mjg59

mjg59 , 2 days ago to random

Tired: It's bad to disclose vulnerabilities because people may be using them to further the goals of the state
Wired: It's bad to disclose vulnerabilities because people may be using them to jailbreak their devices

mjg59 , 2 days ago to random

Quick Assange frequent misconceptions thread:

1. "Assange was merely wanted for questioning" - no, Swedish judicial process required that he be interrogated before charges could be made. Sweden arrested him in his absence (he'd already left the country) and filed a European Arrest Warrant. English judges concluded that he had been formally accused of the crimes, even if not indicted. See section 142 of https://www.wired.com/images_blogs/threatlevel/2011/11/assange-judgment.pdf.

mjg59 , 3 days ago to random

On balance I think it's worth celebrating the US choosing not to use the entire power of the state to fuck over Assange, but it's also worth remembering that he martyred himself in order to ensure that the women who accused him of rape never had the opportunity to obtain justice

mjg59 , 3 days ago to random

Reading a blog post earnestly arguing that someone discovering a vulnerability being exploited by a nominally allied government shouldn't disclose that vulnerability and my dude do you think the fucking vulnerability knows who's exploiting it and makes a careful value judgement over ensuring it's only exploited for "good" purposes?

mjg59 , 17 days ago to random

AT&T responded to my FCC broadband availability challenge by admitting they can't provide broadband at that address. In an email that included the employee's direct dial number. Which was immediately followed by a "Recall" mail and one that didn't include that number. Oops.

mjg59 , 24 days ago to random

The "Recall can't record DRMed video content" thing is because DRMed video content is entirely invisible to the OS. The OS passes the encrypted content to your GPU and tells it where to draw it, and the GPU decrypts it and displays it there. It's not a policy decision on the Recall side, it's just how computers work.

mjg59 , 27 days ago to random

Just got handed yhis

mjg59 , 29 days ago to random

Fucking hell what will they DRM next

mjg59 , 30 days ago to random

Been living in the bay area since 2014 and this is the first time I've flown out of an SFO A gate since 2007?

mjg59 , 1 month ago to random

Yeah Twitter is fine

mjg59 , 1 month ago to random

In universe, did Indiana Jones's students know that the reason he kept flaking out of classes was because he was fighting nazis? Obviously the state department covered up the whole "Ark of the Covenant" thing, but did all his deeds go unrecognised?

mjg59 , 1 month ago to random

STOP DOING HARDLINKS

INODES WERE NOT MEANT TO EXIST IN MULTIPLE DIRECTORIES

YEARS OF FILES yet NO REAL-WORLD USE FOUND for being in more than one directory

Wanted to reference files from more than one directory anyway? We had a tool for that: it was called "SYMLINKS"

"Yes please give me FIFTEEN paths that this file resolves to" - Statements dreamed up by the utterly Deranged

"Hello I would like different permissions on this file based on path" They have played us for absolute fools

mjg59 , 1 month ago to random

I'm sure this is general knowledge but anyway: never enable SSH agent forwarding by default if you log into any systems that you don't trust 100%. It gives whoever has root on that system the ability to log into anything else your SSH agent can connect to. Either explicitly pass -A or add host entries to ~/.ssh/ssh_config to enable it for the scenarios you need it.

mjg59 , 2 months ago to random

Twitter just doing a "redirect links in tweets that go to x.com to twitter.com instead but accidentally do so for all domains that end x.com like eg spacex.com going to spacetwitter.com" is not absolutely the funniest thing I could imagine but it's high up there

mjg59 , 2 months ago to random

Being less flippant about this - the xz backdoor relied on a line that was present in the tarball release, but not in the git repo. Do we have any infrastructure for validating this kind of thing? (It's expected that the tarball would contain things that aren't in git - for example, the configure script doesn't exist in git, but is expected to be in the release. The problem is that extra code was injected into the configure script after it was generated)

mjg59 , 3 months ago to random

Huh the Steam Deck apparently doesn't have Platform Secure Boot enabled so alternative firmware is theoretically possible (although AMD's current approach to providing AGESA for modern CPUs probably makes that an extremely difficult problem?)

mjg59 , 3 months ago to random

Yo I've got a PhD in genetics from Cambridge and on the off-chance you need it I give you permission to say that Dawkins is a hack