* Posts by Temmokan

40 posts • joined 30 Oct 2007

Sadly, the web has brought a whole new meaning to the phrase 'nothing is true; everything is permitted'

Temmokan

Control questions

Not all these problems are that unsolvable.

If something claims to know me, there always are control questions (both positive, when an answer exists, and negative, completely fake -so that real person knows that).

As for sense of guilt - a good portion of skepticism can cure it nicely. After all, Internet isn't safe place. "Put everything to doubt".

Let's Encrypt? Let's revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes

Temmokan

The only problem is the email notification came approx. 12h before the revocation is supposed to start.

I can consider myself lucky to have only 2 certificates to re-issue, and neither required manual work.

A sad error, yes. Just curious, do they ever run any tests, or "commit directly to production, what can possibly go wrong?"

Password killer FIDO2 comes bounding into Azure Active Directory hybrid environments

Temmokan

Lost dongle vs. lost password

Looks like replacing a lost dongle may be way much longer than replacing a lost password.

Firefox, you know you tapped Cloudflare for DNS-over-HTTPS? In January, it briefly knackered two root servers at the heart of the internet

Temmokan

"Extreme testing"

That magical word "but": "extreme testing BUT we hadn't noticed this special case"

It only means it's not that extreme. And it means those things can easily happen again, CloudFlare or not.

It's a no to ZFS in the Linux kernel from me, says Torvalds, points finger of blame at Oracle licensing

Temmokan

Re: The problem is not Oracle (for once)

"You will be GPL'ed. Resistance is futile."

You don't like it, you don't use it, that simple. There's nothing wrong with GPL per se - personally, I prefer to have possibility to see the source of code that runs on my device(s), when it's possible.

Where's our data, Google? Chrome 79 update 'a catastrophe' for Android devs with WebView apps

Temmokan

So

- Google Chrome doesn't create profile backup before any upgrade; if anything breaks, it's lost for good

- Google Chrome isn't in fact thoroughly tested within Google - the guinea pigs are randomly selected real-life users (a great cost saving)

- users, in their absolute majority, have no habit and/or knowledge of backing up their data

Welcome to brave new world.

Cops storm Nginx's Moscow offices after a Russian biz claims it owns world's most widely used web server, not F5

Temmokan

There are more references in the below post (in Russian):

https://habr.com/ru/company/itsumma/blog/479942/

in short: one of Rambler's former top management persons tells that Ramblers claims are void. This is why they caused the police raid (to create as many problems for Sysoev and current Nginx PLUS owners as possible).

It's funny to see that Rambler kept silent for 15 years, and only "recalled" the would-be copyright infringement after the commercial derivative has been sold for much money.

GitLab mulls ban on hiring Chinese and Russian support staff because 'security'

Temmokan

The discussion on the Eric Johnson's part has quickly fallen into typical flame.

The moderators have worked on it heavily:

https://gitlab.com/gitlab-com/www-gitlab-com/issues/5555

yet the original responses received by email showed an extremely heated exchange, all kinds of trolls participated.

Tinfoil-hat search engine DuckDuckGo gifts more options, dark theme and other toys for the 0.43%

Temmokan

Well, to me DDG is quite adequate an engine.

There's one small problem, though: they provide no tech. support. Whatsoever. I tried using their Reddit outlet for that, with no success.

Hands off our phones, says Google: Radar-gesture-sensing Pixel 4 just $999 with a 3-year lifespan – great value!

Temmokan

Just curious, will the thing tell gestures of its owner from gestures of anyone else waving hands in vicinity?

Something tells me it won't be exactly much fun... Apart from the mentioned absence of microSD and the rest.

Dropbox reinvents itself as a collaborative workspace – no, not the WeWork kind (phew)

Temmokan

Yes, and when Dropbox once again declares it won't support certain file systems in certain OSes, I would once again look for alternatives?

No, I prefer to stay way clear off Dropbox after their November 2018 notice of dropping support for non-ext4 Linux filesystems.

This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums

Temmokan

So I assume that vBulletin developers spend little to none time actually looking for possible vulnerability flaws.

Too bad.

Open-heart nerdery: Boffins suggest identifying and logging in people using ECGs

Temmokan

Another metrics that can't be safely replaced, as a password could be.

Unless a person can replace their fingerprint, ECG pattern, iris patterns etc etc, this is a security nightmare - as soon as criminals learn how to own and use someone else' metrics (and it's only a matter of time), that will be a nightmare.

Queue baa, Libra: People will buy what Facebook's selling. They shouldn't, but they will

Temmokan

Re: Half the population—

Well, comments at El Reg may be first place to try.

DigitalOcean drowned my startup! 'We lost everything, our servers, and one year of database backups' says biz boss

Temmokan

Single backup, eh?

So the company kept single copy of its backups at the same provider?

I agree that DO should have handled the mess quicker, but well, if a company is treating its data that way, it's only a matter of time when they lose them again. And next time it might be not possible to blame DO for everything.

Firefox armagg-add-on: Lapsed security cert kills all browser extensions, from website password managers to ad blockers

Temmokan

Next time the certificate will expire on April 25, 2020 (correct me if I mentioned wrong date).

Shall we brace up for the same disaster, just in case?

No dice, comrade! Senate floats Russia-busting election law

Temmokan

Oh, of course.

It's the "hostile countries" that are to blame for everything. When the USA, well, influence political parties/regimes/whoever abroad, that's perfectly normal.

When someone else does the same to the USA, that's intolerable hostility. Of course. Naturally.

Black-hat sextortionists required: Competitive salary and dental plan

Temmokan

Obviously a canard

Apart from poor grammar, the scammers are complete idiots - even if someone can believe that placing their own email address in From/Reply-To can mean the mail account has been compromised, it really makes no sense sending the same pathetic junk to the same addresses over and over again. Especially several times a day. "What?! Three hackers have hacked into my system and placed their own malware?!"

The geography of senders is various; I suppose there are several spammers networks/botnets used - I see Brazil, Japan, China, Germany... etc etc etc. No country-specific influx, and I have over 12 email addresses being targeted.

If anyone wishes to have that collection of sextortion senders IPs and/or Bitcoin addresses they include, just let me know.

Windows 10 Pro goes Home as Microsoft fires up downgrade server

Temmokan

Looks like "Week without disaster is a week spent in vain" is a motto of those supporting/developing Windows 10.

Sorry friends, I'm afraid I just can't quite afford the Bitcoin to stop that vid from leaking everywhere

Temmokan

Oh, those kinds are very funny.

They/he/she/it/whatever are blackmailing my technical email forwarder with similar crap for at least 4 weeks.

First, they found a stale leaked password database and stated they have "password for me account" (go on, hackers, try logging in under email forwarder address). Then they stated they "hacked that account half a year ago" and infected "my device" with super malware, re-sending its owner all the new passwords I try to use. Woe unto me, I'm pwned...

With every message the "hacker" gets so increasingly ridiculous, I am just tempted to send them 0.01$ worth of bitcoin with comment "you can do better".

But no, I won't. I am just too lazy to waste both time and money...

Your RSS is grass: Mozilla euthanizes feed reader, Atom code in Firefox browser, claims it's old and unloved

Temmokan

Oh yes, usual universal answer, "nobody uses that, so why we care".

The actual reason was already mentioned - RSS/Atom/other syndications would allow getting data without actually visiting tracking/ads-stuffed sites. So why those Googles-Schmoogles let that exist?

Dropbox plans to drop encrypted Linux filesystems in November

Temmokan

Xattrs and the rest

It wasn't told (some of commenter in that thread) that the reason for excluding other filesystem was the lack of extended attributes (but most of FS in use do support Xattr). So the reasoning behind the announced change is lame.

Also, on Linux systems, the client auto-upgrading feature requires that /tmp be miunted without "noexec". Otherwise it begins to repeat downloading new version again and again, failing at execution step. It took several weeks of exchanging messages with Dropbox support, before I found the problem myself (and no solution, save disabling "noexec").

Personally, I encrypt whatever is stored on Dropbox, so even if they leak those files of mine, it's not that dramatic. But I assume many a people don't bother with that.

Microsoft: The Kremlin's hackers are already sniffing, probing around America's 2018 elections

Temmokan

The spy that is detected is a dead spy.

Either Microsoft is spreading, so to day, incorrect information, or they are just trying to impress everyone with their security efficiency.

I don't buy it. Especially if GRU could indeed be involved (there are no fools in such agencies).

Microsoft commits: We're buying GitHub for $7.5 beeeeeeellion

Temmokan

One more to bite the dust...

It's hard to believe the Microsoft won't pollute and befoul GitHub as well, but let's see.

Smyte users not smitten with Twitter: APIs killed minutes after biz gobble

Temmokan

So we remove the lamps...

...and then we will try to guess why it's pitch black now.

I wonder, why the legal dept.'s staff at twitter didn't think all that about *before* actually initiating the transition? If those Twitter lawyers figured everything out *after* the Smyte has been assimilated, the best those lawyers can do is to retire (but not before they pay to Smyte users for the damage inflicted).

Epyc fail? We can defeat AMD's virtual machine encryption, say boffins

Temmokan

So once again there was no scrupulous studying the mentioned encryption/protection before pushing it into production...

GCHQ boss calls out Russia for 'industrial scale disinformation'

Temmokan

Oh yes, evidence

If the "evidence" of Russian "cyber-warfare" is of the same type as "evidence" of Russia involvement into Skripal poisoning, then that evidence is as valuable as cheapest toilet paper. And worth the same manner of usage, too. The above comments from the person who really knows organic chemistry are a good illustration.

One more thing is obvious - too few people regard the mass media even with little skepticism...

Russian regulator asks courts to disconnect Telegram

Temmokan

Re: Do svidaniya

Correct. If irony's in use, the idiom can be closer to "Farewell'.

Russia stares admiringly at itself, flexes internet muscles

Temmokan

The statements are somewhat imprecise.

The 'local data storage policy' most probably refers to Federal Law 152 ("On personal data"), which requires any entity processing personal data of Russian citizens to keep the primary DB containing those data on Russian territory.

The above requirement is absurd from viewpoint of any right-minded IT specialist; if the law is enforced, the absolute majority of Internet services will face a choice of either keeping Russian citizens data in Russia, or simply stopping servicing Russian citizens. The latter is most probable, since the actual goal of that requirement is allowing government services simpler access to anyone's personal data.

It should also be noted that the above restrictive and isolationist laws have been written by people having no real understanding how Internet and networking in general work; hence such laws that will not benefit anyone but those lawmakers and those lobbying such laws. So the above "Internet muscles play" doesn't reflect the opinions and/or needs of actual IT experts from Russia and majority of Internet users.

16 exoplanets found huddled around 12 lightweight stars

Temmokan

Looks like the only minor obstacle is creating a warp drive/whatever else with FTL capability and actually start studying those remote worlds.

Next; tech; meltdown..? Mandatory; semicolons; in; JavaScript; mulled;

Temmokan

Re: Tabs v spaces

That would exterminate 90% of code. Don't suggest such terrible ideas.

Wondering where your JavaScript libs went? Spam-detection snafu exiled npm packages

Temmokan

So we saw a simple scheme to disrupt multiple npm applications in a wink of an eye - copy widely used package's README, post dubious-looking package and voila, all the javascripters are pulling hairs out of their rear ends.

I wonder, do people managing npm ever tested such a scenario before (a rhetoric question)?

Looks like they would never do, until another incident strikes.

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

Temmokan

Of course they will deny

Regardless of findings are, Intel will deny the above as fundamental design flaws. I doubt Intel will be punished with more than formal spanking, but even admitting the design had flaws means Intel's chips designers either completely ignored possible security considerations, or did not bother to look for possible security implications at all. If the same designers will fix the vulnerabilities, as Intel promises, guess what will can happen.

Congratulations, Intel. Since the notorious FDIV bug this "spectral speculative meltdown" is much more impressive example of epic fail.

I suppose no one from IT experts now has an illusion that Intel cares a bit about security.

The Quantum of Firefox: Why is this one unlike any other Firefox?

Temmokan

Tried that on a "sandbox" computer. Funny, but first notice I saw when FF 57 started for the first time, was its turtle warning: "Mozilla Firefox seems slow... to... start".

So much for super-duperfast Quantum. And I only had DuckDuckGo add-on enabled.

Not impressed, really. I get tired of endless UI changes, and that mad race (who will post more major updates - Google Chrom or Mozilla) is really dull. I remember the time when major version change in Firefox was a really major change.

Now every major version upgrade can be described as "we fixed a lot of bugs - most of which we introduced ourselves recently - and yes, we add new bells and whistles to replace old ones - aren't we great?"

And yes, not all the add-ons I expected to see have released at least Beta version of their Web Extension incarnation. And some are totally screwed while doing so (e.g., Xmarks).

Something tells me I get FF 57 on sandbox computers for some time, until I make sure it is good to use.

I also will use a separate Mozilla ID to set up sync - for those computers where I risked running FF 57.

In short: yet another "major release", again with fife and drums, but with greater disasters involved.

Firefox bookmark saving add-on gives users that sync-ing feeling

Temmokan

Oh yes. And I found, after updating to FF 56, that the new Firefox failed to load its predecessor's bookmarks backups (yes, I posted the bug to their bug tracker, and the problem was confirmed, but that didn't help me in my situation).

All browsers have bookmarks-related bugs; looks like manual exporting bookmarks and manual syncing across devices remains cumbersome, but more reliable way of keeping the same bookmarks set.

Temmokan

Because there are many browsers, and it could be convenient to share the same bookmarks set across all of them.

Endless exporting/reimporting of bookmarks isn't fun. Xmarks used to be a good tool to sync bookmarks over multiple "devices" (i.e., browsers).

Temmokan

As FF 57 inevitable release loomed closer, Xmarks began to suffer quite an amount of problems:

1. It stopped saving tags; to me, it's even bigger disaster than losing bookmarks (please note that FF, by default, keeps several daily backups). Not fixed. I have to restore approx. 5,000 tags.

2. It began constantly crashing, especially for larger bookmarks set (mine has approx. 3,000 bookrmarks ATM). Partially fixed.

3. It began duplicating bookmarks added on another devices, when syncing. Not fixed.

4. Now, starting with the last 4.5.0.4 version, it began to lose bookmarks. Not fixed.

A huge disappointment, it is now. I do not know whether they do any testing; looks like the company began hastily re-writing the plugin, when FF 57 release began really near, and quite forgot about any kind of testing.

Well, I have to return to old semi-manual bookmarks merge/copy approach.

I hope their LastPass won't get the same disappointment.

KRACK whacked, media playback holes packed, other bugs go splat in Android patch pact

Temmokan

As for "never"... Samsung did absolutely nothing when BlueBorne was revealed... and I am sure they will ignore KRACK, too.

A truly Zen approach, methinks. or perhaps, Samsung simply thinks that all unhappy owners of affected devices will just buy new ones. That simple.

Vlad the blockader: Russia's anti-VPN law comes into effect

Temmokan

Wikipedia isn't actually blocked

Wikipedia isn't actually blocked from Russian networks. Perhaps only certain pages are, the majority of Wikipedia sites are available without any restrictions.

However, a number of sites, such as LinkedIn, are blocked due to many reasons, most of which are very moot.

Nasty PDF exploit runs wild

Temmokan

RBN isn't the Russia

RBN isn't the Russia and crime has no nationality. I would suggest addressing this given 'gray' ISP, RBN, without using it as a synonym for Russia.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020