Yes, in the sense that every device you own has these same commands

The alarmist of the original was that this was somehow unique to the esp32

If your device has Bluetooth, it has these commands

I agree, but unfortunately, this has become common since Heartbleed, and they seem to be able to sell their snake oil to CTOs…

The article is a security company trying to hype their company with a theoretical attack that currently has no hypothetical way to be abused

The article has an update now fixing the wording to “hidden feature” but, spoilers, every BT device has vendor specific commands.

The documentation of the part just wasn’t complete and this companies “fuzzing” tool found some vendor commands that weren’t in the data sheet

The China part just came from OP

If they’re being shared as disk images, basically every Blu-Ray has an embedded Java program, also

https://en.m.wikipedia.org/wiki/BD-J

The Ubuntu security team only supports the ~2,000 packages in “main”

Things like ffmpeg are in “universe” and only get security updates if you subscribe to Ubuntu Pro

ubuntu.com/security/esm

Debian’s security team has always been significantly more responsive than Ubuntu. It’s regularly had CVE fixes in older versions of Debian that newer versions of Ubuntu don’t bother to pull into universe

You can even trivially run your own server on an old Raspberry Pi.

I used to run one on a Pi 2 that would regularly have ~100 concurrent users without any hiccups

That’s separate from what OP is talking about. The on-device encryption is decent

For data on Apple’s servers (which they push icloud by anemic device storage…) Apple themselves publish that they give access to user accounts 90% of the time in the US

https://www.apple.com/legal/transparency/us.html

Finding a searxng instance and entering a random search term, the first 10 pages of results all came from google.

Checking the preferences, there were 4 search, and 6 of the other toggles enabled.

Even enabling all engines and rerunning the search, the first 13 results were listed as google

Is it meaningfully different from this offering if all the results it picks seemingly come from Google?

If I disable all but mojeek and qwant, all the results came from mojeek

That may be the best option right now, but it’s still a far cry from an upstreamed device

They aren’t able to support devices longer than Qualcomm and Google maintain the random out-of-tree drivers for a chipset, and even state such in their “legacy support” for harm reduction

FWIW, if you decide to go with KDE and manage to delete your panel, it’s

• right click on the desktop
• enter edit mode
• add panel
• default panel

😉

• They don’t offer the government a “backdoor” to make it easy to decrypt user data.

Is what’s being discussed. Since Apple has a backdoor in the default configuration of their phone, they’re able to comply with 90% of all data requests.

The UK is demanding they remove the option to disable the backdoor in their encryption

You can kind-of sort-of use local only, but Apple makes that very inconvenient and almost 0 users do

Your definition of “rolling over” is different than mine. … What would you have them do differently when the warrants issued are valid in the legal sense/approved by a judge?

Again, your comments are agreeing with their decision to not allow full end to end encryption.

I would have them not able to decrypt my data at all

Sure, but if that’s your only concern, then you aren’t really concerned that the toggle is removed in the UK, either

The report is that Apple is removing the user’s ability to disable Apple’s back door, and you asked for evidence that they roll over for law enforcement

If you want governments to have access to a backdoor to what Apple touts as “Privacy,” your initial question doesn’t make much sense

I don’t know about other countries, but Apple itself reports that it provided access to customer accounts at the US government’s request 90% of the time

https://www.apple.com/legal/transparency/us.html

@[email protected]

In the default configuration of iDevices, the US already can

This seems more around the UK wanting to spy on its own citizens more easily

I’ve gone through and responded to the other top level comments as well, but another massive issue you could add to your edit is that servers can detect curl <URL> | sh rather than just curl <URL> and deliver a malicious payload only if it’s being piped directly to a shell.

There’s a proof-of-concept attack showing its efficacy here: https://github.com/Stijn-K/curlbash_detect

To add to OP’s concerns, the server can detect if you run curl <URL> | sh rather than just downloading the file, and deliver a malicious payload only in the piped to sh case where no one is viewing it

https://github.com/Stijn-K/curlbash_detect

You can detect server-side whether curl is piping the script to Bash and running it vs just downloading it, and inject malicious code only in the case no one is viewing it

https://github.com/Stijn-K/curlbash_detect

So that would at least be a minor improvement

My job is literally to make Linux distros using Yocto for various boards. I’m constantly writing new build scripts or updating build scripts, debugging the kernel/systemd/glibc and whatever libraries are on the system.

All of my work and personal desktops run some version of Fedora Atomic or a uBlue variant right now.

With distrobox/toybox/brew and using podman/docker/KVM+qemu, even as a tinkerer, it’s great

I constantly see people talking about playing things like Balatro on their deck that certainly doesn’t need more than 30fps.

Seems super useful for games like that on a flight

Hardware. There’s a load value predictor that guesses the value of a load from memory

https://predictors.fail/