WTF Bites
-
I have no idea which one is supposed to be the high end and which one is supposed to be the low end.
-
@anonymous234 said in WTF Bites:
I have no idea which one is supposed to be the high end and which one is supposed to be the low end.
Dunno either, but I guess the last market segment is the 12-year-old arsenals that scream 'you mum gay!!1!' on every damn FPS
-
@cursorkeys said in WTF Bites:
@anonymous234 said in WTF Bites:
I have no idea which one is supposed to be the high end and which one is supposed to be the low end.
Dunno either, but I guess the last market segment is the 12-year-old arsenals that scream 'you mum gay!!1!' on every damn FPS
No, arsenal gaming is for people who only play fifa, and only as one team
-
@cursorkeys I thought it was cross promotion for a soccer team in the UK
e:
-
-
@anonymous234 said in WTF Bites:
I have no idea which one is supposed to be the high end and which one is supposed to be the low end.
Confusing naming funtimes! Unless you figured already: Enthusiast is high end and Arsenal is low end.
-
On the exact same topic: is a "rich entertainment experience" better than a "fantastic Windows® 10 experience"?
They're all low-end so they had to come up with 4 different euphemisms for that. I actually initially assumed A10 was the worst one because it says "great value" (it's the best one).
-
@anonymous234 Oh, so that's what I've been doing wrong! I need to buy the worst CPU available to get a fantastic Windows 10 experience. And I've just been getting Core i5/Ryzen 5 or better...
-
@anonymous234 said in WTF Bites:
On the exact same topic: is a "rich entertainment experience" better than a "fantastic Windows® 10 experience"?
I guess it's a matter of taste. If you had 2 hours to spare, would you spend them like this?
Or like this?
-
@anonymous234 said in WTF Bites:
"fantastic Windows® 10 experience"
To me, this sounds a lot like "a fantastic experience queuing for lunch" or "a fantastic experience waiting at the local bus stop". These are not things I care about experiencing, rather, they are the means to an end, and the less noticeable they are, the better. Same for Windows 10. The more it gets out of my way, so I can do the stuff I want, the better.
To be fair, "premium performance at a great value" also sounds a bit like saying "premium sandwich at a great value" in a lunch place. If said place needs to point out that the sandwiches are "premium" and then boasts about them being great value, probably the best claim that can be made about the sandwiches is that they aren't actively try to kill the consumer (unlike the non-premium offering).
-
@cvi I think it's close as they can get to a fair description. I interpret it as "It boots Windows, it runs the fancy start menu animations, the email client and the web browser", with an implicit "and nothing else".
-
I was using Windows 10 last week on a borrowed computer, and I had to use IE to login to a site using a smart card. This lead to several MS
s:- The dialog for choosing a certificate popped under the browser.
- As I had just logged into the machine for the first time, I apparently had the default dissetting of the taskbar only showing icons and then combining multiple ones so you can't tell that the thing that it just hid from you even exists.
- IE is too dumb to be able to detect which cert is for authentication and which one is for encrypting email and it almost always chooses the email one by default. Firefox + OpenSC are smart enough to not even offer the email cert as an option, but alas, the machine I was borrowing did not have OpenSC installed.
- You have to click the "More Choices" words in the dialog, which actually look a bit grayed out (i.e., disabled) compared to anything else. And they aren't in a button or even underlined to look like a hyperlink.
-
@boomzilla Tobey Faire, even though the smart card explicitly has different slots for authentication and encryption ("Key Management") certificates, most encryption certificates include the authentication OID for some bizarre reason, so Windows doesn't know any better.
-
@twelvebaud All I know is that OpenSC can figure it out (on both Windows and Linux) so there's no reason why Windows shouldn't be able to do it, too.
-
https://vsfs.state.gov/projects/view/1301
App Design for Wellness Diplomacy
Can an enterprise mobile app improve the health and wellness of our nation’s diplomats? We think so. MED Wellness is charged with empowering our employees to live their healthiest lives, through promotion of activities and educational opportunities across the globe.
It actually seems to be something they can use to schedule stuff like yoga classes offered by the State Dept but that title and description amused me.
-
@boomzilla said in WTF Bites:
- The dialog for choosing a certificate popped under the browser.
That's weird. That used to happen all the time on Windows, but I haven't seen it happen since Windows 8 when they revamped the whole credential provider subsystem.
- As I had just logged into the machine for the first time, I apparently had the default dissetting of the taskbar only showing icons and then combining multiple ones so you can't tell that the thing that it just hid from you even exists.
That dialog doesn't show up in the taskbar anyway, or it didn't before. You always had to find it through Alt+Tab. It sucked.
- IE is too dumb to be able to detect which cert is for authentication and which one is for encrypting email and it almost always chooses the email one by default. Firefox + OpenSC are smart enough to not even offer the email cert as an option, but alas, the machine I was borrowing did not have OpenSC installed.
I haven't used OpenSC in years but I suspect that it's doing the wrong thing here (omitting the e-mail signature certificate for "convenience", or checking what slot the certificate's in as @TwelveBaud says when I'd argue that's an abstraction violation once you get to the TLS level). If a certificate has digital signature and key encipherment in its Key Usage extension and client authentication in its Extended Key Usage extension (if present), it should always be presented as an option, if not the default. The Web site usually doesn't care if you present your ID certificate or signature certificate (it might if it uses UPN for mapping vs. subject name and doesn't have both possible UPNs pre-loaded).
In fact, one of the projects I work on has its Web servers configured to only present e-mail CAs in its CA "hints". Their users only have one certificate that's issued by an e-mail CA that has the right extensions, whereas users may have more than one certificate issued by an ID CA (e.g. I have six). You can configure IE to not present the certificate prompt if there's only one acceptable certificate, so the mutual authentication is completely transparent to most of their end users. They go to the Web site, they're logged in.
- You have to click the "More Choices" words in the dialog, which actually look a bit grayed out (i.e., disabled) compared to anything else. And they aren't in a button or even underlined to look like a hyperlink.
Agreed that this is poor UI.
Edit: Also, if you don't have OpenSC (or other middleware) installed and you want to use Firefox and its certificate selection interface instead, you can use p11-capi.
-
@heterodox said in WTF Bites:
That's weird. That used to happen all the time on Windows, but I haven't seen it happen since Windows 8 when they revamped the whole credential provider subsystem.
I got myself a new Win10 laptop and it didn't do that this morning when I logged in.
@heterodox said in WTF Bites:
That dialog doesn't show up in the taskbar anyway, or it didn't before. You always had to find it through Alt+Tab. It sucked.
It always showed up for me on Win7 (where it often popped under, too). I just checked and I get the dialog in the task bar, though it's no longer (that is to say, it was on 7) obviously tied to IE. It's got a different icon and I can see "Windows" (the full title is "Windows Security") in the taskbar (which I always move to be along the left side of the screen).
@heterodox said in WTF Bites:
The Web site usually doesn't care if you present your ID certificate or signature certificate (it might if it uses UPN for mapping vs. subject name and doesn't have both possible UPNs pre-loaded).
This one does. I don't know the details, except that the email one apparently doesn't contain the certificate that apache is looking for.
@heterodox said in WTF Bites:
You can configure IE to not present the certificate prompt if there's only one acceptable certificate, so the mutual authentication is completely transparent to most of their end users.
Yeah, we've looked into something like this. It requires futzing around in group policy or something. Which we have no control over, thought we might be able to convince the customer to do.
@heterodox said in WTF Bites:
Edit: Also, if you don't have OpenSC (or other middleware) installed and you want to use Firefox and its certificate selection interface instead, you can use p11-capi.
Sure, there are other things available, but OpenSC is what the customer agreed to and users generally can't install or reconfigure stuff like this.
-
@boomzilla Actually, looking at the certificate properties via the IE dialog, they both talk about email. The "correct" certificate has a big version number looking thing as a property that looks differently. I have no idea what the other one is, but apparently it doesn't match what the server is looking for.
Also, I just noted that FF/OpenSC require me to enter my PIN first, then choose a certificate, so I suspect that what's going on is that once it has access to the card it can compare the cert against what the server is asking for, but IE / Windows can't do that since I haven't entered the PIN yet.
-
@boomzilla said in WTF Bites:
It's got a different icon and I can see "Windows" (the full title is "Windows Security") in the taskbar (which I always move to be along the left side of the screen).
Oh yeah, that's what it is. (It's not tied to IE because it's CAPI presenting it and not IE.)
@boomzilla said in WTF Bites:
This one does. I don't know the details, except that the email one apparently doesn't contain the certificate that apache is looking for.
Yeah, if you have two e-mail certificates that are showing up in the client certificate prompt, it's not the type of smart card I'm familiar with, so take my pronouncements of "typical usage" with a grain of salt. You do you.
@boomzilla said in WTF Bites:
once it has access to the card it can compare the cert against what the server is asking for
The server may only ask for a certificate that's issued by (a list of) certain CAs. (I think in theory it can also ask for certain certificate policy OIDs in that extension, but I've never seen anyone actually do that.) PIN shouldn't be required to unlock any information used for the client certificate prompt. But who knows. Maybe I'll try out OpenSC sometime soon and see what it's doing.
-
@heterodox said in WTF Bites:
Yeah, if you have two e-mail certificates that are showing up in the client certificate prompt, it's not the type of smart card I'm familiar with, so take my pronouncements of "typical usage" with a grain of salt. You do you.
I looked further, and the "key usage" or whatever (it's off now and I'm not going to restart it) on one said something that amounted to authentication and the other one specified email encryption. I don't know where the breakdown it occurring, exactly, just that IE ain't smart enough to handle it properly.
-
@heterodox said in WTF Bites:
when I'd argue that's an abstraction violation once you get to the TLS level
No, OpenSC is doing the right thing here. The PIV standard dictates which certificate slots have which purposes, and because OpenSC knows it's dealing with a PKCS #15 device it can figure out which slots are eligible to have their certificates presented for that use. (My experience with CAC devices tells me if you try to use an ID certificate for encryption, the card itself balks and refuses to do so.) The problem is that Windows just heaps all certificates from all devices into one big pile. (And IE doesn't add a filter that says "Only show certs with 'Prove your identity to a remote computer' key usages" for some stupid reason.)
-
-
@boomzilla said in WTF Bites:
It actually seems to be something they can use to schedule stuff like yoga classes offered by the State Dept
APPS CAN DO ANYTHING!!!!! if you connect them to the people that actually do those things
-
Little WTF of my day: In our ongoing saga to replace the current software suite at my school we also had to take a look at another alternative (besides the one I favour).
We had a contact at a school which was running said alternative and today we went to have a look.
Well, the first thing the IT guy said: "Well, it's still got some problems." Not a good start. For example, there's an exam mode which didn't engage for all pupils (and which also needs a special image or no software for you ("no" as in "none"). Which is also a problem our current solution has. Strike 1.
Then he tells us that every hardware combination also needs its own image. Our current solution has this as well and it's a major pain in the ass. It's probably a remnant from earlier Windows versions because Windows 10 doesn't actually care about differing hardware as long as it's able to start the boot process. (My favourite actually promises "Single Image Distribution"). Strike 2.
Strike 3: They want double the money my favourite wants (55.000€ versus 120,000€).
-
55.000€ versus 120,000€
So they went from 55 thousand versus 120 flat? That's special....
-
Today's episode of Google captcha:
Bonus WTF: I misread that sign as semi-annual communist garage sale.
-
@anonymous234 said in WTF Bites:
@cvi I think it's close as they can get to a fair description. I interpret it as "It boots Windows, it runs the fancy start menu animations, the email client and the web browser", with an implicit "and nothing else".
Yeah, I guess so. But to continue my comparisons: that's a bit like being allowed to wait at a bus stop (and even sit on the vandalism-resistant hard metal bench there - what a fantastic experience!), but not having a ticket to then actually get on the bus afterwards.
-
current software suite at my school
Slightly related. A few weeks ago, I got to hold a lecture for the first time since starting here. I inquired about the stuff that's present in the lecture halls, specifically about blackboards or (god forbid) whiteboards. Was told that they had a blackboard (yay!).
Wasn't told that this "blackboard" was an oversized TV screen with a few "pens" to interact with it. And a latency measured in seconds. Fuck you, whoever created that POS hardware+software (and also whoever thought that it would be OK to buy).
-
Wasn't told that this "blackboard" was an oversized TV screen with a few "pens" to interact with it. And a latency measured in seconds. Fuck you, whoever created that POS hardware+software (and also whoever thought that it would be OK to buy).
Oh nice, a "smart board". The one in our department must've cost a decent sum when we got it ten years ago, and it's so horribly laggy, shitty UI, and bad in general that it get's used exactly once a year by my coworker's kids at the internal chrismas party.
-
Bonus WTF: I misread that sign as semi-annual communist garage sale.
So did I, FWIW.
-
it get's used exactly once a year by my coworker's kids at the internal chrismas party.
Not much choice if I want to write down something "live" (as opposed to just peppering people to death with powerpoint slides). I mean ... I guess I could try writing on the walls, but that might have other repercussions. It's tempting, though.
-
@tsaukpaetra said in WTF Bites:
55.000€ versus 120,000€
So they went from 55 thousand versus 120 flat? That's special....
It's more expensive, so it just has to be better…
Unfortunately it often works on the acquisition managers that don't understand the product they are procuring and don't include anybody with such understanding into the decision process. And including a lowly peon into decision-making? That's preposterous!
-
And a latency measured in seconds.
Hey, you're asking that poor system to take a break from its vital remote-controlled cryptocurrency mining task and do interactive drawing as well!
-
it get's used exactly once a year by my coworker's kids at the internal chrismas party.
Not much choice if I want to write down something "live" (as opposed to just peppering people to death with powerpoint slides). I mean ... I guess I could try writing on the walls, but that might have other repercussions. It's tempting, though.
You could try getting a flipchart.
-
You could try getting a flipchart.
Sensible suggestions are
to complaining.Besides, more space on the walls - the flipcharts are too small for a good equation or two. Unless I write it in a size that's only helpful for the closest dozen or two students. Then again, it's not like the hundred+ in the back were paying any attention...
-
Sensible suggestions are
to complaining.This video perfectly sums up our community:
It's Not About The Nail – 01:42
— Jason Headley
-
@twelvebaud said in WTF Bites:
No, OpenSC is doing the right thing here. The PIV standard dictates which certificate slots have which purposes, and because OpenSC knows it's dealing with a PKCS #15 device it can figure out which slots are eligible to have their certificates presented for that use.
That's plausible. I don't think the CAPI stack has a PKCS #15 implementation anywhere in it. However, if this was "obviously" the right thing to do according to the standard, I'm unsure why ActivClient doesn't also do it.
My experience with CAC devices tells me if you try to use an ID certificate for encryption, the card itself balks and refuses to do so.
It's not just the card balking. The ID certificate doesn't have Key Encipherment in its Key Usage extension. Just Digital Signature and Non-Repudiation. So the certificate shouldn't be an option in the first place. But if you ask the card directly, yes, I think it'll balk as well.
And IE doesn't add a filter that says "Only show certs with 'Prove your identity to a remote computer' key usages" for some stupid reason.
That's demonstrably untrue. My Encryption certificate does not show up in the client certificate prompt since it doesn't have the right values in its Key Usage extension. My ID and Signature certificates do and they can both be used for client authentication (I misspoke earlier and said the KU extension needs Key Encipherment as well as Digital Signature; that's not true). I'm guessing IE is using CryptUIDlgSelectCertificate with a filter callback (but can't actually be arsed to find out).
-
Mostly the WTF here is my workflow...
I always get to Wikipedia by smashing 'wiki' in the address bar and clicking the link that appears in the info box thing on the right. Today DuckDuckGo is giving me:
Guess I'll have to spend the additional 12 keypresses for 'en.wikipedia.org' in future unless Italian domain registrars start doing encyclopedias.
-
@cursorkeys What about registering it as a search engine of its own. Unless you usually go there to read the title page, it's even fewer steps.
Actually, it should register itself in Chrome, all you have to do is modify its keyword.
-
@cursorkeys said in WTF Bites:
I always get to Wikipedia by smashing 'wiki' in the address bar and clicking the link that appears in the info box thing on the right
I do the same thing. It only takes a few letters to get the link I want to show, but too often when I click on it, it switches to a search result instead. Which leads to extremely annoying things like clicking on the link to my own web site, but instead landing on the TJ Maxx credit card login. Or going to Amazon Marketing Services by typing AMS, and ending up either at Amsoil or at Amsterdam Falafel Omaha.
-
I didn't exactly have high expectations for the movie to begin with, but ...
-
@cvi In case you confused it with CIA Headquarters, USA. </
>
-
@cvi: now you understand how Europeans feel when they see stuff like "Paris, Texas", "Berlin, Wisconsin" or "London, Kentucky" ;)
-
I didn't exactly have high expectations for the movie to begin with, but ...
I'm not sure what the problem is. It's the headquarters in Prague. I mean, sure...they'd probably really be in the embassy or a consulate, but that's just normal movie unrealism.
-
The new art in the current version of Virtualbox looks like it's open-source:
-
@bb36e Bootleg Tux is gonna help you run all the Linuxes!
-
-
-
@boomzilla said in WTF Bites:
I'm not sure what the problem is. It's the headquarters in Prague.
I initially though that this might be the case (and granted, the screenshot doesn't exactly give you much to go on).
However, this is the beginning of a "meanwhile, at the HQ in Prague" shot, where the director is following up on the happenings in the mission so far. At this HQ, an open office with a bunch of cubicles in a high rise, there are plenty of non-agenty people, including some conducting R&D (a prototype developed there being the McGuffin of the movie) - the hero of the movie being a "pencil pusher" aspiring to be an agent. But ... no parts of the movie actually take place in Prague otherwise. IIRC all of the movie outside of the HQ is somewhere in the US.
And apparently the city in the shot isn't even Prague to begin with. Nice catch on that @anonymous234.
Either way, I think this is way more in-depth analysis than the movie actually deserves. It was mostly just bland and not very exciting (but apparently trending on Netflix -- in the end, it served it purpose though, namely me needing to kill a few brain cells before going to sleep).
-
I didn't exactly have high expectations for the movie to begin with, but ...
Where else would the Czech Intelligence Agency be?
