GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    abadidea (0xabad1dea@infosec.exchange)'s status on Monday, 25-Nov-2024 22:08:20 JST abadidea abadidea

    Good news: The Dell firmware update utility definitely checks whether update executables are signed.

    Bad news: Dell is posting unsigned update executables to their website labeled “critical” which then fail to install due to the good news

    In conversation about 2 months ago from infosec.exchange permalink
    • Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Rich Felker (dalias@hachyderm.io)'s status on Thursday, 28-Nov-2024 13:00:42 JST Rich Felker Rich Felker
      in reply to
      • Phil

      @0xabad1dea @phil Telemetry is not needed here at all. The failure would be detected if they even tested the update on a single machine they owned. No need to look at machines they don't own.

      In conversation about 2 months ago permalink
    • Embed this notice
      abadidea (0xabad1dea@infosec.exchange)'s status on Thursday, 28-Nov-2024 13:00:43 JST abadidea abadidea
      in reply to
      • Phil

      @phil 100%, there should always be a chance to say no to telemetry but even if only a fraction of users consent, the 100% failure rate among reporters should be quickly raising a huge red flag somewhere

      In conversation about 2 months ago permalink
    • Embed this notice
      abadidea (0xabad1dea@infosec.exchange)'s status on Thursday, 28-Nov-2024 13:00:45 JST abadidea abadidea
      in reply to

      This firmware update has been periodically failing since I got this laptop from work several weeks ago, and only today did I put in the effort to track down where it was hiding the logs with the real reason. This suggests that not only do they have a process issue that meant an unsigned update got posted, but they have no ability to detect that there’s a 100% failure rate to install after downloading it

      In conversation about 2 months ago permalink
    • Embed this notice
      Phil (phil@social.kern.pm)'s status on Thursday, 28-Nov-2024 13:00:45 JST Phil Phil
      in reply to

      @0xabad1dea People keep being upset about "telemetry". But that's the kind of telemetry that you'd want as someone pushing software to people.

      In conversation about 2 months ago permalink
    • Embed this notice
      Rich Felker (dalias@hachyderm.io)'s status on Thursday, 28-Nov-2024 14:43:26 JST Rich Felker Rich Felker
      in reply to
      • Phil

      @0xabad1dea @phil "Telemetry" is *always* outsourcing your testing expenses onto your users/customers.

      In conversation about 2 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.