ben

ben, 7 months ago

@slaeg @crozilla Depends on whether they really mean opt-out (i.e. you're defaulted in) or if they plan to force a choice for those users (so you're not in unless you choose to be).

But, legal or not, definitely a shitty change.

ben, 10 months ago

I mean, I know it's what I get for being lazy and hitting the Ubuntu button when spinning up an image, but.... c'mon guys.... really?

ben, 10 months ago

@popey TBH, I find it very hard to argue in favour of snap on a server given the issues I've had with it on the desktop.

And, honestly, the automated updates could have been addressed as easily with unattended-upgrades.

Because it's only invoked periodically it probably is less likely to break than stuff on a desktop, but I really shouldn't need an entire extra daemon to periodically invoke a python script

ben, 10 months ago

@popey To be fair, I'm fairly salty about snap in general, based on run-ins with it:

• The move of Chromium to snap broke everything - pulse-audio, password manager etc, with fixes taking far too long to arrive
• The move of Firefox to snap happened without having learnt lessons from Chromium and broke my password manager again

And the most recent one:

If you select Docker in package selection during install, it's a snap and can't access paths outside $HOME

ben, 10 months ago

@popey Snap as a concept is probably great. The implementation though, drives me up the fookin wall

ben, 1 year ago

@popey I was pleasantly surprised to arrive at ours and find there was no queue ahead of me.

The only downside of that, though, is it meant there weren't any dogs out front to say hello to

ben, 1 year ago

It SLAACs itself an IPv6 address - initially thought perhaps v6 was broken. Checked my android phone, and it also has a v6 address - ipv6 works fine.

Eventually, I noticed that my router was advertising an IPv6 DNS server in my old ipv6 subnet. So the phone had a v4 and a (broken) v6 resolver it could use.

The moto was attempting to send a DNS query to the v6, found it was failing and decided the entire network was broken despite it's v4 checks having worked.

What a stupid fucking design.

ben, 1 year ago

@sindarina Exactly that.

The phone should have known that it's always DNS and used the DNS it had that was working.

That my router was lying to it should be immaterial

On an ... ahem... unrelated note, router config fixed and the phone's happy on the wifi.

ben, 1 year ago

@tmmj Yup - when I originally tried connecting it, I just assumed it didn't like the 5Ghz wifi having the same SSID as the 2.4 (because a lot of stuff didn't back then) and didn't want to change it.

It'd have been a lot easier to troubleshoot if the thing thing had stayed connected to the network for more than about half a second though :(

ben, 1 year ago

@bobbigmac Yeah, there are definitely times you look at the response and think... wut?

ben, 1 year ago

@PublicChaffinch Didn't realise this was still a thing at high school.

We had it at Primary school (along with the teacher saying "Good morning" and the entire hall replying with "Good Morning Mrs thingymajig"), but at high school they were much more focused on things like "will you lot please stop hitting each other".

ben, 1 year ago

@ianbetteridge It's particularly odd given that part of the reason for the decision is that they already own most of the market - and no-one's denying it's a valuable market.

"We'll leave this thing we're making an absolute mint from if you don't let us dominate it further"

Might as well yell they'll shoot themselves in the foot if the CMA doesn't change its mind.

ben, 1 year ago

@slothrop @neil @revk @webmink I'm convinced that all of this has come about because some unscrupulous lawyers decided the needed to take revenge on the companies who case management software.

ben, 1 year ago

I wonder how cross Microsoft would get if I added an "Approved by [bing logo]" with it

ben, 1 year ago

@mjg59 Assuming we're talking about the same thing - my reading was that the bit that really mattered was the "log everything out now" step.

Killing all the old sessions doesn't stop your new sessions being jacked, but it does reduce the number of sessions you have that could be.

I had 331 "apps" signed into my account - that's quite a surface if someone were to try and BF session IDs, so I may be better off even though the issue itself isn't fixed

ben, 1 year ago

@mjg59 But you're right - it's important to look at what changed (and what the suggested rotation changes).

If the interface had listed a few active sessions, I may not have bothered.

I wouldn't have rotated password yet either, except it turns out Amazon forces you to after killing active logins (makes sense really).

ben, 1 year ago

@alessandrolai @Cloudguy Got you beat...

Also... WTaF? Are they not killing off old sessions at all? My cookie killer effectively logs me out client side periodically.

I don't think I've owned 331 devices capable of signing into Amazon

ben, 1 year ago

@Cloudguy @alessandrolai Urggg, and all with access to more or less everything.

What could possibly go wrong with that

ben, 1 year ago

@ozofriendly @Cloudguy @alessandrolai

I guess it depends on whether it's just this, or whether there's a suggestion that there may be a way to extract other secrets (like 2fa secrets)