So.... what are you saying here? That you just download any old executable code you can get your hands on from the Internet?

A serious walled garden like... what? Are we talking NSA that goes through serious vetting processes for all of their purchases? Or are we talking about just rolling our own code for everything here? Because Solarwinds has shown that you can get software even into very restricted government agencies through a well executed supply chain attack.

So are we blaming Apple here, the user, or both? I really can't tell. But Apple's walled garden is valuable for a variety of reasons. No one has ever claimed what an application whitelist is 100% effective. That is why Apple also sandboxes applications and implements all kinds of privacy controls and restrictions. So that when a bad apple gets in there the damage is limited. There is literally nothing Apple can do to prevent the user from giving up their banking credentials, though.

Ahhh but that isn't really what Apple says at all. Because Apple uses defense in depth. They screen the app store for malicious behavior. They sandbox applications so that Application A cannot steal data from Application B. Apple has never and will never say "all apps on the appstore are trustworthy." They say that they have put protections in place to make using the App Store safe. And it is true. The App in question is not exploiting any vulnerability to steal data. This person voluntarily gave the app data and every security person in the world knows that you can't use technology to stop someone from granting access to data that they should not without using mandatory access control. And since this is an individual who is supposed to be protecting his own data there is no practical way to enable mandatory access control on his bitcoin wallet data.

Obviously it's the only one that matters. My aunt got polio when she was a child and it didn't kill her so its not a big deal, right? Nevermind the fact that she's had to deal with chronic pain her whole life and has been using a cane to get around since childhood. She has been almost completely bedridden for the last 5-10 years. Insignificant, I tell you.

First of all, this has NOTHING to do with UEFI driver support and everything to do with enabling preboot IOMMU and other virtualization features that provide for better security against malicious PCIe and thunderbolt devices at boot.

You're blaming Microsoft because there is a security flaw in GRUB? In what world does that make sense? Many platforms don't even ship with Linux shims in the DB anyway so this only affects specific manufacturers and people who enroll the Linux keys manually.

This is obvious propaganda from the driver owner - there is literally nothing stopping you from signing the driver yourself and enrolling your own key in the DB for secure boot. Either the person who maintains this project is ignorant (unlikely) or is intentionally misleading people to promote an agenda.

Microsoft doesn't even want to own the signing for this. They are a member of the UEFI forum. They volunteered to host the Secure Boot PKI because no one else was willing to do so and the UEFI forum would have to increase dues to pay someone to do the same. Microsoft did push Secure Boot but it solves a legitimate problem for 99.9999% of the world's population - they have no way of knowing whether or not they can trust their bootloader. They lack the knowledge to even understand that they need to know whether or not they can trust their boot loader.

Microsoft has literally 0 control over this. The OEM/ODM decides what drivers to include in their firmware image. Microsoft is not going to try and dictate support for other operating systems and why should they? System manufacturers don't include them because they cost more to develop and support. It also increases the boot time because one more driver has to be enumerated and potentially loaded. OEM/ODMs get upset if you impact boot time by milliseconds so I can assure you they are not going to add such support for 0.0001% of the population. If you want these things and an OEM that may be willing to support such things then you ought to talk to System76. They may actually be willing to include these things for you.

Microsoft appears to be at the forefront of pushing these security measures earlier and earlier into the boot process. But keep in mind that your OS has to support preboot IOMMU Or you won't be able to use any of these features. In fact a lot of security features that could be used during the preboot window are often not included in the firmware because it makes life hard on the OS.

You most likely are incorrect about many of your assumptions. Most hardware comes with cryptographic acceleration that may actually require using assembly to take full advantage of. Most likely that is not the case, but some of these accelerations may not be possible in anything but C. That doesn't mean they can't minimize the amount of C used, of course, but it may actually be required. Also, the last time I used this library was to do many tens of thousands of signing operations per second and speed was most definitely important. I haven't touched this library in over a decade so I don't know the current state. I also don't typically work in an OS environment so I don't know what libraries Linux may provide to allow access to these hardware crypto functions but that library will most likely be written in C and may suffer from these same types of mistakes.

I used to work on software used for aviation (not FAA certified - it was just training systems but it was supposed to emulate the exact software in the aircraft). You can certainly use inertial navigation in fixed wing aircraft (the military required it last time I was working for the DoD) but inertial navigation is very difficult for a helicopter. In fact I don't remember having to support it for the simulated systems. I could misremember, but it is much easier to cope with these problems in fixed wing versus rotary wing. One of the examples listed was definitely a rotary wing aircraft.

Rebooting your phone is sufficient. iOS also has a button sequence you can hold that wipes the keys from memory as if you had not logged in. Unsure if that is actually as effective as a reboot, but it takes seconds.

Huh. That is odd. He was definitely there to cause trouble. I don't know anything about the guy but based on this SLC Tribune article it seems like he and his brother are both kind of crazy / attention seeking. Who knows. I am not sure anyone will ever really know the truth about this guy's motives.

Which, I think, is all the more reason that they need to put the election fraud rumors to bed. Otherwise there are hundreds of elected officials across the nation whose own rise to power could be questioned.

I would personally say that the entire nation was victimized but the number of people whose lives were on the line that day is much smaller - the capitol police, the legislators / family members / etc., and the protestors / rioters. I'm honestly surprised at how many of the ones who were outside stayed, I would have been worried about my life if I were an honest protestor. I heard that many outside were cheering the rioters on, though I don't honestly recall hearing that on the TV and obviously was not there.

In that case you may be able to argue that there was no incitement the day of. But it would mean that there was a much larger conspiracy at hand that is far more dangerous to our democracy. I don't know the exact legal definition of incitement, but when considering first degree murder, the premeditation period can start at less than one minute and extends on indefinitely. If there is any potential break in the passionate outburst that occurs at 2nd degree, even just for a few seconds, they consider it 1st degree. So the question for incitement is - does it have to be a passionate outburst or can it be months of indoctrination and pot stirring? I guess Google can answer that, though.

I am not familiar with this - I know initially there was a lot of talk that the Q Shaman might be Antifa but it has been quite thoroughly demonstrated that he is a Trump supporter and thought that he was doing what Trump was asking him to do in order for Trump to save the world / children from Hollywood and political phedophiles. Can you link me to a picture or article related to this person you're referring to?

It's not trial - why do you think any evidence needs to be presented to the group that literally saw and experienced this all firsthand? Though to be clear - I think that all of available evidence for the false voter fraud allegations as well as the seditious activity needs to be brought to light during the actual trial so that the people of the country can see firsthand what happened.

Now whether or not it is a conflict of interest for the senate to try Trump for a crime of which they are victim is an interesting topic of debate. What are your thoughts on that?

If he is receiving research grants from the US there may very well be restrictions on which countries he accepts other grants or payments from as well. I know that when I dealt with confidential material (ITAR related, not even classified) I had to notify the security officer whenever I traveled to certain countries. China, Russia, Venezuela, Cuba, and a few others were all on that list. Depending on what I was working on at that time the security officer may have needed to escalate those travel notifications to the FBI. It is something you agree to when you accept money from the feds. In my case failing to notify anyone of such travel was not a crime but would automatically disqualify me from such work for some period of time and would have basically cost me my job.

I disagree. If you look at his valuation forms, as filled out when he applies for Forbes' fortune list, you'll see that most of his perceived value comes from his brand and image. Being convicted by the senate will finish off his reputation and his image and there is always the chance that he will end up in state or federal prison for his activities before and during his presidency.

I literally tell you that I have personal experience in witnessing this from the prosecutorial side professionally and you respond with that?

I don't have the Amazon filing in front of me anymore but I thought the had included some posts in their exhibits of their filing? I could be mistaken.