[Random snipping ahead to reply inline while on my mobile, apologies] On October 2, 2015 7:35:19 AM Lodewijk andré de la porte <l@odewijk.nl> wrote: [Georgi]> btw, does rowhammer escape VM? (appears to me yes). I think it does, but I've not done enough testing on my own to be sure.
You know, a webpage is supposed to be in a VM too.
Yep, agreed. I meant that I also use VM on my crappy airgapped box, even though it doesn't matter as much as my other boxes of importance or networked laptops etc. VM should be pretty standard security fare, and yet nothing is 100% secure. We do what we can, adding layers so that it may slow down any threats. There is no way to be absolutely secure, it's a sad fact of modern life. But we don't have to make it easy for the bastards, you know? [Snip]
Which relates as to why I lost a lot of personal photo's; I didn't use the cloud backup feature. Now nobody has my pictures, except maybe whomever stole my phone* =(
Automated TiBU + weekly manual backups of media to external drive? That's what I do; couldn't pay me to use a cloud backup. Same as with people complaining about the first Blackphone not having access to GAPPs/ Google Play (...seriously?), do u even sideload bro? Do it regularly when you're managing your other data backups, it's quick and painless after the initial setup.
Using one of those file hosting sites provides a greater level of convenience. Perhaps so much greater that without that level of convenience it would hardly be possible at all.
I'm surprised to hear that come from you. I've never used a cloud backup and the most I've ever lost is a day or two's worth of data/ media. I have redundant backups. It's not difficult (it truly isn't, I'm not trying to be snotty.)
The consumers don't care to invest in security very much, in fact, hardly at all.
Do you mean the same lusers who broadcast the fact that they're on vacation all over Failbook, post photos with GPS enabled and are then surprised when their home is burglarized?
* full disk crypto is not a thing in androidland ;(
Sadly, it's not a "thing" anywhere right now. Not when EC has been intentionally weakened, etc. Hell, even if crApple did have true full disc encryption, I wouldn't use their closed source crapware.
tl;dr: javascript could be fine if we'd have secure software - as it is HTML/CSS/images/videos/etc are all also dangerous. Top level security seems (and often is) useless - therefore we don't really have it (even when we'd like it so very much) unless we keep ourselves from essential features.
"Essential" is very much a subjective term. I don't mind most of my web browsing experience looking like plaintext (in fact, I much prefer it.) However, I understand most people do not want to use the web in that way. We all make concessions we consider acceptable, sacrificing privacy/security for convenience. I'm guilty of it, too. Anyone with a smartphone and a credit/debit card is as well. -S