floof.org
The consequence of using microsoft in production or at scale means that you have to use third-party tools to reduce your exposure to harm.
The level of incompetence on the OS development level means that such tools have to have executive control over things no third-party utility should.
The whole concept of "whole OS patches" is stupid and broken. "OMG PATCH NAO" is also stupid. "Patch management" is not security, it is garbage.
It didn't have to be this way. It still doesn't.
Start with a secure platform, then reduce attack surface. Secure the ingress, reduce or eliminate interlayer trust. Centralize complexity, distribute work in as simple a form as possible, with as little power and surface area. Aggregate events centrally, eliminate node individuality. Enforce class compliance. Replace security theater with end-to-end individual auth and change management.
Deploy to Testing->QA->Staging before prod.
Travelling by sleeper train beats travelling by plane. Hands down.
I’m travelling in a small hotel room with a view. It almost feels as soothing as sleeping in a boat. I got to the train by foot and I’ll arrive in the city centre.
Compare that to a cramped seat in a crowded plane and traffic jam before and after the trip.
Trains are the future of transportation.
The Labour Govt. has launched an ongoing 'structured' set of meetings with the EU, aiming at re-establishing normal regular relations rather than the ad-hoc posturing on Europe that we experienced with our previous government(s).
This is explicating about building trust & reliability; so, I expect to see a number of tightly constrained sectoral deals made so each side can 'test' the other's commitment to rapprochement....
Its going to be slow, but in the right direction!
A new study in The Lancet demonstrates that face coverings dramatically reduce the load of SARS-CoV-2 in exhaled breath from infected persons.World Socialist Web Site
I would like a key on my phone keyboard that says "sic" and it's just a space bar that doesn't apply auto correct.
Like a "I know I typed it wrong and also you don't need to learn it" button
that'd be useful!
I've said before I'd like the opposite, too: something for desktop computers so I can hit a key that says "I know I misspelled that last word, but I basically got it. Go apply the first suggestion".
Because then I can just hit it instead of having to switch to my mouse and click it, and to be honest I can't actually remember how to spell "alienation" but I'm sure you can, spellchecker.
Worldcon attendees, please note: UK is pronounced "uck" (rhymes with duck).
If you spell out the letters, everyone will know you're a tourist.
There's no programming language that will force you to write the right code.
Your code can be type-safe, thread-safe and memory-safe, and still wrong.
Don't push to prod on a Friday
To be safe, don't push to prod on a Thursday night.
Really, someone might be off so don't push on Thursday.
Consider not pushing to prod on Weds, as that's when everyone is running their security scans.
Don't push to prod on Tuesday for reasons I can't yet think of.
Don't push to prod on Monday, you're still getting over the weekend.
Consider just not pushing to prod.
I am seeing so many incorrect reckons from people about patch management staging.
Modern EDR content updates don’t work the way old school patches do.
You have agent versions.
Policy versions.
Content versions.
This all work slightly differently.
Staging them old school ways is impossible if you want to get protection for threats updated in time.
Wake up babe, new furry elevator stress test meta just dropped.
#furry #convention #AnthroWeekendUtah2024 #elevator
Oh, so, spicy take -
I expect to see other failures of similar nature to the crowdstrike issue, in other companies and their products.
My expectation is informed by the massive number of layoffs in the past couple years, and a suspicion that many companies' internal infrastructure has been running in a degrading or possibly entirely unmaintained state since heavy layoffs occurred.
I just digitized a VHS tape produced by Yggdrasil Computing, Inc., titled "Linux - Installation and Beyond" that doesn't seem to be preserved anywhere. It's an interesting look back at what Linux installation was like in 1995, and hopefully should provide some historical context for those of you who weren't (un?-)lucky enough to live through this period of Linux.
YouTube: https://youtu.be/2IAa6MYVpVs
Internet Archive: https://archive.org/details/linux_-_installation_and_beyond
A seminar produced by Yggdrasil Computing, Inc., in 1995, demonstrating how to install Linux, recorded from VHS tape.Contents:- Introduction - History and ca...YouTube
PSA: delete your old Photobucket account now! Don’t put it off.
You know those emails you’ve been getting for a year from Photobucket threatening to delete your old account and you were like lol who cares and ignored them?
Turns out they didn’t delete them anyway, they repurposed the business as a broker of biometric data to AI companies and they’re using your old pictures for that. You have to actually go in and delete your account to opt out, and you only have until Monday, July 22 to do it.
Microsoft Recovery Tool available now, with instructions to assist with the Crowdstrike issue impacting Windows endpoints.
This will require physical access & 1GB USB. You will need admin rights (+ access to the Bitlocker key, if Bitlocker is in place).
Steps for how to access and use the recovery tool Microsoft created to generate a USB recovery drive to expedite the repair process from the CrowdStrike issue..TECHCOMMUNITY.MICROSOFT.COM
Them: “You’re not trans, why are you always defending them?”
Me: “I am also not a domestic cat, and if I see you abusing one of those I’ll kick your ass too.”
Shiny yote meets fluffy proot! What kind of mischief are they planning 👀
Left: @datbluehusky.bsky.social
Right: me
📸: @Shinyraptor
#SqueakySaturday #latexfur #rubberfur #latex #rubber
Normal folks hating on C++: it’s an old and memory unsafe programming language.
Me hating on C++: there is a convicted rapist and registered sex offender on the C++ committee and the committee leadership worked really hard to keep him there.
My brain has never brained logically 😂
@linguistics @linguisticsmemes @writing
#LinguisticMemes
#Linguistics #Words #AmWriting #Writerdons #Writers #Writer #Writing #WritingCommunity #Writinglife #WritersOfMastodon
Apollo 17 launched from the moon to return to earth 51 years, 7 months and 6 days ago, and no one's been back since. I'm 50, and no one's been to the moon — or even outside low earth orbit — in my lifetime. The (manned) space age finished before I was born!
The idea that we should now attempt to colonise a planet or moon within the time it takes us to trash the earth into unlivability is fanciful, to say the least.
In an unexpected turn of events, a sensible take on #Crowdstrike from the Orange Site.
Source: https://news.ycombinator.com/item?id=41004184
This is a remarkable story.
A factory belonging to a Polish snack company Aksam burned down last weekend, restricting its production capacity to only about 35%.
However, the CEO announced that no employee will be fired.
"Employees will be employed in a two-week system. Then there will be a crew exchange. I want everyone to have a job. However, a two-week job does not mean a reduction in salary. It will be full. In our company, we always put the human being in the first place and this will not change" - said the president Adam Klęczar
Here is the story (in Polish) https://businessinsider.com.pl/biznes/fabryka-paluszkow-splonela-zwolnien-jednak-nie-bedzie/0je1txd
W poprzedni weekend spłonęła fabryka produkująca m.in. "Paluszki Beskidzkie". W związku z tym właściciel wprowadził rotacyjny system pracy. Zwolnień jednak nie będzie.IAB Polska
‘In this area of healthcare, like no other I know of, the professionals with the requisite expertise are positioned by their critics as having been “captured by ideology” and therefore lacking in credibility. Meanwhile, those without the expertise are positioned as “independent”, which critics argue makes them better able to evaluate the evidence – despite having never worked in the field and having no understanding of its complexities’
Dr Aiden Kelly, clinical psychologist
“the ban is not supported by the Cass review or the wider evidence, and the exceptional approach to transgender youth is discriminatory and unfair.”
Decisions around the tiny minority for whom the option could be helpful should be made by clinicians, not Wes Streeting, says clinical psychologist Aidan KellyAidan Kelly (The Guardian)
people often ask me if my radio software's badass unicorn mascot is trans-coded
well duh, it's radio software, everything on it gets transcoded
"To deter long-distance travel, the band offered an initial presale of tickets for local postal codes only.
#MassiveAttack are giving train travellers special privileges: access to a VIP bar with separate toilets, extra pre-sale tickets and free transfers to and from the train station via electric bus. They are also working with the local train network, Great Western Railway, to lay on five extra trains for travelling fans."
https://www.bbc.com/travel/article/20240717-the-band-that-doesnt-want-you-to-travel-for-their-tour
Massive Attack have been campaigning on environmental issues for years – and are now fixing their gaze on the music industry itself with a groundbreaking Bristol show next month.Daniel Stables (BBC)
Haroon Siddique sums up the problem with the Just Stop Oil sentencing:
'Individual comparisons, while also imperfect, can also pose questions. Can it be right that protesters who forced closure of a motorway will be locked away for so long, when in March a woman was given a six-month suspended sentence for causing death by careless/inconsiderate driving?'
And if you think this is just 'whataboutism' then you've missed the point about property & life in law!
#politics
https://www.theguardian.com/law/article/2024/jul/19/just-stop-oil-jail-terms-questions-harsh-treatment-protesters
Lengthy prison sentences seen by many as heavy-handed and prompt comparisons with other offencesHaroon Siddique (The Guardian)
Increasing the frequency of patching, of updates, of releases, of deployments does not promote a healthy, secure ecosystem, but a tumultuous, chaotic mess where little to no QA, testing or staging is done.
Every single part of the absolute mess that people think of as "infosec" is basically trash-ass busywork that people think is "normal" because it's what they know.
And then people write "compliance" standards based on that mess that result in millions of meaningless compliance actions.