Hacker News new | past | comments | ask | show | jobs | submit | rbanffy's comments login

Injecting code that creates misleading or malicious dashboard warnings is a supply chain attack, even if it’s the intent of the supplier and not a malicious third party interfering with the supply chain.

> misleading or malicious dashboard warnings

Who did that? WP Engine was the one making these before the change


Matt did when he posted his vitriolic rant to every WordPress install.

One of Matt's complaints was that WPE disabled revisions...which JetPack (owned by Automattic) suggests to do in order to improve performance. https://jetpack.com/blog/wordpress-revisions/

I ran servers for an agency with ~1200 WordPress installs on Azure VMs, and I disabled revisions on every one of the sites. How is that different? Did I fiddle too much, despite it being in official documentation on how to do so? Even despite it being actually recommended by Automattic itself for performance improvements? Many of his complaints don't add up. The copyright and WP confusion, I get...but the rest is largely non-sense. Even his Stripe/Woocommerce complaint is largely bunk.

The best outcome is for Matt to step down, Wordpress.org/WP Foundation gets sold to multiple hosting providers (WordPress.com, WPE, 1&1, GoDaddy, etc) and they all commit x amount of money to the project (given it is a very important platform for all of them) and in exchange WPE drops its suit. Unfortunately, I doubt that will happen, because some of this seems very ego driven.


> a former YouTuber

Remember he also committed the crime, live, on YouTube, of advocating for the creation of a Nazi party.


Thought crime, huh.

He merely observed that the extreme left has a lot more space in politics than the extreme right. Why is it that nazism is banned while we have so many literal proud self-admitted socialists and communists in this country who not only walk this soil completely unpunished but also form organized parties, get elected, get appointed to the supreme court? The judge who held him guilty for calling him a "fatty" is the perfect example of one.

Anti-nazism laws are unconstitutional. Constitution says that "any and all" censorship of political nature is prohibited. Nazism is a political party. Therefore censorship of nazism is prohibited. It's that simple.

So why is it that nazism is literal thought crime while socialism and communism, far more harmful ideologies, are allowed to flourish with complete impunity? If they're gonna ban nazis, I demand that they also ban communists and socialists. It should be a literal thought crime to advocate for anything related to that nonsense. And any form of socialist organization should get all involved sent straight to jail.

That's the point that was made. Allowing that crap while simultaneously banning nazism is a contradiction. His only "crime" here was trying to resolve the contradiction by arguing that nazis should be allowed to organize. That's not what we really want. What we actually want is these socialists and communists in jail.


> Dr.Luizinho.

He was also short listed to take over the Ministry of Health under Bolsonaro’s government.


How is it even possible to have files a user with admin privileges can’t delete?

Looking at all the articles about this issue, this seems to be more about a bug in the Windows cleanup tool that lets the user delete old update files. Maybe the tool isn't working properly, or it's flagging update files as deletable and they're not supposed to be. Admin users can still delete whatever they want manually, unless the system or something else is currently accessing the file. The OS sometimes protects its system files by having them be owned by the SYSTEM user, but the admin can take ownership of them to delete them. This hasn't changed and I can't see it changing.

`Administrator` isn't the most powerful user on Windows, `SYSTEM` is[1].

Those lingering files are likely created/owned by SYSTEM

[1] https://learn.microsoft.com/en-us/windows/security/identity-...


Doesn't Administrator account have permission to register new system services (e.g. in services.msc) and have them run as SYSTEM account? I thought it is the case but never tried.

Yes, this is precisely how the (now owned by Microsoft) Sysinternals PsExec [1] tool can spawn a shell as SYSTEM — it creates a service which spawns a shell in your current desktop session.

[1] https://learn.microsoft.com/en-us/sysinternals/downloads/pse...


its worse than that; for instance in w10 the registry will have a whole slew of SYSTEM owned items, but only the TrustedInstaller (still SYSTEM) has permissions to traverse the registry tree; sadly the specfics escape me at the moment (im pretty sure the last ASUS laptop i'll ever own corrupted the nvme drive; so replicating that project that produced the results i was seeking is on the backburner) i was using NSudo for elevation to that scope when needed (wow looks deprecated now in favor of new tooling, neato)

This makes more sense when you realise that you're not the user of your computer, but a resource to be exploited.

You probably can with the usual two-step process: First change the permissions (which an admin is allowed to), then delete.

Could always mount the NTFS on a live Linux USB. Physical access > admin login.

its not your Computer

So, the San-Ti never actually had to expand beyond their system...

I always suspected that Lebensraum discourse.


> insist on uppercasing reserved words,

It makes code a lot more readable


As someone who does uppercase SQL, I’m not really convinced it improves readability. We don’t do it for other languages after all, syntax coloration is deemed enough.

(On the other hand, sql is often embedded in other languages where it might not get properly coloured so… maybe)


Not all languages allow it, and most sexy languages forbid it by being case sensitive with their keywords.

I've used this feature in Pascal and Basic and my feeling is that it improves readability a lot, as it better highlights structure than just coloring. OTOH, I've used it mostly on monochrome 1-bit-per-pixel systems where coloring wasn't available. I believe it could be a matter of taste.


Well… there is no National Syringe Association to pay for a lobby group.

> Cars, trousers and water are also part of that supply chain.

All of these can be used for other purposes. A pill press is far more targeted than a car, a pair of trousers, or a gallon of water.


Before reading the article, my approach would be so much darker… a bit of gasoline and a lighter can do wonders for the memory of a person who “forgot” a password.

Might need duct tape and a chair as well.


To be fair, Apple is still one of the most innovative companies in the personal computing sector. They spend a lot in R&D.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: