Readit NewsUsed to be every VPS refresh cycle you'd get more server for less money. This is miserable
The To: header _is_ part of the signed material so will list the original recipient not the victim — but the attacker sets the recipient name/address to something misleading like “Order Received” to obscure this, and sets the store name to some long text that will be misleading when templated into the PayPal invoice request mail text.
PayPal have long had a problem with failing to make untrusted supplied text clear in their communications, but this is an unusually convincing attack.
I don't know why they always use (compromised?) onmicrosoft subdomains in particular. In the samples I've seen they're getting an SPF softfail so it doesn't seem MS's relays are passing SPF for paypal (sendgrid's might...)
- is allowed to set cookies scoped to *.github.com, interfering with cookie mechanisms on the parent domain and its other subdomains, potentially resulting in session fixation attacks
- will receive cookies scoped to *.github.com. In IE, cookies set from a site with address "github.com" will by default be scoped to *.github.com, resulting in session-stealing attacks. (Which is why it's traditionally a good idea to prefer keeping 'www.' as the canonical address from which apps run, if there might be any other subdomains at any point.)
So if you've any chance of giving an attacker scripting access into that origin, best it not be a subdomain of anything you care about.
But a thin layer over MSI is actually what you want; the commercial tools that preceded WiX and tried to abstract away what Windows Installer was actually doing were much worse. Because Windows Installer is such a mess of counterintuitive design and bugs that you are going to need to debug it.
WiX is to be saluted for greatly reducing the level of misery involved in making installers for Windows. But the level of misery is still very high indeed.
It was a massive headache for me. One fine day my laptop ran into the common Windows issue of 100% disk utilization. I tried all the common fixes to no avail, and at some point I remembered my disk had some funky new tech called Optane. I disabled Optane through its software and was able to directly access the underlying HDD. I checked the fragmentation level for the HDD, lo and behold it was fragmented to oblivion.
Turns out because Windows treats Optane disks as SSDs even though I actually had an underlying HDD, my HDD was simply not defragmented by the OS. After a few rounds of installing and uninstalling large games, the HDD was in an unusable state with regards to fragmentation.
I did a short write-up PSA on r/Windows10, and apparently the issue was widespread enough that my post helped about 10 people in the comments. Thinking back, this whole series of events is partially the reason why I moved from being a non-technical person to a (somewhat) technical one. Good times.
Absolutely horrible product. And not even cheap before having to turf it out in favour of a proper SSD.
Why?
I mean, I kinda get this on `body`. But I've never understood why people do this on block level elements like paragraphs and headers where default behavior should definitely be margins.
Closest I've ever come to a rationale is so that you'll see the unset margins and intentionally specify them into whatever design systems you're using. But even that doesn't really make sense: if you've got an off-the-shelf design system, it will do that job, you don't need your reset to do it. If you've got the time/inclination to DIY, you are almost certainly the kind of person who will pay attention to this. And if you're neither of those, your reset should do something sane by default.
Resets should be about standardizing sane cross-browser defaults for quasi-naked HTML. This kind of behavior goes beyond that into nuking sane behavior for naked HTML. Why?
It's typically easier to work out a layout if you use padding in preference so you don't have to worry about them, but first you have to reset the margins the browser gives you.
The proper way to enumerate the Windows Installer database should be MsiEnumProductsEx. Except. If someone has monkeyed with a product key name in the registry such that it's longer than normal(...), MsiEnumProductsEx spits ERROR_MORE_DATA for that product and all subsequent dwIndex values (so if you're waiting for ERROR_NO_MORE_ITEMS you'll have a fun hang).
(...which sounds like it shouldn't happen, but it turns out there are a bunch of users following forum post advice to hide a product by renaming it with a _Disabled suffix. oh dear)
So in reality you'll probably have to access the undocumented registry backend for the Windows Installer database, in HKLM\Software\Classes\Installer\Products, converting the weird backwards-struct form of the UUID in each key name to the real ProductCode.
Of course not all software uses MSI packages or can be found in the Windows Installer database. You can indeed go to the Add/Remove Programs database in HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstaller, except that the data there is super low quality. You'll have bogus products missing name and/or version, nonsense entries for things no longer present, inconsistently named products between versions, and products with different names on different locales. Which makes it quite difficult to do anything with this data.
There isn't really a single source of truth for "what products are installed" under Windows and all options for reporting what's installed are pretty bad.
I would be willing to help make this happen, but I do not know much about the PDF format.
I use the method with `canvas.clipPath(path, stroke=False, fill=True)` on a path I've parsed manually from SVG then `canvas.linearGradient`.
Cmder; _clink update_ ... file locked forced to wait for Windows to release it and continue working.
git pull; file locked forced to wait for Windows to release it and continue working.
git checkout; file locked forced to wait for Windows to release it and continue working.
Run an application that iterates through files, sit and wait for anti-virus to scan those files before the application / script can even touch them adding seconds or minutes to the task.
Windows can easily add 10-30 minutes of wait time after a cold boot. This is from running anti-virus, telemetry service, auto updates, ... .NET optimization service.
Windows removed the whole root user concept too. "Sorry Dave, you cannot modify that permission to remove the temporary file / change the registry value."
Microsoft even forces their bloat-ware into the IoT / embedded OS and has started to remove the ability to create a local account vs a forced Microsoft account. Windows 7 Embedded allowed full customization with removing any bloat / unused feature.
And the whole edifice of “you need to reboot to update anything” is a knock-on effect of the file locking/sharing model, leading to the misery of “we forced a reboot and lost your work again, sucks to be you”.