The xss is stored via csrf. So an exploitation scenario would be that you visit a malicious page and then click in the search box on a new tab.

What worries me is that 2 months have passed since the vulnerability was fixed and yet there is no new version released which contains the patch... So you're exposed unless you build ZT from source.

The patch was on the roots and was applied within 6 hours of learning of the vulnerability. A new release wasn't needed since the issue was not in there.

If the problem is in the ZT root servers, then the clients do not need to be patched, I guess?

A new packaged version is now available.

zerotier-one (1.6.6) unstable; urgency=medium

  * Backport endpoint mitigation against address collision attack.

 -- Adam Ierymenko <[email protected]>  Tue, 21 Sep 2021 01:00:00 -0700

That's not quite true. IPv6 has privacy extensions which generate randomized suffixes. A website would still be able to track you with the common prefix. Tracking the prefix is more or less the same as tracking an IPv4 address. If you're worried about tracking than you're better off using a VPN than a NAT gateway (both of which is also possible with IPv6).

It's possible to execute statements in a lambda through exec. But it's more of hack than what it worth.

  print((lambda x: [exec('x = x + 1; result = x'), eval('result')][1])(1))

Not to mention that nvidia uses proprietary configuration options even in Xorg.conf. A multi-monitor configuration which works fine in nouveau (or really any other driver) refuses to work with nvidia, because if you use the binary driver you have to set bizarre metamode options to make it work.

Lenovo slowly transitioned away from IBM's design over the years. They are now using cheaper plastics and have horrible chassis designs which dig into your wrists due to their non-rounded edges. They're trying to make Thinkpads look more slick while at the same time reducing the cost to manufacture them. IMHO the Thinkpad can no longer be considered a platform which you can safely buy knowing that every component will be fully supported in Linux. Some hardware components are not even working correctly in Windows or are faulty (I'm looking at you Fibocom WWAN modem; see: https://forums.lenovo.com/t5/ThinkPad-T400-T500-and-newer-T-...). I would happily buy from any other brand if they have a laptop model with a good trackpoint.

I think what they're hinting at is that without SciHub, even a popular paper would have less exposure. Some papers which cite a popular publication can only do so, because they could download the referenced one through SciHub.

I don't think anyone questions that some articles have been cited because they were downloaded from scihub.

This was still a garbage attempt to 'prove' this conclusion. And I don't have any faith the authors measured the true magnitude of these effects.

If you look closely, there are some blurry artifacts in the video. Still, it's very impressive.

They did mention that they are compression the image data with H.265, so depending on the quality level, low-contrast areas might get smeared out. Also, there are some depth resolving errors here and there, which might be solved by using better algorithms. Or this might be an artifact from compressing the layer geometry (they used the Draco library, but did not specify in the paper what parameters they used). The paper mentions some of the limitations they encountered.

I've tried wayland around half a year ago, but switched back. Wayland was surprisingly usable, but a couple of features were missing that are essential for me for example color management.

I never had a trackball, so I'm curious about what benefits a trackball mouse has. Why or why wouldn't you use it over a regular mouse?

Trackballs date back to the 60s, at least. The original design advantage of a trackball was pursuit and target acquisition. They were developed for military radar operators to quickly move the focus to an inbound bogie, potentially supersonic. If they could acquire and track the target on air search radar, they could mark it twice on two consecutive sweeps of the air search radar, giving the fire control system a course and speed so the fire control radar had a better shot of getting a lock.

My first four years out of college I spent a lot of time in that space, so I got quite comfortable with trackballs. Now I use them exclusively on my desktop. My only complaint is they aren't embedded flush in the desktop :)

The main draw is that you don't have to move your entire hand / the mouse along a surface.

That means your wrist sees less strain + motion, and you have no need for a mouse-pad, to name two possible benefits. Some people find it to be more precise as well, but I don't know if there's any evidence apart from personal preference.

Of course, your wrist still moves some as you manipulate the ball with your fingers, and if you use a trackpad you already don't need a mousepad-like-surface.

> Some people find it to be more precise as well, but I don't know if there's any evidence apart from personal preference.

On CAD applications is very annoying when the mouse unintentionally register a movement while clicking a button which never happens with a trackball.

> Some people find it to be more precise as well, but I don't know if there's any evidence apart from personal preference.

Well, for me it is much more precise. Or at least seems more natural.

But... ergonomic warning... I switch up between three different trackballs to keep “trackball thumb” from setting in. I get pain in the base joint if I don’t vary the angle, and also spend some time using a finger-positioned trackball.

It also takes up much less space and you can use a trackball anywhere because you don't need a surface.

The trackball always does stay on the same place. You can have the trackball close to your keyboard, so you can click the "Enter" key from your numpad .. sometimes this is useful. I use mostly a trackball on work and at home.