The bug, according to Kokorin, only works when sending the email to Outlook accounts.
Sounds like it’s something client side or specific to Microsoft’s o365/outlook.com servers. Could be the exploit bypasses header verdicts for SPF/dkim/dmarc
The bug, according to Kokorin, only works when sending the email to Outlook accounts.
Sounds like it’s something client side or specific to Microsoft’s o365/outlook.com servers. Could be the exploit bypasses header verdicts for SPF/dkim/dmarc
The original meme is the soldier protecting the kid from the knives - https://i.imgflip.com/2tzo2k.jpg?a477336
This version is implying that the soldier caption is doing nothing to protect the kid caption
It says in the article that this won’t apply to org member accounts yet, but I wonder how it’ll work eventually. Member accounts created via account factory don’t even have a password, so you have to go through email account recovery to set one and then set up MFA. If this only applies to root users with passwords, that’s fine, otherwise I hope account factory will get a way to set up PW/MFA on a generated root user.
I use my deck for ffxiv a lot, so I bound dpad buttons to the back buttons. In any game, if you try to move and use something on the dpad at the same time, it’s pretty rough. A claw grip is the typical way to handle this (Monster Hunter fans probably are familiar with this). This binding allows me to move and use dpad skills without hand cramping.
There’s good controller support in the game itself, and the add-on ConsolePort makes it more like FFXIV (a model all controller MMOs should take after). The movement scheme being forced backpedal is less great for controller use, but that can be overcome with muscle memory.
Excessively buckled boots are depicted with heelys (skate wheel embedded in the heel). The they/them refers to the fact that only enbies (nonbinary people) would wear them and thus have too much power
Hell yeah, I’ll be cool again when that gen grows up
I assume it’s supposed to be menopause
Given the Steam Link still gets updates, I wouldn’t worry about the Deck for at least a console generation’s lifetime
Chiaki4deck is PS Remote Play for Linux. It’s pretty nifty
All I own are ds5s and they work great. The only PC game I’ve played that would have haptic vibrations is FFXIV and I think it works? It’s been a while since I’ve tested it
Edit: it does not, but I recall it working on my Linux desktop out of the box. Might be a game mode limitation or I need to adjust a setting
I have been addicted to making ramen eggs (ajitama) for lunches lately. I eat one or two eggs over rice with some furikake or toasted seaweed and that’s all I need to power through the day. You could pair the dish with more veggies or a miso soup if you’re feeling fancy. The nice part is making half a dozen eggs squares me away for the week, so I hardly have to think about what to do.
Another dish I like is Korean steamed eggs (gyeranjjim). It takes not even 10 mins to cook on the stove. Making rice takes longer, and you can make a lot of rice to reheat later in the week. I would cook the eggs fresh each day though , I’m not sure how reheating them would go. The broth that goes with the eggs keeps me fuller than I ever expect.
Baba ghanoush is so tasty when you make it yourself. This requires more effort up front to roast the eggplant, but the dip is good all week. I eat it with carrots, cucumber, cauliflower, and some pita chips.
Regular tuna salad or this chickpea “tuna” salad is always easy to whip up. I always have celery, pickles, and bread on hand so if I’m feeling up for it, I crack open a can of tuna or chickpeas for an easy lunch.
Seconding this one after a friend recommended it to me. I have two and they are nice and portable. They even work as a standalone adapter for USB devices without the need to power
Actually a great idea, considering how expensive rims and wheels can be
I saw Windows subsystem and panicked thinking it was the Linux version. Did not know an Android variant existed, that’s a bummer
It’s unlikely but if she wants Japanese riichi mahjong and not solitaire style, Kemono Mahjong is a really solid app. No ads or micro transactions (the only in app purchase is to optionally support the dev for $1/month), full feature, minimal to no tracking (email address for online game purposes). It’s not open source or free but it’s only $3 one time purchase.
I don’t have any suggestions for solitaire/tile matching mahjong, unfortunately. Microsoft’s app is not malware but will be datamine galore. It also has ads unless you pay per month. Anything else, id be leery of the security of the app and your data.
If you’re not getting anti caking agents in shredded cheese, then what do you expect the pre-shredded cheese to do?
Might as well get a block and shred it yourself.
I want to clarify something that you hinted at in your post but I’ve seen in other posts too. This isn’t a cloud failure or remotely related to it, but a facet of a company’s security software suite causing crippling issues.
I apologize ahead of time, when I started typing this I didn’t think it would be this long. This is pretty important to me and I feel like this can help clarify a lot of misinformation about how IT and software works in an enterprise.
Crowdstrike is an EDR, or Endpoint Detection and Response software. Basically a fancy antivirus that isn’t file signature based but action monitoring based. Like all AVs, it receives regular definition updates around once an hour to anticipate possible threat actors using zero-day exploits. This is the part that failed, the hourly update channel pushed a bad update. Some computers escaped unscathed because they checked in either right before the bad update was pushed or right after it was pulled.
Another facet of AVs is how they work depends on monitoring every part of a computer. This requires specific drivers to integrate into the core OS, which were updated to accompany the definition update. Anything that integrates that closely can cause issues if it isn’t made right.
Before this incident, Crowdstrike was regarded as the best in its class of EDR software. This isn’t something companies would swap to willy nilly just because they feel like it. The scale of implementing a new security software for all systems in an org is a huge undertaking, one that I’ve been a part of several times. It sucks to not only rip out the old software but also integrate the new software and make sure it doesn’t mess up other parts of the server. Basically companies wouldn’t use CS unless they are too lazy to change away, or they think it’s really that good.
EDR software plays a huge role in securing a company’s systems. Companies need this tech for security but also because they risk failing critical audits or can’t qualify for cybersecurity insurance. Any similar software could have issues - Cylance, Palo Alto Cortex XDR, Trend Micro are all very strong players in the field too and are just as prone to having issues.
And it’s not just the EDR software that could cause issues, but lots of other tech. Anything that does regular definition or software updating can’t or shouldn’t be monitored because of the frequency or urgency of each update would be impractical to filter by an enterprise. Firewalls come to mind, but there could be a lot of systems at risk of failing due to a bad update. Of course, it should fall on the enterprise to provide the manpower to do this, but this is highly unlikely when most IT teams are already skeleton crews and subject to heavy budget cuts.
So with all that, you might ask “how is this mitigated?” It’s a very good question. The most obvious solution “don’t use one software on all systems” is more complicated and expensive than you think. Imagine bug testing your software for two separate web servers - one uses Crowdstrike, Tenable, Apache, Python, and Node.js, and the other uses TrendMicro, Qualys, nginx, PHP, and Rust. The amount of time wasted on replicating behavior would be astronomical, not to mention unlikely to have feature parity. At what point do you define the line of “having redundant tech stacks” to be too burdensome? That’s the risk a lot of companies take on when choosing a vendor.
On a more relatable scale, imagine you work at a company and desktop email clients are the most important part of your job. One half of the team uses Microsoft Office and the other half uses Mozilla Thunderbird. Neither software has feature parity with the other, and one will naturally be superior over the other. But because the org is afraid of everyone getting locked out of emails, you happen to be using “the bad” software. Not a very good experience for your team, even if it is overall more reliable.
A better solution is improved BCDR (business continuity disaster recovery) processes, most notably backup and restore testing. For my personal role in this incident, I only have a handful of servers affected by this crisis for which I am very grateful. I was able to recover 6 out of 7 affected servers, but the last is proving to be a little trickier. The best solution would be to restore this server to a former state and continue on, but in my haste to set up the env, I neglected to configure snapshotting and other backup processes. It won’t be the end of the world to recreate this server, but this could be even worse if this server had any critical software on it. I do plan on using this event to review all systems I have a hand in to assess redundancy in each facet - cloud, region, network, instance, and software level.
Laptops are trickier to fix because of how distributed they are by nature. However, they can still be improved by having regular backups taken of a user’s files and testing that Bitlocker is properly configured and curated.
All that said, I’m far from an expert on this, just an IT admin trying to do what I can with company resources. Here’s hoping Crowdstrike and other companies greatly improve their QA testing, and IT departments finally get the tooling approved to improve their backup and recovery strategies.