Krzysztof Jurewicz is a user on capitalism.party. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Krzysztof Jurewicz @KrzysiekJ@capitalism.party

If you plan to test on a machine and retain the created pool after installing , then you may be surprised when you discover that by default creates pools that are not compatible with other systems: github.com/zfsonlinux/zfs/issu

The existence of strong BSD community here on Mastodon (and reading AST’s book about operating systems) has reminded me about good old days of using . One of the effects is writing and submitting a port of daemon/CLI: bugs.freebsd.org/bugzilla/show

Komisja Ligi w uzasadnieniu odebrania trzech punktów Górnikowi Zabrze powołuje się na… komentarze wypisywane przez kiboli Górnika na Facebooku.

img.ekstraklasa.org/files/81-1

W 3. numerze magazynu „Biały Kruk” ukaże się moje opowiadanie pt. „Polityk doskonały”. Tymczasem zachęcam do lektury wcześniejszych numerów, dostępnych na stronie magazyn.bialykruk.org .

27 Ⅱ. W meczu Legia-Jagiellonia Daniel Stefański niezgodnie z przepisami anuluje strzelonego gola (gra została już wznowiona).

4 Ⅲ. W meczu Legia-Lech Szymon Marciniak dyktuje karnego dla Legii za zagranie ręką, po czym w pomeczowych wywiadach podtrzymuje decyzję, jednocześnie właściwie przyznając, że zrobił to wbrew przepisom (brak celowości zagrania).

5 Ⅲ. Górnikowi Zabrze uznaniowo odjęto trzy punkty za… prowokowanie przez kibiców Górnika kibiców drużyny przeciwnej.

There should be a distinction made between applications (applications that can run in any web browser which supports certain ) and applications that are allowed to run only on some selected web browsers (with other browsers being possibly banned).

The latter include Web, , , Spreadsheets… Marketing them as “web applications” is inadequate, similar as would be marketing -based applications as “web applications”.

And the most widely used computer operating system in the world is.... cs.vu.nl/~ast/intel/ #MINIX

Nie wspominam o częstym grzechu stron rządowych, czyli wspierania tylko określonych przeglądarek działających na systemie operacyjnym Microsoft Windows. Do tego witryna zachęca do instalowania nieaktualnych wersyj Firefoksa:

„Uprzejmie informujemy, iż do odwołania nie będą dostępne usługi eBOK CANARD wykorzystujące certyfikat kwalifikowany w przeglądarce Mozilla Firefox od wersji 52.0.
Polecane wersje Mozilla Firefox 51.0.1 oraz Mozilla Firefox ESR 45.7, […]”.

Rządowa strona ebok.canard.gitd.gov.pl wyłudza hasła (nazywane „kodami PIN”) do certyfikatów kwalifikowanych użytkowników, prosząc o ich wpisanie w formularzu HTML, który po kliknięciu „Potwierdź” zostaje wysłany do serwera. To mniej więcej tak, jakby odbiorca elistu podpisanego przez PGP żądał podania passphrase („hafry”?) do klucza PGP.

The best bank heist movie is Vabank.

The Cuban myth. No, it's not an example of socialism working. No, it's not because of any embargo. Since Obama, you can even import Cuban cugars to the US now.

> The Castro regime dilapidated subsidies from the Soviet Union between 1960 and 1990 equivalent to five Marshall plans, and yet it failed to improve its economic growth or take advantage of these huge transfers to improve productivity. Between 1960 and 1990, Cuba received more than $65 billion from the Soviet Union, not to mention the money it received from other socialist countries.

> Cuba even benefited from a subsidy from the Venezuelan regime—which itself receives billions from China—that covered 70 percent of the country’s consumption. It also receives hundreds of millions from international organizations.

> Despite this, the Nationmaster ranking, which compares the average salary for countries around the world, ranks Cuba last (176th place) in the world, with an average salary of $25.05 per month in 2014.

https://theepochtimes.com/do-not-forget-cuba_2404666.html

extension by lowers privacy grade of websites which privacy practices have not been reviewed. Ironically, service they use for this purpose is named “Terms of Service Didn’t Read” and it itself does have lowered rating, apparently because of not being in its own database.

Even if they read some ToS, how do they know that they are being enforced?

Pisarz Jacek Piekara o pozwie, w wyniku którego ma zapłacić blisko pół miliona złotych, dowiedział się od komornika.

Tymczasem już w Ⅰ kwartale 2019 r. ma pojawić się usługa rejestrowanego doręczenia elektronicznego. Obywatel będzie mógł zdecydować, że korespondencję chce otrzymywać na adres elektroniczny zamiast na fizyczny, pozbywając się fikcji doręczeń (ale też możliwości nieodbierania korespondencji).

gov.pl/cyfryzacja/e-doreczenia

A Bulgarian MEP is in charge of an initiative called "I won't get hacked" promoted with the hashtags (and in Bulgarian) so far starts as a very promising cinge-fest kind of really like what we expected TBH.
First thing they do is launch cyberneat.e-gov.bg/ (yes over HTTP, yes **ONLY** HTTP), which gives you soem password tips like mixing cases, using special characters, using at least 10 characters etc. and then prompts you to check how strong your password is.

is a popular wallet, one of the recommended by bitcoin.org. An elementary and serious issue had been at first not treated seriously on IRC, then ignored for over a month on GitHub (currently over 200 watchers). Apparently Linus’s law is not always working.

github.com/spesmilo/electrum/i

According to the creators, browser is not susceptible to / :

“Pale Moon already set the granularity for the performance timers sufficiently course in Oct 2016 when it became clear that this could be used to perform hardware-timing based attacks and fingerprinting.

Pale Moon also, by design, doesn't allow buffer memory to be shared between threads in , so the »SharedArrayBuffer« attack is not possible.”

forum.palemoon.org/viewtopic.p

@rysiek @paco Exactly. By using bare metal you have eliminated an entire class of attacks.

There will be more bugs like this.

Security professionals know this and have known for a long time. Thus my claim it was a standard best practice, albeit one that has costs not everyone could justify.

That math has shifted now, more people will justify the expense. Not all, but more.

From IRC:

22:15 <@MoonchildPM|Away> KrzysiekJ: You may have to write an addendum to the article. They finally got back to me (potentially after having my post show up for them) and there is an extremely bad and fragile workaround possible to make SHA256 signing with their crypto hardware possible that I found out (no thanks to their terrible support and not something discoverable even for tech-minded devs).

Code signing of binaries on will come to an end because signing certificates are practically unavailable to individual developers. The only viable option (Certum, ) uses . Sadly, ignoring the fact that SHA1 has been broken seems to be common in Poland. The market of certificates seems to be highly regulated, yet still the regulation has not prevented this situation occuring.

forum.palemoon.org/viewtopic.p