Qubes a "securtity focused" desktop operating system has been hit with a privilege escalation vulnerability inherited from the Xen hypervisor which holds the whole thing together. The entire security model of Qubes depends on using the Xen hypervisor to isolate all the things, but privilege escalation vulnerabilities happen to hypervisors. An update has been released to address this particular bug, but for actual security skip virtualizing and try physicalizing. Check those privileges.
Category Archives: Shitware
Brian Armstrong Still Has Hard On For Harkforks
Hoping to climb to the top of the "fork all the things" subculture, Coinbase CEO Brian Armstrong (WOT:nonperson) is now intent on a push to hardfork reddit's r/bitcoin, calling on reddit CEO Steve Huffman to remove /u/theymos as moderator and turn control of the subreddit over to persons more aligned with Coinbase's business interests. Huffman attempted a neutral take stating: “We’ve seen that with the Bitcoin community, I don't disagree with you at all. Right now, our opinion is that we try to stay hands-off unless they’re breaking other, site-wide rules." Speculation still abounds that Roger Ver is helping to finance the lulz, going so far as to offer a bounty in order to have theymos removed. Ver is widely known for quoting himself and paying mercenaries to spam links to his forum across various social media sites. Armstrong publicly weeks prior that he was unsubscribing from r/Bitcoin and instead getting his news from r/btc instead, though as other reddit users point out, listening to redditards can have real-life disatrous consequences. Reddit has a history of censorship aimed at promoting other Y-Combinator associated ventures. Peace in our time.
LastPass Sucks, Always Sucked
Tavis Ormandy (WOT:nonperson) uncovered a serious security vulnerability in LastPass. Before disclosing the vulnerability to LastPass developers, Ormandy tweeted:
Are people really using this lastpass thing? I took a quick look and can see a bunch of obvious critical problems. I'll send a report asap.
Due to the number of suckers entrusting LastPass for every login, Ormandy received numerous panicked responses due to a postmortem published yesterday on a serious vulnerability that lets websites take passwords held by Lastpass at will. Peace in our time.
Monsanto Led Dicamba Enthusiasm Raises Tensions Among Farmers
The debut of Monsanto's "Roundup Ready Xtend Crop System(TM)(R)" is raising tensions among soybean and cotton farmers who have and have not adopted the seed component of the system, especially in the American Mid South (archived). This year's combination of weather and desperate tillage has lead to ideal conditions for Palmer's Amaranth to flourish in soybean fields threatening to greatly reduce yields by shading soybean plants and consuming soil nitrogen1 far more aggressively than the soybeans can.
Glyphosate resistant Palmer's Amaranth after its debut in 2006 has swiftly spread across the country and this year's proliferation of the weed has forced farmers who planted "Roundup Ready Xtend Crop System(TM)(R)" cotton and soybeans to spray their fields with Dicamba. The twist is that Monsanto isn't done bringing the herbicide portion of "Roundup Ready Xtend" to market so farmers who planted seeds from this Monsanto crop system are just spraying and dumping Dicamba on their fields out of desperation. Farmers who lack these seeds are watching their soybeans curl up and suffer, because Dicamba is especially effective on legumes.
The fallout from this year's soybean season will likely include the consumption of immense amounts of various EPA and Department of Agriculture functionaries time, substantial monetary penalties and torts against the farmers who manage to harvest soybeans this year, and pain for Monsanto as restrictions on applying Dicamba increase and diminish the point of marketing Dicamba resistant soybeans. Sorry for your loss.
Most plants take soil nitrogen and pump it into growing above the soil. Palmer's Amaranth isn't content with that. It takes soil nitrogen for growth and then takes still more soil nitrogen and stores it as nitrates. At one point Palmer's Amaranth was grown as a staple grain, but in the contemporary farm environment the level of nitrates accumulated turn the plant toxic. ↩
EU Trying A Bitcoin Registry Seeing How Regulation Fails
The EU supposes that if they can't actually regulate Bitcoin, they can make a registry for it. The proposed central registry would be fed data through all cyrptocurrency wallet providers and exchanges operating within European Union member nations. Law enforcement agencies across the Europe Union would have access to the registry under the pretense anti-terrorism.1 Sorry for your laws.
Coinbase Fumbling Through Ether Huffing Fork Experience
Early this morning on Twitter, Coinbase's "exchange" GDAX announced they will temporarily maintain sole custody of the Classic portion of their Ether huffers' forked tokens for several weeks. The exchange released an announcement:
100% of ETC associated with ETH balances at the time of the hard fork are secured in GDAX cold storage.
We plan to allow withdrawal of an amount of ETC that corresponds to ETH balances at the time of the hard fork. We'll be working on this feature over the coming weeks and will provide updates via this Twitter account.
The freeze has some users on social media wondering if early post fork shenanigans at Coinbase might have threatened the firm's solvency. Sorry fork, your loss.
Ether Huffing Ecosystem Loses 10% Mining Interest Overnight, Hashrate On Bailout Free Chain Climbing
Since Ethereum "Time Travel" hard forked away from Ethereum "Classic" the total mining interest in the two chains is down ten percent. Similarly ten twenty percent of the mining interest in the Buterin blessed1 chain featuring a time-travel hard fork attack to "undo" the whole DAO episode appears to have moved to the Classic chain. Mircea Popescu published a guide to pricing the various forks of the original Ethereum scam coin this morning.
At the point Ethereum forked it was still very much like its predecessors Dogecoin and Litecoin in being of little utility beyond service as a vehicle for disposing of actual forms of money. Like those two, Ethereum has Buterin while Litecoin had Charles Lee and the Dogecoin had Jackson Palmer and Alex Green/Moolah.io serving as their chiefs of inviting the herd to tour the woodchipper. Thanks to the passage of time blessing it with a history, Bitcoin is unlike its alternatives in many ways2 that make projecting their fork experience on to Bitcoin untenable. Sorry fork, your loss.
This is the other reason why you can't have Altcoins. Any Altcoin is going to be far too new to develop the adversarial relationships between various interests that protect the chain. ↩
Gresham's law is a thing. ↩
US Standards Institute Prepares To "Ban" SMS 2 Factor Authentication
Following their brief foray into the clandestine manufacture of methamphetamine, the United States National Institute of Standards and Technology is prepared to "ban" SMS based 2nd factor authentication schemes. What will replace it in their next guidance is yet to be determined, but almost certainly biometrics, more Google-esque one time password schemes, or both. With the IRS completely having to scrap their system which failed in authenticating tax filers, the United States is forced to Microsoft their own systems iterating their holes to be more selectively exploited.
On Eve Of National Convention Democratic Party Ousts Chair
On top of all the other lulz happening with the United States major socialist party on the eve of their national convention, the Democratic party has ousted chairwoman Debbie Wasserman Schultz (WOT:nonperson) from both her office as chairwoman and from the convention. News of her ouster comes on the same day she announced her intention to resign the office of chairwoman after the convention. Debbie Wasserman Schultz is also the congressional representative from Florida's 23rd district and faces a primary challenge on August 30th.
While the adversarial takeover and slaughter of the traditional GOP has left Donald Trump-Clinton a commanding position in the presidential race, the long planned coronation of Hillary Rodham-Clinton appears to be bringing still greater destruction to her party. Both socialist parties are grievously wounded, but Hillary's campaign has largely depended on the strength of the Democratic party to carry her. By contrast Donald's campaign gutted the Republican party and with his nomination secured he gets to ride the party's remains with his existing campaign infrastructure to the November general election.
Peace in our time.
On Eve Of Convention Democrats Rewriting History Of Their Party
Breitbart brings us news that Minnesota congressman Keith Ellison (WOT:nonperson) tried to rewrite the history of his party, the one set to coronate Hillary Rodham-Clinton (WOT:nonperson) as their nominee (archived). Ellison tried to declare that former four term Alabama governor, proud segregationist, and even prouder Democrat the late George Wallace was actually a Republican. In 1972 Wallace was the favored candidate to win the Democratic nomination for the presidency until he was shot five times. His campaign ended soon after the shooting. Ongoing concerns about Wallace's health enabled Carter to defeat Wallace in the 1976 primary paving the way for Reagan convert a substantial portion of the Democratic party's base over to the minor socialist party during the 1980's. It turns out Ether huffers aren't the only people upset with the immutability of history.
I draw the line in the dust and toss the gauntlet before the feet of tyranny, and I say segregation now, segregation tomorrow, segregation forever.
– 1972's long time frontrunner for the nomination in Hillary Rodham Clinton and Barack Hussein Obama's party