I don’t think it’s literally a search and replace but a part of the prompt that is hidden from the user and inserted either before or after the user’s prompt. Something like [all humans, unless stated otherwise, should be ethnically ambiguous]. Then when generating it’s got confused and taken it as he should be named ethnically ambiguous.

That’s truly as lightweight as you’re going to get. Cool little script.

If you like Heimdall you could run it without Docker. It’s a PHP app, you could run nginx and it would be pretty lightweight.

I used to have pi-hole setup and a housemate complained that he could no longer click on Google ads 🙄

If anything it will make things load faster as you’re blocking a massive steaming pile of ads, trackers, etc

It’s right there in the first part of the description:

This application uses the AudD® service as a Music Recognition API.

It seems you completely misinterpreted the intention of the article (willingly or ignorantly).

At Skiff, we take an authoritative position that PGP is no longer useful, long outdated by better encryption protocols, encumbered by unneeded complexity, and hard to use even from the start.

Except for “no longer useful” the rest is pretty much unanimously agreed upon within the community.

Seems suss. Can you find that app installed on your system and verify if it is a legit system app?

There are no open source licenses that do not allow for commercial applications. It goes against the very core of what it means to be open source.

However, what you’re probably looking for is a license that prevents people from taking your code and making a commercial application without giving back. What this means is that any copy of your source code must also be open source. This is what a copyleft license does and you could look at something like the GPLv3 or the less restrictive MPLv2.

No, not at all. The request never hits the cache. The certificate is stored within the app and all internet communication is specifically pinned to said certificate. It doesn’t even ask your certificate store.

There are some cases where this would not work by the way. It’s called certificate pinning and it’s basically when an application comes with the trusted certificate for a host built-in. Even if you were to override it with a root certificate in the certificate store, the app simply wouldn’t use it.

It’s the fact that the intelligence agencies have proven themselves to be unable to responsibility use their powers, and instead find every sneaky way possible to infiltrate and spy on their own citizens while preventing nothing. That’s what has pushed the world to say enough is enough and we are going to encrypt everything we can. Now the global powers are crying poor about how they need access to stop terrorism, while being completely unable to point to a single instance where they stopped a terror attack and contrarily there’s plenty of terror attacks that were never stopped.

While this is a real issue, the threat is best mitigated outside of the browser. In theory any application you run could put contents in your primary selection, the threat is what you do with that. The biggest threats I can imagine are insecure shell settings which the author pointed out and can be mitigated easily. Or as a commenter pointed out, cryptocurrency related activities could be at risk - such as pasting in an address to send the currency to could be hijacked and you probably wouldn’t even notice as the addresses are random. X is known to be insecure and if you’re doing something sensitive like handling cryptocurrency it would be best practice not to run X anyway.

It would be much easier to check the settings for your shell and display server. It’s a very niche threat. Think about how having something copied into your clipboard could actually effect you? I can’t imagine too many scenarios where you would paste something malicious that would actually be a problem. Paste something malicious into an email and you could just delete it. Paste something into the URL address bar and it wouldn’t submit until you told it to. Paste something malicious into your terminal and it wouldn’t submit until you hit enter (check that last one yourself).

Alternatively, disable javascript in the browser.

I 100% agree that it effects an extremely small percentage of the population, but it’s also not hard to imagine a scenario in which this can have real consequences.

Let’s imagine I have a popular website that documents Linux tips and tricks (think: which command can I run to see drive storage used again?). In there I have a short command people can copy and paste to run (maybe df -h). The user copies this command and switches window to their terminal, at which point the blur event listener fires and I override the innocuous command with a malicious command. The user pastes it into their terminal without any indication that the primary selection content is now different.

Yes, this is due to both insecure X and shell settings that doesn’t effect everyone (Wayland and sane shell). It’s as much or even more the fault of the insecure programs, but Firefox is a part of that. Even in this situation it would be much more likely that the user is effected compared to the “general population”. It’s more of a targeted attack than a broad insecurity, but it’s not a “one in a million” chance.

It’s a simple POC. To address your points you could easily add an event listener for the window blur event so whenever the window loses focuses. You could also use javascript to manually highlight the user selected text when the window regains focus. You can make it as complex as you wanted.

The point is that the core of the issue, that you can override the users select buffer which could be used to maliciously insert commands, exists.

Appears to be the same developer as wttr.in

The included example script re-runs the selection every 500ms so it would instantly overwrite what the user has selected. In theory you could even lower this timer.

Haha yep! Your timezone is in that danger zone where it’s not wrong enough to be immediately obvious.

If you make a Windows USB install and boot into it, you should be able to run some Microsoft tools to try and repair the installation. You can search further for it, might be worth looking into if you have anything you want to access on there.

Others have commented on the process. It’s easier than you think.

One thing that might confuse you at first (after successful install) is that when you change between operating systems, the system clock gets thrown off. That’s because Linux and Windows interpret the system time differently (local time vs UTC).

To match Windows behaviour in Linux run: sudo timedatectl set-local-rtc 1 --adjust-system-clock

To match Linux behaviour in Windows you will need to edit the registry, I’ll leave that up to you to search.