IndigoGollum

Nope, looks like they use different formats. Thanks anyway.

I've written a handful of dumb magic items, but none of them have come up in play yet. My favorites are a Wand of Lightning, which is made of copper and can call lightning to the wand's location if you point it at the sky during a storm; and the Solar Tuba of Illumination, which glows when you play it but only works in sunlight.

It seems there's no CSS equivalent to noscript, but what i can do is put the CSS version of a page inside a

, and the non-CSS version in a

. But this doubles the size of a page so i don't like doing it.

Natural two in the sticker, you're probably safe. For the first 3 seconds, at least.

In one of my random tables is a shady dealer selling "death sticks" which are actually just cigarettes made with dried grass. It's yet to come up tho.

"dwarves" and "elves" are consistent with things like "wolves" instead of "wolfs", "lives" instead of "lifes".

Fun fact: this never got applied to dwarf stars, which are still "dwarfs".

At least your workplace isn't yet forcing you to use Al instead of your own brain. Some people are at the point of having to fake Al contributions, like Dan Q here.

A vulnerability analyst and prominent member of the infosec industry has blasted Microsoft for refusing to look at a bug report unless he submitted a video alongside a written explanation.

Senior principal vulnerability analyst Will Dormann said last week he contacted Microsoft Security Response Center (MSRC) with a clear description of the bug and supporting screenshots, only to be told that his report wouldn't be looked at without a video.

MSRC told Dormann: "As requested, please provide clear video POC (proof of concept) on how the said vulnerability is being exploited? We are unable to make any progress without that. It will be highly appreciated."

Frustrated with Microsoft's demand, which Dormann said would only show him typing commands that were already depicted in the screenshots, and hitting Enter in CMD, the analyst created a video laden with malicious compliance.

The video is 15 minutes long and at the four-second mark flashes a screenshot from Zoolander, in which the protagonist unveils the "Center for Kids Who Can't Read Good."

It also features a punchy techno backing track while wasting the reviewer's time with approximately 14 minutes of inactivity.

Dormann said via Mastodon: "I get that people doing grunt work have mostly fixed workflows that they go through with common next steps.

"But to request a video that now captures (beyond my already-submitted screenshots) the act of me typing, and the Windows response being painted on the screen adds what of value now?"

To top it all off, when trying to submit the video via Microsoft's portal, the upload failed due to a 403 error.

Dormann's complaints coincidentally came on the same day MSRC published a blog highlighting the strengths and key features of its coordinated vulnerability disclosure program.

Requiring a POC video - in addition to screenshots - as part of a vulnerability disclosure isn't often required in the industry.

CISA uses the Vulnerability Information and Coordination Environment (VINCE), run by Carnegie Mellon, to receive vulnerability reports. It has the option to include a single 10 MB file to support written reports and additional files can be sent directly upon request, where necessary.

Public sector organizations in the UK tend to follow the advice issued by the National Cyber Security Centre (NCSC), which also doesn't mandate a video report. A short description of the issue and details of how to reproduce the bug are the only requirements. This is generally standard practice, though not universal.

        Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand
    Expired Juniper routers find new life – as Chinese spy hubs
    This is the FBI, open up. China's Volt Typhoon is on your network
    Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws

We also asked Dormann for additional input. He said requests for video can be found on other platforms such as HackerOne and Bugcrowd but in his opinion, requiring one signals to researchers that the reviewer is merely following a process rather than understanding the report itself.

As the post and video suggest, he was unimpressed by MSRC's refusal to proceed with the vulnerability report just because a video wasn't submitted in tandem.

"If a researcher is going out of their way to be nice to vendors and writing up vulnerability reports to share with them, the least the vendor could do is at least pretend to be taking it seriously," said Dormann.

"I reported three related but different vulnerabilities to Microsoft recently. Two of them requested video evidence of exploitation (for things that don't even make sense to have a video of, thus my malicious compliance example that I posted), and the third was rejected as not a vulnerability with clear evidence that the MSRC handler didn't bother actually reading what I submitted. Researchers doing the 'right thing' deserve better."

Dormann said he was still waiting to hear back from Microsoft after sending them the video. But Redmond messaged The Register on Friday about the request, and apparently those who like bounty should comply. A spokesperson told us: "In some cases, our team may ask a security researcher to provide additional evidence with their vulnerability submission. This is not a requirement but can assist in ensuring accurate assessment and potential bug bounty reward." ®

I don't have Switch edition, and it's my understanding that unless you have it on a cartridge you can only get Bedrock edition for Switch now. It's cool that Chunker supports Linux tho.

I wonder what would be the power consumption of a device that sits on your head and emits IR light in all directions until you turn it off, instead of just over your eyes. Similar to how microphone blockers work.

What would jewelry and hats do about cameras?

It would have to be strong enough to damage the cameras, if it's not to be always on.

Maybe something similar to how microphone blockers work, flood a space with EM radiation outside the typical human visible range.

Or i think i've heard of ways to detect when someone has one of these near you (identifying bluetooth signals and such), in which case you can look around for who has glasses thick enough to hold a camera and shine a laser in their camera/eye. That could have too many false positives though.

See also: Firefox tab containers (built in feature), Temporary Containers extension (makes a new temporary folder for cookies & cache every time you go to a new domain/subdomain), and uMatrix extension (block embedded anything from any source, by domain & subdomain).

Yeah, that might be my bad. I currently pay $10/month. Light is asking for $25.

I repeated what stood out to me. They log mouse movements and keystrokes on their website, and also want details about all my contacts. I could maybe understand them needing to know the numbers i call, but not names and pictures.

United States dollars? I'm seeing unlimited plans from them for $25 minimum.

I don't see how this could be enforcable. If i don't let my computer automatically update (and i don't) i could stick with one version of Debian forever. It wouldn't be ideal, but i don't see why all my offline programs wouldn't work fine with no security issues as long as i'm offline.

And what about those rare operating systems that don't do any networking? I know most people don't use TempleOS but it does exist and would suffer little if at all from this. The bill mentions a fine (1798.503. (a)) for failing to either demand a date of birth or say "Not for use in California", but how does that work with any abandoned OS? There are plenty that are unmaintained now for which there's nobody to fine.

I am curious to know what the big distros (and i guess also non-Linux OSs) plan to do about this. Some might comply, there might be some "Not for use in California" stickers on download pages.

Hell, even if every OS does implement this and every user is honest about their age, that still doesn't help protect children from anything. It is in fact false that only one person can use a computer, or only one person can use a user account on a computer. I let my kid brother play games on my computer sometimes and i know other people share too. I can honestly say i'm over 18 and there can still be times when someone who's not is on my computer. The bill as written even seems to aknowledge this in "1798.504 (g) This title does not impose liability on an operating system provider, a covered application store, or a developer that arises from the use of a device or application by a person who is not the user to whom a signal pertains."

Sometimes it feels like the world is falling apart at every point and i'm drowning in the overwhelming flood of bad news. ICE, Al, this shit, Ukraine has been pushed out of the news by everything else, how are they doing⸮ And the globe is still warming, people keep making benches with extra handrails and spikes, i can't grow my own food because the air and water and soil are poison, too many can't afford a home to not freeze in winter or boil in summer; and it's all too much.

I'd love to change the world, but i don't know what to do.

One thing at a time. I'm making sure i have full installer images (full, not just install-enough-to-download-the-rest) for a couple backup operating systems in case somehow this sort of thing does shoot down Linux. I don't think that'll happen, but it doesn't hurt to have onhand.

What else is there to do? That's not rhetorical. What can i do as a citizen of the USA but not California to stop this?

How USA law handles precedent (i think, i'm no lawyer) makes everything like this feel heavier. As a non-lawyer, letting some dunderhead demand any feature, no matter how ineffective at its stated goal, be implemented in all operating systems feels like a potentially slippery slope. Today, input a number ≥18 when you get a new computer or OS. Tomorrow, some other step towards dystopia. I don't know, it's late and i'm tired.

So, who wants this⸮ The jays who made the law and nobody else. Ask anyone, i'm pretty confident that most people will see problems with this immediately. And if they need yet more reasons, (Hacker News has pointed out plenty of downsides to this for just about everyone. But before we all get too critical, i think it's important to have a look at the actual bill too. https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

Done reading⸮ Great, let's be critical.

The language suggests whoever wrote this doesn't know the difference between the Internet and the Web, maybe doesn't know what an operating system is, doesn't know how peope use computers, and doesn't have a grammar checker. In fairness, i don't have a grammar checker either. But i proofread stuff i write, and none of it is as consequential as new laws.

So Little Timmy's computer knows he's somewhere between 0 and 13 years old, and has to pass that information along to any "publicly available internet website, software application, online service, or platform", which are basically defined as something that distributes programs/apps for a computer that can download apps (so i guess if you can only sideload it's not a computer). "internet website" sounds like it's supposed to mean a website that lets you download things. That is, every website that's still online can be downloaded with a regular browser, and in fact must be so your computer knows what the page you're trying to read is and what to show you. Even if this doesn't include every website (and i'm sure it's not meant to), how is your OS or browser to know what sites let you download applications and what sites don't⸮

Furthermore, 1798.501 (b) (1) "A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched." That is, it is the duty of anyone who maintains a website where you can download stuff to request to know the age bracket of the user. At worst, this means the owner of every website visited by Little Timmy can see that a user account on his IP address is in the 0-13 bracket. At best, this means that just people behind specifically just app stores can see that same information.

People should not write laws about topics they don't know anything about. Beyond all the obvious really important reasons why, it makes them look like fools to those of us who do know what they're talking about, or at least what they think they're talking about.

You can also print your own caps if you have a fillament you wouldn't mind typing on.