Show newer
Lou Katz boosted
*
JA Westenberg

For years, Affinity's users have been voting with their wallets, choosing perpetual licenses over Adobe's subscription-based suite. We were buying more than access to software; we were buying autonomy and the promise of ownership.

But now, with Canva's acquisition, it feels as though that promise is in jeopardy.

joanwestenberg.com/blog/are-we

0
Lou Katz boosted
lolgop

"One of the things that Trump is very good at doing is destroying rationality. If you talk about what's in it for Russia, a big part of the point is destroying truth."

Dig into Hunter's laptop, Barr's injustices, and how Trump's attacks on democracy thread together with
@emptywheel

patreon.com/posts/new-podcast-

0
Lou Katz boosted
*
Lauren Weinstein

Trump is now selling a $60 "God Bless the USA" Bible. It's a decent bet that he doesn't actually even know the opening line of "God Bless America."

1+
Lou Katz boosted
Tracy Rosenberg

Head of San Diego County civilian #sheriff #oversight board quits in frustration. "“I feel like I’m banging my head against the wall, and the county doesn’t seem to want to do anything to have true oversight.” sandiegouniontribune.com/news/

0
Lou Katz boosted
Oakland Privacy

Head of San Diego County civilian #sheriff #oversight board quits in frustration. "“I feel like I’m banging my head against the wall, and the county doesn’t seem to want to do anything to have true oversight.” sandiegouniontribune.com/news/

0
Lou Katz boosted
Tracy Rosenberg

NY Times expose by Kashmir Hill forces #GM to stop sending data on driving patterns, including brake and acceleration data collected by the car to #databrokers for sale to #insurance companies. nytimes.com/2024/03/22/technol

0
Lou Katz boosted
Oakland Privacy

NY Times expose by Kashmir Hill forces #GM to stop sending data on driving patterns, including brake and acceleration data collected by the car to #databrokers for sale to #insurance companies. nytimes.com/2024/03/22/technol

0
Lou Katz boosted
mistress ashten

whats a side channel attack?

well, there was once a man who owned 43 Domino restaurants. he could predictably tell you when the next classified government operation was going to take place, and aboutish where, based on the surge of scheduled pizza orders for government locations

0
Lou Katz boosted
Oakland Privacy

"Search interest in VPNs began disproportionately rising in Texas Thursday compared to the rest of the country — quadrupling in the hours following #Pornhub’s announcement" #Internet #Privacy cnn.com/2024/03/15/tech/vpn-se

0
Lou Katz boosted
Steve Bellovin

Clearly, electromagnetic pollution, especially from 5G phone signals, is activating the microchips in vaccines.
journa.host/@w7voa/11216383395

1+
Lou Katz boosted
The Progressive

Corporations collect consumers that the feds can then purchase without needing a warrant. #Terrorism #911
progressive.org/latest/the-loo

0
Lou Katz boosted
Tracy Rosenberg

BART police arrest and handcuff Black man for charging his phone in an outlet. My real question: when will #BART put charging stations in platforms or stations? sfstandard.com/2024/03/22/bart

0
Lou Katz boosted
#TuckFrump

'Speaks volumes': Legal experts directly accuse SCOTUS of favoring Trump over rule of law rawstory.com/scotus-trump-immu

0
Lou Katz boosted
Cyrus Farivar 🔥📰🖖🏽🚴🏼🏕️

Oooof, what a kicker by @ChaseWithorn.

"[Truth Social] lost $40 million over the past four quarters while generating a paltry $4.6 million in revenue—less than half that of an average Cheesecake Factory restaurant."

forbes.com/sites/chasewithorn/

1+
Lou Katz boosted
T. Austin Brown

Why would anyone have standing to sue the FDA for approving a drug? The drug manufacturers would have standing if there were a denial, but an approval doesn’t affect any third party right.
Can you sue the DMV because your neighbor passed their driving test? Can your neighbor sue the DMV because you passed your driving test? No. Of course not. That 3rd parties lack standing to sue over the grant of a license should be axiomatic. #law #scotus

0
Lou Katz boosted
*
Zimmie

@shortridge While working tech support, I got a call on a Monday. Some VPNs which had been working on Friday were no longer working. After a little digging, we found the negotiation was failing due to a certificate validation failure.

The certificate validation was failing because the system couldn’t check the certificate revocation list (CRL).

The system couldn’t check the CRL because it was too big. The software doing the validation only allocated 512kB to store the CRL, and it was bigger than that. This is from a private certificate authority, though, and 512kB is a *LOT* of revoked certificates. Shouldn’t be possible for this environment to hit within a human lifespan.

Turns out the CRL was nearly a megabyte! What gives? We check the certificate authority, and it’s revoking and reissuing every single certificate it has signed once per second.

The revocations say all the certificates (including the certificate authority’s) are expired. We check the expiration date of the certificate authority, and it’s set to some time in 1910. What? It was around here I started to suspect what had happened.

The certificate authority isn’t valid before some time in 2037. It was waking up every second, seeing the current date was after the expiration date and reissuing everything. But time is linear, so it doesn’t make sense to reissue an expired certificate with an earlier not-valid-before date, so it reissued all the certs with the same dates and went to sleep. One second later, it woke up and did the whole process over again. But why the clearly invalid dates on the CA?

The CA operation log was packed with revocations and reissues, but I eventually found the reissues which changed the validity dates of the CA’s certificate. Sure enough, it reissued itself in 2037 and the expiration date was set to 2037 plus ten years, which fell victim to the 2038 limitation. But it’s not 2037, so why did the system think it was?

The OS running the CA was set to sync with NTP every 120 seconds, and it used a really bad NTP client which blindly set the time to whatever the NTP server gave it. No sanity checking, no drifting. Just get the time, set the time. OS logs showed most of the time, the clock adjustment was a fraction of a second. Then some time on Saturday, there was an adjustment of tens of thousands of seconds forward. The next adjustment was hundreds of thousands of seconds forward. Tens of millions of seconds forward. Eventually it hit billions of seconds backwards, taking the system clock back to 1904 or so. The NTP server was racing forward through the 32-bit timestamp space.

At some point, the NTP server handed out a date in 2037 which was after the CA’s expiration. It reissued itself as I described above, and a date math bug resulted in a cert which expired before it was valid. So now we have an explanation for the CRL being so huge. On to the NTP server!

Turns out they had an NTP “appliance” with a radio clock (i.e, a CDMA radio, GPS receiver, etc.). Whoever built it had done so in a really questionable way. It seems it had a faulty internal clock which was very fast. If it lost upstream time for a while, then reacquired it after the internal clock had accumulated a whole extra second, the server didn’t let itself step backwards or extend the duration of a second. The math it used to correct its internal clock somehow resulted in dramatically shortening the duration of a second until it wrapped in 2038 and eventually ended up at the correct time.

Ultimately found three issues:
• An OS with an overly-simplistic NTP client
• A certificate authority with a bad date math system
• An NTP server with design issues and bad hardware

Edit: The popularity of this story has me thinking about it some more.

The 2038 problem happens because when the first bit of a 32-bit value is 1 and you use it as a signed integer, it’s interpreted as a negative number in 2’s complement representation. But C has no protection from treating the same value as signed in some contexts and unsigned in others. If you start with a signed 32-bit integer with the value -1, it is represented in memory as 0xFFFFFFFF. If you then use it as an unsigned integer, it becomes the value 4,294,967,296.

I bet the NTP box subtracted the internal clock’s seconds from the radio clock’s seconds as signed integers (getting -1 seconds), then treated it as an unsigned integer when figuring out how to adjust the tick rate. It suddenly thought the clock was four billion seconds behind, so it really has to sprint forward to catch up!

In my experience, the most baffling behavior is almost always caused by very small mistakes. This small mistake would explain the behavior.

1
Lou Katz boosted
James Gleick

Who will hold Trump accountable?

“… outrageous that the former president would get this unexplained courtesy after years of willfully defrauding the public.… If there seems to be a different set of rules for Trump, under which there is always a reason to look the other way or give him a second chance, that’s because for all intents and purposes, there is."

Always read Jamelle Bouie [gift link] nytimes.com/2024/03/26/opinion

1+
Lou Katz boosted
Gwen Snyder is uncivil

It's great to know that if you don't have bond money you can just request a different, smaller amount and pay that instead, I'm sure that is what happens for normal people all the time

0
Lou Katz boosted
Scalzi

Today was the first day that I have encountered this painting by Wayne Thiebaud, and I have to say that it makes me deeply uncomfortable

1+
Lou Katz boosted
Max Kennerly

I don't object to the result per se, it's still a sizeable bond and his corporate finances are monitored, but it's bad for the rule of law that (a) they gave no explanation and (b) Trump's briefs scrupulously avoided saying he didn't have the collateral for the bond. So why did he get the reduction? axios.com/2024/03/25/trump-bon

0
Show older

TheCorneredRat

1

TCR

1
EntropyService

For known friends and family

Resources

Developers

What is Mastodon?

entropyservice.com

More…

v3.5.3 · Privacy policy