Posts by Temmokan 41 publicly visible posts • joined 30 Oct 2007
So we now have a minority of universally-challenged, so to say, people ruling the majority. How swell!
Looks like there will be a special language, "Inclusive English" (consisting of 150-200 words, I assume) and the software installers will choose it as default before they actually install.
Since "submit", "suspend", "abort", 'cancel", "terminate", even "install" and "uninstall" can offend anyone at any moment.
Not all these problems are that unsolvable.
If something claims to know me, there always are control questions (both positive, when an answer exists, and negative, completely fake -so that real person knows that).
As for sense of guilt - a good portion of skepticism can cure it nicely. After all, Internet isn't safe place. "Put everything to doubt".
The only problem is the email notification came approx. 12h before the revocation is supposed to start.
I can consider myself lucky to have only 2 certificates to re-issue, and neither required manual work.
A sad error, yes. Just curious, do they ever run any tests, or "commit directly to production, what can possibly go wrong?"
So
- Google Chrome doesn't create profile backup before any upgrade; if anything breaks, it's lost for good
- Google Chrome isn't in fact thoroughly tested within Google - the guinea pigs are randomly selected real-life users (a great cost saving)
- users, in their absolute majority, have no habit and/or knowledge of backing up their data
Welcome to brave new world.
There are more references in the below post (in Russian):
https://habr.com/ru/company/itsumma/blog/479942/
in short: one of Rambler's former top management persons tells that Ramblers claims are void. This is why they caused the police raid (to create as many problems for Sysoev and current Nginx PLUS owners as possible).
It's funny to see that Rambler kept silent for 15 years, and only "recalled" the would-be copyright infringement after the commercial derivative has been sold for much money.
Another metrics that can't be safely replaced, as a password could be.
Unless a person can replace their fingerprint, ECG pattern, iris patterns etc etc, this is a security nightmare - as soon as criminals learn how to own and use someone else' metrics (and it's only a matter of time), that will be a nightmare.
So the company kept single copy of its backups at the same provider?
I agree that DO should have handled the mess quicker, but well, if a company is treating its data that way, it's only a matter of time when they lose them again. And next time it might be not possible to blame DO for everything.
Apart from poor grammar, the scammers are complete idiots - even if someone can believe that placing their own email address in From/Reply-To can mean the mail account has been compromised, it really makes no sense sending the same pathetic junk to the same addresses over and over again. Especially several times a day. "What?! Three hackers have hacked into my system and placed their own malware?!"
The geography of senders is various; I suppose there are several spammers networks/botnets used - I see Brazil, Japan, China, Germany... etc etc etc. No country-specific influx, and I have over 12 email addresses being targeted.
If anyone wishes to have that collection of sextortion senders IPs and/or Bitcoin addresses they include, just let me know.
Oh, those kinds are very funny.
They/he/she/it/whatever are blackmailing my technical email forwarder with similar crap for at least 4 weeks.
First, they found a stale leaked password database and stated they have "password for me account" (go on, hackers, try logging in under email forwarder address). Then they stated they "hacked that account half a year ago" and infected "my device" with super malware, re-sending its owner all the new passwords I try to use. Woe unto me, I'm pwned...
With every message the "hacker" gets so increasingly ridiculous, I am just tempted to send them 0.01$ worth of bitcoin with comment "you can do better".
But no, I won't. I am just too lazy to waste both time and money...
It wasn't told (some of commenter in that thread) that the reason for excluding other filesystem was the lack of extended attributes (but most of FS in use do support Xattr). So the reasoning behind the announced change is lame.
Also, on Linux systems, the client auto-upgrading feature requires that /tmp be miunted without "noexec". Otherwise it begins to repeat downloading new version again and again, failing at execution step. It took several weeks of exchanging messages with Dropbox support, before I found the problem myself (and no solution, save disabling "noexec").
Personally, I encrypt whatever is stored on Dropbox, so even if they leak those files of mine, it's not that dramatic. But I assume many a people don't bother with that.
...and then we will try to guess why it's pitch black now.
I wonder, why the legal dept.'s staff at twitter didn't think all that about *before* actually initiating the transition? If those Twitter lawyers figured everything out *after* the Smyte has been assimilated, the best those lawyers can do is to retire (but not before they pay to Smyte users for the damage inflicted).
If the "evidence" of Russian "cyber-warfare" is of the same type as "evidence" of Russia involvement into Skripal poisoning, then that evidence is as valuable as cheapest toilet paper. And worth the same manner of usage, too. The above comments from the person who really knows organic chemistry are a good illustration.
One more thing is obvious - too few people regard the mass media even with little skepticism...
The statements are somewhat imprecise.
The 'local data storage policy' most probably refers to Federal Law 152 ("On personal data"), which requires any entity processing personal data of Russian citizens to keep the primary DB containing those data on Russian territory.
The above requirement is absurd from viewpoint of any right-minded IT specialist; if the law is enforced, the absolute majority of Internet services will face a choice of either keeping Russian citizens data in Russia, or simply stopping servicing Russian citizens. The latter is most probable, since the actual goal of that requirement is allowing government services simpler access to anyone's personal data.
It should also be noted that the above restrictive and isolationist laws have been written by people having no real understanding how Internet and networking in general work; hence such laws that will not benefit anyone but those lawmakers and those lobbying such laws. So the above "Internet muscles play" doesn't reflect the opinions and/or needs of actual IT experts from Russia and majority of Internet users.
So we saw a simple scheme to disrupt multiple npm applications in a wink of an eye - copy widely used package's README, post dubious-looking package and voila, all the javascripters are pulling hairs out of their rear ends.
I wonder, do people managing npm ever tested such a scenario before (a rhetoric question)?
Looks like they would never do, until another incident strikes.
Regardless of findings are, Intel will deny the above as fundamental design flaws. I doubt Intel will be punished with more than formal spanking, but even admitting the design had flaws means Intel's chips designers either completely ignored possible security considerations, or did not bother to look for possible security implications at all. If the same designers will fix the vulnerabilities, as Intel promises, guess what will can happen.
Congratulations, Intel. Since the notorious FDIV bug this "spectral speculative meltdown" is much more impressive example of epic fail.
I suppose no one from IT experts now has an illusion that Intel cares a bit about security.
Tried that on a "sandbox" computer. Funny, but first notice I saw when FF 57 started for the first time, was its turtle warning: "Mozilla Firefox seems slow... to... start".
So much for super-duperfast Quantum. And I only had DuckDuckGo add-on enabled.
Not impressed, really. I get tired of endless UI changes, and that mad race (who will post more major updates - Google Chrom or Mozilla) is really dull. I remember the time when major version change in Firefox was a really major change.
Now every major version upgrade can be described as "we fixed a lot of bugs - most of which we introduced ourselves recently - and yes, we add new bells and whistles to replace old ones - aren't we great?"
And yes, not all the add-ons I expected to see have released at least Beta version of their Web Extension incarnation. And some are totally screwed while doing so (e.g., Xmarks).
Something tells me I get FF 57 on sandbox computers for some time, until I make sure it is good to use.
I also will use a separate Mozilla ID to set up sync - for those computers where I risked running FF 57.
In short: yet another "major release", again with fife and drums, but with greater disasters involved.
Oh yes. And I found, after updating to FF 56, that the new Firefox failed to load its predecessor's bookmarks backups (yes, I posted the bug to their bug tracker, and the problem was confirmed, but that didn't help me in my situation).
All browsers have bookmarks-related bugs; looks like manual exporting bookmarks and manual syncing across devices remains cumbersome, but more reliable way of keeping the same bookmarks set.
As FF 57 inevitable release loomed closer, Xmarks began to suffer quite an amount of problems:
1. It stopped saving tags; to me, it's even bigger disaster than losing bookmarks (please note that FF, by default, keeps several daily backups). Not fixed. I have to restore approx. 5,000 tags.
2. It began constantly crashing, especially for larger bookmarks set (mine has approx. 3,000 bookrmarks ATM). Partially fixed.
3. It began duplicating bookmarks added on another devices, when syncing. Not fixed.
4. Now, starting with the last 4.5.0.4 version, it began to lose bookmarks. Not fixed.
A huge disappointment, it is now. I do not know whether they do any testing; looks like the company began hastily re-writing the plugin, when FF 57 release began really near, and quite forgot about any kind of testing.
Well, I have to return to old semi-manual bookmarks merge/copy approach.
I hope their LastPass won't get the same disappointment.
Wikipedia isn't actually blocked from Russian networks. Perhaps only certain pages are, the majority of Wikipedia sites are available without any restrictions.
However, a number of sites, such as LinkedIn, are blocked due to many reasons, most of which are very moot.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
