* Posts by needmorehare

120 publicly visible posts • joined 2 Nov 2020


Open Source Initiative board election results scrapped after security hole found, exploited to rig outcome


Given enough votes, all elections are rigged

aka. Trump's Law

Apple braces for antitrust woes by letting users select and install third-party apps during setup of iOS 14.3


Pick your poison...

We can go on about emasculated mobile operating systems (being limiting) as much as we like but the developers behind these systems have gone through great pains to apply API restrictions throughout the stack with the goal of eliminating legacy security issues, ensuring that phones/tablets continue to work even when an application misbehaves. End users generally don't need to be educated in how to use their devices safely and the inherent limitations are accepted as a consequence of device choice.

By comparison, desktop operating systems are still every bit as fragile as how things started out and overall application software quality for Windows and Linux alike has been regressing of late, even in situations where features have been correctly limited or scoped. People (like me) get paid a lot of money to make general purpose computers less usable in order to protect users from themselves while attempting (often in vain) to keep malicious entities out.

The former is starting to slowly but surely open up in ways which are designed with safety/security in mind, while the latter is littered with many failed attempts at providing basic IT security. Eventually, both will converge on a happy medium but for now you gotta pick your poison!

Mimecast bins SolarWinds and compromised servers alike in wake of supply chain hack


Mimecast misses the point

Cisco has a terrible reputation when it comes to security as well, previously shipping products with nerfed (40-bit) encryption to international customers at the request of the US government. Also, lets be honest here, everyone offering a service which is Internet based (and open to all) will be compromised at some point.

It has happened to big names too including Microsoft, Facebook, Twitter and Red Hat. Not to mention backdoors inserted as part of PRISM. At least since the SolarWinds attack has made big news, so now they will be bolting everything down tightly...

Raspberry Pi Foundation boss waves off listing rumours, says biz discussions may have been 'over-interpreted'

Thumb Up

Re: Silicon valley / fen

Only if you float it exclusively on Ethereum blockchain, along with all corporate statements, press releases, board minutes and votes.... as opposed to hashes which reference those things. You can be the CEO which twits shorter!

Third time's a harm? Microsoft tries to get twice-rejected encoding patent past skeptical examiners


Are you saying I could...

Repack all my thousands of JPEG photos with this new compression algorithm with zero loss of detail compared to the original JPEGs? As in pixel-for-pixel identical but smaller file size? That would be awesome.

Asahi's plan for Linux on Apple's new silicon shows Cupertino has gone back to basics with iOS booting



1. The warranty isn’t void. Apple allows disabling Secure Boot with this in mind. They want as many people as possible to buy their hardware regardless of the OS people choose to run on it. That could change in the future but I very much doubt it given Craig Federighi saying it’s up to Microsoft if people want to be able to use Windows on their Apple Silicon Macs.

2. Apple already said they won’t support Boot Camp but who needs it when one can boot from an external drive anyway? Linux (or Windows) could go on a Thunderbolt drive.

3. You can run Linux in a VM using the Apple Hypervisor API. QEMU works and virtualises everything using the proper Apple API already.

4. Apple has a very big incentive to share as much code as possible and change it as little as possible due to committing to support every product they sell for 7 years. We can see evidence of how they adapted the M1 to avoid diverging from the legacy of iOS SoCs throughout this article. While it is a real possibility that things could change in a massively codebreaking way, Apple has a track record of designing their hardware to work with how they develop their software and not the other way around.

License to thrill: Ahead of v13.0, the FreeBSD team talks about Linux and the completed toolchain project that changes everything


Some lawyers reckon CDDL is fine as-is

Canonical lawyers found that the CDDL was compatible with Linux licensing from an end-user perspective, provided the module is distributed separately from the kernel as a self-contained module. FreeBSD was always in the clear anyway, Illumos is CDDL itself and the macOS kernel (XNU) is licensed as open source software which permits even proprietary linking.

Therefore, we can say Oracle donated the code since the genie can’t be put back in the bottle now!

Splunk junks 'hanging' processes, suggests you don't 'hit' a key: More peaceful words now preferred in docs


With all these linguistic changes..

Are we sure the Germans lost the war?

EFF urges Google to ground its FLoC: 'Pro-privacy' third-party cookie replacement not actually great for privacy


We should support it

So that we can all gimp it with fake/generic info. The EFF should think ahead and write extensions with this approach in mind rather than shooting it down!

Dutch government: Did we say 10 'high data protection risks' in Google Workspace block adoption? Make that 8


The client doesn't understand though..

Microsoft said it best until they became the very thing they criticised with Office 365. There are big, bad downsides to the cloud which don't exist for on-prem software.

For starters, migrating between services isn't as simple as installing a replacement piece of software and opening your files in said software. You end up having to pay someone to migrate your stuff from one cloud service to another, as all your data needs to be migrated from one set of servers you don't own to another set of servers... that you don't own. That's assuming you even can, as not all SaaS uses open data formats.

Then there's the training aspect. Cloud services change constantly. Skype for Business got replaced with Microsoft Teams and smaller organisations got forced over arbitrarily. Google Chat got replaced with Hangouts which got replaced with Duo and Meet; while Google Video got phased out for YouTube.

Finally, you have security issues. Office 365 is a fantastic example of a cloud service which is demonstrably less reliable than running your own stuff. Even old fashioned Microsoft Small Business Servers were more stable and when mail was proxied through a queue-holding mail filtering service their services were more secure too. Nobody could easily phish their way into your mailbox, as an attacker needed internal network access via VPN (good luck exporting that device cert via phishing email) and they had no way to tell who your provider was with any certainty to know what to lie about. Nobody needed 2FA codes as desperately as they do now because only corporate devices could connect to the mail server or authenticate to network resources in the first place....

The cloud has been an unmitigated disaster in a lot of cases. Folks only put up with it because big technology firms have colluded to cripple software so that cloud services are more of a necessity than they should be. Microsoft Office and Apple iWork both supported WebDAV until both companies wanted folks to use their cloud services, then they phased out support as quickly as they could. Then combine that with the eye-watering prices of on-prem software licenses. A 10 user physical dedicated Exchange email server license costs as much as 8 years worth of Exchange Online Plan 1 and that doesn't include hardware costs or labour rates. Once everyone is on-board with only cloud services, I predict the prices will begin to be ratcheted up and up and up until ownership is once again the far cheaper option.

Thumb Up

Too right, why not use well-maintained German options?

Google Docs does not even allow you to encrypt file contents with a key that Google does not hold. It's a seriously bad choice for governments and industrial uses where sensitive PII is going to be stored there.

Folks should instead use a solution like NextCloud. It is self-hostable, easy to maintain, support is readily available, source code has been subject to multiple audits over the years and the software itself is free as in beer and freedom. The company behind it is German, their software is designed with the GDPR in mind and it can integrate with Collabora Office Online to provide collaborative editing in a web browser. If one uses it alongside locally installed office software then automated end-to-end encryption provides an additional layer of protection Google doesn't.

Even if one doesn't want to self-host, NextCloud has partners like Deutsche Telekom who can host the whole lot for you. Also, if NextCloud Gmbh folded tomorrow, one could always migrate to ownCloud Online, which is also German, has a similar codebase and is also actively maintained. Heck, there's even a Dutch partner called The Good Cloud available, so one could even keep data within their own borders and audit all patches to protect against sabotage!

The Document Foundation updates LibreOffice Community to 7.1.1

Thumb Up

That is exactly what community edition is for

It is a stable, free version of the software which does not get many, many years of long-term support for each major release. However, when compared to Office 365, even the community version of LibreOffice looks like long term support. Most people really don't need to pay for it, ever.

However, if you choose to buy Collabora Office (one of many LibreOffice Enterprise suites) you get the benefit of tech support and many, many years of LTS patch support like the good old days for something like £15/user/year, which is cheaper than both Microsoft Office 365 and old perpetual volume licensed versions of Microsoft Office 2013/2016. When combined with a simple IMAP server and a decent e-mail software like eM Client, one can have a much cheaper and more productive time for a fraction of the cost.

Thanks in a large part to the UK Government, Microsoft has committed to maintaining full compatibility with OpenDocument formats, meaning people can use LibreOffice with confidence these days and abuse an old Office 2013 license for conversions in the rare cases that LO can't handle it.

Would you let users vouch for unknown software's safety with an upvote? Google does


One mans malware is another mans

Bonzi Buddy!

It's not easy being green: EV HTTPS cert seller Sectigo questions Chrome's logic in burying EV HTTPS cert info


Certificate pinning plus strong authentication = WIN

Have DNS-over-HTTPS backed by DNSCRYPT convey the correct CA for the site you’re about to use. If it doesn’t match, reject it. Then to ensure phishing can’t happen, just force users to use tokens. Banks can afford to hand out dedicated devices to account holders and ordinary sites can just have users enrol with a TPM (standard in PCs) for webauthn or authenticate using their phone with a QR code (similar to WhatsApp).


Google gets to improve web security so that..

Web apps and PWAs can take over. They want everything to be web based so they can realise their mission of organising the worlds information and making it more accessible. Eliminating plaintext protocols, alongside the implementation of CA pinning, helps achieve that goal.

I happen to think the web is a dumpster fire these days and that native apps are better. But developers seem to disagree, opting for bloatware like Electron... bloatware which makes Java look like Mo Farah.

Axe-happy Microsoft halves support for Windows 10 Long Term Servicing Channel


They want you on Windows

Else they would lose Azure customers fast. It is rich native app integrations with Microsoft cloud services (365/Azure) that keeps them bringing in the cash. If everybody used Linux, Azure AD would be dead. If everybody used web based tools, Office Online would lose customers due to being tied to the abomination that is SharePoint and its inaccessibility to individuals (it is enterprise-only).

Also, there isn’t a single day of the week where something isn’t broken or wonky with Azure and by extension their live, real-time services like Teams. Using a desktop app hides all that somewhat by working offline seamlessly through the benefit of local storage. All that falls over when you can’t save your work because their systems have sharted again.

TL;DR Windows helps Microsoft hide its true incompetence...

Microsoft previews Windows Server 2022: Someone took a spanner to core plumbing features

Thumb Up

Holds hand up....

People with common sense use Server Core for Hyper-V hosting, since it reduces the number of patch-related reboots that are necessary. MMC can be invoked from any decent desktop to manage VMs in one nice, neat window. Server Core does have very good uses.

What's CNAME of your game? This DNS-based tracking defies your browser privacy defenses


My 70 year old father

Was disgusted when he found Google Analytics in use for booking his COVID appointment. Shouldn’t we start by making this kind of stuff illegal on public sector websites first?

Google looks at bypass in Chromium's ASLR security defense, throws hands up, won't patch garbage issue


That and what about other architectures?

Seriously, just because x86 processors are boned doesn’t mean they all are. I would try and fix this on principle, especially since WebAssembly is slowly turning Chrome into an all-in-one virtual machine for running apps...

Now who fancies a nice cup of Java?

Valheim: How the heck has more 'indie shovelware with PS2 graphics' sold 4 million copies in a matter of weeks?


A bit like OMORI and 20XX

Which has totally taken off despite being indie "shovelware" with SNES graphics. It's about the heart and soul put into it. People can tell when a video game is the grinding of corpo-employed meatsacks vs. when it's made by people who genuinely care. It's one of the main reasons I no longer care about scalpers buying up PC parts and the latest consoles... we don't need the latest hardware to have fun these days!

Red Hat returns with another peace offering in the wake of the CentOS Stream affair: More free stuff


Yep... big losses for everyone here

Folks will inevitably move on to Debian in the name of avoiding the risk factor (corporate backstabbing) and they bastardise their packages so much that once people learn the Debian way of doing things, there's no putting the genie back in the bottle.

This is exactly the same mistake Oracle made with OpenSolaris to put short term profits over a long-term future. In the case of Red Hat, this will cost them big money if they're no longer seen as the standard option. Which is a massive crying shame, as Red Hat provides better security out-of-the-box than any other distro on the market today.

I still think the negative claims people have been making about CentOS Stream are unfounded but clearly Red Hat should have known people would throw their toys out the pram...

Facebook and Apple are toying with us, and it's scarcely believable


History provides context here.

Fortnite is a video game, and video game stores set the precedent of taking a large cut of developer profits long before Apple ever did. PSN, Xbox Live and Steam all predate the App Store. All of them charged a hefty commission long before Apple’s App Store came along.

This is why people think it’s Epic’s spat with Apple because they’re not going after the video game stores despite the fact they charge far more and hold similar, if not total control over distribution. We also know why Epic won’t go after these video game stores. If they did, console prices would have to go up, making their shovelware far less accessible to vulnerable children and, by extension, parent’s wallets.

I honestly hope Epic loses because their case was made in bad faith, unlike Spotify, who have IMHO a very strong case which deserves a solid legal remedy.


Errr what?

Facebook users get the following:

* Blogging services

* Live streaming

* Instant messaging

* Group communications

* Photo/video hosting

* OpenID authentication

In exchange for these convenient services, they give up some amount of individual privacy. I think most people know what the trade-offs are. I’m not even a Facebook user and I know what they are.


There are two ways to sell apps on iOS

The first method is via the App Store, which allows you to run a restricted set of frameworks, subject to a sandbox created from a set of mandatory access controls. All code which executes must be digitally signed and unaltered, while using a hardened runtime designed to mitigate exploits. This severely limits what any given application can do, relative to traditional computing platforms.

The second method is via Progressive Web Apps. Most of the top apps in the App Store would function pretty much identically as PWAs, so to suggest this is not a valid way to sell apps is inaccurate. Pretty much all Electron apps on Windows work as PWAs on iOS and even technical tools like password managers have web ports. Ditto for anything which you’d just use the website for on an ordinary computer.

Should Apple provide a third method via its Notary Service like what it does for macOS today? Well, right now, iOS enforces that apps can’t be rolled back to old, insecure versions, just like the OS itself. To introduce current macOS non-store distribution methods would ruin that ideal security model. Ideally, Apple should provide a means for developers to run their own repositories which prevent rollbacks, using notarisation to enforce the use of sandboxing and hardened runtime. This would allow for major security improvements on macOS while also granting more freedom to developers on iOS.


I loved my Lumia 930

It was fast and the battery seemed to last forever compared to my old Nexus 4. Only thing it was missing at the time was Adobe Flash support so I could watch sweet sweet Newgrounds on the go. My priorities were much different back then and my experience with the iPad 4 and iOS 9 left a rotten taste in my mouth (Safari would crash at least 4 times a day).

A toast to Windows Phone! The OS which could have been awesome if Microsoft had stuck with it.


Uh huh

I pity the folks who don’t realise every company is abusive in one way or another. But there is a difference between fruity devices beyond the logo.

Android OEMs charge extortionate prices for devices which barely receive a full 3 year lifespan (Samsung included), Linux phones ship with parts which are already obsolete by modern hardware standards and Windows Phones, despite offering 5 year device lifespans, simply didn’t get the uptake they deserved. Yet in spite of how easy it is for OEMs to openly abuse customers via early obsolescence, we are still seeing Apple consistently update their devices in a timely manner for as long as 7 years from launch, even when they are budget variants.

Even when you buy desktop computers from HP, Lenovo or Dell, you do not see support lifecycles as long as that. Sure, Microsoft offers 10 years worth of security updates but good luck obtaining BIOS/UEFI, firmware and Intel Management Engine updates from your OEM in a timely manner even as little as 4 years after you purchased your machine. My main PC is only 5 years old yet is no longer safe to use online because the OEM won’t provide a proper fix for a critical ME vulnerability identified by Intel’s security tools. We aren’t talking about a cheap box either, costing just shy of £1000.

People can say what they like about App Store practices, applying onerous sideloading restrictions and using their market cap to dictate terms with third party developers. People can also rip into how Apple screws people with a complete disregard for backwards compatibility when it comes to annual major OS releases. Those are valid concerns. However, Apple is less abusive in many other areas which consumers care about and people seem all too eager to forget that.

Apache foundation ousts TinkerPop project co-founder for tweeting 'offensive humor that borders on hate speech'


What free speech?

I thought a pre-requisite for free speech is freedom of expression and surely a pre-requisite of that is not being a slave?

According to the US constitution, slavery is still a valid punishment the moment someone is convicted of a crime. Which means you can take away someone’s freedom, including their freedom of expression, by creating arbitrary laws which enslave those who may think or act a certain way, independent of their codified civil liberties.

Doctor, I think I have an HDMI: Apple starts investigating M1 Mac Mini graphics issues

Thumb Up

You can be reasonably confident

Security updates won’t change too much because Apple pretty much barfs backwards compatibility with every major OS release, meaning their minor updates actually tend to stay minor, unlike when dealing with that gecko and the four squares.

Whistleblowers: Inflexible prison software says inmates due for release should be kept locked up behind bars


Business as usual

I see this all the time.

The software would have been written to meet a spec and rolled out many months after approval. Once the scope, design documents, implementation and user acceptance testing has all had final sign off, it’s way too late to change things.

To adjust the system to handle the new rules would be chargeable out-of-scope works which the company could put any price on, knowing that hiring a third party to do the changes might cost less initially, but more in the long run to take over support.

Additionally, it’s in the best interests of Arizona State (not the programmers) to keep quiet about bugs to avoid being sued into the ground for mistakes made as a result of keeping people locked up for longer than they’re meant to. The development house will have a couple of executives laughing their arse off at this situation, enjoying all the easy money...

Australia facepalms as Facebook blocks bookstores, sport, health services instead of just news


If the site has a paywall... then what's the problem?

Hard paywalls include the same snippet which is scraped by Google and other search engines to get their content indexed. If they would rather not have this be the case, they can very easily change that by not making the content available to anybody who hasn't paid. Facebook does plenty of wrong things but this move is the right one. If news sites don't want their content published for free then they shouldn't publish it for free. By not blocking scraping through both robots.txt and noindex directives, they are implicitly allowing their content to be scraped for any purpose.

If Big Tech started aggregating news from trusted/recognised subject matter experts (as opposed to journalists) and presented this as AI-driven news, a lot of news services would die off very quickly. The truth is that journalism is in a death spiral right now and no amount of governmental intervention will change that. We don't live in such a closed off world any more, information gets out about everything quite quickly.

Google calls in Women in Technology Hall of Famer to lead new Responsible AI group amid internal strife


Ethical Software

is the same issue with the same problems.... The solution to the problems associated with AI/ML is freedom, not ethics. Freedom means having access to use, study and modify the algorithm and associated training data used to produce the model used in production.

Beer is a toast to the ongoing prosperity of free software and to a future of free-as-in-freedom AI/ML.

UK Supreme Court declares Uber drivers are workers, not self-employed: Ride biz's legal battle ends in a crash

Thumb Up

Amazon delivery is not going to be a lot more expensive.

Otherwise Amazon would lose money overall due to a mass cancellation of Prime subscriptions and not only that, once said hornets nest is kicked, folks will cite unfair advertising as grounds to reclaim the entire cost of their subscription...(https://www.moneysavingexpert.com/reclaim/amazon-prime-refund/)

Amazon would instead lower pay for new employees and freeze existing employees pay, much like how Apple adapted when courts in the US ruled they had to pay for the time spent waiting for security checks at the end of a working day at their retail stores (https://observer.com/2020/02/apple-lose-lawsuit-retail-employee-security-check-pay/).

We need bigger changes to fix the mess that is the corporatocracy we live in, as there's little to be afraid of even if these big companies throw their toys out the pram. At the end of the day, cutting their noses to spite their faces doesn't reassure shareholders.

'It's where the industry is heading': LibreOffice team working on WebAssembly port


Yes, they do suck.

Business use case: Create an encrypted spreadsheet (Office XP could do this in 2001)

Marketing use case: Perform a mail merge involving custom dynamic fields (available since Office 97)

Academic use case: Adding references to your document (Available since Word 2007)

Missing packages: Where's the personal database software? Where is LO Base and/or MS Access?

When decades old software beats out the latest and greatest in common use cases, even when billion dollar companies are involved, you know that these new-fangled HTML5 apps suck. Even more so when entire packages are dropped as a result.

Now this is Epic: Fortnite maker takes Apple fight to the European Commission and... er... Bismarck, North Dakota


Apple has a strong technical argument though

On my Windows PC I have the following engines running:

* Trident (for PowerShell and Outlook)

* EdgeHTML (for anything UWP or OOBE)

* Blink (for Teams, Discord, Google Chrome and Edge)

* WebKit (for Steam and iTunes)

* QtWebEngine (for MS OneDrive and TeamViewer)

In the case of Blink, WebKit and QtWebEngine, each app often uses its own private instance of the engine bundled with the software, meaning no memory sharing as the DLLs differ.

A copy of MSN Messenger back in the day would use ~20MB RAM and reuse the Trident engine, along with every other native Windows application on the system which needed to render some HTML. Thanks to developers taking liberties we also have Electron apps (e.g. Teams) bundling private instances of Blink and V8 consuming ~300MB of RAM each and offering minimal differences in functionality to their predecessors. That's not "natural feature creep" causing said RAM use either, Skype is a native app which uses 120MB RAM.on a bad day.

Perhaps we should all be telling these half-wit devs who want to roll their own private engine instances to nobody's benefit to do one, just like Apple does.

LastPass to limit fans of free password manager to one device type only – computer or mobile – from next month

Thumb Up

In the main that's no longer an issue

Thankfully, developers now base logins on email addresses and/or phone numbers, obviating the need to use IDs/usernames. With webauthn on the rise and the ability for Secure Enclave and TPM-backed 2FA to be deployed, the only thing left to store is the URL.. which browsers have done for a very long time anyway. With PWAs, folks click on "apps" rather than navigate to URLs anyway.

Additionally. security questions are being phased out as a bad security practice in favour of multi-factor password reset mechanisms, such as requiring users to click a link in their email to then confirm an SMS code which has been sent to their phone.


It is. Also, to answer your question...

The whole point of an economy is to economise, as in, to reduce overall cost over time until the product/service is free. Trade is but one vehicle for lowering costs toward the goal of making a given class of product free. Sometimes, breakthroughs mean that entire classes of product go from expensive to essentially free overnight. Personal password management is one such example.

Some clever folks at Stanford invented a solution 15 years ago (called pwdhash) which is super effective, free and doesn't require any passwords to be stored electronically in the first place.It doesn't need any regular maintenance and the algorithm can on a toaster these days. It has permanently resolved the problem of needing to remember different passwords for every service one uses, you just memorise one master password and that's it. Even if your computer breaks, you're peachy as long as you don't forget that one password. pwdhash clients have been implemented for just about every platform, for free and are easy to install and use.

So why should anybody pay for a password manager when this is a solved problem? Sure, the algorithm might want tweaking one day... but the problem at an individual level is solved.

Don't blame Google. Blame the economy for working as designed. Only sociopaths in suits try to prevent people from making things free as in both cost and freedom.


Re: Rebulid?

KeePass supports three-factor protection alongside not leaving the boundary of devices you control.

Bitlocker (via TPM) means something you have

Biometrics to cover something you are (to unwrap EFS)

Master password to cover something you know

Given that this software is securing all of your credentials to everything else, I think it's worth having the best possible security. That means LastPass is out of the question.

Running your own BitWarden server would potentially make the above possible too though, as you could use your TPM backed with Windows biometrics for an MFA layer for authenticating. In fact, one could use "where you are located" as an additional authentication factor if one never stores a local cache of the keychain... so in that sense, one could make BitWarden run more securely than even KeePass.

In Rust we trust: Shoring up Apache, ISRG ditches C, turns to wunderkind lang for new TLS crypto module


I'm sick of this...

Let's just port FreeDOS to Xen and embrace a world of single-process VMs load-balanced by Cloudflare!

UK dev loses ownership claim on forensic software he said he wrote in spare time and licensed to employer

Thumb Up

Just work a "second job"

If your employer hasn't blocked your ability to do that explicitly in your contract, kindly inform them that you have a second tech job on weekends and then the IP you write on the weekend belongs to your weekend employer, not them. They've accepted that by accepting your second job. Problem sorted.

In my case, I have no employment contract, so contracting myself to a "small startup" couldn't conflict!

Popular open-source library SDL moving development to GitHub despite 'calamitous design choices' in git


IE had some things going for it at the time

IE had integrated Adblock (TPLs) and a means to auto-generate rules, a decent P3P implementation, support for standardised content ratings systems and implemented security sandboxing before Mozilla Firefox ever did. Also, ActiveX was superior to NPAPI and ironically more secure despite what fanboys claimed at the time (PPAPI was ultimately better but that came much later with Chrome).

If Microsoft hadn’t left the core of their Trident engine to rot so badly, it would have stood a good chance of winning the browser wars. Instead, we now have Microsoft Edge and Google Chrome resting on their laurels.. maybe it’s time for someone at Microsoft to Make IE Great Again?

In case there was any doubt about using legacy Edge, Microsoft 365 throws its weight behind WebView2


IE Mode has unresolved bugs in tabbed mode, that's why!

When you trigger a file download using Edge in IE Mode as a tab, it runs through Edge's engine not IE's. This includes which cookie jar it uses. So, when you're a sysadmin like me who has to implement seamless support for your security-fixes-only document management system which relies upon ActiveX controls, you need Internet Explorer itself. If you don't, file downloads no longer work as intended because the DMS doesn't see the user as logged in when performing downloads.

Until simple design issues like this are resolved in IE Mode, one needs the compatibility option of having Edge spawn an actual Internet Explorer window for legacy sites. This is to cater for users clicking on links which reference the DMS in emails, to allow Edge to be the default but spawn IE automatically as appropriate.

Thankfully, Microsoft now offers the reverse option of having IE spawn Edge for any websites which have not been whitelisted by GPO, closing off the loophole of people using Internet Explorer to actually browse the Internet through links within the DMS.

Apple iOS 14.5 will hide Safari users' IP addresses from Google's Safe Browsing


Apple gets...

A partial hash match relative to the URL you are accessing by implementing this measure. Considering they have iCloud access to your browsing history anyway, this move doesn’t give them any more access to your private data than they had before but does stop Google getting partial match info based on your IP.

Honestly, this change doesn’t improve privacy in any massive way but it doesn’t harm it in any way either.

Supermicro spy chips, the sequel: It really, really happened, and with bad BIOS and more, insists Bloomberg


Not a backdoor

Intel ME provides IPMI and DRM services for desktops. That's like saying HP iLO, Dell iDRAC or Supermicro SIM are backdoors. These are all features so that people like me can monitor the health of the hardware, add security checks outside of the control of the operating system and remediate problems remotely.

You can disable Intel ME entirely and disable the ME coprocessor if it suits your security model, just as you can use server hardware without IPMI features.

British owners of .eu domains given an extra three months to find a European address


Re: EU level bureaucrats

Roughly a century ago, there were many.. Today, we only have Putin!

Apple, Microsoft, PayPal among 35 organizations compromised by evil twin dependencies attack


Exactly, fixing this is easy...

Just make sure the data is digitally signed twice and the connection encrypted.

Firstly, by the legitimate upstream developer, each individual file must be checked for the presence of a signature or the files would be considered tampered with. Pinning could transparently occur upon the first installation of any given package and can be self-signed. This would also allow for tamper-proofing of the application itself post-install. For reference, Microsoft encouraged this practice since Windows 98 with Authenticode. It's embarrassing that modern solutions don't incorporate the basics.

Secondly, the package archive should be signed by the repository owner, so that files can be safely mirrored without risk. Certificates should be manually added to the keychain, just like the situation with RPM/DEB packages on Linux distributions. This has been common for well over a decade in the Linux community, so there's no excuse not to implement and enforce this.

Thirdly, all connections should be TLS-secured with a trusted certificate.

At this point, the developer's legitimate source would have to be poisoned, as well as the trusted repository accepting the changes. Companies like Red Hat, Google and Microsoft could work together to provide a vetted set of releases and charge third parties a very tiny fee for the privilege of access... everyone would be happy.

Microsoft issues emergency fix for Wi-Fi foul-up delivered hot and fresh on Patch Tuesday


You can uninstall the patch which causes it

No need to download anything.

Select the Start button, then select Settings > Update & security > Windows Update > Advanced options > View installed update history > Uninstall updates.

Select the update you want to uninstall, and then select Uninstall.

You’ll need to restart your PC after uninstalling the update because this is Windows we are talking about.

A Microsoft bork at the heart of The Oracle? Whatever next?


Re: What do they expect with a consumer version

Or just use registry editor and be done with it, just like people do with sconfig.cmd

Google OS, phone home: Leaked Android 12 screenshots suggest new design, privacy features


It's what happens

When you go from being a platform leader to being a follower.

* GSuite used to be vastly superior to Office 365

* Android had a massive lead in functionality over iOS

* Google's communications tools used to be best-in-class

* People used to widely contribute to Google projects

These days. it is like all the decent, passionate employees have left and been replaced by the same money-grabbing, soulless folks who used to slave away for Microsoft in the early 00s.

Windows' cloudy future: That Chrome OS advantage is Google's to lose

Thumb Up

They don't degrade, they go unsupported fast

I've had ChromeOS devices and I can confirm they stay snappy and don't "degrade" like with proper computers. However, Chromebooks have short lifecycles, where updates and support have historically ended as little as 5 years from the date the product hit the market.

If you want a cheaper and better experience, you can use Neverware Cloudready to get a longer lifecycle and equal performance from ordinary laptops. It's Chromium OS and it's free for home users.

The unanswered question at CentOS community Q&A: How can we trust you now?


Re: Are people sure they get what Stream is?

Non-current minor releases don’t get security updates backported because CentOS doesn’t include EUS errata. Without EUS, holding off on a minor point release means no more errata whatsoever. That’s why people have their repos set to 7 and not fixed to a given point release, so they get the latest patches when they are available, precisely because patches are NOT backported to non-current point releases on CentOS in the default Base repositories.

So let me reiterate: How many people running servers would delay switching from say 7.1 to 7.2 and risk compromise?