Can’t stress this enough. High taxation incentives people to get more days off instead of more money. In NL it’s not unusual to have a 4 days work week. People call me out for working on Sundays because “it’s weird”
It's probably hard for Americans to imagine this because it's their normal
But being European and living in Europe and being radically honest when I arrive in America the main feeling I get is just endless abundance
Non-honest (I'd say many to most) Europeans will not be able to deal with this abundance and start coping "zOmG but if you hit your knee you will go bankrupt cause healthcare bills" and "look at the homeless tents" and "lol look at the Amerifats!!!"
Even if fully true, that's kinda besides the point, the range of America is much wider, the bottoms are lower and the peaks are higher
People are (in some ways literally) hungry to work and climb the social ladder which even if worse now than it ever was is still much more present in America than it is in Europe
I can barely get people to come to my house to do construction work in Europe, while in America I'd have them working the same day, because people want money, because unlike Europe there's not much free gov money
That makes the system more oiled in a way because people WANT to work and that makes people work and build things
The problem is most Europeans will never ever respect "the hustle", they're stuck in the socialized welfare systems that worked in the 1960s and fairness, which is an absolutely beautiful ideal but stops working when you run out of money like Europe does now in 2025
“We can easily bypas KASLR using prefetch attack these days.
Entrybleed is the most famous prefetch attack variant.”
iOS security is leaving dust to any other platform. It’s hard to believe KASLR is still not a standard mitigation nowadays
https://t.co/udPv0KfD0w
@ace__pace Whenever there is/was anything, they would make an effort to mitigate such an attack or make it unusable in production. Have you ever seen a jailbreak/ITW chains using side channel attacks on iOS?
Recently, there was a clash between the popular @FFmpeg project, a low-level multimedia library found everywhere… and Google. A Google AI agent found a bug in FFmpeg.
FFmpeg is a far-ranging library, supporting niche multimedia files, often through reverse-engineering. It is entirely the result of volunteers and a marvellous piece of technology.
For people who have never been on the receiving end of ‘security researchers’, it is difficult to understand why there is a pushback against them.
Think about the commons. In Quebec, these are pieces of land where farmers send their cows during the summer. It is collectively owned, like FFmpeg.
Everyone is responsible to care for the commons if they are using it. If you are not using it, you are supposed to stay away.
Now, imagine a rich corporation comes in and sends its well-paid agents into the commons to find issues with it. Maybe a broken barrier or a dangerous hole. So far so good… But instead of fixing the issues, the corporation says “you have a month to fix the issue or else I will report you to the government”.
How much love would the big corporation get in this context?
Why do the security researchers insist on disclosing the issue without having contributed to fixing it? So that they can get credit for it. That's their entire scheme: find issues, irrespective of whether they affect the use case of their employer... after all, all issues no matter how small can be potentially significant at some point... and then brag about it without doing the hard work of trying to fix it.
Let me be clear that no everyone working in security behaves this way. Many are good actors. But there are enough 'security researchers' behaving as parasites that it has become a recognizable pattern.
« But Daniel, who should be fixing the bugs then? »
If you are paying for commercial support, then get in touch with the folks you are paying. If you are not paying, then it is on you.
It says so in the licenses. It is part of the moral code open source. It is part of the legal framework.
Let me be clear. You do not get to bite back at Linus Torvalds if a bug in the linux kernel crashes your server. What you do is that you identify the issue, narrow it down and propose a fix. If you cannot do it, then you pay someone to do it. Or you just do not use Linux.
The story gets stranger...
Apparently I was never able to use the 🇪🇺 EU's GPUs in the first place
Because I wasn't on their pre-approved organization list of "Horizon 2020"
So how can you join the Horizon 2020 list as an organization?
Well, you can't. It was made in 2014 and closed in 2020!
????
Serious bugs often occur in third-party components integrated by other software. @ifsecure and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click.
https://t.co/LchMIdKP0P
That’s where we see things differently. An exploit that could potentially takes month to develop so that it just gets patched a month later won’t cut it.
For kernel/launchd: it all depends on your goals. But like you mentioned before, we’re talking about real attacks. State actors would probably not stop at your <insert 3rd party app here> data only for their future attacks, and you’re likely to need a launchd sandbox escape or kernel.
Persistency is nice to have, but most ITWs nowadays don’t include one
@filpizlo@chrisrohlf Retrying would send crash dumps to Apple, and it would be just a matter of time until the bug gets fixed.
And you can't retry these attacks against the kernel/launchd
It hasn’t been announced properly, but The Apple Wiki admins & me grab firmware keys shortly after each major & minor release (e.g. 26.0 and 26.1)
We also constantly fill the gaps in the old versions & platforms, e.g. M3 Max and A7 & S1P/S2/T1 & S3 SEP
https://t.co/t3ZFMuduGx
@i0n1c If it makes you feel any better, public healthcare in 🇳🇱 is pretty much identical (perhaps slightly longer waiting times) and private healthcare does not exist. Disclaimer: I am the one who wanted those 1.5y waiting time appointments