that could come in veery handy once microsoft wants to pull some plugs. i guess we can be grateful for the backup that is 1. not 100% in m$ hands any more then and 2nd cannot be as easy destroyed as some backups at archive.org. i actually hoped for someone with enough money to create this type of security after m$ assimilated github and thought like “does nobody see the rising danger there?” but even if china’s great fork might be more reliable than m$ over time, maybe it’s better to have your own backups of all the things you actually may need in future.

btw did microsoft manage to get rid of the hackers that settled into their network for … how long??

i guess they’ll tell

its amazing how good services can be if some just skip the corporation-obligatory adding of enshittification. i remember an article about a downloadable (but not very legal) DVD with an installer for a (worthless but very popular) OS that included heaps of expensive industry software and the installer was point-klick what you want and then all is done in background and fully usable once done. reading that article it seemed to be a better installer than ever produced by any company for any product.

however as that payed streaming service seemingly leaves huge amount of bank records and ran for such a long time, i guess it would have been easy to stop their customers from paying them. it rather might seem that the real intentions of content corporations might not truely be what they officially claim. maybe we learn in 25 years that the content corporations really were behind such services, maybe like “better get money from ALL markets!” or such.

great, thanks. i’ll try it out as i have some spare resources on my server.

🤔 maybe there is a lack of distributed fediversed search engine instances where:

1. everyone can host a search engine for their very own pages
2. everyone can crawl other pages and provide (maybe with permissions) the crawled data to other search engines (as compressed snapshots, api …) or provide a search engine by themselves for all.
3. such search engines can be ranked or marked with “has anti features xyz” and put into followable ‘collections’ per topics.
4. possibility to add 3rd party rankings and filters, so that one can use only a subset of a search engine list that was pieced together by someone you know or trust, reduced by rankings or filters published by another one you somehow trust to limit the items in the first list.

then: “for software development i use linuz personal ‘devel’ collection, this way i don’t have to manually click through big G’s gigabytes of SpaMalAds they always only frustrate you with and i am not distracted with dyo stuff when searching for server administration things like ‘puppet stages howto’. for my home projects i use my friends ‘home of DYO’ collection, i get more results than i need but get new ideas as well without seeing work stuff when looking up how to build a puppet stage for my little one. 👨‍👧 for kids its awesome, our school provides a collection including specialized search instances that fit learning, while that collection is also peer reviewed by a company that spezialized to ensure it does to not contain search engine instances that also index any unfitting content pages.”

oh btw: no i do not have any info about duckduckgo status unfortunately, i stepped over it by myself today 🤷‍♀️

that a moderately clever human can talk them into doing pretty much anything.

besides that LLMs are good enough to let moderately clever humans believe that they actually got an answer that was more than guessing and probabilities based on millions of trolls messages, advertising lies, fantasy books, scammer webpages, fake news, astroturfing, propaganda of the past centuries including the current made up narratives and a quite long prompt invisible to that human.

cheerio!

it might take ages for her to choose the right boots for rebooting ;-)

if your wife wasn’t vi-impressed, maybe she already is vi-improved ;-)

after looking at the ticket myself i think the relevant things IMHO are:

• a person filed a bug report due to not seeing what changes in the new version caused a different behaviour
• that person seemed pushy, first telling the dev where patches should be sent to (is this normal? i guess not, better let the dev decide where patches go or -in this case- if patches are needed at all), then coming up with ceo style wordings (highly visible, customer experience of untested but nevertheless released to live product is bad due to this (implicitly “your”) bug)
• pushiness is counterparted by “please help”
• free-of-charge consulting was given by the one pointing to changes likely beeing visible in changelog (i did not look though) but nevertheless it was pointed out to the parameter which assumes RTFM (if docs were indeed updated) that a default value had changed and its behavior could be adjusted by using that given parameter.

up to there that person -belonging to M$ or not (don’t know and don’t care) - behaved IMHO rather correctly, submitting a bug report for something that looked like it, beeing a bit pushy, wanting priority, trying to command, but still formally at least “asking” for help. but at that point the “bug” seemed to have been resolved to me, it looks like the person was either not reading the manual and changelog, or maybe manual or changelog lacks that information, but that was not stated later so i guess that person just did not read neither changelog nor manual.

instead - so it seems to me - that person demanded immediate and free-of-charge consulting of how exactly the switch should be used to work in that specific use case which would imply the dev looks into the example files, maybe try and error for himself just so that that person does not need to neither invest the time to learn use the software the company depends on, nor hire a consultant to do the work.

i think (intentional or not) abusing a bug tracker for demanding free-of-charge enduser consulting by a dev is a bad idea unless one wants(!) to actively waste the precious time of the dev (that high priority ticket for the highly visible already live released product relies on) or has even worse intentions like:

• uploading example files with exploits in them, pointing to the exact versions that include the RCE vulnerability that sample file would abuse and the “bug” was just reported cause it fits the version needed for exploitation and pressure was made by naming big companies to maybe make the dev run a vulnerable version on it on his workstation before someone finds out, so that an upstream attack could take place directly on the devs workstation. but thats just creating a fictive worst case scenario.

to me this clearly looks like a “different culture” problem. in companies where all are paid from basically the same employer, abusing an internal bug tracker for quick internal consulting would probably be seen as just normal and best practice because the dev who knows and is actually working on the code is likely to have the solution right at hand without thinking much while the other person, who is in charge of quick fixing an untested but already live to customers released product, does not have sufficient knowledge of how the thing works and neither is given the time to learn or at least read changelogs and manual nor the time to learn the basics of general upstream software culture.

in companies the https://en.m.wikipedia.org/wiki/Peter_principle could be a problem that imho likely leads to such situations, but this is a guess as i know nobody working there and i am not convinced that that person is in fact working for the named company, instead in that ticket shows up a name that i would assume to be a reason to not rely too much about names in the tickes system always be realnames.

the behaviour that causes the bad postings here in this lemmy thread is to me likely “just” a culture problem and that person would be advised well if told to learn to know the open source culture, netiquette etc and learn to behave differently depending on to who, where and how they communicate with, what to expect and how to interact productively to the benefit of their upstream too, which is the “real price” all so often in open source. it could be that in the company that rolled out the untested product it is seen to be best practice to immediately grab the dev who knows a software and let him help you with whatever you can’t on your own (for whatever reason) whenever you manage to encounter one =]

i assume the pushyness could likely come from their hierarchy. it is not uncommon that so called leaders just create pressure to below because they maybe have no clue of the thing and not want to gain that clue, but that i cannot know, its just a picture in my head. but in a company that seems to put pressure on releasing an untested product to customers i guess i am not too wrong with the direction of that assumption. what the company maybe should learn is that releasing untested and/or unfinished products to live is a bad habit. but i also assume that if they wanted to learn that, they maybe would have started to learn it like roundabout 2 decades ago. again, i do not know for what company that person works -or worked- for, could be just a subcontractor of the named one too. and also could be that the pushyness (telling its for m$, that its live, has impact to customers etc) was really decided by someone up the latter who would have literally no experience at all on how to handle upstream in such situations. hierarchies can be very dysfunctional sometimes and in companies saying “impact to customers” sometimes is likely the same as saying “boss says asap”.

what i would suggest their customers (those who were given a beta version as production ready) should learn is that when someone (maybe) continously delivers differently than advertised, that after some few times of experiencing this, the customer would be insane when assuming that that bad behaviour would vanish by pure hope + throwing money into hands where money maybe already didn’t help improving their habits for assumingly decades. And when feeding everhungry with money does not resolve the problems, that maybe looking towards those who do have a non-money-dependant grown-up culture could actually provide more really usable products. Evaluation of new solutions (which one would really be best for a specific usecase i.e.) or testing new versions before really rolling them out to live might be costly especially when done throughout, but can provide a lot of really high valueable stability otherwise unreachable by those who only throw money at shareholders of brands and maybe rely on pure hope for all of the rest. Especially when that brand maybe even officially anounced to remove their testing department ;+) what should a sane and educated customer expect then ? but again to note, i do not know which companies really are involved and how exactly. from the ticket i do not see which company that person directly works for, nor if the claim that m$ is involved is a fact or just a false claim in hope for quicker help (companies already too desperate to test products before live could be desperate again in need for even more help when their bad habits piled up too long and begin falling on their heads)

the xz vulnerability was done through a superflous dependency to systemd, xz was only the library that was abused to use systemd’s superflous dependency hell. sshd does not use xz, but systemd does depend on it. sshd does not need systemd, but it was attacked through its library dependency.

we should remove any pointless dependencies that can be found on a system to prevent such attacks in future by reducing dependency based attack vectors to a minimum.

also we should increase the overall level of privilege separation where systemd is a good bad example, just look at the init binary and its capability zoo.

The company who hired “the” systemd developer should IMHO start to really fix these issues !

so please hold your “$they have fixed it” back until the the root cause that made the xz dependency level attack possible in the first place has been really fixed =)

Of course pointing it out was good, but now the root cause should be fixed, not just a random symptom that happened to be the first visible atrack that used this attack vector introduced by systemd.

 HISTCONTROL=ignorespace
 unset RANDOM
 RANDOM=4
 clear
...

If RANDOM is unset, it loses its special properties, even if it is subsequently reset.

HISTCONTROL If the list of values includes ignorespace, lines which begin with a space character are not saved in the history list.

RTFM can save your server AND your bet ;-)

it is cheating of course if the predefined rules tell us about such requirements and if these are not met any more when unsetting RANDOM ahead of it.

i have two other possibilities at hand, that do not involve two SSDs:

1. don’t use intentionally broken software in the first place ;-)
2. use another device for bootloader, could be a readonly CD or a usb drive, PXE/bootp could also do it.

And if your company wants you to use rotten software, they also want you to give them the delays, downtimes and annoyances that naturally come with rotten decisions, just keep that in mind.

Here is one thing to remember and why i call it rotten software and rotten decisions:

Microsoft offers a free “blame the ransomware people” to any CTO who just wants to receive money without working at all or not having to “think” during work. That same CTO can get a bonus after “solving” the ransomware issue and then: “look how ‘invaluable’ that CTO is to the company” he “worked” for month ( yelling at engineers he previously told to install rotten software???) and resolved the ransomware issue!! This is same to those who work. no law has ever given people that many payed breaks from work as “rotten software” vendors did. and if you made a mistake and did not get trained before, you could blame bot beeing trained.

Look at it from a “fingerpointer” point of view, one cloud always blame someone else for everything and the only one to blame is too big to fail and also untouchable due to their army of darkness lawyers. thus anything happened? no one could be guilty AND be held responsible. Also if one is slow at work, and so is his OS, obviously easy to blame someone else again.

so microsoft offers a “solution” to “boss wants you to work more and quicker” but remember, that same boss only “needs” a cover for his own ass to be able to point to someone else and the ones creating the rotten software do deliver that ;-)

i do not know any better wording for such a situation than “rotten” thus i name it so.

i am happy to have a raspberry pi setup connected to a VLAN switch, internet is behind a modem (like bridged mode) connected with ethernet to one switchport while the raspi routes everything through one tagged physical GB switchport. the setup works fine with two raspi’s and failover without tcp disconnections during an actual failover, only few seconds delay when that happens, so basically voip calls recover after seconds, streaming is not affected, while in a game a second off might be too much already, however as such hardware failures happen rarely, i am running only one of them anyway.

for firewall i am using shorewall, while for some special routing i also use unbound dns resolver (one can easily configure static results for any record) and haproxy with sni inspection for specific https routing for the rather specialized setup i have.

my wifi is done by an openwrt but i only use it for having separate wifis bridged to their own vlans.

thus this setup allows for multi-zone networks at home like a wifi for visitors with daily changing passwords and another fror chromecast or home automation, each with their own rules, hardware redundancy, special tweaking, everything that runs on gnu/linux is possible including pihole, wireguard, ddns solutions, traffic statistics, traffic shaping/QOS, traffic dumps or even SSL interception if you really want to import your own CA into your phone and see what data your phones apps (those that don’t use certificate pinning) are transfering when calling home, and much more.

however regarding ddns it sometimes feels more safe and reliable to have a somehow reserved IP that would not change. some providers offer rather cheap tunnels for this purpose. i once had a free (ipv6) tunnel at hurricane electronic (besides another one for IPv4) but now i use VMs in data centers.

i do not see any ready product to be that flexible. however to me the best ready router system seems to be openwrt, you are not bound to a hardware vendor, get security updates longer than with any commercial product, can 1:1 copy your config to a new device even if the hardware changes and has the possibility to add packages with special features to it.

“openwrt” is IMHO the most flexible ready solution for longtime use. same as “pfsense” is also very worth looking at and has some similarities to openwrt while beeing different.

went through lots of plane accidents to find the one i think to remember, but had to stop as i do not want to increase fear of flying. however i stumbled about this one, Airbus A320 Air France flight 296 on 26th of June, 1988 which was sort of related as some “security” mechs seemed to have prevented crash prevention there and fired discussions. but this one was earlier and it was not boeing (and it looks like no one tried to cover things). however since it was during an airshow, not a commercial flight, i now figured out that the one i remember could have been a testflight, cargo flight or something else like a flight show as well… not sure if i “can” find it, the little i remember.

what i meant was decades ago, not the “recent” crashes of 2018…

i tried to find it but didn’t yet. there are way more plane crashes than i thought i would have to go through…

looking at “new technology” introduced (as it was quite new) i stumbled over this article and remembered that the “three computers voting” (while the pilot may only take place in that voting - as a minority …) was part of the discussions back then (which is not written in that article however, but i found one piece, yay!):

https://archive.seattletimes.com/archive/?date=19950605&slug=2124705

i feel like i could remember something wrong like it maybe was not a takeoff but possibly a go-around where the crash happened… not sure i won’t yet give up searching, but i have to stop for now…

edit: i am not saying it was a 777, i just found a piece of my 20year old puzzle…

thanks for the info about kayak, very appreciated!!

me same, i would never again willingly book a flight with a boeing airplane.

in my mind that B. company got the status of a criminal organization >20 years ago when they afaik refused to fix a problem with sensors and the computer overriding pilot control which crashed the plane just after takeoff while pilot could not do anything against it. back then however the discussions were about computers overriding pilot control, not about a company intentionally risking lives.

Now they seem to me to still refuse to fix the problems and instead rename planes so that one cannot avoid their deathtraps unless not at all flying with their aircrafts. so i choose to only book flights with aviation companies that do not have B. planes at all. I decided to in future rather use a car or boat instead, if only B. planes are available.

i would not be surprised if the current “technical event” would be the actual same cause that “forced the nose down” over 20years ago, to me it sounds exactly like the same until now, it might just luckily have happened by chance high enough in the air so that the “nose forced down by computer” problem could somehow be solved with enough time where they had only seconds in that crash two decades ago.

the only cenario i actually use google search for but only in very rare occasions is when i am curious why i don’t find more results in another search engine, i then sometimes want to validate “missing” results are also missing in other/minor search engines that could theoretically have hits instead of misses, but usually i don’t find in google what i was already missing elsewhere, so mostly no gain, only sort of validation.

quadrillion you say…

yes, banksters like to create bubbles, inflate, trade with them until all value was extracted, let the bubble burst and then let all bus drivers and other low income people pay for the loss which is the gain of some parasites.

quadrillion… bubble->add some time->burst

if we have both two dollars, one for security and one for trading. we both “invest” in buying call orders from each other for a dollar and repeat it a billion times on the same day then we creates a “cash flow” of two billion dollars alone, yet the value behind it was less than 2 dollars.

that is what high performance traders do, they sell/buy thousands of times per second, creating the illusion of cash flow and worth, yet their actions have negative value, destabilize the market on the long run to create illusion of worth. but that illusion is very welcome as it blinds people and let them believe and invest which then can again be harvested until the bubble bursts…

lets remove two dollars from my above example… i have now only one dollar for trading so do you. but none for security. would you buy a call-option from someone without security? no. so wont i. thus remove 2 dollars (half of them) and 2 billion dollars of cash flow cease to exist on that day alone!! well, the next day looks the same then. lol. guess that would be called a collapse that 'nobody could have foreseen". lol.

7 trillion usd is roundabout half of the worldwide existing usd in 2017 (cash and database money, no debts, no could-be-printed, no needs-to-equaled-later) that is if wikipedia is correct and i did not miscalculate the ‘trillion’ which is just a sloppy ‘billion’ here. And further more the “worth” of the really ‘existing’ usd looks to me like a huge bubble by itself waiting to burst some day, but that is not the point or discussion here.

lets just hope that this “quadrillion bubble” you seem to be fond of does not burst too soon. there are still some resources to be ripped of from earth, some countries that could be enslavelaboured just to postpone the burst of that bubble, so the wave of destruction could carry that bubble for another generation maybe and we are sort of “safe”, but not sure. thus maybe lets hope it bursts rather sooner than later preserving some resources and preventing huge amount of hurt and damage from beeing done while leaving chance for a more stable bubble-free world without manmade intentionally created crisises just to let “others” pay for it.

intentionally created illusions are in total the most costly “realities” ;-)

maybe just “they” can’t.

probably a bad idea to put those with already too many recource usage, who are living on the cost of society for uncountable generations, in positions to decide anything. maybe.

yeah, thats exactly what i am saying, most of the money ever printed sits in places it will never leave, so IMO there are no 5trillion available on the market and the cash flow does not allow to take out even a “little” bit (speaking in 1e12 terms) before things collapse for the majority.

oh yes, printing money works exactly like that, it was just printed in the past and nowadays they just increase numbers in databases: plopp and the value of that currency and especially everything that is bound to it decreases, ripping you of what you have saved without even touching your bank account.

i guess the number they want to fundraise comes from an AI (maybe because they do not want to think by themselves any more)

as far as i am right with the “trillion” which is just a “billion” where i live and 1e12 (a 1 followed by 12 zeroes)

but according to wikipedia (in 2017) there are only:

14.000.000.000.000 USD existing in the world while they want to fundraise 7.000.000.000.000 USD

so basically they want half of the USD that had been printed in all history up until 2017.

maybe they just want to say that they want to push YOU into poverty, who knows.

may it by getting it from you or by letting some govs print money faster than ever, reducing your money to half or less of a fraction of its previous virtual value.

But the AI that came up with that number had “good luck” to not come up with the need of “more” money than ever has existed =D

i think i’ld prefer to use a dice when i really need a random “decision”.

update: Plz tell me if i am wrong with the numbers or what the current 2024 number of all “printed” (well physical AND digital) USD in the world is at the moment. thx