Readit News logoReadit News
alxlaz commented on Arch shares its wiki strategy with Debian   lwn.net/SubscriberLink/10... · Posted by u/lemper
jsight · 4 months ago
This sounds exactly like what we used to say about Gentoo back in its early days.
alxlaz · 4 months ago
Yeah, the Arch wiki is the Gentoo wiki we lost. I was around for it and the Gentoo wiki was amazing, it was one of the best Linux resources all-around, it was tremendously useful even if you didn't use Gentoo.
alxlaz commented on EU startups fail because their press refuses to hype them up   twitter.com/RnaudBertrand... · Posted by u/ryzvonusef
alxlaz · 7 months ago
> [German engineers and tech workers a]re not the kind to release half-baked products and patch issues later

What the article doesn't point out is that this is deeply ingrained not just among companies but among customers, too, and it's one of the many culture shocks I've seen my colleagues who move between US and EU markets experience.

If a European customer (adjusting for geographical variation, Europe is pretty big and diverse) runs into some weird issue and they call tech support, there's a very good chance that you've already lost them. It doesn't matter if tech support was super helpful, remedied things right away, and the customer support experience was top notch. The perception is that if they had tech support to un-break it, someone not only cut corners, but didn't even cut them very well, and now they wasted their time, too.

This isn't "just a cultural thing", it's ingrained because of how customers themselves do business, too (which makes it especially difficult to deal with in a B2B setting). The whole chain of commercial relations and norms is structured in such a way that depending on a "move fast and break things" platform is a very, very bad idea.

This is one of the most frequent things I had to explain in review meetings, and it went both ways:

- People who moved from US to EU markets didn't understand why customers had nothing but good words to say about customer support and then didn't renew contracts citing quality issues

- People who moved from EU to US markets going nuts over product release timelines getting aggressively slashed not so much because the feature sheet was too thin but because they thought there was no way to get those features tested enough

alxlaz commented on KDE is finally getting a native virtual machine manager called “Karton”   neowin.net/news/kde-is-fi... · Posted by u/bundie
sph · 7 months ago
> Also, any integration attempts like making the icons a common asset rather than each application have their own, _fail_ and make things worse, with these integrations applications less often have working icons at all, and more often have mistakes like black icons against a black background making them invisible

One thing the GNOME community got right, despite the clamour and gnashing of teeth.

https://stopthemingmy.app/

Consistent cross-app theming support is a pipe dream from the 90s that has never worked, except in manicured screenshots to get karma points on /r/unixporn

alxlaz · 7 months ago
"Right" is a bit of a stretch. Manicured screenshots are a tiny subset of theming requirements. People went to great lengths to theme GTK because, for the longest time, Adwaita was truly atrocious, with poor contrast in inactive windows and retina-burning acid active colours.

KDE solved 99% of the theming requirements by just allowing color customisation and shipping with a default theme that doesn't suck too badly.

alxlaz commented on In a high-stress work environment, prioritize relationships   wqtz.bearblog.dev/high-st... · Posted by u/wqtz
mrsilencedogood · 7 months ago
Well of course it's more complicated. But these 2 broad strokes do resonate with me as a meaningful bucketing. There are some people I see DMs from and go "ooh" and some people I see DMs from and go "well there goes my morning hand-holding them through something they should already both know and have internalized".
alxlaz · 7 months ago
> some people I see DMs from and go "well there goes my morning hand-holding them through something they should already both know and have internalized".

Pre-emptively, I'm not saying anything below applies in your case :-).

A mismatch in the threshold of "they should already both know and have internalized" is where much of the friction in high-stress organisations comes from.

I see a lot of people expecting, as the parent post put it, "a clear set of steps that can be burned down [to get to a good result]", but entirely oblivious to the fact that the people they expect it from:

1. Don't have the organisational authority to organise it -- they can do "their part" but they can't tell people on whose work they depend what to do.

2. Don't have access to the same task-specific information as the person who expects it of them, and don't know who to ask because teams are heavily compartmentalised and/or hierarchical.

3. Don't have access to the same kind of organisational information as the person who expects it of them.

Much like responsibility, deflecting blame comes from above. In my experience, what the parent poster says is true: people who are bad at what they do and try to make it someone else's problem is probably the most common source of stress. But it is also my experience that the middle leadership layers of companies where this is a chronic problem is almost entirely populated by managers who try to make everything other people's problem, and whose teams end up having to deflect everything by proxy whether they want it or not.

I think this is part of the nuance that's lacking in the parent post. It's very hard for someone to work significantly above their organisation's level.

alxlaz commented on DOGE engineer's credentials found in past public leaks from info-stealer malware   arstechnica.com/security/... · Posted by u/lysp
trollbridge · 7 months ago
"Hope"? Generate random text, repeatedly type it in with AutoHotKey on honeypot machine, whatever rootkits are on there get garbled, useless data.
alxlaz · 7 months ago
These aren't local credentials, these are credentials from various third-party websites that made their way into stealer logs. Garbled or not, using your personal email address for both legitimate purposes (e.g. Google Calendar, as the article points out) and honeypots isn't the best idea.
alxlaz commented on DOGE engineer's credentials found in past public leaks from info-stealer malware   arstechnica.com/security/... · Posted by u/lysp
lostmsu · 7 months ago
No it does not. What sites appeared in the "stealer logs" with his email?
alxlaz · 7 months ago
Ah, I thought you meant what sites list the stolen credentials. The exact overlap of websites across four separate stealer logs is enough to leak an email address pretty reliably. The only thing that's "telling" for is that they're not willing to dox this person.
alxlaz commented on DOGE engineer's credentials found in past public leaks from info-stealer malware   arstechnica.com/security/... · Posted by u/lysp
lostmsu · 7 months ago
Them not naming the sites is pretty telling.
alxlaz · 7 months ago
They're linking to the original source of the news, which literally names "the sites".
alxlaz commented on DOGE engineer's credentials found in past public leaks from info-stealer malware   arstechnica.com/security/... · Posted by u/lysp
trollbridge · 7 months ago
If I did highly secure work (which I don’t), I’d set up a few honeypot machines and input my “secure credentials” (with a bogus password) into that repeatedly.
alxlaz · 7 months ago
Yeah, inputing "secure credentials" traceable directly to you with what you'd hope is a bogus password is a very bad idea, especially if you're doing highly secure work.
alxlaz commented on DOGE engineer's credentials found in past public leaks from info-stealer malware   arstechnica.com/security/... · Posted by u/lysp
buckle8017 · 7 months ago
Many website still store plaintext passwords.

Indeed the ones getting hacked are more likely to.

alxlaz · 7 months ago
From the linked article:

> user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware.

So this isn't from website dumps with plaintext passwords.

alxlaz commented on DOGE engineer's credentials found in past public leaks from info-stealer malware   arstechnica.com/security/... · Posted by u/lysp
whacko_quacko · 7 months ago
I don't see any evidence that this should be the case. My email appears in dumps on haveibeenpwnd too, because of database dumps. How is that evidence that there's a key logger on my system?

Actually critisizing DOGE for their major gaffes (like putting up easily defaceable websites, or their incompetence when it comes to reading numbers accurately) is important, but this kind of article is just sad and diminishes the credibility of news journalism

alxlaz · 7 months ago
> My email appears in dumps on haveibeenpwnd too, because of database dumps. How is that evidence that there's a key logger on my system?

If your password is in the dumps, too, like this person's passwords, then yeah, you might want to look into it.

a

u/alxlaz

KarmaCake day4574October 19, 2017
About
Zeus: ...but who comes here in such haste? There must be something wrong: she is crying; some one has been ill-treating her. Why, it is Philosophy, in a sad way, calling out to me. Why are you crying, child? and what brings you here, away from the world? More misdeeds of the ignorant herd? a repetition of the Socrates and Anytus affair? is that it?

Philosophy: No, father, nothing of that kind. The common people have been most polite and respectful; they are my most devout admirers,--worshippers, I might almost say; not that they understand much of what I tell them. No; it was those--I don't know what to call them--but the people who pretend to be on such friendly terms with me, and are always using my name;--the wretches!

Zeus. Oh, it's the philosophers who have been misbehaving themselves?

Phi. No, no, father; they have been just as badly treated as I have.

Zeus. Then if it is neither the philosophers nor the common people, who is it that you complain of?

Phi. There are some people who are between the two: they are not philosophers, and yet they are not like the rest of mankind. They are got up to look like philosophers; they have the dress, the walk, the expression; they call me mistress, write philosopher after their names, and declare themselves my disciples and followers: but they are evil men, made up of folly and impudence and wickedness; a disgrace to my name. It was their misconduct that drove me away.

View Original