don't mind me. if this works, I'm hoping to spread the love to others who want automatic backups to DW. this is using IFTTT's IF new rss feed THEN email dw posting feature.

A critical vulnerability (CVE-2015-5119) has been discovered in Adobe Flash Player. The vulnerability was leaked and added to popular exploit kits within hours.

-->UPDATE YOUR ASSES NOW<---

[ X-posted to Dreamwidth with comments | How to use OpenID ]

dear administrator who picks a random port and makes things impossible (AWPARPAMTI):

YOU SUCK, AWPARPAMTI, and let me tell you why. Sure the corporate network allows any old port to be accessed, but the dev network firewall rules are more restrictive, and I need to hit your server from my dev machine because I'm testing the source code it's taken you exactly five months to successfully migrate from CVS to your Perforce server. And here's the kicker:

WE'RE A LINUX SHOP NOT A WINDOWS SHOP. NOT EVERYTHING IN THIS WORLD IS WINDOWS. WAKE UP AND SMELL THE UNIX. I DON'T WANT TO SOURCE THIS TO MY STUPID DESKTOP, THUS CONVERTING ALL THE LINE ENDINGS TO WINDOWS, AND THEN UPLOAD IT & HAVE TO DOS2UNIX IT BACK AGAIN. THAT WOULD NOT BE A TRUE TEST OF YOUR FARKUCKT SOURCE REPOSITORY. ARE WE CLEAR? USE THE STANDARD PERFORCE PORT OR I WILL EAT THE SECRET STASH OF SKITTLES YOU KEEP IN THE SECOND DRAWER BENEATH YOUR VICTORIA'S SECRET CATALOG.

/letter

[ X-posted to Dreamwidth with comments | How to use OpenID ]

okay, so I know I was making fun yesterday about the POODLE attack email, but it is a serious vulnerability (CVE-2014-3566), for all that it only affects something like 0.42% of the top million domains*. It's still a vulnerability that can be exploited when you think you are doing secure transactions.

So, if you are using Firefox as a browser and don't want to wait for the next update (Firefox will be sending out a fix) then you can use this Mozilla recommended add-on which turns off SSL 3.0 by default. Just click on it and add it.

If you are using Chrome - they have said they have plans to update Chrome to disable SSL 3.0 in a few months or so. In the meantime they are publishing their server-side solution and hope servers will adopt it. Eh.

If you are using IE, modify the Advanced Security settings:

To change the default protocol version to be used for HTTPS requests, perform the following steps:

On the Internet Explorer Tools menu, click Internet Options.
In the Internet Options dialog box, click the Advanced tab.
In the Security category, uncheck Use SSL 3.0 and check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2 (if available).
Click OK.
Exit and restart Internet Explorer.


Please feel free to ask me for clarification on the implications of all this, but don't ask me for help with your browsers; there's google for that.

[ X-posted to Dreamwidth with comments | How to use OpenID ]

"the poodle attack will push back our release schedule"

of course by this they were referring to the Padding Oracle On Downgraded Legacy Encryption used against SSL 3.0, or "POODLE."

BUT STILL.

[ X-posted to Dreamwidth with comments | How to use OpenID ]

Adobe is spying on user ebook data and sending it up to their servers in cleartext.

This is serious. They are sending users’ reading history data in clear text to their servers.

"Hoffelderreported that Adobe Digital Editions appeared to be gathering information on his entire ebook library, not just the titles viewed through Adobe Digital Editions. In a follow-up communication with Adobe, which included the file Hoffelder posted to support this suspicion,” Adobe denied it. But ADE 4 scanned his freaking ereader, listed all the files and reading info, and uploaded that data to their servers, including epub files he had created himself. THE DATA IS UPLOADED IN CLEAR TEXT. If you read or create epub fanfiction, this might be cause for concern, as data about your reading habits is being collated and transmitted without your knowledge and could easily be hijacked by anyone, not just Adobe.

If you have installed Adobe Digital Editions 4, I highly recommend you uninstall it immediately. h/t to em_kellesvig for the heads up.

[ X-posted to Dreamwidth with comments | How to use OpenID ]

At the Hilton SF Union Square all week for a software developer conference; I have three major gripes so far:

NO bicycle parking in the Hilton garage.

Only 16.66% of the panelists are women.

OPERATIONALIZE is NOT a word, people!!!

[ X-posted to Dreamwidth with comments | How to use OpenID ]

So today, at long last, I succeeded in a task I set out to do on March 24th but which, due to the almost impenetrable SEP (Someone Else's Problem) fields surrounding IT at my company, took an egregiously long time for me to complete.

I'm so verklempt.
( Really boring tech stuff UCCollapse )

[ X-posted to Dreamwidth with comments | How to use OpenID ]

I was having the kind of week, seriously, where computers are my nemesis; yet people are my friends, they are gorgeous, they are helpful, because they have filled the intertubes with information which is accessible through the googleweb. Do you even realize how difficult it was, peeps, to debug problems with widely-used software before the googles? Oh, my. Yes, there was Usenet, there were mailing lists, and the constant scrolling thereof, and threaded threads of DOOM. But now there is the search and click. I solved at least three problems this week using other people's pain and suffering before me.
( Ridiculously esoteric computer batshit under the cut.Collapse )

[ X-posted to Dreamwidth with comments | How to use OpenID ]

If you get an email from a friend that says:

Hello,

Please review attached secured documents i uploaded through Google Docs Share Application for you, for additional security Log in with your email account to view it.


Delete the email and tell your friend that their email acct has been hacked. It's a phishing scam for your login info. My CPA got scammed with it recently.

This has been your McKay report.

[ X-posted to Dreamwidth with comments | How to use OpenID ]