wildmusings's comments

Note that this is not a vulnerability. You are supposed to be able to extract plaintext secrets with the Data Protection API if you are logged in as the user who the secret belongs to. That is the whole point.

I’m not sure the author knows this. He points out that this is useful for post-exploitation data gathering. That is, you’ve already compromised a machine/account and are looking to gather as much potentially useful information as possible. But he puts “securely” in scare quotes, which is not honest because this is secure storage: if you’re not authenticated, the key can’t be read. The encryption key is derived from the user password, so it can’t be defeated by offline reading either.

This is nothing new in kind. The founders were fearful of mass democracy too and sought to avoid creating one. For better or for worse, they failed.

People died alone and couldn’t have funerals because epidemiologists said it was too dangerous. A week later, those same epidemiologists were cheering on mass demonstrations.

It’s pretty clear that these “experts” are abusing their status as supposedly objective scientists to advance a political movement. Why should anyone trust anything they say?

The "experts" have destroyed their own credibility. Do you remember the mass protests in every major and minor city a few weeks ago, where the "experts" responded by encouraging the protests, because "racism is a deadly pandemic too" or some equivocating nonsense like that? Doctors and nurses were participating in these mass protests. People were packed shoulder to shoulder for multiple city blocks. This was right after all of the "experts" forcefully condemned tiny anti-lockdown protests. Even the NYT was forced to confront the stunning hypocrisy https://www.nytimes.com/2020/07/06/us/Epidemiologists-corona... . The vast majority of news outlets are still pretending that the protests had nothing to do with the spike in cases.

It also damages their credibility when they cross the line from "here are the epidemiological facts" to "here are the appropriate tradeoffs between economic stability and acute illness prevention". The latter is not a question that an epidemiologist is any more qualified to speak to than anyone else. Those are political decisions.

They do the same for global warming. The nature and extent of anthropogenic climate change is a question for scientists. But they have all also latched onto the conclusion that global wealth redistribution is the only solution. Again, they are laundering their scientific expertise into political authority. I more or less think that the scientific process moves us to toward better understanding, but the collective political opinions of scientists should not be mistaken for science.

When the experts are abusing their status to pursue political ends, then it's no surprise that the people they seek to politically vanquish put up a resistance by attacking that expertise.

A quarter today is worth less than a penny in 1900. Maybe this is a good time to get rid of all coins except maybe the quarter. It is frankly ridiculous to be dealing with pennies, nickels, and dimes, worthless coins.

If that’s true, it’s wrong. And was it a policy or a few losers trying to pad their numbers? I’ll withhold judgment at least until the official army response.

It is right and just for a nation to encourage its young to defend their mothers and fathers, and children and grandchildren not yet born. Any nation that sees this as wrong has lost its will to exist and is living on borrowed time.

That whole forum is a dumpster fire. When a search takes me there, I brace myself to read a poorly-written, incorrect, dismissive answer. Nine times out of ten, the questioner is clearly more knowledgeable about the problem than the person answering it.

People making themselves wealthy off of crime is a problem for the whole public. It is grossly unfair to everyone, not just the people they directly defraud.

It was a live issue in the Artifex case. The parties ultimately settled so we don't have a final answer, but the district court was going along with the contract theory. The availability of specific performance remains an open question too. But if you can in fact enforce the GPL as a contract, then it's not a big step to some plaintiff getting specific performance, which is going to turn on case-specific things like the adequacy of monetary damages.

https://www.synopsys.com/blogs/software-security/breach-gpl-... https://www.omm.com/resources/alerts-and-publications/alerts... https://www.natlawreview.com/article/important-open-source-r...

>But more importantly, the license doesn’t “infect” things.

[I’m not your lawyer and this is not legal advice.]

It can have that effect. My understanding is that if you include GPL code in your software[1] and distribute it without sharing your source code, you are committing an ongoing contract/copyright violation that can be remedied either by recalling and destroying the offending products, complying with license terms by releasing your source code, or settling with the original copyright owner (effectively, paying a license).

As for a court forcing you to release the code, that is in fact what the GPL contract requires so the court is within its rights to require specific performance instead of monetary damages. Even though common law courts strongly prefer monetary damages, they will turn to specific performance if they think it's appropriate.

All of this is going to turn on some questions about when you can bring copyright infringement vs. contract actions. It's not an area I'm super familiar with, but see my response below about at least one case that suggests you could sustain a contract action for a GPL violation in some circumstances.

[1] In the way that requires you to release your own software under the GPL. Of course, there are ways to use GPL software that don't implicate that. I'm not talking about those.

Plenty of people are throwing around inflated or manufactured accusations of racism. Or trying to publicly ruin private citizens for sharing forbidden thoughts among friends and even family. There have been a string a highly dubious rape accusations in the press. In many cases, gross exaggeration or outright fabrication of the claims has been proven. The climate we live in now is very similar to these previous purges. That you find yourself politically sympathetic to their cause only makes it easier for unscrupulous elites to use the mob to do their bidding.

You might think you're safe today, but you'd better hope that your moments of candor stay off camera, because no one lives life carefully enough to be immune to this angry mob.

The author has plenty of good ideological arguments but doesn't really seem interested in what the effect of eliminating single-family zoning will be on day to day life for people and communities. People like living in single-family zoned neighborhoods. People don't want high-density development in their neighborhoods. People leave behind exciting city lives and move to the suburbs because they want to live somewhere peaceful, boring, low-crime. Now someone wants to transform their neighborhood and make it look like those places they decided not to live in.

As for this guy calling himself a conservative, somewhere along the way, libertarians in America began calling themselves conservatives and forgot what the term really means. Conservatism isn't knee-jerk ideological opposition to any rules.

Criminals using deadly force against police probably have intimidation/escape as their goal, not murder. But from the perspective of the police officer, you can't wait to find out. When a police officer starts to shoot, he has essentially made the decision to keep shooting until the threat ends.

You're avoiding the point. "Reasonable officer" then. My point is that suspects aren't necessarily trying to kill when they give the police officer good reason to think that they are using unlawful force that that threatens someone's life.

Again, the set of actions that would drive a reasonable person to use deadly defensive force is much larger than those where the subject is actually (with perfect knowledge) trying to kill the officer. E.g. a suspect might shoot at cops in order to get away, not actually trying to kill the officers.

In one weekend, over a hundred people were shot in Chicago by criminals. I'm not sure you appreciate how many extremely violent, dangerous criminals there are in the US.

You took one very strange interpretation of the word 'wave' and really ran with it into a very ungenerous interpretation and attack. I'm not going to engage with that.

What from the perspective of the police officer is reasonable grounds to fear for his life, is going to be a larger number of situations than those where someone is actually, with perfect knowledge, making an attempt on his life. Or put another way, people do things with (e.g.) the intention of injuring/obstructing/etc. and escaping, but that a reasonable person would interpret as being an attack on their life. If you wave a gun in someone's face, they are in their rights to shoot you, even if you had no intention of ever firing it.

A police officer is murdered every week on average. I imagine the numbers for those shot at is much higher, since most gunshot wounds don't result in death and most shots probably don't result in hits.