Posts by isotopp@infosec.exchange
(DIR) Post #AxM7FMjleqVaZn5moS by isotopp@infosec.exchange
2025-08-20T07:08:48Z
0 likes, 3 repeats
(DIR) Post #Axdc9es1j5UvLP25Nw by isotopp@infosec.exchange
2025-08-28T12:23:45Z
0 likes, 1 repeats
"Workloads sind nur so lange I/O-Bound bis Du genug RAM nachgesteckt hast." -- Köhntopp's Gesetz."Workloads are only I/O-bound until you have added enough RAM." -- Köhntopp's Law.
(DIR) Post #AzlR7UpbftO7m80p3w by isotopp@infosec.exchange
2025-10-31T06:52:58Z
0 likes, 0 repeats
Today is 31 October 2025.Twenty years ago today, on 31 October 2005, https://en.wikipedia.org/wiki/Mark_Russinovich published a detailed description and technical analysis of First 4 Internet’s (F4I) XCP software, which he discovered had been secretly installed on his computer by a Sony BMG music CD.The software was part of the CD’s digital component and automatically installed itself on Windows computers when the disc was inserted into a CD-ROM drive. A similar component for MacOS was blocked from automatic installation with Operating System confirmation prompts. The driver interfered with any attempt to rip audio CDs on that system and actively concealed itself to prevent detection or removal.Russinovich compared XCP to a rootkit because of its covert installation and use of stealth techniques to hide its presence. He pointed out that the EULA made no mention of the software and argued that its behavior was illegitimate.The security firm F-Secure agreed, stating: "Although the software isn't directly malicious, the rootkit hiding techniques it uses are exactly the same as those used by malicious software." Following public backlash, Symantec and other antivirus vendors added detection and removal for the rootkit, and Microsoft announced that it would include protection against it in its security updates.XCP operated with high system privileges and contained numerous exploitable vulnerabilities, creating a serious security risk. That risk quickly became real: within weeks, several trojans and worms appeared that exploited flaws in the XCP software.As the result of government investigations and class-action lawsuits, Sony BMG partially addressed the scandal with consumer settlements and a recall that affected about 10% of the affected CDs. It ceased the copy-protection efforts in 2007.The Sony rootkit scandal only affected users that bought legitimate copies of music. Everybody who used Napster or Donkey to grab the MP3 was of course unaffected.Sony has never apologized to its customers.Timeline, in German:https://netzpolitik.org/2005/rookit-sonys-digitaler-hausfriedensbruch/Sony also produced, only one year later, thehttps://www.engadget.com/2006-01-05-sony-vaio-xl2-digital-living-system.htmlLike the XL1, the XL2 sports an HDMI video out, operation via wireless keyboard and remote, and an optional 200 CD/DVD changer for library management. Running Windows MCE 2005, the XL2 is harboring Intel Viiv insideSony also turned off the DRM-Servers for the Conect-Online Musicshop in March 2008, again fucking over all customers that paid for their content.https://www.golem.de/0804/59229.htmlIn an interview 2012, Sony Music boss Edgar Berger saidhttps://www.welt.de/wirtschaft/webwelt/article13881492/Musikindustrie-Das-Internet-muss-frei-sein-nicht-umsonst.htmlDas Internet ist für die Musikindustrie ein großer Glücksfall, oder besser gesagt: Das Internet ist für uns ein Segen. "The Internet for us is a boon."Whatever companies think, even today the only way to actually purchase content on the internet is to buy content without DRM, or buy content with removable DRM, downloiad and deDRM it immediately.Have a media library. Make sure your stuff can use this media library. Back up your media library.
(DIR) Post #AzrtT9YFR9VFoQleLY by isotopp@infosec.exchange
2025-11-03T12:22:03Z
0 likes, 0 repeats
@shalien MacOS be like...
(DIR) Post #Azslk2sUtepvYxk7Xc by isotopp@infosec.exchange
2025-11-03T14:04:50Z
0 likes, 0 repeats
@burak @shalien Apple's filesystems, APFS and HFS+, are case-folding. H is mapped to h, and ß is mapped to ss.For some reason, trü is not mapped to true.
(DIR) Post #Azxb7gfL0ObVuwSSAa by isotopp@infosec.exchange
2025-11-06T06:16:28Z
0 likes, 0 repeats
@timbray It's not you. You can output brightness from a small area, almost a point source, or the same amount of light from a larger area.The former is blinding, the latter less so.https://www.nature.com/articles/s41598-023-30658-0https://pmc.ncbi.nlm.nih.gov/articles/PMC9508687Very modern cars have dynamic headlights. These are composite LED lights, so an array of point sources, that can be controlled by the cars' camera. The car will darken a segment in which it spots another light source, i.e. the headlights of an oncoming car.As a pedestrian, unlighted, you do not register, so it won't.Most cars do not yet have integrated systems, so registered obstacles from a cars lidar system will usually not (yet) be taken into account.
(DIR) Post #AzxbVky2fC5OD0gSSu by isotopp@infosec.exchange
2025-11-06T06:29:11Z
0 likes, 0 repeats
@tomjennings @timbray I have a Euro background, regulatory constraints here are a bit different, and somewhat more constrained. A lot of what is street legal on US and Canadian roads would not be here.But yes, a lot of the more modern tech (the things that are part of GSR2, https://www.rac.co.uk/drive/advice/road-safety/what-is-gsr2-important-eu-car-safety-features-explained/m and a few other things that come from an insurance and not a primary regulatory background) is forced on the market through regulation, and is basically too immature to reliably help drivers or innocent bystanders.
(DIR) Post #B05iK1nwqfZleCZdUu by isotopp@infosec.exchange
2025-11-09T14:25:28Z
0 likes, 0 repeats
@futurebird Warning! Unshielded cuteness ray source deteced!
(DIR) Post #B0MmgRGaiqdEjTCyDQ by isotopp@infosec.exchange
2025-11-18T09:51:39Z
1 likes, 1 repeats
@Saupreiss @kami_kadse
(DIR) Post #B0dNbdbBo4uf82ppcu by isotopp@infosec.exchange
2025-11-26T10:11:11Z
0 likes, 0 repeats
@futurebird Ray Bradbury did, https://en.wikipedia.org/wiki/The_Pedestrian
(DIR) Post #B2SLAyPgjbLs4mhqCW by isotopp@infosec.exchange
2026-01-19T21:00:26Z
1 likes, 0 repeats
@Ollivdb @harkank @caravantraveller Oracle hat im Dezember die letzten MySQL-Entwickler gefeuert.https://github.com/mysql/mysql-server/graphs/commit-activityDas ist als Projekt komplett tot. Letzte Woche gab es in den Räumen von Planetscale in SFO eine von Percona gesponsorte Krisenkonferenz zum Thema. Percona unterhält einen Slack-Server zum Thema. Im erweiterten FOSDOM-Umfeld wird es ein weiteres solches Treffen in Brüssel geben. Das Ziel ist die Schaffung einer Foundation für MySQL. Es ist unklar, ob Oracle eine solche Foundation unterstützen wird und wie.MariaDB ist ein Form von MySQL, der sich um 2010 herum gebildet hat und der seit 15 Jahren getrennt entwickelt wird. MariaDB ist in den Datenformaten auf Disk, im Protokoll, bei der Authentisierung und in der SQL Syntax nicht mehr mit MySQL kompatibel.Insbesondere kann MariaDB nicht zu MySQL replizieren oder anders rum, außer im total veralteten Single-Threaded Statement Based Replication Format, FALLS beide Server in der Anwendung sich dabei auf das SQL beschränken, das beide Server als Schnittmenge verstehen.Um MariaDB gab es eine Reihe von Verwirrungen, mit einer gescheiterten Kommerzialisierung (mit einem SPAC), Venture-Kapitalgebern, die die Reste vom SPAC gekauft haben, und anderen Geschichten.TL;DR: Verwende Postgres.
(DIR) Post #B3QQtciw62OCPWxcxM by isotopp@infosec.exchange
2026-02-17T17:54:38Z
0 likes, 0 repeats
RE: https://social.tchncs.de/@Lapizistik/116087161953914165I can pull mail addresses out of thin air.My mailer knows about local_part_suffix = +* : -* local_part_suffix_optionalso you can mail to kris@..., but also to kris+keks@... or kris-keks@...They will all go to the kris user account,and there will be X-local-part-suffix: keks set for any mail to kris-keks@....Of course, I don't want all of that in my inbox.:0* ^X-local-part-suffix:.*kris-\/[^@]+$MAILDIR/.special.`echo $MATCH | sed -e 's!([^)]*)!!g' -e 's![^a-zA-Z0-9_-]!_!g' | tr A-Z a-z`/The what:Anything that matches X-local-part-suffix: kris-something@... will be caught by that rule.We take something from the rule, lowercase it, and replace all characters that are not letters or numbers or _ or - with a _. We then push that into the folder INBOX/special/something or whatever that replacement produces.So mail to kris-keks@... goes to the folder INBOX/special/keks. If it doesn't exist we create it.
(DIR) Post #B3QQtdRFRHpocxh11c by isotopp@infosec.exchange
2026-02-17T17:57:32Z
0 likes, 0 repeats
I merge all that together again in a single unread smart mailbox.But the folder is indicated at the top right.So I have a github mail in a github folder – likely legit.Now, a bank mail that is in a supermarket folder – that's fishy. Without even opening it I know I can delete it.
(DIR) Post #B3QQteFERRoj7z4vw0 by isotopp@infosec.exchange
2026-02-17T17:59:49Z
1 likes, 0 repeats
Yeah, about that US immigration requirement."List all your mail addresses"How many lines does that form have?$ ls -ld Maildir/.special* | wc -l2369Because I have a spreadsheet for you.
(DIR) Post #B3QQtf2VUFETao8Hjs by isotopp@infosec.exchange
2026-02-17T18:03:10Z
0 likes, 0 repeats
I can do fun things with mail.# unerwünschte Werbung:0* ^X-local-part-suffix: kris-macheist{ EXITCODE=67 :0 i $BOUNCELOG/}What is that Six-Seven there?/usr/include/sysexits.h:#define EX_NOUSER 67 /* addressee unknown */It is a user-unknown bounce, and a local copy.
(DIR) Post #B3QQtfpmX2eE3dBdXk by isotopp@infosec.exchange
2026-02-17T18:08:31Z
0 likes, 0 repeats
"The mail you are sending your request from, kris@koehntopp.de, is not the mail that is registered for your account, kris-ourcompanyname@koehntopp.de""That is correct. The mail you are sending your answer from, do-not-reply@ourcompanyname.com, is also not the mail address you want me to send my shit to, support@ourcompanyname.com, so what exactly is the problem?"
(DIR) Post #B3QQtmE6lVfhsoc9IG by isotopp@infosec.exchange
2026-02-17T18:18:23Z
0 likes, 0 repeats
So it's kris-anything@koehntopp.de?Sweet summer child.$ cat transform.pl#! /usr/bin/perl -wmy $srcdomain = qw ( koehntopp.de );my @domains = qw( koehntopp.info .... );...and$ cat virtusertable.in...kris@koehntopp.de krisk.koehntopp@koehntopp.de kriskristian.koehntopp@... kris...and$ cat virtusertablekris@koehntopp.de kriskris@koehntopp.info kris...k.koehntopp@koehntopp.de krisk.koehntopp@koehntopp.info kris...So that spreadsheet for US immigration. How many rows can it have?
(DIR) Post #B3RjTKjiRXXHNjSl1s by isotopp@infosec.exchange
2026-02-18T12:55:59Z
0 likes, 0 repeats
@futurebird @Affekt That is mostly because the prompters are lazy and do not ask for interesting effects. Having a virtual camera that can create any kind of image in any kind of style does make you a creative genius with image composition sklls.It is fairly easy to get an image that shows similar play with light in undergrowth from a model with good prompt adherence such as Bytedance Seedream V4.5 or similar. IF you have the idea to go and ask for it.
(DIR) Post #B3eQpMzXMnNofm8WG0 by isotopp@infosec.exchange
2026-02-24T15:40:04Z
0 likes, 1 repeats
If you beat up the firefox team long enough you actually get the required controls.
(DIR) Post #B451ua137NPCvf9Jrs by isotopp@infosec.exchange
2025-11-26T10:08:15Z
0 likes, 1 repeats
@konrad Es ist [Text](url).Der Text ist ein Schild für Menschen.Die URL ist der Tunnel nach draußen, ein Link. Oder rund wie eine Weltkugel, das Internet Icon.Und es ist Schild vor Tunnel, weil der Mensch kommt immer zuerst.![]() für Bilder genauso.