Recent comments in /f/brave

smartypants said () (edited )

Apple in 2021 now in Big Sur tries hard to prevent me from compiling kernel extensions for others that are a hardware layer sata controller man in the middle... almost all drivers are USER LAND code on mac and windows, and if not , you need to have SIGNED CODE identified to you and a usa mailing address.

Miocrosoft started this "signed authorized kernel code" stuff over 20 years ago, only mailing a Windows DDK CD (for drivr writing) to a known USA mailbox address. Now in 2021 the biggest fear Apple and Google and Microsoft have are people like me who wrote man-in-the-middle tools for VIDEO CARDS, VIDEO COMPRESSION paths, AUDIO CODEC interceptors at chip level, network chip monitors, GPU library intercept shims, SCSI, ATA, ATAPI, USB and SATA man-in-the-middle tools.

Its trivial on windows and mac, if your code is authorized to load, you specify that the machine MUST use your code to service the vendor ID of all the above mentioned devices, and your code merely passes through all data on behalf of normal tools, but SWAPS bytes and such of monitored data.

The methods will never go away, but to protect DRM porn videos... all companies claim I am the evil bad man. My code to intercept data and simulate devices or DOWNGRADE DEVICES by falsely stating lack of crypto, are all somehow evil, and I am evil for making it harder to sell DRM protected porn videos on web sites.

Oh well.

All I know is that the latest crap from astounding M1 chip on macs now makes me have no access to even debuggers for kernel , or even DTRACE (DTRACE was only on unix and Apple, but now even Windows has DTRACE).

https://techcommunity.microsoft.com/t5/windows-kernel-internals/dtrace-on-windows-20h1-updates/ba-p/1127929

DTRACE itself is an enemy of DRM, so programming is also an enemy of DRM.

Commercial public Debuggers being loaded on mac stopped only DVD and BluRay playback in the past (same as windows), but now debuggers BAN ABILITY to run a single iOS app on a M1 desktop/laptop.

iOS is still not liberated and cloned in a VM by hackers, and the machine will not even load it into protected ram if a debugger is running. This month apple is also trying to stop existing m1 macs from running legacy iOS apps at all!!!!!! no more iOS VM soon!!! YOu dont know this, by M1 macs can run the actual real genuine iOS OS and genuine real IOS apps, but you have to side load them from a signed device to your cloud and back to your M1 mac and resign them. Lots of youtube videos exist. Apple realizes people like me might want to make it a permanent , easy, and simple thing to do, so Apple just wants to stop that whole experiment.

I am on a tangent.

If i shared code, it would have to be personally be compiled PER USER PER MACHINE. Apple now no longer lets you compile drivers for machines on a desk unless signed, only on the machine that compiled them.

Apple is turning their computers into DRM content delivery platforms tied to credit cards and cell phones.

You are just supposed to CONSUME, pay for app games and buy digital smurfberries for your apps, and pay for DRM protected porn in this new dystopian tech hell hole.

no more personal computing.

2

smartypants said () (edited )

NOT EXACTLY :

You see advertisers use other domains for a REASON.... accurate tabulation of passive ads drawn and seen, and also clicks.

Using hashed and cached data is no different than hosting a lot of slop from a specific single domain... and is NOT what the multibillion dollar advertising industry wants.

I agree that obfuscated javascript ad-orient architectures will be soon delivered on IPFS and such, but famous top200 web sites will always have 3rd party ad blocker tech annoy them.... always.

I am scared that loss of specific url and domain control makes it more of a wild west though

1

smartypants said ()

GREAT revelation!

A Driver I wrote for SATA long ago, reported a bogus but unique serial derived from the real serial and then reported that lie to OS. I guess its time to do that again, but rather collapse the hash to 24 bits of unique and 8 bits more from hard drive format date/time

the 32 bits would be safe enough to be unique and non colliding

1

spc50 OP said ()

These browsers need to knock it off. Rolling full things in like Tor and IPFS -- these are NOT features.

Brave currently is about a 79MB download. Huge file. Way too big for a browser. Installed says 250MB. This is dumb. How does it compare? I don't know. But, these people need to seriously rethink what they are doing and how many people they harming in many many ways.

1

V3l said ()

Without any logical reason, even without Brave is very bizarre, thinking secuirty focused why would you put together a browser and crypto ?

If you realy think security focused, do you realy need two things in one ? While you can just do each task separately

Do you realy need mining ? Do you realy need your browser to mine ? Do you even tor already bundled in ?

Any security analyst, security oriented programmer will tell you it's bullshit

3

spc50 OP said ()

I know... your websites all are so radically popular and huge. Must use CDN... Must distribute load to eat bad packets. Right... In your wet dreams. Must use cnames and subdomains...

10% of market that needs such, 8% probably is sketch. The other 2% are companies so big and connected that they should happily take the beating, bad packets, etc. Comes with the territory of being a big fish.

2

spc50 OP said ()

Google's 'Don't Be Evil' abandoned slogan needs upgraded. Something like 'Don't Code Evil' or 'Backdoors Kill Dissidents'. For a company (Google) with such a long history in social change, protests abroad, labor activism movement, etc. you would think they'd be more sane about cleaning things up.

Google has lost its way. Building a company based on their spyware isn't very rationale.

The browser space is basically a duopoly. That's not choice. That's two fake competitors pretending to compete. Competition is afterall a sin according to great industrialist of old.

Many of issues brave is 'solving' and compromises working around point back to javascript. It's time for a severe pushback and movement to demand javascript free experience. When we started dressing web up all marketing pretty is when the vultures, spies, standards all snuck in.

The bloat of web standards and overly complex foolishness have made the industry unappealing and highly centralized. Very bad for creativity. Very bad for startup culture and prospect of future entrants as competitors. A disaster for free people and democracies inevitably.

4

dontvisitmyintentions said ()

If Chromium is so bad, and it is, why haven't you cleaned it up yet?

Making Chromium a clean, neutral starting point with flags to disable everything for downstream projects (Edge, Brave, Vivaldi, etc) requires Google's cooperation, because Google generates most of the code for their own use in Chrome. Those big names already put money into sustaining it as it is. There's no incentive to make their products easier to be private when downstream doesn't care, either.

Web browsers are too complex for forks to keep up with vulnerabilities and features. Things won't change until some of that complexity goes away. Web sites are too broken for that to happen.

3

spc50 OP said ()

Good reply.

Portable version should be just that. Free of any machine identity or dependencies thereon.

Whole ball of code and saved settings should as they historically remain stuffed in one tidy directory and those thereunder.

Just like a portable version shouldn't be in system space or user's directory and hidden subdirs it shouldn't be in /etc pulling anything from kernel or proc or their other OS equivalents.

I know it will be yet again OH WE INHERIT THIS FROM CHROMIUM. If Chromium is so bad, and it is, why haven't you cleaned it up yet? Maybe allocating resources doing that should have preceded coin dreaming and pushing ad fluff (aka our ads are less evil).

This is why forking things, rewriting nasty code, severely auditing risks up front, etc. are a thing and sane strategy.

Whole thing reminds me of Redhat when they went public. Like 6 employees doing the real work and 100 marketing people hyping the BS.

4

dontvisitmyintentions said () (edited )

That patch appears to be part of a set which adds a flag to disable the machine-id feature: https://github.com/brave/brave-core/pull/795

This exchange is informative:

What is the reason for disabling the machine id? We disable the sending of metrics so I'm not sure what the purpose would be. Also, why do you want to disable

I believe they want a portable version where all extensions and passwords are saved between different computers

My impression is that Chromium extensions may rely on machine-id for sync or storage, and this patch works to make sure Brave works without it. I didn't look to see whether machine-id first came from a Chromium source injection into Brave or not.

3

spc50 OP said ()

I wonder if they have a person with responsibility of caring about privacy matters.

Needs to be senior role in such a company to keep developers and direction sane. Otherwise end up with this patchwork of code nerds doing facepalm causing things.

Tired of their apologists casually pushing stuff like this aside as no big deal. People get put on naughty list, people end up imprisoned, people get disappeared, etc. because of leaky software that doesn't protect users.

Stop pretending to be privacy focused or prove me wrong and start cleaning up the messes and 'we've always done this -- industry standards from the 1990's'.

3

Rambler said () (edited )

Womp Womp.

I wonder, do they publish a transparency report or whats their role with assisting governments or law enforcement? On mobile so don't feel like digging through stuff right now.

They knowingly, with the TOR DNS leak, put countless at risk.

3

spc50 said () (edited )

Pretty sure those are funny and sneaky ads done as a base 64 work around :)

Doubt going to block them with domain lookups. Have to isolate which domain to start which might prove to be rather complicated.

Those ads go in like this:

"data:image/jpg;base64,"

Their affiliate link (end destination URL) is: https://www.amazon.com/dp/B084KQFNBX?tag=bravesoftware-20&linkCode=osi&th=1&psc=1&language=en_US&currency=USD

1

RAMBLE1 said () (edited )

You can block the url address at the host level. Your PC wont be able to make connection with that/these url's.

  • file location /etc/host
  • You probably don't need to restart anything, unless there is a temporary cache of the DNS somewhere. To restart networking and clear the DNS cache on Debian and Ubuntu: 'sudo /etc/init.d/networking restart'
  • You'll find more info here under 'What is a hosts file'
1