The ones I have are pretty old, and I got them from a local store that doesn’t exist anymore. They’re kind of slightly weighted, for lack of a better term almost like a foxtail toy.
You could probably just use standard juggling scarves and get much of the same effect. Renegade Juggling is probably one of the better places to buy juggling equipment.
It's not, though. There simply wasn't enough malware to worry about. Why would I run a firewall when I was unlikely to ever encounter a malicious program?
I mean, supply chain attacks are a thing that could have happened even in the earlier days. Linux almost got backdoored in 2003.
Also with the number of remote code execution exploits that have occurred in Web browsers over the years it's hard to know for sure if what you installed hasn't been hijacked unless you spent all your time on gnu.org
Run OpenSnitch for a while and you'll quickly realize how much of your system does phone home. Off the top of my head:
- GNOME Shell (extension updates without a way to disable this, weather),
- GNOME Calculator (currency exchange rates),
- NetworkManager (periodic hotspot portal checks in most configurations),
- GDB (debuginfod enabled by default),
- Firefox (extension updates, push notifications, feature flags, telemetry, ..., some parts cannot be disabled),
- VSCodium (Open VSX callbacks even when installing extensions from disk with updates disabled, JSON schema auto-downloads, extensions making their own unsolicited requests, ...),
- Electron (dictionary updates from Google servers, no way of disabling; includes any application running on top of upstream Electron, such as Signal, Discord, etc.),
- GoldenDict (audio samples fetched from the Internet on word look-up, no way to disable)
Of course, this is nothing compared to Windows [0] and macOS [1], but the malpractice of making Internet connections without asking, by default, has unfortunately been finding its way everywhere since modems stopped making audible sounds.
Having read about PRISM and seen the leaked dashboards of Paragon Graphite (said to be used by ICE), and with LLMs bridging the gap between mass and targeted surveillance, I don't want any of this.
Approximately 10-15 years ago I used an early Android app that synced contacts across multiple (local) accounts and deduplicated and merged them. It had Internet permission for some reason; on asking the developer why a dedicated contact management app would need to go online (in a time where I was using XPrivacy to prevent other apps from seeing my contacts), they said there was no real reason for it, and it was removed in an update two days later. This is the only time I've ever seen an app remove the ability to access the internet, and I really wish it was more common.
Of course, about 5-6(?) years ago Google removed it from both the play store and my devices (I allowed it because silly me assumed I could still get it again) because it requested a sensitive permission and didn't support runtime permissions.
Per se? No, maybe with the exception of GNOME Shell which literally runs code from the Internet unsandboxed. Can the traffic they silently generate be used for malicious purposes? Absolutely.
Wasn’t it KDE that had malware in its theme store not too long ago? Let that sink in for a bit. You changed around some icon themes and it executed arbitrary code.
And let’s not pretend that kde wouldn’t have an extension system if it could - but it’ll never have one because implanting one in that c++ spaghetti nightmare will never happen.
But if not, I'm not criticizing GNOME in isolation here. It's just what I use and what I'm most familiar with. KDE has the same issues and it does have an extension system too. It's called KNewStuff.
Problem with updates is that without automatic ones, users could stay on outdated systems and possibly get hacked through some vulnerability(of which there are many). While on the other hand, having explicit confirmations for each network request would be crazy annoying.
Maybe some middleground of having the tool OP sent built-in would be a good option.
I run all my systems with all outgoing connections blocked by default, and yes, it is annoying.
But it wasn't always this way, and so, I don't think it has to be. People just need to start paying attention to this.
The impact of a lot of those vulnerabilities would be mitigated if the affected programs didn't connect to the network in the first place.
As for updates in general, I really like the model adopted by Linux update managers and BSD port systems. The entire repository metadata is downloaded from a mirror and cached locally, so the search terms never leave your machine. Downloads happen from the nearest mirrors, there's no "standard" mirror software (unless rsync and Apache count?) so they don't report what was downloaded by whom back to any central system and you can always host your own. Everything is verified via GPG. And most importantly, nothing happens on its own; you're expected to run `apt/dnf update` yourself. It won't randomly eat your bandwidth on a metered connection or reveal your OS details to a public hotspot.
Simple, non-invasive, transparent, (almost) all-encompassing, and centrally configurable.
It contains Firefox and Chromium. You are right that they may call home, but at least it's very limited and easily configurable. Could be too much for you but fine with me. Also Debian does change their config by default to minimize privacy issues: https://news.ycombinator.com/item?id=32582260
It's far from easy in the case of Firefox [0], and the last time I tried, some .mozilla.com domains would still get pinged. Chromium doesn't even have an official guide. The only options I found to be reliable are source-level patches, i.e. ungoogled-chromium and LibreWolf.
Note that LibreWolf still leaves some of the stuff on for you to manually disable (dom.push.connection.enabled, extension updates).
I agree that push connections should be disabled. Maybe it can prompt you the first time you try to subscribe to one as to whether you're like to turn them on; this would annoy me personally, but also not break features by default. The annoyance hardly matters as websites already put an in-page prompt up before using the API, iirc because of Apple restrictions.
Enabling extension updates by default seems like a smart thing, though, as long as you can turn them off easily (there should really be a setting for this), and possibly a 6-month reminder to update them (similar to the refresh your profile reminder when you haven't used the browser in for a while). Extension updates happen, and many of the most widely used extensions (eg. ublock origin) really should be updated every time it's available. Better that than having the extensions go online to fetch and run arbitrary payloads because you know they will if disabling updates gets popular enough.
By downvoting we missed out a joke: Lets apply the article to the comment
>> I never understood why ... americans ... wear their pseudoscientific bullshit diagnoses like medals.
> Borderline Personality
Borderline personality disorder involves intense emotional instability, ... and devaluation of others.
>Social Communication Disorder
... knowing how much detail to give, adjusting their speaking style for different situations, understanding implied meanings or hints,
> B5: Antisocial personality disorder (ASPD): People diagnosed with ASPD show a lack of respect toward others. They generally don’t follow socially accepted rules.
> B5: Narcissistic personality disorder (NPD): People diagnosed with NPD have a sense of being better than others... They lack empathy for others
---
> I agree that there is a small fraction of people
What exactly makes you believe the fraction is small?
I'll ignore the baiting and just answer this:
>> What exactly makes you believe the fraction is small?
Because it's not as prevalent in other societies. The fixation of Americans, and especially younger Americans with mental health is not something I've (or clearly, GP) witnessed elsewhere.
I don't think the discussion here is due to a lack of empathy, rather it's curiosity of people looking into this society from the outside (which we're doing all the time because we live in an Americanized world, after all). It seems like the participants in this game of self diagnosis and mental health crusade are very self centered and not very fit to deal with life (which is a complicated matter, I admit to that).
This is not to dismiss the hardships of those people professionally diagnosed with mental conditions, obviously.
you completely nailed it, i just want to add more thoughts:
> Because it's not as prevalent in other societies.
Is it because (a) we have not looked close enough, (b) because it is a culture dependent thing, or (c) because there is no norm and therefore no deviation.
reply