Earth's atmosphere hasn't had this much CO2 in millions of years
NaibofTabr @ NaibofTabr @infosec.pub Posts 1Comments 2,098Joined 2 yr. ago
NaibofTabr @ NaibofTabr @infosec.pub
Posts
1
Comments
2,098
Joined
2 yr. ago
Two different people. Both headlines are accurate.
Hmm, "millions of years" is technically correct but "paradise" is very much in the eye of the beholder, and "stable" is really only valid if you're considering very short and selective time windows...
https://all-geo.org/highlyallochthonous/2007/11/how-the-air-we-breathe-became-breathable/
Or rather, the longest stable period we're aware of is when the atmosphere was full of methane.
Um, the core feature is privacy invasion. It does what it says on the tin.
It's fine if some people want that functionality, as long as it's not enabled by default.
Lump
So there's this radio editorial from 1973 called "America: The Good Neighbor", written by George Sinclair. I think a lot of what Sinclair described has been lost, unfortunately, but this line always pops into my head:
You talk about scandals, and the Americans put theirs right in the store window for everybody to look at.
I feel like this part is still true. For better or worse, as a nation even when we feel shame due to the behavior of our politicians we don't try to hide it, pretend like it doesn't exist. Our politics is theater and we all know it. It's on display for everyone to see.
You can read the whole thing here: https://thinkingagain.com/html/american_tribute.php
It is an artifact of history, and just... keep in mind that it needs to be read and understood in the context of the time it was written. The Apollo program had just ended the year before, and US troops had just withdrawn from Vietnam. The Watergate scandal was current news and is specifically what Sinclair was referring to in the quoted line above. Martin Luther King Jr. had been murdered only 5 years prior, and the civil rights movement of the 1960s was a recent memory. It had been only a decade since John F. Kennedy was assassinated.
And there was video and live discussion of all of it just on display for everyone to see on the still quite new platform of broadcast television.
Things haven't changed much.
Oh no, it's worse than that... we use the metric system to measure the customary system...
The Mendenhall Order marked a decision to change the fundamental standards of length and mass of the United States from the customary standards based on those of England to metric standards. It was issued on April 5, 1893, by Thomas Corwin Mendenhall.
\ [...]
\ Mendenhall ordered that the standards used for the most accurate length and mass comparison change from certain yard and pound objects to certain meter and kilogram objects, but did not require anyone outside of the Office of Weights and Measures to change from the customary units to the metric system.
https://en.wikipedia.org/wiki/Mendenhall_Order
Technically every unit in the US customary measurement system is just a weird conversion factor of an equivalent metric unit. At this point 1 yard was defined as 3600/3937 meter, which means 1 inch = 2.54000508 cm. By 1959 everyone finally agreed that this was stupid and redefined it as 1 yard = 0.9144 m (1 inch = 2.54 cm).
All measurements in the US are based on standard reference objects provided by BIPM.
Right, ok, so the problem with having a debate on this subject is that there's no reason for this risk to exist at all. There's no good reason to have a .zip TLD, there was no need for it, it should not have been created and no one should use it.
If you're weighing pros and cons, there are exactly 0 pros. Therefore no matter how minor you think the cons are, they outweigh 0 pros by 100%.
Also, "nothing bad has happened yet" is not a valid argument and is a terrible basis for making risk decisions.
Food is a reasonable target for biodegradable packaging because you don't really expect the food to sit around for more than a year (for long-term food packaging you just wouldn't use a biodegradable material).
Packaging products that might have a long shelf life is more problematic. If the material breaks down in saltwater then it will start breaking down if someone picks it up with sweaty or recently washed hands.
Well right, and coating them with plastic means that they leave plastic residue behind if they break down in an uncontrolled environment, and increases the cost and complexity of recycling:
If the paper has a plastic or aluminum coating, it can be recycled, but it is much more expensive and complicated.
Some plastic coatings can be separated from paper during the recycling process. Still, it is often cheaper and easier to use virgin materials to create new products than recycling paper coated with plastic.
Paper coated with plastic isn’t suitable for composting, and most times, such products are incinerated for heat or landfilled rather than recycled.
https://www.almostzerowaste.com/non-recyclable-paper/
Yes they already exist. They are not really better than pure plastic, they're kind of a form of greenwashing because they appear to be environmentally friendly.
Aida said the new material is as strong as petroleum-based plastics but breaks down into its original components when exposed to salt.
If this means that it does not break down when exposed to just water, that's a pretty big deal. Water solubility has been the major issue making biodegradable plastics useless for food packaging (typically you want to either keep the food wet and water in, or dry and water out - either way water permeability is a problem).
Of course most foods also contain salt, so... I guess that's why the article talks about coatings. If the material has to be coated to keep it from breaking down too fast, what is the point? either the coating will prevent it from breaking down, or it just moves the problem to the coating not breaking down.
How often do older devices get breached
A meaningful answer would require specificity about "older" (5, 10, 20+ years?) and would have to be broken down into manufacturer / major software / use case / target market groups. Also... would you include breach reports for software in the statistics? For instance, if an Adobe app was breached and leaked user account data, but it only affected devices running an older version of Android, is that an Adobe breach or an Android breach, or both?
and is there any way to continue using an “older” device safely
Basically, once a device stops receiving security updates from the manufacturer it should be considered untrustworthy. The only caveat to this would be if you knew the hardware (CPU/APU/GPU, storage, RAM, and especially NICs and TPMs), knew the firmware for all of it, knew the software running on top of it, knew that it had been audited, knew that there weren't any major unpatched vulnerabilities for any of it, and probably limited its use to known/trusted networks. That's a lot of work and some of it is probably impossible due to proprietary hardware & firmware.
But you'd also have to weigh all of that against your threat model like I described above. The question is always "How much effort would someone put in to hack me?" There is never zero risk, even with a brand new, fully up to date device. Security is always a game of "I don't have to outrun the bear, I just have to outrun you."
I feel like short security update lifecycles are a form of planned obsolescence.
There's some truth in this, but also recognize that every CPU model has its own specific microcode, every discrete device will have its own firmware and driver, and every mainboard will have its own specific firmware that makes all of those devices work together. Every version of every phone model ever produced has some amount of device code that is specific to that version and model. Keeping on top of updating every one of them would be a monumental task. Testing every update for every device before deploying the update would probably be functionally impossible.
All of that is a big part of why Apple controls the hardware of their devices so tightly. It allows them to standardize things and limit the amount of code they have to write, and in general Apple supports their devices with security updates much longer than other mobile device manufacturers. Their support range seems to be about 7 years.
Don't get me wrong, I'm not personally an Apple user. I prefer the broader freedom of choice in hardware and software in the Android market, but I understand that there's a tradeoff due to the lack of standardization. Apple's approach has benefits - there is a degree of safety in the walled garden that is not possible outside of it.
What really needs to happen is that buyers need to demand end-of-life information and support commitments from the manufacturers. For instance, the Fairphone 5 has guaranteed security updates until 2031, eight years after the launch date. That way you can make an informed decision before you buy.
Targeting Lemmy specifically? probably not, but that's not really the issue. It's not that being a .zip address makes the server vulnerable, it's that the existence of the .zip TLD makes everyone vulnerable:
Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".
https://en.wikipedia.org/wiki/.zip_(top-level_domain)#Security_concerns
The problem is that .zip conflicts with the very commonly used zip archive format which has caused user confusion - a user might click on what appears to be a URL to www.fakewebsite.zip and instead end up downloading a malicious .zip file. This creates an unnecessary and entirely avoidable security risk.
Google opened registration for the .zip and .mov top-level domains to the general public on May 3, 2023. Its release was immediately met with condemnation from cyber security experts as a result of its similarity with the file format of the same name. Malwarebytes warned against the use of already recognizable filenames and their confusion with top-level domains, as "plenty of users already have a clear idea that .zip means something completely different". Experts cautioned against their use, and noted that the use of .zip filetypes in cybercrime had had "an explosion" in recent years. Cisco warned against the potential for leaks for personal identifying information. Researchers also registered similar concern about Google's .mov domain.
Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".
https://en.wikipedia.org/wiki/.zip_(top-level_domain)#Security_concerns
Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.
I still can't take anyone running a .zip TLD seriously. It was bad idea to create it and it's a bad idea to use it.
The danger is essentially that anything being done on the phone is not secure.
If all she does with the phone is look at cat pictures and talk to friends and family, there's probably not much critical information there to worry about.
But does she use the phone for banking? tax records? health care? Does she use the phone for multifactor authentication to log in to her bank account &etc?
Anything involving financial or personal information could be used for identity theft and fraud. Even if she doesn't have much money personally, her identity has value on the black market for opening fraudulent credit cards and other accounts. If her phone is no longer getting security updates then her email may be exposed, and basically if you can get into someone's email then you can get into all of their other accounts (through "I forgot my password" links). Also keep in mind that the phone is a tracking device, so if it's not secure then anyone with the time and interest could use it to track her location.
It's worth noting that switching the phone to another OS like Lineage may not solve this problem. Android uses a core security feature of ARM processors called TrustZone to handle cryptographic functions like security keys. This depends on processor microcode that only gets updated by the manufacturer. If the device is no longer supported, then it will probably stop receiving updates. A third-party developer like Lineage won't have the capability to update this code.
The potential threat from this is not usually immediate. Just because a device might be vulnerable doesn't mean that it's worth anyone's time to actually hack it. But frequently what happens is that someone finds a vulnerability that can be exploited and then builds some software that can do the necessary steps automatically, after which any device with that vulnerability is not secure at all.
Deciding how critical all of this is for your mother depends a lot on context. Does she have financial assets that might make her a target? Is she politically active? Is she a member of a sociopolitical group that might be a target? Does she have a social media account with a lot followers? Does she have any close friends or relatives that someone might want to target through her? Does she know anyone who works in security for a large corporation, government or bank? Her own vulnerability might make someone else vulnerable by proximity.
There's no way to eliminate risk completely. The only way to answer the question "how dangerous is this?" is to assess the severity of possible losses and the likelihood of potential threats (threat modeling) and then make judgment calls based on priority.
gestures at all of observed reality