Accessing every password would require a breach of the browser or the extension, right? Because the extension will only fill passwordds with a matching URL, so with the browser must be compromised to provide the wrong URL, or the extension compromised to accept a wrong URL? I am not sure how separating the extension and the manager helps with this?
Interestingly, auto-filling can also be more secure than just typing in your credentials, because the extensions will only fill if the site URL matches, where as people can be tricked into thinking they are on a different site.
Does this extend to also not using browser extensions for password managers?
It does, yeah. If you aren’t averse to cloudflare then it’s a great option.
From memory I think it’s limited to http/https traffic, but that’s normally not an issue, just have all your services behind a reverse proxy.
One time I was in a class where we had this beginner level web dev assignment, and we were writing HTML and CSS. We had to submit the assignment as a zip file.
When you open the HTML from the zip file in Windows without unzipping it, it can’t access other files in the zip file, namely the CSS.
The entire class failed the assignment because the teacher didn’t unzip the files first, and refused to entertain the idea they might have screwed up.
my thinkpad lappy has a 230w power supply. can usb-c do that?
The latest USB-C Power Delivery Standard should do 240w, but not all USB-C ports are rated for it.
TBH this sounds to me like something specifically intended to not be an Australian-like solution, which they could have copied.
I am not sure what’s required of a bare bones Linux install (general computing device) that has access to a package manager (application store)!
Yeah perhaps. Or that “account” doesn’t really need to bw what we think of as an account.
Could it be covered, but they would still have to ask? It says if it wasn’t done at setup it has to ask, so perhaps an account-less OS would still be expected to ask for an age and provide it when asked?
Nah I don’t think it does. You don’t really get that because the intent of a law is important in court cases.
Mobile phones are specifically covered:
(g) “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
Windows doesn’t ask at install, and also this law requires them to ask for already set up accounts too.
This will make it a lot more visible.
Nah it seems it doesn’t apply to physical devices (except general computing devices as mentioned elsewhere)
(f) This title does not apply to any of the following:
(1) A broadband internet access service, as defined in Section 3100.
(2) A telecommunications service, as defined in Section 153 of Title 47 of the United States Code.
(3) The delivery or use of a physical product.
(3) seems to imply the OS that runs your switch or gas pump isn’t included. But I see nothing in the law that clarifies servers or any CLI only interface, or even any OS that doesn’t have accounts.
Where do you quote “reasonable” from? The only part of the law with that word is referring to a different, already existing law (or the bit about reasonable technical limitations causing the wrong signals sent in the API).
Ok I did it, I read the full text of the law, and you’re right.
The existence of Linux or anything not big tech and the broad range of options within seems to be ignored. Does a CLI only OS need to provide a GUI for its “accessible interface”?
On a different note, I did see the last point here:
(f) This title does not apply to any of the following:
(1) A broadband internet access service, as defined in Section 3100.
(2) A telecommunications service, as defined in Section 153 of Title 47 of the United States Code.
(3) The delivery or use of a physical product.
(3) seems to imply the OS that runs your microwave isn’t included.
I think the next bit from the article I didn’t quote explains that:
“(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user.” The categories are broken into four sections: users under 13 years of age, over 13 years of age under 16, at least 16 years of age and under 18, and “at least 18 years of age.”
I think the idea is that you would say that under 16s can’t use social media. Then you’d enforce this not with the horrendous Australian strategy of having everyone IDed, but instead you would enforce it by having an API that websites and apps could use that would tell them the age of the user.
So basically:
Windows might already have parental controls within Windows, but it’s the ability for apps and websites to know the age (or in this case age range) that is the important part.
I much prefer this than handing over ID.
Sorry but I don’t think the article text backs up the title?
The claim is that they have to enforce age verification, but the quoted law says:
Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
Doesn’t this just mean it needs to ask for an age at setup, so e.g. parents can set it up with an age and they can automatically be restricted?
I don’t see anywhere actual verification is required, if you’re setting it up yourself then just lie?
Honestly, this sounds like my preferred path if we are gonna do anything.
Make sure you visit in a browser aince apps wouldn’t have implemented an in development feature.
You sound like you want to go all in on federated services but there are plenty of other things to do.
I love Nextcloud, works well when set up through the Nextcloud All In One docker setup, but it is a little different to other things so it might not be a starting point depending on your experience. Lots of apps to add for extra functionality. But don’t replace your cloud storage with it until you’re confident of your backups (and ability). I ran it for years to use for the apps and minor things before I finally went all in.
I think a wiki is a great thing to have. Use it to document what you’ve done so you can remember.
Then there’s media. With the storage I guess TV/movies might be out, but there’s Audiobookshelf for Audiobooks, Kavita or Calibre Web for eBooks. I like Jellyfin for music (but using the Finamp app not the Jellyfin one), but others like dedicated music setups like Navidrone.
I buy my music from Bandcamp where available and Qobuz where it’s mainstream labels, then I can have my own little Spotify. Finamp even lets you download playlists or your whole library to your device for offline listening. I use Findroid for watching things, which also allows downloading. Last I checked the Jellyfin app didn’t have Netflix-like downloading, just downloading the files to your downloads folder.
I guess you might not fit a whole lot with 300GB storage though, especially after you fit the databases of half a dozen federated services.
If you have space, perhaps a photo service like Immich or Photoprosm.
If you have friends maybe a private sharing forum like Zusam.
If you have family then maybe family tree software like webtrees.
I run so many things, they all get used, and I’m always happy to talk about them!
Depends if you count OEM licences that came with their device as purchases, which would be the vast majority of people.
I agree this makes the most sense.
90s me would have killed for speeds like that!