Supposedly USPIS goes back to 1737 (or 1772 if you don't want to count that), whereas USMS started in 1789? USPIS claims its "birth date" to be 1775, so I guess that's the latest. https://www.uspis.gov/about/history-of-uspis#1775
If your SaaSS app surfaces a few small things from Grafana to the user, do you only have to open source the glue code, or the entire SaaSS application?
The entire application, to the extent that it's a single work under copyright law. If your app is a "mere aggregation" of e.g. grafana administration and other-service-administration components then maybe not.
> Seems like every time I see coverage about Firefox, it's Mozilla removing or crippling some feature I care about.
Maybe this reflects the coverage more than the reality. Read the changelog and you will see things worth getting excited by, but no one is going to write an article about each new feature and change.
No, the attack always works, whether there's an isolated process or not. In Chrome's design you shouldn't be able to access any data of value with the attack, that is data from other sites (like cookies) or privileged data. I don't know if that's indeed true or not in Chrome, but that's why it was designed that way.
Chrome's design ensures that Spectre can only access resources that end up in an attacker controlled process. And this [1] post on "Post-Spectre Web Development" goes into detail about how a given website can ensure that its resources don't end up in an attacker controlled process. There are also a number of default protections against this like SameSite cookies and CORB that protect some resources by default.
No, the POC only shows the script leaking memory into javascript running within the same process, and thus the same site. Chrome is still preventing the info from leaking across sites.
The big caveat to this is that an attacker can generally get a browser to include a cross-site resource in their process. For example, `<img src="https://sensitive.com/myprofilepic.png">` will cause the image to be loaded in the attacker's process where they can then potentially steal it. The article "Post-Spectre Web Development" goes into details on how sites can defend against this (and other vectors).
You will see a lot of people using the (expensive) ER to treat their health issues. The reason they are there in the first place is that they couldn't pay for preventative care, so naturally they can't pay for the ER either. As a society when someone who can't pay ends up in the ER we have two options: treat them anyways, or turn them away.
Yes but that is due to our current expensive healthcare system where out of pocket costs are just some insane arbritrary number. Most hospitals cannot even tell you a "cash" price until you really push. My whole point is that it is all so expensive BECAUSE of insurance. If insurance was not involved in preventive care for example, all hospitals and doctors would have to compete on cash price and that would lower the out of pocket costs significantly. I bet less people will need to got ER because now they don't need to pay $10,000 for a doctor visit.
Based on other comments in here, it doesn't appear to obfuscate what blocks of data are being requested. Its probably safest to assume queries can probably be inferred from access patterns.
The wikipedia page for USPIS claims that. But the wikipedia page of the US Marshalls claims that same honor. I wonder which is correct.