* Posts by PriorKnowledge

62 publicly visible posts • joined 10 Feb 2022


Twitter preps poison pill to preclude Elon Musk's purchase plan


Re: Elon is right about Twitter (and the web in general) but his current solution is wrong

> Well done, you've just reinvented Freenet with less encryption.

and fewer hops, since anonymity isn't a priority, unlike I2P/freenet.

> Now, what's Freenet most known for? Oh yeah, Child Sexual Abuse Material (CSAM). I wonder what you'd start finding on Twitter if it became truly censorship resilient?

I wouldn't be following paedophiles and nor would you or any other normal user. As exposure to content would require you to follow them neither of us would encounter CSAM. This line of reasoning would be far stronger if we were talking Gnutella, where searches are decentralised and where you don't need to follow people to connect with them.

> This claim is beyond naive - it's the same defence that The Pirate Bay, other torrent sites, and streaming site have used, and basically all of them lost their respective cases.

You can perform "DMCA takedowns" by providing a blocklist with the official client, this is what LBRY does and that puts them in compliance with the law. It's up to end users whether they choose to accept the filtering though. All you need do is replace the response to 'https://api.lbry.io/file/list_blocked' and boom!

Besides, if the product is open-source, anyone can make a fork at any time. Funny enough, when prosecutors discovered anyone could fork TPB (along with its database) they just gave up and took the loss. Only 3 people ended up in prison but everything was still functional as if nothing happened. They knew it was game over at that point and that no amount of prosecutorial aggression could put the genie back in the bottle. The same happened with LimeWire (now called WireShare) where the prosecution "took down" the service only to find a fork in the form of LimeWire Pirate Edition; at which point there were no further prosecutions.

Were Musk to open-source Twitter and rearchitect it as a P2P service, the exact same thing would happen. As long as he followed the approach LBRY currently takes he'd be fine, however, let's assume he doesn't. The key difference is that Musk would likely encourage forks from the get-go, stripping the feds of any public benefit justification for trying to go after him in the first place. That, plus his big bank and huge ego, would be enough of a deterrent!

Thumb Up

Elon is right about Twitter (and the web in general) but his current solution is wrong

He needs to turn Twitter into a non-profit and reimplement the website as a WASM version of a P2P-driven microblogging service with support for filesharing using magnet links. At that point, anything/everything should be allowed indiscriminately with users being able to control what they're exposed to based upon who they choose to follow. The rule of "once posted, content cannot be removed" would become the norm online once again. No moderation team would be necessary, as Twitter would no longer host any content nor could it be accused of profiting from any copyright infringement. Users with real computers would install a properly transpiled (or perhaps even a reimplemented) native application, while those without one would simply use the web version.

Non-profit funding for the service could be obtained through bounties for new extensions (e.g. forum/BB, wiki etc.) or by offering ancillary services on a subscription basis (like formal identity verification, key escrow and content caching/distribution). Plus, by allowing anything and everything, it would maintain the popularity of existing Twitter, while taking on folks who'd be right at home with The Pirate Bay. In a worst case scenario, Elon could do a Jimmy and put up big donation banners every other month, assuming he ever became too poor to fund it himself through tax write-offs. As Musk is a gigantic fan of open source, he could open up everything as GNU AGPL, preventing it from ever being banned outright, while also guaranteeing freedom for everyone forever more.

When the expert speaker at an NFT tech panel goes rogue


Not gambling

Let me be the first to say you're confusing gambling with surprise mechanics. They're simply not the same!

Microsoft dogs Strontium domains to stop attacks on Ukraine


Playing devil's advocate for a moment...

Windows has basic security features integrated into it which the competition doesn't match:

* Firewall filtering by application, user, group, IPSec state, source/dest IP/port/protocol at the same time

* Simple to apply FDE based on combined TPM, Password and Startup Key with emergency escrow

* Fully administrator-controlled, certificate-based whitelisting/blacklisting of all executable code

* A built-in AV/HIPS solution which can be configured to block all unknown software (ala. PrevX)

* Network Intrusion Prevention to identify and block malicious traffic in order to protect legacy software

* Per-binary digital signatures, allowing for a simple integrity check of the entire system, including DLLs

* Advanced compile-time and runtime security mitigations which other OSes are yet to implement by default

* A safe and secure means of enabling backwards compatibility flags for applications up to 25 years old

* Background updating of trusted root certificates independent of Windows Update to keep PCs working

A lot of the development for the above relied upon telemetry data collected as early as Windows XP SP2 through CEIP (which was automatically enabled) if people opted to choose Microsoft Recommended Defaults. Backwards compatibility for instance relied upon Microsoft collecting error reports from older software crashing in order to know which shims to develop to best serve the userbase.

Now let's compare with the competition:

If you use macOS, you need to install Little Snitch, Santa and Sophos to approximate what Windows has built-in for security. FileVault doesn't allow a startup key but does allow a rough equivalent to TPM+Password in newer Macs. In theory, Apple is heading in a better long-term direction, requiring notarisation of binaries through a CA they control while also putting an end to kexts entirely. But right now they still allow users to override the policy to run non-notarised apps as if they're equal. Until Apple makes notarisation mandatory for an app to be considered signed, it's honestly no better off than Windows with WDAC set to block unsigned binaries and Windows Defender Antivirus set to Zero Tolerance.

If you use Linux then good luck to you, as the basics are missing in most places (unless you're using RHEL), so you'll need to write a custom SELinux policy and use a tool like opensnitch to get an equivalent result. If you opt for FreeBSD, then you're even more screwed due to a complete lack of mitigations as basic as full ASLR.

So are we right to say Windows is all bad? Sure it runs a lot of services as SYSTEM, which (when equated to root) Linux and macOS do not. Software patching is also a nightmare on Windows compared to using software repos on RPM/DEB based distros. But at the same time, it has a lot of built-in security tools which are decent which the competition lacks....

The metaverse of fantasy worlds is itself still a fantasy


.The Internet is where religion goes to die

It follows that the metaverse would be where politicians go to die. Assuming that the metaverse develops long after other VR/AR technologies are mature, then politicians will have a very hard time influencing anyone long-term.

UK politicians make many assumptions in order to govern:

* That all companies have physical addresses to be able to register

* That living humans (living at physical addresses) run companies

* That companies trade using legal tender, rather than direct barter

* That all income and expenditure runs through at least one domestic company


The metaverse threatens that by making it possible to hire anyone from any country, paying them using currencies not tied to any given nation state, or through corporate partnerships offering direct trade instead. This includes physical labour tasks performed through the use of robotics, where any tasks which are not (yet) doable using machine learning could instead be performed by having a human remote control things instead.

I can see "robot taxes" and other legal instruments being used as a means to stifle true innovation for as long as politicians possibly can, until the metaverse devours them.

Intel counters AMD’s big-cache PC chip with 5.5GHz 16-core rival


8 cores at most regardless

...because if it's anything like the other 12th Gen chips, you'll be using Scroll Lock to park the half the cores so that DRM-infested software will continue to run properly.

Mozilla creates paid-for subscriptions for web doc library


Re: I don’t get it

I read the article and that's precisely why I don't get it. But you sound like their perfect customer!

Meanwhile, I have these things called RSS Feeds, History. Bookmarks and Work Offline. It works with the free documentation we already have and has been available since the release of Internet Explorer 7.

Do I need to spell things out even more?


I don’t get it

Our web browsers are mostly open source software using public APIs based upon what is written in W3C standards documents.

Why would anybody pay Mozilla for anything?

How AI can help reverse-engineer malware: Predicting function names of code


Windows 11 runs in a VM by default

In fact, Windows 11 runs in two VMs by default, one for the main OS, one for the Secure System kernel. Some might even say that the SS offers a final solution to the problem, by protecting that which is responsible for deciding what is executed.

Nvidia outlines subscription-fueled journey to $1tr revenue


Enter easy competition

When these companies get too greedy, pirates will offer cut price subscriptions at a fraction of the cost (to them) compared with the real thing. This is what happened to Sky/Virgin TV through card sharing servers providing all channels and PPV events at half the cost of the most basic subscription price per month. Given the processing for self-driving will have to occur locally, a few replacement chips to accept modified code would likely do the trick!

You can also guarantee that aftermarket pluggable AI will become a thing, as there is no way the EU or the US will want to risk a cartel setting the prices like what has happened to every other major aaS product.

Google opens Play Store to third party payment systems – starting with Spotify


Maybe they’ll finally let us pay with BitTorrent?

‘cause the only crypto I want is that which prevents throttling!

Microsoft accused of spending millions on bribes to seal business deals


Mr Hebbles wasn’t ruthless enough

They had the audacity to ask whether he would go 90 on a 70mph road and rather than sticking it to the man he kowtowed like a true saint.

Apple's Mac Studio exposed: A spare storage slot and built-in RAM


I bought a Mac Studio

…and I have already returned it because it likes to emulate an untuned analogue TV with my 2nd screen when the monitor resumes from sleep. This is the exact same bug I reported with the original M1 Mac Mini and they still have not fixed it with their latest hardware. Apple claimed it must be the screens, yet the same screens work with every other bit of hardware I’ve used (including Intel integrated, AMD and NVIDIA GPUs across different machines). Even running dual 1440p with a Raspberry Pi 4 works just fine.

Also, I tried running a VPN alongside Little Snitch, Sophos and AdGuard. Random parts of the filtering stack will just stop filtering at random because their new APIs totally fail to replace what decent kexts offered. Windows by comparison handles using a VPN with outbound per-app firewalling, Windows Defender and AdGuard gracefully.

EU law threatening 'commercially painful changes' for tech out tonight


You might as well be…

I possess an iPhone but i am inclined to agree with the claim that it’s a glorified rental. When your phone is deemed end of life, Apple will eventually cease providing developers with ways to publish new versions of apps for it. Since you can’t run software without Apple’s blessing (through digital signatures) you now have no way to add or update software. Compare that to Android, Windows 10 Mobile or even the classic Blackberry OS where you still can even long after cell service is discontinued! Even MS-DOS still lets you install new software on the computer you own!

With regards to repairs, components like cameras are paired with individual motherboards with no option of recalibrating them since Apple refuses to make the software to do so legally available. They have also bricked devices (with dodgy software updates) which were repaired using refurbished (as in genuine Apple) parts in the past, such as home buttons. Also, try replacing the battery with one which has not been blessed by Apple, even that has DRM.

Essential parts supplied by third parties are unavailable on the open market because Apple puts strict contracts in place to forbid the sale of said parts to independent repair shops, even when those parts were not made by Apple or in some cases even specifically for Apple. They also refuse to provide board schematics and will try to sue anyone who tries to make detailed documentation available, even if said docs were created independently through studying the boards independently.

I think it’s fair when people say you don’t own your iPhone.

Nvidia reveals 144-core Arm-based Grace 'CPU Superchip'


$69 for a discontinued product? Ewww!

600/700 series cards no longer get anything except security fixes and they lack support for hardware acceleration of modern YouTube videos. You’re actually better off with integrated graphics than buying these cards new, especially since they will not even receive security fixes in just over 2 years time.

That’s actually worse value for money over the lifespan of a PC than higher end cards!

Nvidia CEO: We're open to Intel making our chips


NVIDIA does not want the leading edge

NVIDIA currently uses an 8nm process for their consumer dGPUs. That is hardly leading edge and by the time the next generation is available, they will still be behind the curve. Quantity matters just as much as quality when dealing with mass market consumer electronics.

Okta now says: Lapsus$ may in fact have accessed customer info


How many humans are there on Earth?

That number sounds like they’re scaling beyond the Space Elevator!

Samba 4.16 release strips away more SMB 1


WINE anybody?

If it runs on Windows 98 it should probably run on WINE, with a few no-cd cracks here and there…

Bing China freezes auto-suggestions at Beijing's request


Russia wasn’t a problem until…

Russia started attacking other countries while trying to impose their will on others, that’s the difference. If China started attacking Taiwan tomorrow, you could pretty much guarantee that Microsoft and almost every other western technology supplier would turn on China in a heartbeat.

Nobody in the business world cares if a dictator wants to oppress people, so long as they keep their ambitions constrained to the one country they rule over. When that line is crossed, that’s when things get divisive.

Qualcomm reveals it's not selling to Russia during Twitter spat


Vlad vs. Vlod

It might just become an epic rap battle of history before we all die

Meta sued for 'aiding and abetting' crypto scammers


Block all ads and refuse to pay for services which offer them…

Modern online advertising is a scummy free-for-all without any proper regulatory oversight. Things which should be labelled as advertising aren’t, you have “influencers” blurring the lines, and where sponsorships used to be in name only, sponsors now pay for full length embedded adverts within the media we consume. Even paying for an ad-free service (e.g. YouTube Premium) does not actually remove everything when product placements, “native advertising” and sponsors are factored in. Even when you pay, data is still being collected about you for the purposes of advertising to you in the future, even if you never, ever intend to cease paying.

The best way to fight this is to block adverts, block sponsors and where possible defund any paid services which promote such an awful business model. Don’t buy things like YouTube Premium or Spotify when you can buy services which don’t have any ad-supported tiers instead. Don’t use Twitter to run a blog, run a Wordpress instance. Don’t use Facebook to chat to people, use ad-free instant messaging or SMS to do the same. Got hobbies? Stick to proper ad-free forums to discuss the things you like, not Reddit.

Will doing this make everything super expensive? No, even as little as 20p/user/month would still bring in a lot more money than advertising for most low-bandwidth, low-impact websites. Even heavier websites do not need to be that expensive to run (look at Vimeo for an example) so there really is no excuse here…

Heaps of tweaks and improvements incoming with GNOME 42


They want to trash everything

Even gedit wasn’t GNOME enough for them and is being replaced with something less functional. All their modern integrated apps are inferior to independently developed equivalents these days, not due to “failing to keep up” but due to the newer versions being vastly inferior to their older counterparts.

Linux is also making more than its fair share of closed standards, locking out the BSDs and other systems to try and carve out a scope for lock-in (similar to what Google Chrome does). I’m not sure if folks really are better off with open source software any more given the rate of trash development (change for the sake of change) we see these days.

Half of bosses out of touch with reality, study shows


Employees hold all the cards, it’s too late…

Employers do not have a glut of useful idiots anymore. You can see all the job offers going unfulfilled on job search websites because of how much choice there is, My peers have all outright rejected jobs which demanded visits as infrequently as once a month because it allows them to not have to commute ever again.

Even offering ridiculously good pay is not enough to motivate folks to turn up to an office. Who doesn’t want to be able to make decent food 3 times a day, have full control over their immediate surroundings and be able to wear whatever they like?

Boys outnumber girls 6 to 1 in UK compsci classes


We do though

In Scandinavia they encourage women and girls to do anything they want. The result is less women taking up traditionally male-dominated subjects, not more. This tells you everything you need to know. Women and girls who really really want to work in STEM will be the exception to the rule and as a result they will end up outperforming the majority.

When all the ballooning big tech money dries up, most people will move on to more profitable endeavours and only the true nerds (male or female) will remain.

MongoDB to terminate Russian SaaS accounts


Customers won’t return

The companies which terminated services won’t have Russians flocking back no matter how much the everyday Russian may support Ukraine. Common sense says this will be added to the corporate risk assessment if it’s business use and (even should Putin go) consumers will still seek out a homegrown equivalent to avoid a repeat.

Sony and Apple will be fine perhaps but Oracle and MongoDB won’t be.

Germany advises citizens to uninstall Kaspersky antivirus

Thumb Down

AV does a lot without consent

Like blocking non-malicious files just because they could be used to help with piracy (antiwpa is a good example). Some crap anti-virus programs a very long time ago used to always detect anything named crack.exe as malicious, no matter its contents. Nowadays it’s worse as they also lack transparency in what they do, presumably as a means of security through obscurity?

Good companies used to make their full encyclopaedias available telling you what every bit of malware would do and how it worked. Nowadays all that info is hidden and a lot of detections are named deliberately vaguely to confuse people. That said, even us nerds are too jaded to care anyway.

114 billion transistors, one big meh. Apple's M1 Ultra wake-up call


Apple USPs in 2022

* As an OEM, Apple provides 7 years of full support

* Assumes personal not corporate computing by default

* Willing to dump insecure/broken protocols ruthlessly

* One source of support for hardware and OS software issues

* Ships decent software with the computer, not bloated trialware

* Includes decent physical theft deterrence features for free

* Still supports ‘00s iPods natively, including acquiring media

* Natively supports cloud and trad services fairly and equally

* Sticks to one set of native APIs to keep things lean and efficient

* Doesn’t have gaping holes in its trusted computing implementation

* MDM can be fully serverless and implemented entirely offline

Apple has a boatload of USPs to go with their boatload of down sides. We already know what the down sides are so I can’t be bothered to list them!

Ukraine president namechecks software giants to end support in Russia


Open source is the way

Projects like Debian have mirrors all over the world and if you want to guarantee you can’t have your freedom yanked away (pun intended) then just avoid SUSE, Red Hat and other commercial vendors. Export controls do not apply to source code either, as PGP proved decades ago, meaning you’re fine to contribute if you’re from Russia too.

What we do know though is that Russian developers will have little choice but to contribute to open source if they want to sell anything internationally, as nobody will trust them with anything proprietary because of this pointless war their leader started.

Moscow to issue HTTPS certs to Russian websites


Re: This won’t help them to spy

KremlinTech would only ever be able to misuse their privileges once and then they’d be blacklisted on all major operating systems and browsers overnight as CT would rat them out. Remember, this was designed as a proper, universal replacement for HPKP and it works in a far superior way (despite looking potentially less secure).

CT is mandated with independent lists which Google and Safari both dictate the choices for to the CAs. Additionally, every Enhanced Protection user of Google Chrome also contributes to detecting MitM attempts by contributing data about the sites they visit in real time while being shadowed by a Google bot when things don’t look quite right. Any attempt to MitM would be detected within hours and any attempt to sign without corresponding logs results in a full screen error message with a code of ERR_CERTIFICATE_TRANSPARENCY_REQUIRED.

Russia would pretty much have to make everyone use Firefox for this to be a viable approach to MitM.


This won’t help them to spy

They don’t get the private key and certificate transparency is required for Chrome and Safari to trust certs - no exceptions. This also assumes they will get their certs added to trusted root CA lists on the browsers Russians use today.

Now let’s assume there is collusion between the independent log servers and the CA, there are multiple high-security solutions already in use to combat this. For example, static certificate pinning works on Android and iOS apps, rendering duplicate certs by the same CA worthless (just pin the leaf cert rather than the CA). In the future, we will be able to use DANE and DNSSEC to prevent covert spying; even if the CA is completely compromised, things will still be pinned safely.

Dunno about you, but we're seeing an 800% increase in cyberattacks, says one MSP


WDAC covers DLLs and drivers by default

…and PowerShell can be blocked for end-users via GPO. WDAC will also prevent a custom compiled version which ignores the GPO from running thanks to policy being applied via digital signatures. You can also block cmd.exe, WSH and all other common avenues of automation for regular user accounts this way. while WDAC prevents an attacker from using custom binaries to bypass group policy.

Give it a go and you will find sideloading DLLs which aren’t whitelisted won’t help, the app will just fail to execute. Even setting up a “debugger” via the registry will fall over. If you choose to enforce it for MSIL (not the default), even locally-created DLLs made by ngen.exe will be blocked!


Never been a better time to lock down

For businesses: If you use Windows then deploy WDAC using a strict whitelist and start restricting outbound communications per-app using Windows Firewall (in addition to only allowing required inbound on workstations). If you use macOS, turn on the firewall and then consider deploying Santa, while Linux desktop users should get fapolicyd in place. TLS versions older than 1.2 should be blocked (IISCrypto can help with this on Windows) and a solution like chocolatey (Windows) or homebrew (macOS) should be adopted at a minimum to run on a schedule to auto-patch any non-store apps. Start using GPOs or MDM to block macros and remote links in any documents which aren’t in trusted locations. Possibly consider adopting a service to rewrite all Internet URLs in inbound emails to point to a service which checks against phishing databases while implementing strict attachment policies to block abused file types completely.

Home users should: Switch off uPnP on their routers. Get Windows Defender set up with Cloud Extended Protection set to Zero Tolerance, macOS users can grab Sophos for free to supplement the built-in XProtect. Also, adopt OpenDNS FamilyShield, Cloudflare filtered DNS (e.g. or Quad9 to block known malicious domains. Install uBlock Origin and NoScript to help protect web browsers from zero days. If using Chrome with a Google Account, then turn on Enhanced Protection. If using Edge, make sure SmartScreen is enabled. Enforce that all websites be accessed via HTTPS. Disable macros outright in office products. Most importantly, avoid pirating things if you can afford to as untrusted video, music and image files can and will be weaponised. If you must, use Windows Sandbox or a free version of VMWare to run a disposable virtual machine to download and fully transcode pirated content beforehand to clean it prior to use.

For those with zero trust in zero-trust networks, this industry alliance may help


In other words - buy our crap and be no better off!

Zero-trust still misses the mark by a long mile today. You can monitor everything the heck you want but when your OS runs a bunch of background services unnecessarily possessing SYSTEM user rights, real-world security will always remain piss poor. In 2022, Windows end-user devices still run the Server service by default allowing remote users access to piss about with anything they like via C$ shares, Linux computers still have questionable SUID binaries on them and full isolation between GUI applications is still a pipe dream outside of mobile operating systems. By default, most software can still access any/all files the user account has authorisation to access, meaning zero-trust still falls down the moment your PC gets infected with serious malware.

Fix these kinds of endpoint issues and computers can begin to automatically store private keys in HSMs, relegating passwords to a mere second factor of authentication, killing phishing attacks (and a lot of social engineering attempts) for good. For authorisation, computers could store multiple keys for various roles within the same user account and then separate roles per-process, meaning for example that Word can’t touch any data used by Sage Accounts by default. With regards to accounting, a monitoring process could be set up to attest to what it believes each process has accessed, which could be used by enterprises to automatically compare notes, with anything unaccounted for resulting in an automatic account lockout until an investigation can be performed.

Android and iOS are pretty much there (minus accounting), macOS is somewhat there (if you only use App Store apps) but the desktop market leader is a broken mess and Linux is in some respects even further behind Windows nowadays.

TL;DR: Don’t waste your money until the correct foundations are in place. Optimise security for the model you have now until your platform is ready.

The long-term strategy behind IBM's Red Hat purchase


Ubuntu created upstart

The predecessor init system which Red Hat adopted for RHEL 6, creating the demand for the launchd-inspired systemd we all use today. This idea that Red Hat makes the most source is bunk, as you can clearly see how fewer packages comprise RHEL and how many of them are artificially crippled, needing replacements from third party repos. What is true though is that they have consistently contributed the most kernel code (from a single company) year on year for many years, and they do hire a lot of developers of core packages to keep them well-maintained.

However, Ubuntu also has good projects when it comes to server use. ufw is better for general use than firewalld, netplan is far better thought out than NetworkManager, AppArmor (Ubuntu-maintained now) is far better for creating targeted lockdowns of networked daemons than SELinux and their kernel live patching is better implemented. Also, don’t forget about ZFS being Canonical-supported, while Red Hat has practically given up on fancy CoW file systems, dumping btrfs in RHEL 8 in favour of the inferior XFS.

Don’t be too loyal to any one company!

Why Nvidia sees a future in software and services: Recurring revenue


Music and movies are different

Not owning those was the norm since broadband replaced dial-up. The subscription fee is for the convenience of being able to “just play” in high quality without waiting on an illegal P2P download. Not a lot has changed here other than the fact that most actresses look fugly without XViD makeup and audio sounds less bathtub than it used to (on both the legal and illegal options). People have always been happy not owning their entertainment. Even pre-Internet, nobody owned television or cinema, and happily paid for a licence for one and membership for the other respectively.

The same is not true of the tools people rely upon to live. You will see public transport overtake private if they screw the pooch too much, or folks will just go Cuban and maintain their old cars long term. After all, with no road tax, no insurance and no maintenance costs, one can travel infinitely around the local area for about £50/month with access to things like USB charging and air-con included for free! As a bonus, one can also get shitfaced and not have to worry about drink driving.


It won’t work in the UK

…unless you’re an idiot who buys new things on hire purchase.

No independent dealer (of second hand cars) can put you on a contract because they are selling everything without a warranty or support agreement. As they would also have no contract to abide by due to being sold a vehicle as-is, they can also add aftermarket modifications (like replacing the seats) to add value before they sell it on.

You can also guarantee that independent repair garages will eventually offer to crack the DRM for you. People routinely get BMWs remapped by unauthorised engineers for extra performance (against the manufacturer’s wishes), why would the heated seats be any different?

Ukraine invasion: This may be the quiet before the cyber-storm, IT staff warned


A firewall would have worked for the NHS

They left port 445 open for connections between all workstations. A simple IPSec policy to allow a handful of trusted management computers to initiate connections (but no-one else) would have sufficed. Heck, that could have even been implemented as a general firewall policy (allow inbound from trusted IP addresses only). In fact, VLANs and port community isolation from the networking team alone would have been enough to mitigate the spread!

With basic defences in place, it would have been as simple as isolating the one infected machine from the network to shut off the ransomware…

Ukraine invasion: We should consider internet sanctions, says ICANN ex-CEO


Are we calling freedom “cancel culture” now?

“It is a part of a man's civil rights that he be at liberty to refuse business relations with any person whomsoever, whether the refusal rests upon reason, or is the result of whim, caprice, prejudice or malice. With his reasons, neither the public nor third persons have any legal concern.”

Some companies and individuals are choosing of their own free will not to do business with Russia, as it is their right to. There is nothing wrong with that. In fact, it is a much more peaceful solution towards ending a war, when compared to the old-fashioned alternative (of sending trained killers to go and kill people).

When it becomes effectively impossible for any given country to openly subjugate another country without going bankrupt (through boycotts), we may one day see the end of the military-industrial complex. That will also be the day when freedom truly prevails.

US warns Chinese chipmakers: Sell to Russia, suffer Huawei's fate

Thumb Up

Fair is fair

Sanctions are essentially the right to refuse a sale. Short of convincing every other country to dump the legal fiction of Intellectual Property, the US can and will always be able to use this approach to legitimately sanction any country it wants, provided it seems vaguely reasonable to other allies. The citizenry of allied countries are often also in on it, with every corporation fearing a boycott if they do not play along. This is the key component (governance by consent) which would fall over if anyone tried to sanction another country without just cause in the eyes of its citizens.

The whole of the western world is cancelling Russia. It is now at the point where China seems to be having a rethink about their alliances. That pretty much says it all.

Microsoft pulls MSIX discussions into Windows Tech Community


Another dead “modern” technology which MS won’t use

Almost everything good about programming for Windows is in the deprecated APIs. The rest is modern - better known as dead on arrival. Microsoft barely uses their modem APIs themselves because nobody really cares about them. OneDrive uses Qt, Office forks parts of Win32, .NET Framework devs still embrace WinForms, the new Windows 11 shell makes extensive use of Chromium (WebView2) in place of WPF and WinUI already has two versions replicating identical functionality in separately incompatible ways.

As much as folks like to crap all over Linux distros abandonment of old runtimes… Microsoft has become far, far worse since it started down the open source route. For example, MS now considers 3 years to be “long term support” on the latest .NET. Likewise, their Chromium fork changes every 4-8 weeks. Developers are expected to choose between a fixed version (with unfixed security holes) and “evergreen” which will be patched constantly but could break their apps at any point, as there are no firm guarantees made about backwards compatibility between releases.

The current state of affairs means that even GTK is starting to look like an attractive UI toolkit!

Deere & Co won't give out software and data needed for repairs, watchdog told


An easy fix: Change copyright and patent terms

Make both last for at most 15 years. This forces companies to look after their customers extremely well, lest they later pay someone good money to add decent long term support to their old products. Innovation would still continue at the pace it does today, just without all the bullshit. Since it’s my tax money which goes towards funding these asshats in the first place, why shouldn’t everything end up public domain within a somewhat useful timeframe?

US exempts South Korean smartphones from Russia export bans


And the provably broken encryption implementation

Who needs backdoors when the front door is already unlocked?

Fujitsu confirms end date for mainframe and Unix systems


Windows does just fine

As long as you keep it off the internet, never patch it, cluster the roles, stick the cluster endpoint behind multiple load-balanced reverse proxies and very strictly limit allowed inputs/queries.

Ukraine seeks volunteers to defend networks as Russian troops menace Kyiv


Ukraine should make the stakes higher

A team should dress up as Russians and “fail” to blow Chernobyl sky high. At that point, there would be mandatory NATO involvement due to the threat posed to the West. Nobody would trust that the saboteurs aren’t simply Russian spies given how incompetent they’ve been in the past.

Problem sorted for the Ukrainians!

Fancy some new features? Try general-purpose Linux alternative Liquorix


Re: I'm confused....

it’s YAK that’s why!

Google's Chrome OS Flex could revive old PCs, Macs


If a computer is essentially junk

Then ChromeOS will not revive it. If it could, then a simple OS reinstall would suffice.

The ever more [cancerous] bloated World Wide Web is what makes a lot of computers into junk in the first place. The Chrome web browser is what makes computers run like ass, it’s not the fix for it. If you want to revive a vintage computer, then start using it to actually compute things instead of surfing the web.

They see us Cinnamon Rolling, they're rating: GeckoLinux incorporates kernel 5.16 with familiar installation experience

Thumb Up

Something inbetween

Snapshots get taken just before updates get applied and they only apply to affected subvolumes (e.g. /usr) without impacting user data in /home or logs in /var. btrfs does also allow rolling back of individual files too though. Snapshots work like subvolumes and can also be mounted, allowing you to grab copies of files. It's just like how NTFS VSS snapshots work, except the actual rollback method differs slightly due to differences in legacy cruft.

When System Restore is engaged on Windows, data needs to be copied from snapshots as part of the rollback attempt, as program and user data can be scattered about in multiple places and one does not wish to lose anything as a result. With Linux, because data is stored in stricter hierarchies, one can easily swap the /usr subvolume mount to use a working snapshot from before the RPM transaction occurred. This differs from LVM in that there's less space wastage and better performance since all relevant mountpoints can share space within a single partition using a single filesystem.

IMHO, the best approach is the one macOS Monterey uses with APFS. The base system is cryptographically signed as an immutable whole volume with updates appended to it using snapshots, allowing predictable/verifiable changes with the possibility of rollbacks. Likewise, Time Machine uses snapshots as a high-performance cache to speed up restores, while cloning their contents to external drives as incremental restore points, excluding read-only system data.

Internet connection now required for Windows 11 Pro Insider setup


Too true, you still have to pick your poison

Fedora/RHEL rips out key features for legal reasons despite them not being an issue for others

ClearLinux and openSUSE are in a similar boat to Fedora, making them unsuitable for use

Debian wont issue DSAs for local exploits of end user apps and until recently had unpatched browsers

ArchLinux patches everything to upstream but a lot of software is AUR-only, which is a security risk

Ubuntu is fine but only if you use main/restricted packages and avoid snaps/universe/multiverse

Snap and Flatpak are not the way to go because they causes more issues than they solve, in that you now increase your RAM use, decrease integration and still get backwards compatibility issues... not to mention introducing the "third party vs. first party" update problem.

What needs to happen is a culling of distros and a merging of efforts, but that looks unlikely.

Thumb Up


I notice that El Reg updated their article to say Internet Connection as opposed to Microsoft Account needed. Good. Ars has it wrong but you have it right. I have tested the latest preview myself and can confirm local accounts can still be created (Use Domain Join: https://imgur.com/a/JQVxytx) but this new requirement still sets a chilling precedent.

I'd rather have the shitness of Wayland/Xorg than the shitness of being forced online to be spied on. It looks like LTSC 2022 will be the final stopgap for my gaming PC until Linux is ready in a few years to come.

(and no, Linux really isn't ready yet for running legacy Windows games but it's very very close)