The same policies also offer the ability to force-install an official Google "Endpoint Verification" chrome extension which validates browser/OS integrity using Enterprise Chrome Extension APIs ("chrome.enterprise") [0] only available in force-installed enterprise extensions.
FWIW, in my years of managing enterprise chrome deployments, I haven't come across the feature to force people to use Chrome (there are a lot of settings, maybe I've missed this one). But, there definitely is the ability to prevent users from mixing their work and non-work gmail accounts in the same chrome profile.
Edit: Okay, maybe one hole in my logic is the first-sign in experience. When signing into google for the first time in a new chrome browser, the force-installed extension wouldn't be there yet. Although Google could hypothetically still allow the login initially, but then abort/cancel the sign in process as part of the login flow if the extension doesn't sync and install (indicating non-chrome use).
This might be their “context aware” security feature. Which can prevent access to certain things based on device, browser, etc.
I don’t see why any of that can’t rely on a chrome extension implementation using the privileged APIs to verify OS, Browser, etc. Struggling to understand why they need special headers for any of this functionality.
While I understand they want to transparently replace passwords with passkeys for websites that support it, what happens with passwords for websites that don't support passkeys?
Also, if someone sleeps over this, they will just lose their passwords to random websites and have to go through account recovery flows?
If you install Edge, you can keep using the synced passwords. They're only disabling password autofill for their authenticator app, they're not throwing your passwords away.
The app has been warning about this for a while now. This might catch someone out of guard if they only use the app once a year for something bureaucratic, but I doubt a credential like that will be stored in Microsoft's authenticator app.
I bought my parents a Dell laptop in 2019/2020. It has 7th gen i3 so just below the Windows 11 threshold. The machine is in perfect shape as it's used a few times per month max for watching YouTube or some online banking, or occasional LibreOffice usage.
I don't want to generate electronic waste, what would you recommend? Installing Linux Mint?
Note: I'm far from my parents so can't do IT support.
>I bought my parents a Dell laptop in 2019/2020. It has 7th gen i3
7th gen came out in 2016. Why did you buy your parents a system with a 3-4 old CPU? Nothing wrong with buying old stuff if that's what you're into or what you can afford, but then you have to take into account the risk of less SW support when buying old HW, since now that CPU is 9 years old and no HW gets supported forever. Hence the saying "you buy cheap, you buy twice". Just install Linux on it.
You made me double check, actually it's 8th gen (came out late 2017). It was 2y old at the time of buying (I wasn't really paying attention to the processor tbh). So actually, not sure which Windows 11 prerequisites are not met, I need to dig more.
They won't, Windows isn't even compiled with AVX2 extensions on, even though every CPU in the last 10y+ supports it, for the fear of it running on some machine that doesn't have AVX2. The whole "CPU unsupported" thing is from the marketing side, trying to push purchase of new hardware, not from the actual devs.
If you're interested in the subject, let me introduce you to GCMap.
GCMap can plot a line between any two IATA airport codes; actually you can put arbitrary number of pairs comma separated; and best of all, they can be passed as a URL param. For example: `JFK-LHR,LHR-CDG,CDG-FRA`
GCMap doesn't have a whole lot of different map projections to choose from. Having more than one pair on a single map will result in a pretty bad map projection. That's my biggest complaint. They really need to add more better projections such as Mollweide, Winkel Tripel, Robinson, etc. Or they should just have a globe.
Uh, it felt weird indeed reading those super verbose descriptions of what airline X did in year Y and what they changed in year Z, repeated like 5 times in slightly different words.
Note: it's a content marketing article on a blog of a company dealing with airline refunds, so it makes sense, you're probably right.
> Microplastics ... in glass bottles contain more microplastic particles than those in plastic bottles, cartons or cans. This was the surprising finding of a study conducted by the Boulogne-sur-Mer unit of the ANSES Laboratory for Food Safety. The scientists hypothesised that these plastic particles could come from the paint used on bottle caps. Water and wine are less affected than other beverages. [1]
Support - yes. Turn on without a bit of hassle - no. I'm not sure how they found that many active services. Honestly, at that small percentage I suspect misclassification instead.
Yeah, I think this is misclassification based on UDP port.
If you take their random source ports (21,925), ~0.004% come from any single port, which lines up with what they said was "Other" traffic. The numbers don't quite work out right, but it seems like its within a factor of 2, so I wouldn't be surprised if it was something like udp source/dest port = 17 => QOTD.
A lot of security is just making stuff up to sound smart, since the clients aren't very technical. Someone saw packets on port 17 and looked up port 17 and decided that meant the QOTD service was involved in the attack. Probably.
They're not an April fool's joke. A 90's linux might have these services enabled by default. I assume they were built to make network debugging slightly less boring
Huh, this sounds kind of cool, I like the idea of there being a few QOTD servers dotted around the internet. Shame that the first I'm heading about it is it being abused to launch a DDOS.
While not a random server in the internet, here is the start of the ssh banner on my router (before the legal "fuck off")
_______ __ __ __
|_ _|.-----.----.| |--.-----.|__|.----.-----.| |.-----.----.
| | | -__| __|| | || || __| _ || || _ | _|
|___| |_____|____||__|__|__|__||__||____|_____||__||_____|__|
N E X T G E N E R A T I O N G A T E W A Y
--------------------------------------------------------------------
NG GATEWAY SIGNATURE DRINK
--------------------------------------------------------------------
* 1 oz Vodka Pour all ingredients into mixing
* 1 oz Triple Sec tin with ice, strain into glass.
* 1 oz Orange juice
--------------------------------------------------------------------
Including a cocktail recipe in the login banner has been a signature of OpenWRT for a long time. Looks like Technicolor came up with their own recipe for their OpenWRT distribution.
Is it part of Microsoft Services for Unix? That seemed to be the primary source of chargen reflectors when I was getting hit by that; and it feels like a similar thing.
The main reason for this is to force the publishers to stop relying on deprecated APIs that have way too much access, and migrate towards new APIs that offer more fine grained permissions and control to the user.
BTW The stores requirements are not really about minimum OS version of the phone, but minimum SDK version of the build chain. It's often possible to have secure code path for new OS and the legacy code path for old OS, but in practice it can be burdensome sometimes.
FWIW things have dramatically improved in recent years. For example, latest Pixels claim to have 7 years of support [1].
I wonder how it will work in practice though, as often the quality of QA for system updates for old phones drops over time, and major bugs and perf regressions are being shipped.
I wonder if this is header is not connected in some way to that feature.
reply