Put another way: Say on inauguration day you invested equally in whole market funds for both foreign (VTIAX) and US (VTSAX) markets. The real world value of the foreign fund would be up 12% today and the US fund would be effectively flat.

And here's my hacky charts where I track this stuff.

Sorry, busy week and the printer needed to be resurrected. I updated the models. The text and flag are now modifiers, so you can just remove them (and the Fusion 360 file is included).
The big text font is "Big Shoulders Display Black" and the small bottom text is "Saira Extra Condensed."

Between that, a careful choice of fonts, and slowing down the text perimeters, I got legible text all the way down to 3mm tall (ie. the ICIRR hotline and phone number). That and the flag on the bottom came in at only six color changes. Anyway, I'll clean up and post the files today or tomorrow.

Yeah, I didn't want to print vertically for the obvious reason of minimizing color changes. But I realized I could get clean extrusions down to half the nozzle diameter so long as at least one side is constrained, which happens when the white background prints first at a normal extrusion width.

I just realized I used a picture from when I was prototyping, and before I corrected the ICIRR info. Although this does present a good opportunity to link to the ICIRR Hotline site for the correct info.
www.icirr.org/fsn

I posted the No Kings protest whistles a few weeks ago (and handed out a few hundred prints). I haven't had a chance to post this one yet, but I will soon. The print settings require some explanation, because there's a bit of a trick to getting the smaller text readable with a stock 0.4mm nozzle.

I'm mostly printing this whistle, but sometimes I swap the Chicago flag section for something more appropriate to a specific group. Nice to know it helped in an unexpected way.

Maybe. Or maybe they tag high bits on real handles, and intercept all the relevant calls. You just see so much insanity with 3P shims and injections at Chromium's scale that you have to approach it very defensively. Even 0.1% of users impacted is still millions of people with a broken browser.

Sadly, the Windows ecosystem is very complicated. The biggest problem is 3P software injecting into Chrome internals (particularly at the IPC layer). So, you land that sort of change and a month or two later you see headlines about evil Google blocking screen readers or something.

I'm also wondering how I'd attack with something other than process or thread. Changing the token or whatever requires later opening an object by name, which should be implicitly blocked when attempting to traverse the object namespace. I expect there's something, but it's not immediately obvious.

Yeah, but when I wrote the check code there was no path where the renderer could directly specify source handles. The only real risk at that time really was accidentally passing an INVALID_HANDLE_VALUE to DuplicateHandle. It's just that mojo made everything way more complicated several years later.

I am kicking myself a bit for not at least checking for -2 (the thread pseudo-handle). I considered it at the time, but talked myself out of it because this was supposed to be a narrow defense-in-depth measure. And prior to mojo, you really didn't have that sort of risky handle duplication path.

And the current code went with checking for a range from -1 to -12, landed by @quidity.bsky.social back in April. There's also a nice comment about how they got to -12.

source.chromium.org/chromium/chr...

Wow, the bug that incited me to add the pseudo-handle check is crbug.com/40077590 from 2013, meanwhile the code is now in a range of other products. I'm pretty sure I even made a G+ post about it as an interesting corner case at the time, but that's obviously long dead.

That's the Blue line in the first graph. VTIAX (non-US market) is up 23.84%, which is more than twice VTSAX (US market). These are just the indexes I actually own, so it could vary by some fraction of a percent if you're tracking some other way, but it will be broadly the same regardless.

Honestly, you erase almost all the gains in the US market just by accounting for how much the dollar has weakened since inauguration day. (The dollar adjusted value is the black line in the graph.)