NaN

That is a clickable menu that explains exactly what the permissions are.

Firefox on flathub is an official one, that’s not what this warning is.

Clicking the potentially unsafe item lists the exact permissions.

It can access hardware devices, like your webcam or game controller. Likely --device=all in flatpak speak but I haven’t looked.

Neither has its own extension repository, so maintaining support enables side loading but isn’t all that useful for normal people or those who want their extensions to be up to date.

Brave shields work better than the built-in protection in Vivaldi, so it’s less of an issue there but still frustrating.

Yes, and they don’t develop Firefox (legally can’t) since they made a for-profit entity for that purpose.

The Mozilla Corporation does not accept donations.

Poorly written article with little substance but a zinger of a headline. Think they’re trying to take advantage of announcements of Intel and TPM security flaws in the past to get more clicks.

This is a UEFI firmware issue that can be patched by BIOS vendors. It is an issue at a very low level, but not an issue with Intel or the TPM.

The exploit is in the UEFI firmware code for handling the TPM and used for privilege escalation in that firmware, “TPM won’t save you” doesn’t really make sense because no shit. The vulnerability doesn’t mean the TPM unseals its contents though, and I’m curious if the exploit modifies the PCR values enough that OS security could trigger (Bitlocker recovery and whatever). Wouldn’t help if the malicious software was already there though.

“Breaking userspace” is often considered a bug even if the code doing so is working as intended. Deleting user data because they bundle a config file deep in the directory tree for a completely different use case was not intended behavior even if one of them is defensive about the logic.

Nope. Everyone who uses Nair needs to feel the chemical burns at least once. I’m pretty sure it says not to use it on sensitive bits though.

Firefox just pulled the browser out of it to focus on one thing, Thunderbird did the same with communications. Seamonkey still does it all.

Assuming manifest v3, it shouldn’t break. However, some extensions will stop working. Vivaldi doesn’t have its own extension repository so they will be phased out there just like in Chrome.

Even if they do question, it’s not like they are in a safe environment to do so openly. They have to be prepared to give up community, friends, family, potentially their physical safety, and a worldview that says exactly who to be and how to live to be living a good life. That’s a huge step.

I know for a fact there are religious people going through the motions because the alternative is too frightening, just like people stay in bad marriages.

He’s trying to be a little Poettering.

I always think it’s crazy when employees of companies with paying customers act like such jackasses in public.

I think it was probably dropped to be more like other Linux distributions. The BSDs put a ton of stuff in rc.conf.

I thought surely some distribution had messed up by using this temporary files generator for /home, but that configuration is actually a file bundled with systemd and the purge would take effect even if the distribution was creating /home as part of the install (ignoring the tmpfiles config), which they pretty much all do. So yeah, any defense I had towards the dev is gone there.

I thought the same, surely some distribution messed up.

They didn’t. Systemd ships this file as /usr/lib/tmpfiles.d/home.conf. That is a valid configuration directory, the lowest priority, and not just an example.

Basically it would only take effect in certain scenarios, and in most distributions it is doing nothing. Except when someone ran purge and it cleared files it had no hand in creating.

So yeah, this was actually a big issue.

deleted by creator

The flatpak packaging tutorial has you build a cli app, so anyone building one is likely aware.

The real issue is invoking the commands. If you install a snap of top, you run top and it opens. If you installed a flatpak it wouldn’t be added to your PATH and even if you added the exports directory to your PATH you would need to remember to run org.gnu.top. Nobody wants to run some random flatpak run command all the time or create aliases for everything, so “flatpak isn’t for cli” becomes the mantra.

In an ideal world a flatpak could register the cli commands it wants to present to the user, and some alternatives system could manage which flatpak gets which command if there were collisions.

Should’ve known we’d never get far.

I agree with this. After seeing some videos of people messing with the voice conversations in ChatGPT I played with it a bit. Most of the voices are annoying and sound too much like some overly excited marketing person, but before they removed it the voice that sounded like Scarlett Johansson was pretty realistic and more normal. The emotional part of my brain felt content that it was involved in a two way conversation with a friendly and thoughtful person.

For example, as a test said something like I was feeling anxious about something, and it responded with encouragement about the situation and some ideas, and it actually did make me feel better. Or as another test I asked it to practice small talk and it had a whole scenario and we just chatted and it talked about working in marketing and asked questions, when I got bored with that it talked about how well it went. During that conversation my brain was pretty convinced it was talking to a woman in marketing, and it also felt good to have approval.

I was just messing around for a few minutes and I am convinced many people will feel a social and emotional connection, and that was just a verbal conversation.