Best posts made by aidan_walsh

@scottalanmiller said in ioSafe: down?:

@brett-at-iosafe said in ioSafe: down?:

Uh-oh! I'll find out what's up (down?).

We caught it here first!

ML Monitoring as a Service.

Maybe something using LibreOffices --convert-to command line option? For example:

 soffice --convert-to xlsx:"Calc MS Excel 2007 XML" filename.csv --headless

Edit: Edited to change reference from Excel 2003 to 2007.

Doing a little dance at getting my second paycheck earlier than expected (was sold the contract as monthly, but turns out its fortnightly instead).

Cloudflare Blogpost

It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.
For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.

Google cached pages found that they had crawled "private messages from well-known services, PII from major sites that use cloudflare, and even plaintext API requests from a popular password manager that were sent over https".

They seem to have responded pretty quickly to Google's Project Zero team

cloudflare quickly reproduced the problem, told me they had convened an incident and had an initial mitigation in place within an hour.
"You definitely got the right people. We have killed the affected services"

I always use my own account with sudo.

If anything sudo is safer. You have better accountability as to who made what change in a multi-administrator environment, and you can limit what access a sudo user has (what applications they are able to elevate).

The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second. Additional analysis on the attack traffic suggests the assault was closer to 620 Gbps in size, but in any case this is many orders of magnitude more traffic than is typically needed to knock most sites offline.

Martin McKeay, Akamai’s senior security advocate, said the largest attack the company had seen previously clocked in earlier this year at 336 Gbps. But he said there was a major difference between last night’s DDoS and the previous record holder: The 336 Gpbs attack is thought to have been generated by a botnet of compromised systems using well-known techniques allowing them to “amplify” a relatively small attack into a much larger one.

In contrast, the huge assault this week on my site appears to have been launched almost exclusively by a very large botnet of hacked devices.

source

Thats one big botnet if they're really not using reflection attacks.

@BBigford If only it was that simple. Apple have been based in Cork since 1980, initially as a factory and now as their primary European contact centre. They are a massive employer in the south, with 5,000 in the city as it is and 1,000 more planned.

I don't think they'll be going anywhere too fast, but its definitely going to have repercussions.

(Disclaimer: used to work at the Cork centre)

Matthew Garret of CoreOS on Twitter (@mjg59)

Lenovo aren't deliberately blocking free software on recent laptops (spoiler: it's Intel's fault)

Tweet

OH MY GOD the person who started the Lenovo shitstorm is Ryan Farmer https://www.phoronix.com/scan.php?page=news_item&px=Microsoft-Signature-PC-No-Linux …, who spammed me after I debunked him in 2008

Tweet

Summary: This guy has a history of making over the top accusations, and responds badly when called on it. Don't enable him.

Tweet

And on his blog:

The background is straightforward. Intel platforms allow the storage to be configured in two different ways - "standard" (normal AHCI on SATA systems, normal NVMe on NVMe systems) or "RAID". "RAID" mode is typically just changing the PCI IDs so that the normal drivers won't bind, ensuring that drivers that support the software RAID mode are used. Intel have not submitted any patches to Linux to support the "RAID" mode.
In this specific case, Lenovo's firmware defaults to "RAID" mode and doesn't allow you to change that. Since Linux has no support for the hardware when configured this way, you can't install Linux (distribution installers will boot, but won't find any storage device to install the OS to).
...
The real problem here is that Intel do very little to ensure that free operating systems work well on their consumer hardware - we still have no information from Intel on how to configure systems to ensure good power management, we have no support for storage devices in "RAID" mode and we have no indication that this is going to get better in future. If Intel had provided that support, this issue would never have occurred. Rather than be angry at Lenovo, let's put pressure on Intel to provide support for their hardware.

Should be Bidet Mate, tbh.

Awesome, Amazon Password Cracking As A Service.

If you notice this notice you'll notice this notice wasn't worth noticing.

@scottalanmiller said in If you are new drop in say hello and introduce yourself please!:

Welcome to @aidan_walsh

@Ambarishrh said in If you are new drop in say hello and introduce yourself please!:

Welcome @aidan_walsh

Oh, hello I've been lurking a couple of weeks and finally decided to make an account.

I spent about 5 years working in telephone support for various large companies but always wanted to get hands on behind the scenes, so for the last couple of months I have been interning at a local education board. I mostly play with Linux at home so working in a Windows environment is good experience.

Unless, more likely, its not.

https://setiathome.berkeley.edu/forum_thread.php?id=80193

Sipping a strong coffee to celebrate the successful reboot of my first production server.

Whisky comes later.

@scottalanmiller said in Apple May Face Epic Tax Bill:

@nadnerB said in Apple May Face Epic Tax Bill:

Why are the EU only coming after them now? Could it be that the EU is clutching at straws for more money post Brexit?

All things like this take a long time.

Yup, this is the result of an investigation ongoing since 2013 http://www.afr.com/technology/mobiles-and-tablets/apple/apples-tax-secrets-hidden-in-australian-filings-may-have-helped-the-european-commission-20160831-gr5e2x

Richard Donner. Met him at Comic-Con San Diego about 10 years back. Lovely gentleman, graciously signed a Superman comicbook for me.

I don't know if I'd call that opening more of iOS, than redefining some functional elements of the UI.

@scottalanmiller said in What Are You Doing Right Now:

@dafyre said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

Just broke a dish while trying to do the dishes. Argh.

Ooops!

It was super slippery. It was in the sink, but it broke the dish underneath in the sink

Soapy dishes and coffee jitters don't go well together

OVH are reporting they were hit by a 990Gbps IOT-based DDOS. Hurrah, its the f***[moderated] DDOS Olympics.

Facepalming at Windows 10 Enterprises new default Settings applet for what you want to do with the XBox controller you'll definately be connected to it...