Skip to main content

The CrowdStrike BSOD fiasco is extraordinary in its scale and scope; on Monday's Oxide and Friends, @ahl and I will be joined by security researcher and @LutaSecurity CEO @k8em0 to help us sort through the many layers of this mess. Join us, 5p Pacific!

discord.gg/QrcKGTTPrF?event=12…

Join the Oxide Computer Discord Server!

The Oxide Computer Company and friends; home of the Oxide and Friends podcast. | 3392 members
Discord
@Katie Moussouris (she/her)🥜👋🏼 @Adam Leventhal @Luta Security

A new issue of #ThisWeekInGNOME is now online!

#157 GUADEC 2024
thisweek.gnome.org/posts/2024/…

#GNOME #TWIG #GUADEC

Screenshot of Keypunch
Screenshot of Embellish
GUADEC Banner
Screenshot of Workbench

#157 GUADEC 2024 · This Week in GNOME

thisweek.gnome.org
#gnome #ThisWeekInGNOME #twig #GUADEC

reshared this

Maras. Google AI. Originál a úprava (v obráceném pořadí, samozřejmě).
This entry was edited (2 months ago)

Matthias sharing good news of gtk and HDR development at #guadec2024
#guadec2024

reshared this

What's going on with the computers, for those who don't care about computers generally:

A security company (Crowdstrike) pushed out a bad update that broke a huge number of Windows computers and will probably require a lot of painful work to fix. This has resulted in, among other things, airlines grounding flights, hospitals locked out of their systems, and Starbucks in-store ordering being broken.

Hey fellow #Linux users, despite the #CrowdStrike problem only affecting #Windows, this is not a windows problem.

This is an "automatic update that got forced onto everyone with insufficient testing while also having way too many permissions" problem.

If you think big corps wouldn't run something similar on Linux, I have a an NFT of a bridge to sell you.

#linux #Windows #crowdstrike
This entry was edited (2 months ago)

reshared this

in reply to xbezdick

Hubert Figuière
Hubert Figuière
@xbezdick @ljrk @ainmosni that was a Fedora silverbluenissir. And I’ll stop here I will not be nice.
@lj·rk @xbezdick

How to add a Google Gemini shortcut to your iPhone homescreen 9to5google.com/2024/07/19/goog…

How to add a Google Gemini shortcut to your iPhone homescreen

Google’s Gemini has been available on iPhone for months now, but it’s not super easy to access since it’s hidden...
Ben Schoon (9to5Google)

I posted this a few years ago on Twitter, but perhaps today is an opportune time to post again here:

Any sufficiently advanced "endpoint protection" software is indistinguishable from malware.

(Adding: Has the potential to cause global outages.)

Comparison table "Endpoint Protectino" vs "Malware"; both categories are checked for each: Stealth install without your consent Sniffs network traffic Logs keystrokes Uploads data to weird IP addresses Near impossible to uninstall Destabilizes system Crappy install scripts Increased Attack Surface

Alternative (computer) input devices?

Does anyone have any suggestions as to what a friend of mine could replace his #keyboard and #mouse with, please?

He's got quite bad neuropathy in both hands (fuck #chemo) and it's quite difficult for him to use either his keyboard or his mouse now.

Tagging for #disability but I don't know if that's appropriate. If you can think of anything more appropriate please let me know.

Please, please boost!

#Disability #keyboard #mouse #chemo

And Track 2 talks on the livestream here: youtube.com/live/vMf3cOtcPtI?f…
#GUADEC2024

GUADEC 2024 – Day 1, track 2

GUADEC is the GNOME community’s largest conference, bringing together hundreds of users, contributors, community members, and enthusiastic supporters for a w...
YouTube
#guadec2024

Canyon uvedl na trh nový Aeroad. Zajímavý vylepšený kokpit. Cena už tolik ne, Canyon už nepatří mezi výhodné nákupy, navíc prodává jen on-line a prakticky nemá lokální servisy. Aeroad je při stejné sadě (např. SRAM Force AXS) dražší než SuperSix (pravda, má powermeter a jako obutí Pirelli P Zero, ale zase nemá v ceně držák computeru).
canyon.com/cs-cz/silni%C4%8Dni…

Aeroad

Objevte kolekci silničních kol Canyon Aeroad - navrženou pro maximální aerodynamiku a rychlost. Vyberte si výkon a styl, který vám umožní posunout své hranice dál.
Canyon

GUADEC Day 1 will be back from the break soon. Catch Track 1 talks in 20 mins on the livestream here: youtube.com/live/jS7NzYqxH3o?f…
#GUADEC 2024

GUADEC 2024 – Day 1, track 1

GUADEC is the GNOME community’s largest conference, bringing together hundreds of users, contributors, community members, and enthusiastic supporters for a w...
YouTube
#GUADEC

A #crowdstrike update can travel halfway around the world while an APT is putting on its shoes
#crowdstrike

Does anyone have a well sourced ballpark estimate for how many computers are affected by this CrowdStrike issue?
in reply to Chris 🌱 :verified_purple:

Lorenz
Lorenz
Also how much electronic trash this produces. I bet thousands of devices aren't economically fixable...

My favorite part of CrowdStrike’s “statement” about the damage they’ve caused is that there is still a free trial signup thing at the bottom of the blog post. I’ve rarely seen a company so bad at reading the room. Never change, CrowdStrike, never change! crowdstrike.com/blog/statement…

Statement on Falcon Content Update for Windows Hosts - crowdstrike.com

CrowdStrike

#AndroidAppRain at apt.izzysoft.de/fdroid today with 9 updated and 1 added apps:

* QuizFlow: create, and study word lists with interactive flashcards and modes

Enjoy your #free #Android #apps with the #IzzyOnDroid repo :awesome:


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#android #free #apps #AndroidAppRain #izzyondroid

Hoy estamos de aniversario en esta casa. Hace 3 años nos mudamos con @kastwey a Irlanda. La mejor decisión de mi vida, tanto en lo personal como en lo familiar.💚☘️
@Juanjo
in reply to modulux

Núria🦔🌵
Núria🦔🌵
@modulux @quetzatl Juan ya lo sabe que a mí me gusta el clima irlandés, por raro que aún pueda sonar.
@Juan CBS @modulux
in reply to Núria🦔🌵

modulux
modulux
Si por mi fuera, me gustaría vivir en Singapur. 27 grados todo el año.

Weird Al Yankovic just released a new music video!

youtu.be/y0ZoX4dBvwk


"Weird Al" Yankovic - Polkamania! (Official Music Video)

Single available at:Apple Music: https://itunes.apple.com/album/id/1753408289Amazon Music: http://amazon.com/dp/B0D7RQGLBS…and everywhere else digital music ...
YouTube

Megabridges, Synapse cleaning, and a retreat. That and much more happened This Week In Matrix!

matrix.org/blog/2024/07/19/thi…


This Week in Matrix 2024-07-19

Matrix, the open protocol for secure decentralised communications
Thib (matrix.org)

Make no mistake, if an outage similar to Crowdstrike would have been caused by OpenSource, there would be calls across the entire industry and at the government level to ban OpenSource from critical systems. But since it was caused by billion-dollar publicly-traded companies, nothing to see here, move-on.

#CrowdStrike #Linux #OpenSource #Outage #Microsoft

#linux #opensource #microsoft #crowdstrike #outage
in reply to cslinuxboy

Mike Gifford
Mike Gifford
well the Heartbleed bug probably did have folks call for that. It would be ridiculous though given how much open source is used in proprietary tools.

You may know Allyant (which I pronounce “alley ant”) is the combined form of CommonLook, TBase, and Accessible360.

You may also now Allyable (which I pronounce “snake oil”) is an #overlay vendor.

Apparently Allyable (overlay) was spamming folks on the #DisabilityIN conference app. This resulted in folks regularly visiting the Allyant (combined company) booth thinking it was Allyable (overlay).

#accessibilty #a11y
There are lessons here.

#a11y #accessibilty #overlay #disabilityin

Illegal drug found in Diamond Shruumz candies linked to severe illnesses

New testing finds psilocin, related to psilocybin, in gummies purchased in 2023.

arstechnica.com/science/2024/0…

Illegal drug found in Diamond Shruumz candies linked to severe illnesses

Ars Technica

now seems like the perfect time to share my opinion that link shorteners are a bad idea. worse than nothing. just use a real url; you aren't paying by the character and no one's gonna go into their browser and type in a meaningless string of gibberish no matter how short you make it. all they accomplish is obfuscation and completely unnecessary failure modes. glad goo.gl is getting killed off tbh maybe it'll get people to stop doing this shit
in reply to sjolsen.cdda.wav

IzzyOnDroid ✅
IzzyOnDroid ✅

I'm rather surprised that people still use their services. and trust them. They must either have a rather short memory (Google Reader, anyone? Writely, Google Code?) – or be caught in the eternal loop with the "benefit of doubt"…

killedbygoogle.com/


Killed by Google

Killed by Google is the open source list of dead Google products, services, and devices. It serves as a tribute and memorial of beloved services and products killed by Google.
Killed by Google

První letošní kilíčko. 🤗💪🏼
#cyklovýlet
Na obrázku je hotel ve Františkových Lázních a pod ním statistiky jízdy, z aplikace Strava
#cyklovylet

Let's cut the bullshit and spell out a few things. The IT security industry is about as trustworthy as the food supplement and vitamin industry, but somehow they escaped the same reputation. Their products are overwhelmingly based on flawed ideas, and the quality of their software is exceptionally bad. And while not everyone will agree with the harshness of my words, I'll say this: Essentially everyone in IT security who knows anything in principle knows this.

reshared this

in reply to hanno

hanno
hanno
Their products are flawed not just because they're badly implemented - which they are - but because they are based on a stupid idea. The idea that you improve your IT security by adding more complexity. Doing the opposite is the right approach. But you can't sell that as a product. (You can still sell it, but it's not something you just plug into your network and get security magically.)
in reply to hanno

hanno
hanno
Honestly, if we could get that one basic message out, that if their IT security is based on more complexity, not less, that they're doing it wrong, maybe we could start putting crap companies like crowdstrike or citrix out of business.

Thank you, Carrie, for letting people know about the BT Speak on your Carrie on Accessibility YouTube channel.
youtube.com/shorts/1kkRhG1N6a8…

New Braille "Pocket" Computer? BT Speak Pro from Blazie Technologies

On this Accessibility and Assistive Technology (A&AT) News, CoA introduces a New Braille "Pocket" Computer, the BT Speak Pro by Blazie Technologies. It's run...
YouTube

So It's not always DNS after all.

Matthias Clasen talks about the GTK development and roadmap

#gnome #guadec #guadec2024 #gtk

Matthias Clasen on a screen giving a presentation about GTK at GUADEC 2024
#gnome #gtk #GUADEC #guadec2024

All these smug Linux users really missed the point of how close y'all were to something much worse than this with the whole xz thing.

Your licence choice isn't going to save you from fundamentally dysfunctional approaches to tech.

UPDATE

:solidarity: 102% in DE! citizens-initiative.europa.eu/…

🇪🇺 Es gibt eine EU-Petition für eine europ. Vermögenssteuer, initiiert u.a. von Marlene Engelhorn und Thomas Piketty.

💸 Die Steuer wollen sehr viele Menschen, deswegen kann die Petition erfolgreich sein.

🔢 Österreich 20%, da fehlen noch 10.000.

👏 Belgien: 66%, Dänemark 88%

(Frankreich: 200% 😮 )

In vielen Staaten fehlt noch viel.

✍️ Schickt sie in alle Länder - und zeichnet mit!

tax-the-rich.eu/

#TaxTheRich


Tax The Rich

Nous voulons un impôt européen sur les grandes fortunes pour financer la transition climatique et sociale et aider les pays victimes des dérèglements climatiques.
Tax The Rich
#taxtherich
This entry was edited (2 months ago)
in reply to Anne Roth

CGdoppelpunkt
CGdoppelpunkt
Hinweis: Es ist nicht etwa eine ordinäre Petition. Es ist eine förmliche "Europäische Bürgerinitiative" - ein Instrument, das in der EU eigens vorgesehen ist, um die EU-Kommission zu Vorlage und Einbringen eines entsprechenden Gesetzentwurfs zu zwingen. - Ich habe das natürlich schon unterschrieben!

"das Bundesverkehrsministerium plant eine massive Verschärfung der Regelungen für Fahrradanhänger. Demnach dürfen Fahrradanhänger zukünftig maximal 50 kg Gesamtmasse aufweisen, ansonsten brauchen sie ein eigenes Auflaufbremssystem. Zur Einschätzung: Bei einem Eigengewicht von 15 kg blieben nur 35 kg an Zuladung übrig, was man locker mit zwei älteren Kindern überschreiten würde. Von größeren Hunden, Gartentransporte usw. wollen wir gar nicht erst anfangen."

cargobikeforum.de/forum/index.…

Cargobike-Forum

Diskussionen um den Personen- und Lastentransport per Fahrrad, Lastenrad, Rikscha, Anhänger etc.
Cargobike-Forum
in reply to Katja Diehl

Thomas Arend
Thomas Arend
Ich habe mal ein wenig gegoogelt. 50 kg wären 10 kg mehr als bisher für Fahrradanhänger ohne Bremsen empfohlen sind. Auch wäre das mehr, als die meisten Hersteller für ihre Fahrräder und e-Bike (40 oder 45 kg) ungebremst empfehlen.
in reply to Katja Diehl

E
E

Unabhängig vom Gewicht gibt es eine Max.Geschw. von 25 km/h, die gerade mit Kindern wegen Stößen nicht überschritten werden sollte.

survivalmesserguide.de/wie-sch…

Darüber hinaus empfiehlt der ADFC schon maximal 45 kg Zugladung.

adfc.de/artikel/lastenanhaenge…

Auch das zulässige Gesamtgewicht eines Fahrrades (oftmals um die 120 kg) setzt da Grenzen.

Dass ausgerechnet das Verkehrsministerium eine Begrenzung zur Sicherheit fordert und nicht etwa sichere Wege ist allerdings fragwürdig.


Wie schnell darf man mit einem Fahrradanhänger fahren?

Wie schnell darf man mit einem Fahrradanhänger fahren? Das Fahren mit einem Fahrradanhänger ist anfangs ungewohnt. Bevor Sie am Straßenverkehr ... Weiterlesen
Max Wegner (Survival Messer Guide)

I set aria-live on a span so I can have NVDA tell me when something happens. Even when the message is the same, though, NVDA speaks it. I'm using aria-live="polite". Is there a way to set it so I only hear the announcement if the text in the span has changed?
in reply to Marco Zehe

Alex Hall
Alex Hall
@Marco Atomic didn't, but updating the text only if the new message is different from what's already there did.
@Marco Zehe

New Debian Developers and Maintainers (May and June 2024) bits.debian.org/2024/07/new-de…

New Debian Developers and Maintainers (May and June 2024)

The following contributors got their Debian Developer accounts in the last two months: Dennis van Dok (dvandok) Peter Wienemann (wiene) Quentin Lejard (valde) Sven Geuer (sge) Taavi Väänänen (taavi) Hilmar Preusse (hille42) Matthias Geiger (werdahias…
Debian Project

#sushi with a #Frikandel at #bornhack. I blame the Dutch Village!
Sushi with a snack instead of fish
#bornhack #sushi #frikandel

Welcome Justin Maggard as #curl commit author 1288: github.com/curl/curl/pull/1422…

mbedtls: check version before getting tls version by jmaggard10 · Pull Request #14228 · curl/curl

mbedtls_ssl_get_version_number() was added in mbedtls 3.2.0. Check for that version before using it.
GitHub
#curl

Jedná pozdní #birellovka
Borůvkový koláč neměl chybu.
#birellovka
in reply to Pavel Kout

Archos :distros_arch: :matrix:
Archos :distros_arch: :matrix:
@pavelkout Ta trasa měla 94 km, tak jsem ještě ten zbytek dorazil :-) Jen jsem zase blbec zapnul cyklistika uvnitř, naštestí jsem tam zapnul i trasu do navigace :-)
@Pavel Kout

Starting now: on the #curl changelog page where it lists all changes ever done to all #curl releases ever done, it now also conveniently links to the "known vulnerabilities" for each released version.

curl.se/changes.html

#curl

Welcome martinevsky as #curl commit author 1287: github.com/curl/curl/pull/1423…

Unused definition of HOST_BAD removed by martinevsky · Pull Request #14235 · curl/curl

A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS…
GitHub
#curl

Watching the opening of GUADEC 2024 on the big screen

#guadec #guadec2024 #gnome

The GUADEC 2024 opening remarks projected on a large screen
#gnome #GUADEC #guadec2024

Well, I think we know the subject for Monday's Oxide and Friends! Any thoughts on who @ahl and I should ask to have on as a guest?
@Adam Leventhal
in reply to Matt Campbell

Matt Campbell
Matt Campbell
Someone who did a much better job of writing a plausible tech thriller was Daniel Suarez with his novel Daemon. (The sequel brings in some less plausible sci-fi elements IMO.) He didn't predict the CrowdStrike disaster, but he did try to warn about the dangers of the Windows monoculture in the 2000s. In recent years, I thought that novel was too dated. But now, maybe not. I'm sure he'd be happy to come on and say "I told you so."
in reply to Matt Campbell

Matt Campbell
Matt Campbell
If you can only read one chapter from Daemon to see what I mean about the author warning about the Windows monoculture, check out the chapter titled "The Red Queen Hypothesis". I think that's chapter 31.