Posts by OhForF' 682 publicly visible posts • joined 29 Mar 2022
>it doesn't do passwords<
I use LibreWolf on fedora fc42 installed from the repo at https://repo.librewolf.net/librewolf.repo and it happily stores passwords for the websites i tell it to.
An external password manager might be a good idea and better than store stuff in the browser but it works fine for me.
>allowing unauthorized access to sensitive data between December 22, 2025, and January 15, 2026.<
>Navia detected "suspicious activity" on January 23 and began investigating<
How did suspicious activity go on after the unauthorized access was no longer allowed and how was that access shut down before noticing suspicious activity?
Are banks although expected to ask their customer receiving the funds to identify the source if the bank can not?
Is the bank expected to cut off the well known customer when they receive money from a number of sources the bank can't properly identify?
I think the logical thing to do is to block the credit cards/accounts providing the money if those can't be properly identified, not the account the try to send money to.
>Factory comes to them and wants 4 staff for 4 weeks, and the client is meant to provide them an email account to send their payslip to?<
The employer is required to provide the pay slip in a way that keeps personal information private.
Sending a pay slip in a plain text to an external mail server would put you in hot water with local privacy laws. Most likely not something you can do anywhere where GDPR or an equivalent is in place,
That event still looks strange to me. So far every company that employed me provided a business email address and sent administrative stuff there and expected me to pick it up from the company email server. That way the mail never leaves the company network neatly avoiding issues with spam and privacy.
Sending pay slips to private email addresses and probably in plain text doesn't look like a professional setup.
Expecting a CEO candidate to already have defined goals and know how to measure them and realistic achievable figures for those metrics is during the first interview is a bit much.
If you didn't expect him to have that and still asked what his KPIs are he isn't the only one who did not know what a KPI is.
Not that i'd expect the average head hunter/recruiter/HR bod to know the difference between a metric and a KPI.
If Micros~1 had provided a list of changes that are coming in a future release and provided a preview so app developers can change the installation process to include a list of permissions the app needs for a clearly stated purpose to allow the admin/user to deal with this at installation time (or first run of the app) that would be fine.
Microsoft's announcement linked in the article says:
"We recognize that change takes time. That’s why this will roll out through a phased approach guided by clear principles".
I fear they'll use an "agile process" to keep changing stuff forcing users and admins and app developers to play catch up and keep configuring permissions for applications even if they were in daily use for years.
>The user types in a password, which gets checked against a database, character by character. Once the first character doesn't match, an error message is returned.<
My concern here would not be a side channel attack but how to keep that database secure Storing the password in clear text in the database in 2026, really?
>How do you handle users who push back with nonsense diagnoses?<
Only way to handle that is to ask them to tell what actually happened and what they expect the system to do instead if it worked properly and do your own diagnosis based on that.
Occasionally the uses diagnosis is correct but there are more cases where there is no problem but the user expects the system to do things it was never designed to do.
Unfortunately the more effort you put into clean up procedures and initializing those system components that might otherwise cause issues after a restart the more likely it is the operators will just restart the server instead of investigating which component has an issue and fix the problem causing the system to fail.
It can get to the point where the customer starts complaining they have to reset the control software multiple times in a shift and it can't be another component failure as restarting the software always fixes the problem.
Turn it off and on again is done for a reason - most of the time it does fix the problem.
What the blog does not explain is how the exploit manages to get the service to call the exploited code with a pointer to a corrupted list containing that null entry. While that micro-patch seems to fix that specific issue it would probably be a good idea to check and improve the input validation in the service.
So the EU should not be allowed to restrict what foreign (or at least US) entities the companies in its jurisdiction may do business with while at the same time it is perfectly fine for the US to go after European companies when they do business with anyone on their sanction list including Karim Khan, Prosecutor of the ICC.
You need to be a pretty firm believer the US are the goods guys and can't ever do harm to buy into that argument.
Giving technicians based in Canada access to other regions allows them to support those regions during normal working hours in Canada. OVH did probably not set up separate teams and infrastructure for Europe, North America, Africa, Singapore but tries to balance both work and other load between the regions.
While they do mention "enhanced compliance" and "Improved data compliance" 1 for their Local Zones in Public Cloud they can probably not guarantee data sovereignity any more than Micros~1 can.
1 What does "enhanced" or "improved" compliance mean? You are either compliant or you are not.
The legislative power in the EU is the council of ministers. Nowadays the claim is that parliament shares that legislative power with the council on equal footing as parliament has to approve the laws in the normal process. Why the council should have the same (or in some cases more) power than the parliament that is directly elected by the people is still a valid question. I do not see a compelling reason why parliament needs the commission to put forward a proposal either.
The bigger problem for votes on changes to GDPR that benefit big companies is that big companies can afford more lobbyists than the ordinary people in the EU. Most members of the european parliament act in a way that suggests they are not aware their primary job is to represent the people and act in the peoples interest.
>What other option is there? <
Changing the way the "social channel" work, e.g. having the device joining an ip multcast group which should be transparent to the WiFi part of the net and doesn't require to drop out of the user assigned frequency to monitor channels selected by Apple.
Not sure if that would work for this specific service as i am using option 1 (don't use the service).
Your average user will not be able to figure out why less used channels aren't working properly for streaming and will not be aware of the option to fix it by disabling a service they might not be using consciously. Apple should at least communicate more proactively that this is happening when the service is running if even network researcher are surprised by it.
Too many SMEs have built critical workflows (usually billing an accounting related) on Excel spreadsheets so flimsy they do not work with a different Excel version. Updating the Excel magic to work with a different version is not possible because anyone that understood how that deep magic works has left long ago.
Micros~1 is only partially responsible for that.
The Ubuntu life cycle say 24.04 LTS (Noble Numbat) is in standard support until Apr 2029 so for now there is no argument that you can't just keep *using* RISCV unless you have some compelling reasons to upgrade.
There is money to be made if you can convince a CEO his attempt to replace employees by AI only backfired because he and the remaining employees didn't have the necessary AI expertise.That is already enough of a reason to tout you have the best AI experts available.
Additionally Accenture has to convince their customers that only they have the experts at prompt engineering you need or even the most retarded CEO will eventually figure out he can write that "give me an excuse to fire 10,000 people" prompt on his own (and save the money paid to Accenture).
I live in one of those countries and can confirm not everyone has an ID card and we are not required to carry any ID.
However any LEO deciding at his sole discretion that someone did something suspicious can ask for ID and if none is produced take the subject to the nearest guardhouse for identity verification.
Not sure if you folks in Blighty want that kind of "optional" ID.
On the other hand if you already carry a smartphone all the time the possibility of ID cards being used to build a location profile should not be your biggest concern.
Someone that can not distinguish Word and Excel is unlikely to have arrived at the IT manager position after rising through the ranks of IT. He probably wasn't hired because he can manage everything without having to know about the subject as according to the article he didn't have any people skills.
Without additional knowledge my assumption is he was one of those managers appointed for who they know not what they know or can do.
"There are no two people with the same workflow for deploying to production,"
"developers using Copilot to produce wonderful Terraform code, "but they don't understand the implications of their changes."
So the problem is vibe coding cowboys that do not understand what they are doing and can't be bothered to even follow a preset procedure for deploying to production.
The solution obviously is using more AI - can't start doing the sensible thing and hire developers that know what they are doing.
