• 0 Posts
  • 58 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle




  • deadcade@lemmy.deadca.detoLinux@lemmy.mlThe CUPS Vulnerability
    link
    fedilink
    arrow-up
    9
    arrow-down
    2
    ·
    11 days ago

    As far as I’m aware, the exploit requires someone to try printing using a malicious networked printer. It is a vulnerability, yes, but it affects essentially nobody. Who tries manually printing something on a server exposed to the internet?

    Although for local network access, like in a corporation using Linux on desktops, the vulnerability is an actual risk.







  • VR “works”, but as someone who uses it, I can’t reccomend it for now.

    Compatibility is wildly different between headsets. And no matter which route you take, you will need to tinker and troubleshoot. There is no plug and play solution right now.

    If you want to plug in your VR headset, and just play some games, stick to Windows for now. If you’re fine tinkering around, there’s always SteamVR, but also check out Envision and Monado.

    As for desktop games, you can find what works on ProtonDB. Most games work fine, with the exception of games with kernel level anti-cheat.




  • According to Jim Starkey, the person who coined the term, “Blob don’t stand for nothin’.” However, it is often referred to as a “Binary Large OBject”, meaning a large file with content not easily readable by people.

    With an open source project, you have source code which is turned into executables/“blobs” by the compiler. As long as you trust the compiler, you can (functionally) know the content of the blobs by looking at the source code they were made from.

    In the case of Ventoy, several “blobs” are included from an unknown or vague origin. This is a great way to bundle malware, as seen with the XZ backdoor from earlier this year. As such, the original creator of the linked issue is requesting they are built/obtained at compile time, so either the content or origin of these files can easily be found.




  • Still doesn’t make a VPN the “magic all in one solution” it claims to be. And SNI is encrypted on newer servers using encrypted client hello (ECH).

    In terms of privacy, you’re switching around which entity gets to see a ton of details. Do you trust random public wifi enough, given modern security standards? Or do you trust a VPN company more, despite false advertising?

    Use HTTPS and DoH (Becoming a default on some Android versions), and the average person will be just fine without a VPN.