it's also why seat belts appear white instead of the normal grey.

I've seen white flashes on these types of cameras in China, and it's quite creepy, infrared flashes are only creepy once you know it's there.

That's the OPs reply, not the AI.

You can snapshot them independently. E.g. I snapshot / on every update and boot, /home every boot, and temporary file directories such as /tmp & /var/tmp don't get snapshot at all and are also mounted with nodev,nosuid,noexec flags.

Forky is from Toy Story 4, but I'm sure there's still more original Toy Story characters to use, let alone more movies to come.

Fun fact: there actually is an IP version 5, and the reason we went from v4 to v6.

Funny thing, time.is uses Cloudflare, and I only found out because of the outage.

Yep, here's UEFI-DOOM.

Although UEFI isn't as low-level as the BIOS stuff, but I couldn't find a BIOS port of DOOM so UEFI will do.

Probably not what you're looking for, but when I had a somewhat unstable internet connection, I'd just self host for myself as much as possible to reduce my reliance on the internet. I ran lancache to cache as many updates I could. I'd download kiwix archives at university and host them at home. I had ripped hundreds of DVDs for Jellyfin and I'd even sometimes record shows off of free to air TV with TVHeadEnd. I also self hosted languagetool (a Grammarly alternative). Although, I still do all that (and probably more) with stable gigabit fibre (except I no longer saw any point in lancache).

Damn, you didn't even need to fake it, it's already happening: https://lore.kernel.org/...

Sure it's still just a joke, but there is a follow up:

The date notwithstanding, I do actually think we should do most of this for real.

Haha I love how this has progressed, from 'What free VPS?' then 'Free VPS doesn't work' and now we're at 'What can I do without a VPS?'.

Anyway, I was self hosting from home well before I started playing with VPSs, so it's a good way to get started before having to spend money. And I still self host most of my infrastructure just because I prefer upfront costs to subscriptions.

Edit: I meant to add if you don't have a publicly routable IP or don't want to port forward, you can use something like Cloudflare Tunnels to proxy everything through their servers.