Skip Navigation
mawhrin flere-imsaho @awful.systems
Posts 1
Comments 197
Microsoft says EU to blame for the world's worst IT outage
  • yup.

    also: it was microsoft's business decision to make the api required for av (or, more general security subsystems) to function so low-level that it has to be delivered as a kernel driver and operate in ring0. i guess it's primarily for the performance reasons, but still, there are other technical options. someone made the executive decision there.

    on the other hand, it was crowdstrike's business decision to make the bloody update parser run in ring0, and without verification that the update data is correct, nobody forced them to do it that way.

    let them both burn.

  • Stubsack: weekly thread for sneers not worth an entire post, week ending Sunday 28 July 2024
  • he was an abusive gobshite, including physically abusive.

  • Microsoft says EU to blame for the world's worst IT outage
  • again, there's no need to defend microsoft: microsoft could do the right thing and not try to use the situation in an attempt to undermine eu antitrust policies using a bullshit take.

  • Microsoft says EU to blame for the world's worst IT outage
  • i find the level of ms apologia unsettling. remember, we're only a few news cycles away from the time ms almost shipped windows with spyware and keylogger built-in

  • Generative AI is a climate disaster
  • a hunch, really: i've met the type and had my suspicions, and then i've found that he posted the link about polish antitrust & consumer protection watchdog fining paypal, which is generally niche outside poland.

  • Generative AI is a climate disaster
  • long, boring explanation follows

    spoiler

    there's an informal mode of address that conveys the (one-sided, frequently) sense of familiarity, which goes [2nd person singular] [noun in vocative case] [adjective referring to the noun], like panie szanowny (lit. esteemed sir, but the inversion from the adj + noun to noun + adj signals different mode; so “szanowny panie” is formal, “panie szanowny” is shortening distance or expressing annoyance); it can be used, and frequently is, as a phrase that's a personal affectation (e.g. “królu złoty!”, literally “golden majesty”). the affectation is usually rather annoying.

    on the other hand “misiu” (vocative case of diminutive word for “bear” or “bear cub” or “teddy bear”) is a common word of endearment.

    so “misiu kolorowy” is a bit of a wordplay on both, and should generally convey serious lack of respect and clear annoyance. (i'm guilty of using this from time to time since the times of polish usenet.)

    there's an added bonus in that there was a popular child series “miś colargol”, the pronunciation of “colargol” and “kolorowy” are pleasantly alliterative. (now this really shows my age….)


  • Generative AI is a climate disaster
  • yeah, they don't teach much about fascist atrocities in ethiopia, and then people feel compelled to defend the good name of the boys in the black shirts because the poor dupes didn't build the concentration camps – just were allied to the builders.

  • Generative AI is a climate disaster
  • nie, ja tylko ostrzegam, że wylecisz stąd na kopach, misiu kolorowy. lepiej ci będzie na wykopie.

  • Generative AI is a climate disaster
  • it's not “hating your post history”, it's just realisation that you're a shitty debatelord and talking to you is waste of time.

  • Crowdstrike takes out last remaining threat vector (the users)
  • i looked up the instance – it's a regular pleroma, so it lists the admin. timeline is full of local gobshites, and it clearly federates with the rest of the naziverse.

  • Crowdstrike takes out last remaining threat vector (the users)
  • go for the whole instance, the fucker is the admin there.

  • Proton Mail goes AI, security-focused userbase goes ‘what on earth’
  • let me repeat something i wrote in another thread: bringing up the smtp daemon in basic configuration (and, by the way, my preferred one is exim) is trivial. managing working and usable mail service is not.

    it's a process! you need to reserve time for that! you need to understand basic networking, you need to intimately know how dns works. you need to know how to use swaks. you need to know your RFCs, and the subtle breakages of the protocol that you need to introduce in order to reduce the amount of spam you're receiving. you need to understand why everything that SPF promises is a lie, but you'll be using it anyway. you need to know how DKIM works, and what is the true meaning of DMARC. you will learn that google wants you to use experimental features in order to be able to deliver your fucking mail to them. you need to understand that the anti-spam blacklists are managed by fucking racketeers, and that you can't avoid them. you need to understand the difference between sending mail and receiving it, and why a correctly configured MX record does absolutely nothing to improve the ability to deliver remote mail. you need to have time to deal with petty tyrants on a mission, and with oblivious bureaucracy of large providers, and learn to be happy if you can reach a human person on the other side at all.

    and that's just the SMTP part.

  • Proton Mail goes AI, security-focused userbase goes ‘what on earth’
  • so what happens with the domain when the owner dies?

  • Proton Mail goes AI, security-focused userbase goes ‘what on earth’
  • sure. tell that to people who used the .af domains; or learn more about shenanigans with the various oceanian TLDs, or who owns the .io domain, and why.

    the fact is that you don't own the domain name, and it's always one missed card payment (or registrar changing hands and losing your card data) from being lost, and then your best chance is arbitrage.

    it's one of these things that you have to understand when you start self-hosting anything.

  • Proton Mail goes AI, security-focused userbase goes ‘what on earth’
  • sure. because domains can be bought, not only temporarily leased.

  • Proton Mail goes AI, security-focused userbase goes ‘what on earth’
  • for backups have a look at kopia. not only for the functionality, but for the fact that this whole thing is a static-linked single go binary. drop it where you need it, and you're done.

  • Crowdstrike takes out last remaining threat vector (the users)
  • some twenty four years ago i managed, amongst others, a company's samba and print server (that was at the time when all the company's servers were beige boxes with less memory and disk than the laptop i'm using to type this – and still they served a few hundred employees).

    the machine developed a strange custom of hard-resetting itself, which we initially tracked to specific files being sent for printing; the behaviour was fully reproducible.

    as it happened, it was a hardware fault somewhere between the mainboard and the integrated SCSI card; installing a separate SCSI card and reconnecting the disks and backup tape device fixed the problem. (i did not have the budget for a new serwer, no.)

    establishing the actual cause took me fucking weeks.

  • Proton Mail goes AI, security-focused userbase goes ‘what on earth’
  • oh. perhaps you could explain this to the authors of the article?

  • Stubsack: weekly thread for sneers not worth an entire post, week ending Sunday 21 July 2024
  • i host my mail services for the last twenty seven years, and yeah, you're talking shit. starting the smtp daemon is not the same as managing mail server.

  • polish train manufacturer newag used geolocation to lock-up trains at 3rd party service depots

    social.hackerspace.pl q3k :blobcatcoffee: (@[email protected])

    Attached: 1 image I can finally reveal some research I've been involved with over the past year or so. We (@[email protected], @[email protected] and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced a...

    q3k :blobcatcoffee: (@q3k@hackerspace.pl)

    from the “i'll drm your arse” and “industrial sabotage r us” department, a true scandal: a polish train manufacturer used firmware to lock out trains at 3rd party service depots in order to disrupt the operations of the trains for the railways who did not choose to service the trains at the manufacturer's; at the same time they blamed the 3rd parties for their inability to properly service the trains.

    further reading in polish (but translates via google well): more technical and less technical, but with more political/economical details.

    5