@scottalanmiller said in ioSafe: down?:

@brett-at-iosafe said in ioSafe: down?:

Uh-oh! I'll find out what's up (down?).

We caught it here first!

ML Monitoring as a Service.

Maybe something using LibreOffices --convert-to command line option? For example:

 soffice --convert-to xlsx:"Calc MS Excel 2007 XML" filename.csv --headless

Edit: Edited to change reference from Excel 2003 to 2007.

Doing a little dance at getting my second paycheck earlier than expected (was sold the contract as monthly, but turns out its fortnightly instead).

Cloudflare Blogpost

It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.
For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.

Google cached pages found that they had crawled "private messages from well-known services, PII from major sites that use cloudflare, and even plaintext API requests from a popular password manager that were sent over https".

They seem to have responded pretty quickly to Google's Project Zero team

cloudflare quickly reproduced the problem, told me they had convened an incident and had an initial mitigation in place within an hour.
"You definitely got the right people. We have killed the affected services"

I always use my own account with sudo.

If anything sudo is safer. You have better accountability as to who made what change in a multi-administrator environment, and you can limit what access a sudo user has (what applications they are able to elevate).

The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second. Additional analysis on the attack traffic suggests the assault was closer to 620 Gbps in size, but in any case this is many orders of magnitude more traffic than is typically needed to knock most sites offline.

Martin McKeay, Akamai’s senior security advocate, said the largest attack the company had seen previously clocked in earlier this year at 336 Gbps. But he said there was a major difference between last night’s DDoS and the previous record holder: The 336 Gpbs attack is thought to have been generated by a botnet of compromised systems using well-known techniques allowing them to “amplify” a relatively small attack into a much larger one.

In contrast, the huge assault this week on my site appears to have been launched almost exclusively by a very large botnet of hacked devices.

source

Thats one big botnet if they're really not using reflection attacks.

@BBigford If only it was that simple. Apple have been based in Cork since 1980, initially as a factory and now as their primary European contact centre. They are a massive employer in the south, with 5,000 in the city as it is and 1,000 more planned.

I don't think they'll be going anywhere too fast, but its definitely going to have repercussions.

(Disclaimer: used to work at the Cork centre)

Matthew Garret of CoreOS on Twitter (@mjg59)

Lenovo aren't deliberately blocking free software on recent laptops (spoiler: it's Intel's fault)

Tweet

OH MY GOD the person who started the Lenovo shitstorm is Ryan Farmer https://www.phoronix.com/scan.php?page=news_item&px=Microsoft-Signature-PC-No-Linux …, who spammed me after I debunked him in 2008

Tweet

Summary: This guy has a history of making over the top accusations, and responds badly when called on it. Don't enable him.

Tweet

And on his blog:

The background is straightforward. Intel platforms allow the storage to be configured in two different ways - "standard" (normal AHCI on SATA systems, normal NVMe on NVMe systems) or "RAID". "RAID" mode is typically just changing the PCI IDs so that the normal drivers won't bind, ensuring that drivers that support the software RAID mode are used. Intel have not submitted any patches to Linux to support the "RAID" mode.
In this specific case, Lenovo's firmware defaults to "RAID" mode and doesn't allow you to change that. Since Linux has no support for the hardware when configured this way, you can't install Linux (distribution installers will boot, but won't find any storage device to install the OS to).
...
The real problem here is that Intel do very little to ensure that free operating systems work well on their consumer hardware - we still have no information from Intel on how to configure systems to ensure good power management, we have no support for storage devices in "RAID" mode and we have no indication that this is going to get better in future. If Intel had provided that support, this issue would never have occurred. Rather than be angry at Lenovo, let's put pressure on Intel to provide support for their hardware.

Should be Bidet Mate, tbh.

Awesome, Amazon Password Cracking As A Service.

@scottalanmiller Much appreciated.

Google-fu is failing hard. OBR?

@aaronstuder Because Imgur is serving them all over HTTPS.

One Raspberry Pi 3 that I previously used as a low speed torrent box, but now have running a SANS DShield sensor.

Do you have fwupdatemgr installed?

I had a microcode update applied by Korora 26 during the week, perhaps that?

Check dnf history?

Maybe something using LibreOffices --convert-to command line option? For example:

 soffice --convert-to xlsx:"Calc MS Excel 2007 XML" filename.csv --headless

Edit: Edited to change reference from Excel 2003 to 2007.

LattePanda is a neat looking board. Supports Ubuntu 16.04 as well as Windows.

@dashrender said in Outlook 2016 emails with attachements won't forward the attachment:

MS knows of the issue.

https://social.technet.microsoft.com/Forums/en-US/68eb21a3-9a37-42b8-8539-f6afb9be5aef/kb4011626-update-for-outlook-2016-32bit-causes-pdf-attachments-to-be-stripped-out-of-forwarded?forum=ConfigMgrCompliance

https://support.microsoft.com/en-us/help/4011626/descriptionofthesecurityupdateforoutlook2016january9-2018

Improvements and fixes
This security update contains improvements and fixes for the following nonsecurity issues:

• Some attachments are not removed when you forward mails that contain inline images and you check the Read all mails as Plain Text check box.

Known issues in this security update

• After you install this security update, attachments are removed when you forward plain text emails.

Oh man, if I could get the family to switch to this rather than the WhatsApp group...