I agree that more granular permissions is better (in terms of dictating which sites an extension has access to) but I think the main problem as I understand it is that this is an entirely seperate issue from the one that nukes uBO.

V3 introduces a hard limit on the total number network filters an extension is allowed to set and it's a laughably low number. Far below what uBO uses even on a barebones, default setup

Same here.

Prior to my discovery that fandom was bad and a lot of wikis were moving away, I was following so many instances of out dated info in games I was playing due to not realizing that the wiki was no longer maintained since the active contributors had moved elsewhere and updates/patches to the game had rendered the info moot.

What can a website do just from opening dev tools that it can't do without opening them?

it can basically fork bomb the user

The websites I've seen (and was referencing in the Gist) basically do this. But it's a very simple anti-debugger technique that uses an IIFE containing a `while` loop with a `debugger;` statement in every iteration. You can circumvent it by opening DevTools on another website and toggling it to "skip all breakpoints."

I'm sure there are more advanced anti-debugger techniques with different denial-of-service vectors. And I'm sure that the attack surface for actual exploits (beyond just DOS) is also greater than browsing a website without DevTools open. But it's not like browser vendors grant super-permissions to websites when the user has DevTools open; any exploit would depend on a high severity vulnerability.

I do agree that it's probably smart to browse sketchy websites in an isolated browser, and ideally one inside a VM.

> I'm sure there are more advanced anti-debugger techniques with different denial-of-service vectors.

Just rename debugger to banana.

Edit: I see you have posted it below already!

https://www.nullpt.rs/evading-anti-debugging-techniques

Do you think this is all running off the standard openai API and they picked a dev at random in Apple to use their accounts API keys?

Of course there is some agreement…

It would be a very surprising business arrangement if that was not explicitly called out. Apple is not going to leave this to chance.

> Apple is not going to leave this to chance.

How much would you be willing to bet, on a statement like this? I love a sporting chance.

If we find out in the next 12 months that OpenAI has been storing requests from Apple/Siri AND Apple doesn't come down on them with a 10 ton lawyer hammer, I'll pay you $500.

Can you match it the other way around? :)

I will bet around $10,000 FWIW.

And I can almost guarentee you it will magically all turn itself back on/reinstall itself eventually after the OS force updates/reboots itself in the not too distant future.

It's already re-created the OneDrive folder, but it hasn't moved any of my libraries back yet. Knock on wood.

yes for about 2 years (2015 - 2017) as a part time partner

https://www.ycombinator.com/blog/welcome-peter

> ...part-time partners (we do that with Peter Thiei for exampie, though at this point he's very involved)

From the quoted text above. I.e. more than part time partner (heavily involved)

> Wasn't the Moskva spotted by a drone before missile deployment?

Drones were speculated to have been involved but it was said they were used to distract the ship's defense system as the missiles were in the air, not in the initial spotting/targeting. Although I suppose they could've pretty easily done both.

+1 for itsycal.

- solid integration with macOS Calendar app (shows all your events and has a "+" option to create new ones)

- can also display a time clock along with the date and also has fully customizable datetime patterns meaning you fully replace the system date/time. I especially love doing this and now being able to just click on the date time in the menubar and see a calendar popup (instead of datetime settings which I never need quick access to) similar to the Windows clock

Yeah, itsycal has been around a while and is fantastic.

I can't find the source but in some of the communication Selig released between him and Reddit a few days ago, Reddit themselves confirmed that their pricing is based on lost oppurtunity cost per user, not just expenses

I think GP's point is that the amount of the settlement is not enough given the total number of users involved, rather than the class action itself is insignificant.

In my opinion, in these type of cases, the amount should be directly correlated to how much revenue the company generated from the sale of the data. If the sale of my data is deemed illegal/unethical/etc, then I should reap all financial benefits plus damages.

What's stopping FB from just continuing this practice and just upping their costs to their customers to include this added "cost" of doing business?

It's a good point. More hyperscale excesses would be redressed if we calculated on the greater of damages or profits.

My understanding of the current model is that if {profit} - {legal fees} > {calculated damages settlement}, there's zero incentive not to break the law.

In Facebook’s privacy case there’s also a fine and an agreement to change behavior. https://www.ftc.gov/news-events/news/press-releases/2019/07/...

Generally, class actions can include changes in behavior as part of the settlement. Class actions also pave the way for bigger class actions if the behavior isn’t changed, especially since they often negotiated by claiming to have already spent resources fixing the issue and their claims and the settlement have to pass judicial approval.

I’m not saying it’s a perfect system.