WTF Bites
-
@blek This could go into QOOC, but context actually makes it better.
-
-
Today in "the never-ending struggle of security vs usability"…
Context: Both Firefox and Chrome are progressively disabling trust of Symantec-issued SSL sertificates. Someone using Firefox Nightly is upset because they can no longer use a certain site. Why? Because the dingus operating that site enabled HSTS, which is a signal "do not allow my site to be viewed without HTTPS, ever", and forgot to make sure their HTTPS is actually functional.
Insert blakeyrant about user-hostility here?
-
Both Firefox and Chrome are progressively disabling trust of Symantec-issued SSL sertificates.
Is that due to poor technical choices (e.g., MD5 for the certificate hashing algorithm on their master CA key) or due to poor operational management at Symantec?
-
@dkf Symantec fucked up multiple times in various ways, both technical (issuing new 1024-bit certs and using SHA-1 after the industry's self-defined deadlines, issuing certificates without sufficient validation) and managerial (delegating issuance capabilities to third parties without passing the needed audits ).
Since January 19, the Google Chrome team has been investigating a series of failures by Symantec Corporation to properly validate certificates. Over the course of this investigation, the explanations provided by Symantec have revealed a continually increasing scope of misissuance with each set of questions from members of the Google Chrome team; an initial set of reportedly 127 certificates has expanded to include at least 30,000 certificates, issued over a period spanning several years. This is also coupled with a series of failures following the previous set of misissued certificates from Symantec, causing us to no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years.
blink-dev mailing list, 23 March 2017More incidents at:
https://wiki.mozilla.org/CA:Symantec_Issues
-
@DCoder The important part (from Google's perspective) in that long list: They issued test certificates for
www.google.com
. Google is not fond of someone not-google having a certificate for google.com.
-
-
(e.g., MD5 for the certificate hashing algorithm on their master CA key)
The CA's hash doesn't matter at all. Only the intermediates and leaf certificates matter. This is because browsers don't validate CAs based on hashes and don't listen to websites that say "here, have a CA certificate".
HSTS
Pretty sure there's some secret code word you can type in in Chrome to bypass that screen. "thisisunsafe" or something like that. Not sure if there's a Firefox equivalent.
-
@r10pez10 My mom drives a Subaru with "partial zero emissions". (I assume they mean it has zero emissions while the ignition is off?)
-
@blakeyrat "The first thing we do, let's kill all the
lawyersmarketing people."
-
-
@Zecc That's what shameful bronze gets you.
-
@Zecc How is anything partially fanless anyway.
-
@PleegWat The exhaust doesn't have a fan, only the intake does. Next question!
-
@PleegWat The exhaust doesn't have a fan, only the intake does. Next question!
Ok, here: How does that make the thing 15% fanless and not 50% fanless?
-
The intake is smaller than the exhaust. Next question!
-
@Zerosquare said in WTF Bites:
The intake is bigger than the exhaust. Next question!
Wait ... I thought we were talking about a PSU, not a jet engine.
-
Wait ... I thought we were talking about a PSU, not a jet engine.
Why do you think some of those "gaming" PCs sound like jet engines?
-
Are you kidding? It's obviously fanless until 25% load .
Inb4
-
Um, what do you mean old? What can you possibly be doing that would... oh whatever, go yourself.
-
Um, what do you mean old? What can you possibly be doing that would... oh whatever, go yourself.
Yo!
-
Spotted on my wife's Facebook feed:
-
@Scarlet_Manuka Modern families, amirite?
-
@dkf thread is
-
Yeah, fuck people who use their computer for work.
The most annoying thing I've had with that is when Windows decided it felt like rebooting to apply updates while an app was in the middle of updating the firmware on a ten grand piece of radio equipment.
Turns out the "it'll be okay for 15 minutes, we'll just all use two channels" thing doesn't scale so well to waiting for a week for a new chassis to be sent out, because some idiot at Microsoft can't understand that sometimes reboots can't happen absolutely right now.
-
@gordonjcp said in WTF Bites:
Yeah, fuck people who use their computer for work.
The most annoying thing I've had with that is when Windows decided it felt like rebooting to apply updates while an app was in the middle of updating the firmware on a ten grand piece of radio equipment.
Turns out the "it'll be okay for 15 minutes, we'll just all use two channels" thing doesn't scale so well to waiting for a week for a new chassis to be sent out, because some idiot at Microsoft can't understand that sometimes reboots can't happen absolutely right now.
Outch. We've been having a related debate here. Having twice the flash available so we can have the ability to roll-back on firmware update failure makes the product physically bigger and more expensive. Difficult trade-off against the small risk of bricking.
(If the flash page size were smaller we could have just a roll-backable bootloader instead of the whole lot but that's not an option either without more memory)
-
@Cursorkeys said in WTF Bites:
@gordonjcp said in WTF Bites:
Yeah, fuck people who use their computer for work.
The most annoying thing I've had with that is when Windows decided it felt like rebooting to apply updates while an app was in the middle of updating the firmware on a ten grand piece of radio equipment.
Turns out the "it'll be okay for 15 minutes, we'll just all use two channels" thing doesn't scale so well to waiting for a week for a new chassis to be sent out, because some idiot at Microsoft can't understand that sometimes reboots can't happen absolutely right now.
Outch. We've been having a related debate here. Having twice the flash available so we can have the ability to roll-back on firmware update failure makes the product physically bigger and more expensive. Difficult trade-off against the small risk of bricking.
Why don't you use a minimal bootloader, so that you can at least retry the update if it's interrup--
(If the flash page size were smaller we could have just a roll-backable bootloader instead of the whole lot but that's not an option either without more memory)
Oh :(
-
@gordonjcp Wow this patching was SO HORRIBLY IMPORTANT that you had to do it RIGHT AWAY without even spending 10 seconds checking the Windows power settings or glancing at the Windows Update dialog! After you'd been hitting "skip update" for the last 72 hours!
When did this forum become 94% content bitching and moaning about Windows Update?
-
@blakeyrat said in WTF Bites:
When did this forum become 94% content bitching and moaning about Windows Update?
When Windows Update decided to start rebooting without what users perceive as permission.
(Or before that for some of us, but that's a whole 'nother story…)
-
@blakeyrat: "Wow this update was SO HORRIBLY IMPORTANT that Windows had to do it RIGHT AWAY without even spending 10 seconds checking if the user wasn't doing anything at that time!"
When did you start defending software with terrible usability?
-
When Windows Update decided to start rebooting without what users perceive as permission.
It asks permission for a full 72 hours before it does it "without permission".
@Zerosquare said in WTF Bites:
@blakeyrat: "Wow this update was SO HORRIBLY IMPORTANT that Windows had to do it RIGHT AWAY without even spending 10 seconds checking if the user wasn't doing anything at that time!"
It spent 72 hours checking if the user wasn't doing anything at that time.
@Zerosquare said in WTF Bites:
When did you start defending software with terrible usability?
That's not the point. I agree Windows Update has a lot wrong with it. I just want to talk about SOMETHING ELSE, ANYTHING ELSE. EVERY SINGLE GODDAMNED THREAD IS ABOUT WINDOWS UPDATE ALL THE TIME FOREVER, THERE HAS TO BE SOMETHING ELSE TO TALK ABOUT!
-
@blakeyrat said in WTF Bites:
It asks permission for a full 72 hours before it does it "without permission".
Ah, but if the user perceives it as doing it without permission, that's what matters from their perspective. It's all about the UX.
(Is this right? Am I sitting here ragging off Blakey for ignoring UX?! )
-
@dkf I'm not ignoring UX, like I just fucking said. I'm complaining about being at a party where there's only ONE topic of conversation and people have been talking about it for 57 hours and there hasn't been anything to say about it in the last 50 of those TALK ABOUT SOMETHING ELSE. YES WE GET IT: WINDOWS UPDATES REBOOTS WE KNOW ALREADY THERE'S 242,240 THREADS ABOUT IT ALREADY WE GET IT TALK ABOUT SOMETHING ELSE.
Of course you obviously didn't bother reading my last post, so I'm sure you're not reading this one. So I'll just type penis a bunch: penis penis penis penis penis penis penis.
-
@blakeyrat
We do have a thread about furnaces
-
@blakeyrat said in WTF Bites:
THERE HAS TO BE SOMETHING ELSE TO TALK ABOUT!
Think this year's the year for Linux on the Desktop?
-
@Luhmann And one about topic drift.
-
@topspin There's a very clearly marked Thunderdome that nobody seems to be able to figure out what the hell to do with, even.
-
@blakeyrat said in WTF Bites:
@r10pez10 My mom drives a Subaru with "partial zero emissions". (I assume they mean it has zero emissions while the ignition is off?)
A partial zero emissions vehicle, in the United States, is an automobile that has zero evaporative emissions from its fuel system, has a 15-year (or at least 150,000-mile) warranty on its emission-control components, and meets SULEV tailpipe-emission standards.[1]
So, yeah, zero emissions while the ignition is off, and "super ultra-low" emissions when it's running.
-
@blakeyrat said in WTF Bites:
@gordonjcp Wow this patching was SO HORRIBLY IMPORTANT that you had to do it RIGHT AWAY without even spending 10 seconds checking the Windows power settings or glancing at the Windows Update dialog! After you'd been hitting "skip update" for the last 72 hours!
When did this forum become 94% content bitching and moaning about Windows Update?
-
@topspin There's a very clearly marked Thunderdome that nobody seems to be able to figure out what the hell to do with, even.
Correct.
-
@blakeyrat said in WTF Bites:
THERE HAS TO BE SOMETHING ELSE TO TALK ABOUT!
So do it? What's stopping you?
-
@blakeyrat said in WTF Bites:
So I'll just type penis a bunch: penis penis penis penis penis penis penis.
Let's talk about beanis for a second.
Think about the implications. Let your mind implode....
-
@Tsaukpaetra Well, that's not a word, but, if it were a word, it seems like it would involve beans, and maybe be a programming language or a disease.
-
@Gribnit
Mind you, it could be all of them at once. A great many programming are [diseases], and one (that shall remain unnamed) does involve sizeable quantity of beans.
-
@blakeyrat said in WTF Bites:
I'm complaining about being at a party where there's only ONE topic of conversation and people have been talking about it for 57 hours and there hasn't been anything to say about it in the last 50 of those.
-
If you read today's Old New Thing and followed the link to the WinWord 1.1a source code, you might have spotted this in the comments (from four years ago):
i have some Confusion about windows1.0, Today we are using Visual studio, Net-beans to make the software but in early time there is no visual studio at all then, how can this windows 1.0 is made ? please somebody tell me about this
If it wasn't such an old comment, I'd be tempted to ask the commenter how they thought Visual Studio itself came to be made. Two people did reply a couple of years later, explaining the magical technology combination of text editors and compilers.
-
@blakeyrat said in WTF Bites:
EVERY SINGLE GODDAMNED THREAD IS ABOUT WINDOWS UPDATE ALL THE TIME FOREVER, THERE HAS TO BE SOMETHING ELSE TO TALK ABOUT!
We were trying to post about
DicsourceNodeBB but our machines rebooted and we lost our train of thought.
-
@blakeyrat said in WTF Bites:
I'm complaining about being at a party where there's only ONE topic of conversation and people have been talking about it for 57 hours and there hasn't been anything to say about it in the last 50 of those.
-
Google opinion rewards, the app that occasionally asks you some questions and pays you with a few pence of Google play credit asked me a question that doesn't apply to me at all.
when looking for a stable relationship, what frustrates you about dating apps?
the risk my wife might find out I have one installed
-
@pie_flavor A quick search for what could be the source of that image has been halted because I've found something better than :