I think it would be completely crazy if apple did this without entering into a special contract with google. Theres no way some sales engineer just signed up for a google ads account one day
a) Apple will be a big customer for Google but nothing compared to companies like P&G who manage hundreds of products or those who have more competitive search terms. And in this particular case it's neither.
b) Apple has a dedicated App Store Marketing team who likely signed up or maybe they used their main account. Either way it's pretty simple and you don't need to ask Google's permission.
I agree, and I am usually the first to cast privacy stones at facebook. While I wouldnt wear these in most cases I wear sunglasses today, I could imagine plenty of social scenarios where I would not be the least bit creeped out to wear or see people wearing these. Generally these are situations where people would already be comfortable taking pictures with their phone.
They are the best looking camera glasses I have seen - they look like standard wayfarers. But then again, I thought the same of the first gen Spectacles (the newer ones are hilariously dumb looking), so we’ll see. $300 is only like twice the price of normal wayfarers, so not bad there either.
Disadvantages AFAICT:
- standard Facebook trust issues
- no private audio, AR, or motion sensing
- not waterproof (wtf, but at least they’re not horribly expensive and I guess just become normal wayfarers when they get wet)
- no “click to save the last 30 seconds mode” (maybe with a Orange LED color) like my PS5 has :)
Wow. Almost unbelievable. Any security engineer or literally any (authenticated or agent-based) enterprise scanner should have caught this. Wonder how this one slipped through - the 2019 runc bug was a HUGE deal if you work in container security and its presence should have set off Critical alerts automatically.
Knowing nothing else, my guess is this was certainly exploited, as you can grab off-the-shelf exploits for the runc exploit.
I suspect because almost no one wants to be a “gardener” of microblog/message/talk/email, and most do not know how. They just want to follow and talk to people. FB solves all of these with one signup, as did myspace. I also expect gaining traction for decentralized networks is by definition harder as the brand has fragmented.
I’ll believe Mark when it happens. In 2017 he also said he’d ship a billion oculuses; I think they sell maybe 3M a year.
My 2c; I did see their remote work demo and thought it was kind of cool, although (anecdotally) coding in a virtual screen tends to give me headaches. But until the headsets arent heavy, expensive, and silly-looking or require goofy paddles I do not think the VR metaverse will be gaining any mass traction.
Personally I have found current VR is fun for some games and tedious for everything else. The wow factor of a large expensive facial protrusion with a screen and gyro was gone by the time Oculus was acquired. What followed was a lowering of price, allowing for 4-5x more users per year to be disappointed. And Facebook has more or less failed at all their hw offerings thus far despite much PR, right? I dont see that changing. They should stick to monetizing your information IMO, they’ve been able to make that highly efficient and it doesn’t cost $800 for the end user or leave large imprints on their faces.
Funny, the point of TLS is to prevent MITM attackers from reading traffic. The two install commands provided would give a LAN or MITM attacker root on your host.
I believe based on your "short lifetimes" comment that you're mixing up TLS, designed to guard against the coffee shop scenario with mTLS designed to guard against interacting with your bank.
In the coffee shop scenario, run.linkerd.io does not need to know who you are, but you need to ensure it is actually run.linkerd.io and not some rando with a DNS hijack running.
In the banking scenario, you need to know bank.example is the institution you think it is, and they need to know who you are in order to only allow you access to the assets that are rightfully yours
My comment was actually only mildly related to the mTLS content of the article, and more an observation of "good tutorial habits makes for good security habits in readers," especially when the changes are so minor as compared to their benefit
Unfortunately no - the curl commands will by default go out over http, which does not use TLS at all or provide any guarantee of remote server integrity, just like plain TCP.So an attacker with the right network posture (say, they pwned your router or a hop between you and these servers, can just reply with plain HTTP and give you code that you will run.
Like op said, just tack on -f and https://, and remember to do this in the future.
To clarifymy stance, now that I have a bit more time this evening… unprivileged userns is the only way forward for linux sandboxing on a bare-metal host past the boundaries of POSIX isolation. so from a security perspective I do hope most distros get this turned on at some point, and that these bugs stop being so commonplace.
I had the same experience a couple months back trying to set up a gaming PC. This was after the initial screen set my speakers to max and then blasted Cortana screaming at me in different languages. This was at about 3am in the morning, and I have pretty good speakers. After recovering from my heart attack, I then proceeded to fight for ~20 minutes on how to install without a Windows account - since I had already set up Wifi, the easiest way was to unplug my router for a bit. After a while Windows booted up, but would constantly BSOD on reboots. I gave up and bought a console.
