Those “personal pet projects” are why Google and FireFox exist as many pieces of their projects often rely on open source components often maintained by a single person.

Those are a different kind of pet projects, like some small random math library developed by a guy in Nebraska that a big software stack depends on (there’s a relevant xkcd about it somewhere). The thing is, if support for such a project stops, the Microsofts, Googles and Firefoxes of the world are able to take over support, pay for it to be supported, or work around it in another way. Plus they are usually careful about which dependency they introduce, if something isn’t governed properly or does not have wide community support… it’s unlikely to be included.

Taking on a whole browser as a pet project is something entirely different. Browsers are huge and complex. You’re basically betting that mr-cheffy will be able to keep up with all the changes, like security updates, feature updates and bugfixes, that upstream Firefox produces, and that he will be able to keep his own part of the codebase secure, and that he won’t get burned out or bored with the project in one or two years.

For these reasons, I will never put all my eggs into the basket of some 1-man browser project, sorry.

These pet projects also strip telemetry and respect your privacy.

Turning off telemetry is just a few clicks, or about:config flags in Firefox anyway. And “respect your privacy” is just meaningless buzzword bingo. If you go to facebook or google in zenbrowser, your data is harvested just like everyone else’s. Privacy is a process not a product (browser).

Dude, Chrome has 73% of market share worldwide

Internet Explorer had that too at one time.

Excellent point. The way a project is governed should always be a consideration when evaluating software, especially for large and complex projects like a web browser that can’t easily be forked.

In the case of chromium, basically all the main developers are Google employees … so it’s no surprise there hasn’t been a viable fork.

I really wish we had something like the “linux kernel” of web browsers…

I’d recommend you just switch to Firefox instead, and make that work for you.

Zen browser (like many of those custom browser forks) is just someone’s pet project, and is highly dependent on what Firefox is doing anyway. It’s cool to use sometimes, but I wouldn’t want to depend on it to stick around or be properly maintained in the long term.

next (and there will be a ‘next’) will be killing ad or content blockers and manipulators completely

They already tried that!

https://en.wikipedia.org/wiki/Web_Environment_Integrity

Fortunately, they jumped the gun on it, and it was shut down … for now anyway, but yeah they’ve clearly shown their intentions.

Everybody gangsta until “A stop job is running for …”

yes tyre shops are often extremely busy with very long lines

You can’t get appointments at your tyre shops? I just book a slot in their agenda a few weeks before. Show up, put the car on the bridge, wait 15-20 minutes and I’m off.

with literally no other input needed

Wait, you just let them put on whatever they can get the highest margin on?!

There’s a vast difference between different tire types in terms of stopping distance, wet handling, wear, road noise, comfort, … When I walk into a tire place, you can bet I come prepared with a short list of tires that I’m willing to consider, and a pre-estimation of the price of those tires in my tire size.

Also, the tire size is literally just 3 numbers, and it’s literally there on the tire. Why wouldn’t you know that about your car?

Was thinking more paid remote services are almost always something that’d be better done locally.

But offsite storage is something that per definition can’t be done locally …

I’m not really interested in remote services out side of that - they kinda sounds like a scam

I don’t think they’re a scam. They’re just more honest: you use x amount of storage, you pay for x amount of storage and you can do with it as you like.

It’s not presented as “free” where you actually pay with your data, a dependency on the service and hidden content restrictions.

That clarification of yours is massively important

I think my mistake was assuming I was on a security related community, where this would be understood, instead of PC masterrace.

Your initial comment sounds as if there is a PoC from Canada on how to circumvent the PIN for the Bitlocker keys.

It’s a meme joke, referencing this: https://knowyourmeme.com/memes/she-goes-to-another-school

the only way they could put microSLOP at fault for that would be if they could find that microSLOP was backing up encryption keys in the recovery environment / boot files somewhere

Seems unlikely. The WRE is like 32MiB in size, and most of that consists of static binaries. Not much info is saved there, except for some log files. If the bitlocker keys were there, they would have already been found by someone else.

I mean, you’re not wrong but the problem is that the online storage that you (and most people) think of as “your storage”, is not “your storage” in the same sense as those cabinets and shelves are yours. You’re really just borrowing the storage, and have given the actual owner the right to freely snoop through it and kick you out for anything they find they don’t like.

The only storage that’s actually yours is the one on your computer. That you own. In your house.

Encrypting something with your own key before you upload it is a solution for backups, but you do lose the convenience factor of cloud storage. If you are only using Google Drive for backup, that could work.

The alternative is to use a service with built-in end-to-end encryption.

How was it lost?

Because you put it in the hands of a third party who is not accountable to you, and gave them full control over it. Whether they exercise that control via AI or a human is rather irrelevant here. There are plenty of documented cases of people losing their account in pre-AI times due to human moderation.

Second thing is, No, TPM+PIN does not help, the issue is still exploitable regardless, I asked myself this question, can it still work in a TPM+PIN environment ? Yes it does, I’m just not publishing the PoC, I think what’s out there is already bad enough.

The PoC for that goes to another school, in Canada.

Edit:

Downvoters don’t understand the nature of this exploit.

Without PIN, the windows recovery software has full access to the encryption keys in the pre-boot environment. So to crack bitlocker in this case, a hacker only needs to find a bug in the WRE to get at the keys. => That’s the Yellowkey exploit.

With a PIN, no Windows or Microsoft program has access to the bitlocker encryption keys until the PIN is provided, and it can’t be brute forced because the TPM protects against that. To exploit that, would require a attack on the TPM hardware itself, which would be absolutely massive if he could pull this off through software only and of a completely different nature than the Yellowkey exploit. It also wouldn’t have anything to do with Microsoft software, because it wouldn’t be in the loop for this.

To use an analogy: Yellowkey is like beating a bank employee (the WRE) who knows the combination to the safe with a wrench until he gives you the combination. In an attack with a PIN, the bank employee doesn’t know the combination himself, so you can beat him with a wrench as much as you like, he’s not going to give you anything useful.

Extraordinary claims require extraordinary evidence, and he has provided none. Furthermore, he has a bone to pick with Microsoft over a denied bug bounty, so he clearly has a motif to undermine trust in Microsoft products like bitlocker. All this, and knowing the typical hacker personality, leads me to believe that this is pure bluff. If he had something, he would show it.

that AI is to be boycotted

I don’t think the AI part is the relevant bit here.

I think the message should be that trusting your data to off-site storage where it is subject to third-party moderation should be boycotted. So boycott Google Drive, One Drive, icloud and keep your data on your own computers.

Especially since memory training on DDR5 can take upwards of a minute.

Just FYI: most bioses have a setting to save the memory training, so it doesn’t have to be re-done each boot. On an Asus board it’s called “Memory Context Restore”.

You don’t need Iran to prove that. Women’s rights have already been rolled back in the US, it’s a mistake to assume it will stop here.

In many cases there’s no extra wear

You can’t change physics. More HP = more torque = more wear on the whole drive train. Also more boost = more stress on the turbo = it will fail sooner.

Also, back then, cars with the higher specced variant of the “same” engine almost always had mechanical upgrades compared to the lower specced engine: usually bigger brakes, a stronger clutch, and various other drive train components.

So while in many cases you could chip your car without much immediate harm, you were definitely cutting into various safety margins determined by automotive engineers who know much better than you and me.

Guys this content was by boomers for boomers

Tom’s Hardware sold out looong ago, sold in 2007 to some faceless consortium. The original “Tom”, Thomas Pabst, who is GenX and not a boomer btw, has had nothing to do with the site since.

The editor of this article looks to be a millennial btw.