mixed feelings on this, edge is supposed to store creds via DPAPI to the most part. you should also really not use password saving feature on edge (or any browser), it exposes you to a lot more threats that you need.
But.. saved passwords are not the same thing as "secrets" the browser uses. It has to be able to provide plain text passwords to websites. This is a really bad feature browsers should just not have to begin with, but they do, and I don't see a better way to use this.
In the past, they used to store the passwords in sqlite dbs, but now they've moved away from that at least.
From an attack perspective, there maybe some instances where you can dump memory, but you can't attach a debugger to the process without getting caught. so it does make a little bit of a difference there, but microsoft will probably tell you this isn't a security boundary that's being crossed. They can store it via DPAPI in lsass, and if lsass isolation is enabled (only on physical computers, default on win11) even SYSTEM privilege won't get you the credentials.
But what's the idea here, you have access to the browser, but you can't visit the site the password is saved for to make it "in use" and in plain text, so you can dump the password? I mean, even if you don't have access to the desktop, you can just start msedge.exe with the URL for the site as an argument and trigger the password retrieval.
Edge has done a lot to improve credential security, even DPAPI's existence itself is huge. If your research has meat, that's great but I don't see it here.
This feels like some "researcher" hyping themselves up to me, but I could be wrong.
Also, I really despise how they posted this on twitter, not even considering the political landmine there, I can't see the comments or threads on there without logging in. I can't visit the site on mobile without being redirected to download the app. I just wanted to mention that if you use X as a security professional in this day and age, my opinion of you drops by like 50% immediately. I don't care if you use bluesky, vk, telegram, discord,facebook, threads or whatever else, twitter is the worst place for you to share your work and you should know better.
why do i keep seeing comments of this sentiment? can't they just take loans? I thought there were serious consequences to making an offer, and then backing out , especially if the other party accepts your offer.
it's a fairly new way of doing things. I predict, in the future it will be more formalized and standardized like AGILE and SCRUM and all that boring stuff.
The result of that though would be establishment of development patterns that are good practices.
The rule of thumb is: An agent can write it, but a human has to understand it before it gets pushed to prod.
I'm still not convinced about the doom and gloom over developers being replaced. I'm not a dev as part of my main job function, but where I do use LLMs, it has been to do things I couldn't have done before because I just didn't have time, and had to de-prioritize. You can ship more and better features. I think LLMs being tools and all, there is too much focus on how the tool should be used without considering desired and actualized results.
If you just want an app shipped with little hassle and that's it, just let Claude do most of the work and get it over with. If you have other requirements, well that's where the best practices and standards would come in the future (I hope), but for now we're all just reading random blog posts and see how others are faring and experimenting.
while those things sucked, patterns imprinted on devs minds, passed on from generation of devs to the other until that's just the way things are done. CI is a good example, as are some of the documentation practices. Lots of teams that don't use agile or scrum formally, follow those concepts because that's just how they've seen others do things in the industry. I predict, LLM work will get some overdone and abstract thing like agile/scrum that lots of people hate, and few thing is useful, but then out of it the actually useful bits and pieces become self-organizing standards of sorts.
> The rule of thumb is: An agent can write it, but a human has to understand it before it gets pushed to prod.
The article essentially claims that no, that line of thinking is false. If the agent writes all of it (or too much of it, where "too much" is still not well defined), then your ability to understand it will atrophy with time, and you will either a) never push to prod, because you can't understand it well enough, or b) push to prod anyway, and cause bugs and outages.
I think the article is correct.
> I'm still not convinced about the doom and gloom over developers being replaced.
Agreed. The agents are just not good enough to write code unsupervised, or supervised by people without senior-level skills. And frankly it's hard to imagine them getting there. Each new release of the coding tools/models is a mixed bag. Some things are better, some things are worse, and the gains are diminishing with each iteration. I am afraid that we're going to hit a ceiling at some point, at least with the transformer architecture.
> but for now we're all just reading random blog posts and see how others are faring and experimenting.
Yes, exactly, and many people are not faring well. The article cites several examples of people feeling less capable after using LLMs to write code for a while.
What I said doesn't contradict the article. if what you said is true, then since a human can't understand it well enough, that approach is not good according to my rule of thumb, thus agreeing with article. I only established the litmus test.
That's exactly what I predict as well, I think it's inevitable. there will be middle managers and project managers needing a stick with which to beat the LLM mess into order, and keep themselves relevant, and it will suck all the same. But even such efforts result in establishment of good practices. In attempting to discredit the "slog" devs will establish "but instead, we should be doing $X".
i would hope so, as long as "good practices" really are good (for what thats worth anyway).
again, maybe overly cynical but ime "good practices" usually end up getting warped into "bad practices" caused by cargo-culting/up-selling by consultants as they try to mass-produce a new dev paradigm
I could easily afford any of their competitors but I always picked Spirit airlines. The pricing makes sense, pay more if you need more things. I liked Spirit because it was more akin to riding the bus, I got treated well every time by their staff and the experience was fairly consistent.
Other airlines also have cramped sits, what little they did better than Spirit isn't worth the price, and the experience was inconsistent: some times you'll get nice flight attendants, a comfy plane, and a good check-in/check-out, other times you didn't. can't plan around them. With Spirit I could plan around exactly how bad my experience would be reliably. Just about any inconvenience was some fee away to address it.
Frontier was the cheap airline that just wasn't worth it. On the flip side, AA was overpriced with snobbish (just my experience, very limited) staff. Because it's a "cheap" airline, Spirit came with low expectations, and it only exceeded them to the most part.
I shop at walmart compared to whole foods and other "better" chains for similar reasons. "great value" as walmart's motto goes, it isn't about the price, it's about the value you get for what you pay for. Spirit was the "great value" airline.
I don't think this effort to buy it will prevail, I only wish the GME betters were in on this action. The airline's value hasn't gone away, similar to Gamestop. The people like it, the demand for it there, the airlines assets and staff haven't lost their value. I don't see how it isn't a good investment. This attempt to buy it is to little, too late. but if it came in actual stock purchase agreements, I'm down for it. But donating random cash to some site as a pledge, I don't know about that.
The reason people don't like Spirit has less to do with the airplanes and more to do with the typical Spirit passenger. Most of modern life in America is an elaborate series of choices to maximize the distance between yourself and Spirit airlines passengers. All the usual euphemisms apply: 'good school districts', 'safe suburban neighborhoods', etc
- People having loud phone calls on speakerphone with vulgar language
- People with bad body odor
- People looking to optimize their outcomes, even at the expense of others and net deleterious. (Speaking in numbers, willing to take +1 point of selfish outcome at the cost of several others' -1 leaving a net negative for the group)
Spirit seemed to enjoy making their customers hate them. everyone who liked Spirit had to explain themselves (like you did) because their reputation was awful. It was a trainwreck of a brand.
The only bad experience I ever had on Spirit was from their garbage passengers, never had a problem with the airline itself, flew them probably 20 times. But then again anecdotal evidence is also garbage, so who knows, maybe we were just lucky. Or maybe a vocal minority made it sound worse than it was.
I would be surprised to hear that, say, United, was paying people to post about their bad experiences with Spirit Arlines online. I'm not in marketing though so maybe that's a thing that happens.
20 years ago Southwest Airlines had a reality TV show on Discovery channel about how terrible they were, with episodes like "They ran over my wedding dress with a baggage handler truck" and "They destroyed an irreplaceable guitar of a well known musician".
As an European who's lived in the US, Spirit was actually just as "good" as Ryanair. Sure, you can hate on both of them, but they're cheap and moce you from place to place. I can endure any discomfort for 3h if it meant I could save 100 or 150 bucks flying from NYC to Miami/FLL in high season.
I had much worse experiences with Frontier and promised myself never to fly them again. On one occasion we had to wait for 2h on the plane on tarmac after landing at MacArthur airport because... the airport staff was not responding to pilots' calls. Somehow they didn't know the plane was landing. It was 1 AM or so and while it might not have been Frontier's fault, to not be able to sort it out for 2 hours was telling. Had other issues, too, this one was most ridiculous.
My friends used to joke that it was like flying in a tin can, or that the wheels would fall off mid-flight. The jokes were endless.
I liked Spirit, though, great cost savings, and I didn't mind the minor inconveniences that came with it.
Aside from being known for being a cheap airline, the brand itself was pretty solid... I think it had everything working to its advantage. The bright yellow exteriors of the planes, a catchy name. I think people knew exactly what Spirit was and what they offered, which is the sign of a good brand.
They did things differently compared to other airlines, so it does warrant an explanation. People pay for the cheapest flight, and expect things like free bag checkin. Other airlines will charge everyone more, even if you had no bags and provide free bag checkin. I've had flights where I only had a small backpack and nothing more, I don't want to the "priced in" fee assuming everyone will check a bag. Spirit gave you exactly what you paid for, which is how it should be. No marketing mind games to trick you into thinking you're getting some luxury service. Even in first class most domestic airlines provide a subpar experience, might as well be for a good value like Spirit did. International flights are different though, and the bar is much higher there due to length of flights.
loved Spirit and flew with them 8 different round trips from BWI to many destinations. So cheap (clothes in bookbag) and never had an issue. They will be missed!
Agreed. I make decent money as a software engineer but I've probably flow 50+ times with Spirit. Like you said, they are predictable and reliable. What I appreciated about their staff is that they were extremely friendly but also capable of putting entitled people in their place. Oftentimes on AA and United, assholes got their way but on Spirit, they squashed it fast.
The only people surprised by Spirit were people who don't read warning labels and then you should only be surprised once. Heck, I paid 3$ for coffee on spirit but they would gladly bring refills and were proactive about almost like a restaurant. On AA and United, you usually had to go up and ask.
On top of that, you could get the big front seat (tm) which wasn't first class but pretty good about 150$ if you waited until your flight to bid. I got it a bunch and it came with free snacks and drinks and it was much cheaper than buying business
> I liked Spirit because it was more akin to riding the bus
This is exactly why I would never be caught dead on Spirit. Sartre got it right, "Hell is other people." My issue with Spirit and other budget airlines as a frequent traveler was never about the planes, the staff, or the operations, it was always the other passengers. It's bad enough dealing with people in general in the circumstances we all find ourselves in stuffed into an airplane, but budget airline travelers are generally exactly the sort of folks who ride the bus, which is why nobody wants to ride the bus in the US.
I say all this as someone who enjoys public transport when I'm in Europe and has no problem flying budget airlines in Europe like KLM Cityhopper or EuroWings, because everyone across society uses public transport and budget point airlines in Europe. In the US though, public transport and budget airlines are nearly only used by people who you'd rather not be stuck near for hours at a time for fear of being attacked, coughed on, or otherwise somehow harmed even if minimally which is entirely avoidable by just not.
I'm not paying hundreds of dollars for a glorified bus ride. I've had issues with passengers on other airlines too. There is no expectation of me as a passenger behaving a certain way, and therefore the likelihood of being mistreated by passengers or staff a like is low. As you noted, other people pay more thinking "higher class" people fly delta or whatever, and to protect that image and experience I expect mistreatment from staff and other passengers alike on those flights.
I would rather deal with someone putting up their nasty leg on the chair next to me, or listen to a movie with speaker on for the whole flight, than deal with rude flight attendants that won't respond to my needs, or dirty looks from other passengers because I'm wearing something comfortable.
Aside from what I see on social media posts though, I've never seen anything extreme like that flying on spirit in all the years.
Amercian is imo the worst airline out there, and the only one I refuse to fly with. At least the budget airlines are cheaper and honest for horrible service.
>I shop at walmart compared to whole foods and other "better" chains for similar reasons. "great value" as walmart's motto goes, it isn't about the price, it's about the value you get for what you pay for. Spirit was the "great value" airline.
Yeah it's not a secret that you can get by in life on the cheap if you have cheap, trashy tastes.
name calling aside, i think you missed my argument. If you think my taste is trashy, by my argument, your taste is also trashy, you're just dumb enough to spend extra money so you feel like you're above others. That's the point of the whole "value" thing, if more money gets you more value, that's great, if not then you're saying paying more for less is less trashy? It's like a person paying for a $15 wine and a $70 wine, the quality in that range isn't all that different, you're acting like you're paying $10k to fly singapore airlines when you're just flying cramped on united just like on spirit, but you're paying more.
And you sort of made another point I had: people like you, and companies who cater to people like you come with all that haughty snobbishness that's just unpleasant and degrades the experience. Good taste has to do with appreciation of value and quality, not polishing of one's ego, or pretending you're superior to others.
why are they building data centers in states that are hostile to hosting content there? can't be latency, because california has plenty of data centers and is close by.
I think since apple is looking at the lower-end consumer market, it must also be looking at the corporate desktop market. Supporting enterprise software/fleet is a whole different ballgame. But it does play well into apple's strength, in that apple is great at letting others experiment and learn lessons from their failures.
If the new leadership at apples even glances in that direction, it will be wild for the desktop computing industry in general. Perhaps microsoft will rethink things, but better yet, entire companies and governments might start switching to MacOS.
Linux desktop is not ready for mass adaption, but it isn't that far off either. My opinion is that people using more macs get them more familiar with the unixy way of doing things. But better yet, a lot of the tooling and libraries for macs is easier to port to linux than from windows. macs dominating enterprise and consumer markets can mean improvements in linux desktop, and the eventual reality (perhaps in a decade) of seeing GNU/Linux desktops in those same spaces as viable options (Android/Linux is already there in the lowest of the low markets).
moving away from microsoft in the eu is intended to cut digital reliance on the US. The EU governments will not switch to macs ever. If they did that, they might as well stick with windows, because apple is also american and beholden to american laws.
I get that, it's just geopolitics, but practically speaking, it is doable for some companies and governments, but can regular every day people manage their own linux desktops? the EU needs a mac competitor, and they're not spending to make that happen. They're just buying into Linux because of its popularity there, and they haven't seen the real price tag of "free as in beer" FOSS software.
an interesting variable in all this is China. the whole crisis, and maduro being kidnapped by his american counterpart dictator, has left them only russia left as a major source of petroleum overseas.
If I had to guess, the UAE is looking to form petro-alliances, and have a negotiating leverage. They're have to compete, and they can't beat saudi. So, either the US caters to their demands, or they'll be forming alliances with india and china, where currently OPEC's price setting was a limiting factor.
that's not what I meant, I meant how their actions and involvement keeps drawing them back to the origin of their name, thus their name having a deterministic effect on their fate.
Is framework aiming for mass market breakthrough? if so, I hope they're planning on the macbook neo. I have no reason to recommend it outside of tech-enthusiast circles over a macbook now, thanks to the neo. But I really don't think they want mass market, it wouldn't be a win for anyone. By design, it's a "repairable" computer, so people who want to repair their own laptop are the main customers.
You can't repair macs easily, but they last long enough for that to not be an issue. and honestly, the apple care experience is ideal for most people.
I do hope then that they stick to the tech-enthusiast market perfecting Linux-friendly laptops. The laptop market hasn't learned from framework's success, so I was hoping at the wake of the neo's success, someone could prove a similar quality laptop is possible by a non-apple company, keeping the competition alive.
My biggest concern for them is, one of these bigger laptop makers panic because of losses from the neo, and takes over framework.
I have zero reasons to recomend paying 800 euros for a mobile SOC with 8 GB, and the Apple experience is pretty much hit and miss, it certainly isn't worthwhile the extra cost when one needs to top it up with Apple Care, and get lemons like buterfly keyboard, Tahoe and many other issues that get had waved because "It is Apple!".
Then you get the nerds that get Apple because "I know this, it is UNIX!", when in reality what they wanted was GNU/Linux, and then complain all the time it isn't, because they skipped the class where UNIX, POSIX and all differences throught history were explained.
mass market consumers don't even know what "SOC" is, and would pretty much disagree with the rest of your sentiment. I think I was clear on the context being for them, not tech enthusiasts like yourself.
They will disagree when they find their phone powered experience to be sluggish, after a couple of Electron garbage powered apps are running, which they also don't care are making use of.
People considering the Neo aren't thinking they're being constrained by a mobile SoC when it performs just as well as M1 with a slightly reduced core count.
The fact that they're selling incredibly well is a testament to that.
There has been plenty of reviews and comparisons of the neo in this area, they disagree with your take. Comparing with similarly priced alternatives, it comes out on top. Every reviewer is trying hard to prove the neo sucks by comparison, it helps contrarian takes get better views.
Framework laptops are selling like crazy. The pre-orders on their highest end configuration of the new pro are completely sold out, and the pre-orders on the two lower variants are backed up until their 9th batch that wont ship until August.
It looks like theyre selling more laptops than they expected to, not less.
Their laptops are niche, but that niche seems to be growing quite nicely. There's a big cultural wave of frustration with Big Tech companies and their rent-seeking practices, and Framework is doing a good job of riding this wave.
Your concern about their being bought out is unfounded. They're not a publicly traded company and dont need to sell equity to anyone if they dont want to.
It's at the very least indicative that they are selling more units than they expected to sell, and likely dont have enough allocation of at least some of those chips.
Sure, they could have thought it'd only sell a tiny number of units, but if they thought that, they wouldnt have launched the product.
> It's at the very least indicative that they are selling more units than they expected to sell,
Hate to be contrarian here but this is a known marketing trick to make product appear as selling faster than it does to create hype. I'm sure you waited in line to a club/bar for 30 minutes only to realize club/bar was empty?
They are still a for-profit company and I totally expect those batches' shipping times to actually reduce soon. An order placed right now would ship in August and at this point it must be cutting into their earnings because any regular, walk-in type of customer is not gonna wait this long for their laptop.
This seems unnecessarily cynical. Telling your customers
> 'No, we won't sell you our most expensive new laptop config at all, and if you want the other cheaper configs, you will need to wait at a minimum until August'
is not a very effective marketing stunt.
Besides, Framework has a very consistent history at this point of quite frank, open communication. If they didn't have this history, I might lend more credence to your point of view, but my experience is that these are people that are pretty allergic to that sort of bullshit, and will just say what they mean.
I really can't imagine why they'd try and undermine that reputation just to counterproductively tell people they can't buy a laptop from them.
I am not saying you're wrong, I am just saying we can't draw serious conclusions based on pure speculation. They absolutely need to built their brand first and foremost to scale up and hyping up the brand by "selling out the stock on first day" is a legitimate way to do so. They can't stand clear of regular, high-school marketing for too long. Again, this is a for-profit endeavor with serious investors expecting a return.
It's less about repairability and more about modularity and upgradability. The repairability is just a bonus as a result of its modular-first design.
The whole point of the Framework is that it's your "final" laptop. Just buy it once, and upgrade whatever part you wish as and when you want to. For instance, folks who got the original Framwork 5 years ago can still buy the latest mainboard or chassis and keep using the rest of their gear, if they wanted to.
Of course, most people don't care about all that these days. Heck, most people don't even care about owning a computer, since smartphones have taken over.
The framework 12 is comparable in cost to a macbook neo, plus can work with a stylus as a tablet. I would say that is huge reason to recommend it. As well as that it can be repaired and upgraded as and when you want which is handy. Likewise it also can be used indefinitely theoretically as you can replace broken parts and a computer from 15 years ago is still usable today, so I am sure computers from today can still be used in 15 years.
> The framework 12 is comparable in cost to a macbook neo
No it isnt, not by a long shot! Only if you buy the basic entry level version (DIY) without any RAM, storage, ports or a charger. At which point we arent remotely talking about the same thing anymore!
It's approx £80 to £100 more for the same ram and SSD configuration as a £600 MacBook neo (No charger given in many countries as most people have a usb c charger). That's comparable. It's not a huge difference and the feature set is far greater for the framework.
(£545 with the device with ports,
£80 for the ram
£50 for the SSD.)
Firstly, you had to pay so much money for that screen that you had to consider buying a new device.
Secondly, Apple Products seem specifically engineered to easily break catastrophically (see SSD power supply below speaker grill, zapping the NAND modules if liquid enters the conveniently placed holes. Or a loose metal plate slicing a crucial ribbon cable when the phone was dropped. And many more such cases
This mix of overly fragile design and ridiculously expensive first-party repairs combined with parts pairing and the resulting inability of third-party, non-apple-certified repair shops to level the playing field is what I call a scam.
I like the form factor, screen quality (even though I prefer 16:10), the fact it works, the ports, but I'm lowkey pissed with the atrocious battery life - my new 13" AMD dies after 36h in sleep mode, unplugged and put to sleep at 90%
All the firmware updates are installed, there's nothing concerning in the logs.
Weak and laughable. Not even a few years old xps13s with hundreds cycles are this bad.
For office work, fine, plenty of horsepower, easy to fix, but not for private use at this point.
But.. saved passwords are not the same thing as "secrets" the browser uses. It has to be able to provide plain text passwords to websites. This is a really bad feature browsers should just not have to begin with, but they do, and I don't see a better way to use this.
In the past, they used to store the passwords in sqlite dbs, but now they've moved away from that at least.
From an attack perspective, there maybe some instances where you can dump memory, but you can't attach a debugger to the process without getting caught. so it does make a little bit of a difference there, but microsoft will probably tell you this isn't a security boundary that's being crossed. They can store it via DPAPI in lsass, and if lsass isolation is enabled (only on physical computers, default on win11) even SYSTEM privilege won't get you the credentials.
But what's the idea here, you have access to the browser, but you can't visit the site the password is saved for to make it "in use" and in plain text, so you can dump the password? I mean, even if you don't have access to the desktop, you can just start msedge.exe with the URL for the site as an argument and trigger the password retrieval.
Edge has done a lot to improve credential security, even DPAPI's existence itself is huge. If your research has meat, that's great but I don't see it here.
This feels like some "researcher" hyping themselves up to me, but I could be wrong.
Also, I really despise how they posted this on twitter, not even considering the political landmine there, I can't see the comments or threads on there without logging in. I can't visit the site on mobile without being redirected to download the app. I just wanted to mention that if you use X as a security professional in this day and age, my opinion of you drops by like 50% immediately. I don't care if you use bluesky, vk, telegram, discord,facebook, threads or whatever else, twitter is the worst place for you to share your work and you should know better.
reply