#gnulinux

canoodle@nerdpol.ch

Rant: PHP & DokuWiki update upgrade problems - too much complexity: fixing one thing, while breaking another - why updates are hated

Nobody likes rants… just as Updates are (sometimes) hated, but (sometimes) necessary.

This is how (probably) the slogan: “never touch a running/working system” originated.

Once a system was fully tested (all used cases worked), an update came along a old functionality was not functioning anymore.

For security reasons: all machines/systems directly or indirectly exchanging messages with the wild west internet need to stay as up to date as possible.

the pros:

(+) First of DokuWiki is a nice software, it’s cool that it can do a lot of fancy stuff such as LDAP (?) if the user needs it.

(-) What is not cool, to have a lot of plugins installed per default, instead of starting with a bare minimum of software needed (software minimalism) and let the user add the software the user absolutely needs, because “too much software” pre-installed tend to make systems fail.

This time it happened in a “complex grown over years software” “tripple” upgrade situation:

  • php8 is out
  • DokuWiki “upgrade plugin” needs updating
  • DokuWiki itself needs updating

… things fell apart at the 1st step already, resulting in a still readable, but pretty ugly (missing CSS) version of what it was before.

culprit: with a stylesheed was not being properly generated:

url: http://localhost/projects/lib/exe/css.php?t=dokuwiki&tseed=djf83jhdfuz38odhfzho3z80ehilf

<br />
<b><span style="color: #ff9900;">Warning</span></b>: Undefined array key "speech" in <b>/path/to/dokuwiki/lib/exe/css.php</b> on line <b>83</b><br />
<br />
<b><span style="color: #ff0000;">Fatal error</span></b>: Array and string offset access syntax with curly braces is no longer supported in <b>/path/to/dokuwiki/vendor/marcusschwarz/lesserphp/lessc.inc.php</b> on line <b>761</b><br />

DokuWiki authors added the work of this author (https://www.maswaba.de/lesserphpdocs/) for whatever reason and { curly brackets } (now deprecated) were not updated in time to [ square brackets ].

As simple as that.

In the beginning: all the user wants is an easy editable file based wiki (it’s even there in the Dokuwiki slogan “it’s better when it is simple”)

Why exactly is this CSS compiler needed/active per default in the first place?

Has DokuWiki grown into unnecessary complex “bloatware” of over 5000 files?

<span style="color: #00ffff;">wget https://download.dokuwiki.org/out/dokuwiki-8186df5bcf8bba07ff8638254a75b094.tgz
tar fxvz dokuwiki-8186df5bcf8bba07ff8638254a75b094.tgz</span>
<span style="color: #00ffff;">find ./dokuwiki |wc -l</span>
<span style="color: #ff6600;">5579 files</span>

(much less than some PHP frameworks… but still a lot of files… with a lot of moving parts… all potential points of failure…)

violating UNIX K.I.S.S and leading to software failures

More complexity = more errors = less maintainability.

DokuWiki has gained functionalities of questionable qualities, such as the very faulty and thus pretty useless and annoying SPAM detection mechanism.

(every Wiki should be login & .htaccess protected, how to activate the DokuWiki (per default disabled) login screen, is the #1 most visited page of this blog X-D, already enough SPAM protection… so completely unnecessary to add such faulty functionality)

Even worse: @the-official-DokuWiki-forum, the forum software triggers admins (that are unable to read and blindly trust this faulty SPAM detection mechanism, that basically detects EVERY URL as spam) to block the user’s (maybe useful) contributions aka “overblocking”.

Be Brave New Web World.

Only solution: write your own tools that respect UNIX K.I.S.S principle and are therefore easy to fix and maintain and actually work, fast 🙂 (using minimal resources)

DokuWiki updates-upgrades: how it is supposed to look and work like:

how to fix this mess:

==== howto fix ====
<b>Warning</b>: Undefined array key "speech" in <b>/path/to/dokuwiki/lib/exe/css.php</b> on line <b>83</b>
(usually php-warnings are disabled, but if warnings are enabled, it will mess up the css's format)

=== in file: /lib/exe/css.php

== in line: 82 to 87

= change, from:
        // load user styles
        if(is_array($config_cascade['userstyle'][$mediatype])) {
            foreach($config_cascade['userstyle'][$mediatype] as $userstyle) {
                $files[$userstyle] = DOKU_BASE;
            }
        }
= change, to:
        // load user styles
        if(array_key_exists($mediatype, $config_cascade['userstyle']))
        {
            if(is_array($config_cascade['userstyle'][$mediatype])) {
                foreach($config_cascade['userstyle'][$mediatype] as $userstyle) {
                    $files[$userstyle] = DOKU_BASE;
                }
            }
        }

==== howto fix ====

<b>Fatal error</b>: Array and string offset access syntax with curly braces is no longer supported in <b>/path/to/dokuwiki/vendor/marcusschwarz/lesserphp/lessc.inc.php</b> on line <b>761</b>

=== in file:
/vendor/marcusschwarz/lesserphp/lessc.inc.php

== line: 761
= change, from:
   $subProp[1]{0} != $this->vPrefix)
= change, to:
   $subProp[1][0] != $this->vPrefix)

== line: 2762
= change, from:
   if (!is_string($tag) || $tag{0} != $this->lessc->mPrefix)
= change, to:
   if (!is_string($tag) || $tag[0] != $this->lessc->mPrefix)

== line: 2816
= change, from:
   if ($tag{0} == $this->lessc->vPrefix)
= change, to:
   if ($tag[0] == $this->lessc->vPrefix)

#linux #gnu #gnulinux #opensource #administration #sysops #dokuwiki #when #upgrades #fail #upgrade #complexity #unix #kiss

Originally posted at: https://dwaves.de/2022/06/30/rant-php-dokuwiki-update-upgrade-problems-too-much-complexity-fixing-one-thing-while-breaking-another-why-updates-are-hated/

canoodle@nerdpol.ch

PHP & DokuWiki update upgrade problems - too much complexity: fixing one thing, while breaking another - why updates are hated

Updates are hated, but sometimes necessary.

This is how (probably) the slogan: “never touch a running/working system” originated.

Once a system was fully tested (all used cases worked), an update came along a old functionality was not functioning anymore.

For security reasons: all machines/systems directly or indirectly exchanging messages with the wild west internet need to stay as up to date as possible.

the pros:

(+) First of DokuWiki is a nice software, it’s cool that it can do a lot of fancy stuff such as LDAP (?) if the user needs it.

(-) What is not cool, to have a lot of plugins installed per default, instead of starting with a bare minimum of software needed (software minimalism) and let the user add the software the user absolutely needs, because “too much software” pre-installed tend to make systems fail.

This time it happened in a “complex grown over years software” “tripple” upgrade situation:

  • php8 is out
  • DokuWiki “upgrade plugin” needs updating
  • DokuWiki itself needs updating

… things fell apart at the 1st step already, resulting in a still readable, but pretty ugly (missing CSS) version of what it was before.

culprit: with a stylesheed was not being properly generated:

url: http://localhost/projects/lib/exe/css.php?t=dokuwiki&tseed=djf83jhdfuz38odhfzho3z80ehilf

<br />
<b><span style="color: #ff9900;">Warning</span></b>: Undefined array key "speech" in <b>/path/to/dokuwiki/lib/exe/css.php</b> on line <b>83</b><br />
<br />
<b><span style="color: #ff0000;">Fatal error</span></b>: Array and string offset access syntax with curly braces is no longer supported in <b>/path/to/dokuwiki/vendor/marcusschwarz/lesserphp/lessc.inc.php</b> on line <b>761</b><br />

DokuWiki authors added the work of this author (https://www.maswaba.de/lesserphpdocs/) for whatever reason and { curly brackets } (now deprecated) were not updated in time to [ square brackets ].

As simple as that.

In the beginning: all the user wants is an easy editable file based wiki (it’s even there in the Dokuwiki slogan “it’s better when it is simple”)

Why exactly is this CSS compiler needed/active per default in the first place?

Has DokuWiki grown into unnecessary complex “bloatware” of over 5000 files?

<span style="color: #00ffff;">wget https://download.dokuwiki.org/out/dokuwiki-8186df5bcf8bba07ff8638254a75b094.tgz
tar fxvz dokuwiki-8186df5bcf8bba07ff8638254a75b094.tgz</span>
<span style="color: #00ffff;">find ./dokuwiki |wc -l</span>
<span style="color: #ff6600;">5579 files</span>

(much less than some PHP frameworks… but still a lot of files… with a lot of moving parts… all potential points of failure…)

violating UNIX K.I.S.S and leading to software failures

More complexity = more errors = less maintainability.

DokuWiki has gained functionalities of questionable qualities, such as the very faulty and thus SPAM detection mechanism.

(every Wiki should be login & .htaccess protected, how to activate the DokuWiki (per default disabled) login screen, is the #1 most visited page of this blog X-D, already enough SPAM protection… so completely unnecessary to add such faulty functionality)

Even worse: @the-official-DokuWiki-forum, the forum software triggers admins (that are unable to read and blindly trust this faulty SPAM detection mechanism, that basically detects EVERY URL as spam) to block the user’s (maybe useful) contributions aka “overblocking”.

Be Brave New Web World.

Only solution: write your own tools that respect UNIX K.I.S.S principle and are therefore easy to fix and maintain and actually work, fast 🙂 (using minimal resources)

how to fix this mess:

==== howto fix ====
<b>Warning</b>: Undefined array key "speech" in <b>/path/to/dokuwiki/lib/exe/css.php</b> on line <b>83</b>
(usually php-warnings are disabled, but if warnings are enabled, it will mess up the css's format)

=== in file: /lib/exe/css.php

== in line: 82 to 87

= change, from:
        // load user styles
        if(is_array($config_cascade['userstyle'][$mediatype])) {
            foreach($config_cascade['userstyle'][$mediatype] as $userstyle) {
                $files[$userstyle] = DOKU_BASE;
            }
        }
= change, to:
        // load user styles
        if(array_key_exists($mediatype, $config_cascade['userstyle']))
        {
            if(is_array($config_cascade['userstyle'][$mediatype])) {
                foreach($config_cascade['userstyle'][$mediatype] as $userstyle) {
                    $files[$userstyle] = DOKU_BASE;
                }
            }
        }

==== howto fix ====

<b>Fatal error</b>: Array and string offset access syntax with curly braces is no longer supported in <b>/path/to/dokuwiki/vendor/marcusschwarz/lesserphp/lessc.inc.php</b> on line <b>761</b>

=== in file:
/vendor/marcusschwarz/lesserphp/lessc.inc.php

== line: 761
= change, from:
   $subProp[1]{0} != $this->vPrefix)
= change, to:
   $subProp[1][0] != $this->vPrefix)

== line: 2762
= change, from:
   if (!is_string($tag) || $tag{0} != $this->lessc->mPrefix)
= change, to:
   if (!is_string($tag) || $tag[0] != $this->lessc->mPrefix)

== line: 2816
= change, from:
   if ($tag{0} == $this->lessc->vPrefix)
= change, to:
   if ($tag[0] == $this->lessc->vPrefix)

#linux #gnu #gnulinux #opensource #administration #sysops #dokuwiki #when #upgrades #fail #upgrade #complexity #unix #kiss

Originally posted at: https://dwaves.de/2022/06/30/php-dokuwiki-update-upgrade-problems-too-much-complexity-fixing-one-thing-while-breaking-another-why-updates-are-hated/

canoodle@nerdpol.ch

gnu linux - bash console - animated ascii art - sl steam locomotive

just one of those programs, that make users smile 🙂

written in C 🙂

compile it from src

or go

<span style="color: #00ffff;">lsb_release -d</span>; # tested on
Description: Debian GNU/Linux 11 (bullseye)
<span style="color: #00ffff;">su - root</span>
<span style="color: #00ffff;">apt update</span>
<span style="color: #00ffff;">apt install sl</span>

#linux #gnu #gnulinux #opensource #administration #sysops #ascii #art #bash #locomotive

Originally posted at: https://dwaves.de/2022/06/28/gnu-linux-bash-console-animated-ascii-art-sl-steam-locomotive/

canoodle@nerdpol.ch

Rant: One day either JavaScript or AutoComplete will start ww3

which pretty much reads like:

it probably has to do with: https://wiki.mozilla.org/ServerJS/Introduction

(used in firefox and/or thunderbird?)

(checkout this search for more javascript rants X-D)

one day either JavaScript or Autocomplete will cause the 3rd world war:

now imagine Biden and Putin are texting:

Biden: Dear Putin, very sorry what happened in the past.

But no worries, we will invade you for dinner.

Putin: Invade?

Biden: Sorry autocomplete. Invite you for dinner.

#linux #gnu #gnulinux #opensource #administration #sysops #javascript #js #argh #wtf #ahoh

Originally posted at: https://dwaves.de/2022/06/25/rant-one-day-either-javascript-or-autocomplete-will-start-ww3/

canoodle@nerdpol.ch

One day either JavaScript or AutoComplete will start ww3

which pretty much reads like:

it probably has to do with: https://wiki.mozilla.org/ServerJS/Introduction

(used in firefox and/or thunderbird?)

(checkout this search for more javascript rants X-D)

one day either JavaScript or Autocomplete will cause the 3rd world war:

now imagine Biden and Putin are texting:

Biden: Dear Putin, very sorry what happened in the past.

But no worries, we will invade you for dinner.

Putin: Invade?

Biden: Sorry autocomplete. Invite you for dinner.

#linux #gnu #gnulinux #opensource #administration #sysops #javascript #js #argh #wtf #ahoh

Originally posted at: https://dwaves.de/2022/06/25/one-day-either-javascript-or-autocomplete-will-start-ww3/

canoodle@nerdpol.ch

One day either JavaScript or AutoComplete will start ww3

it probably has to do with: https://wiki.mozilla.org/ServerJS/Introduction

(used in firefox and/or thunderbird?)

one day either JavaScript or Autocomplete will cause the 3rd world war:

now imagine Biden and Putin are texting:

Biden: Dear Putin, very sorry what happened in the past.

But no worries, we will invade you for dinner.

Putin: Invade?

Biden: Sorry autocomplete. Invite you for dinner.

#linux #gnu #gnulinux #opensource #administration #sysops #javascript #js #argh #wtf #ahoh

Originally posted at: https://dwaves.de/2022/06/25/one-day-either-javascript-or-autocomplete-will-start-ww3/

canoodle@nerdpol.ch

Russia's Conti working on exploits for Intel ME BMC AMT IPMI - Intel ME the biggest security fuck up in computing history - sue Intel

“The biggest network security threat today is a remote code execution exploit for Intel’s Management Engine.”

“Every computer with an Intel chipset produced in the last decade would be vulnerable to this exploit, and RCE would give an attacker full control over every aspect of a system.

If you want a metaphor, we are dinosaurs and an Intel ME exploit is an asteroid hurtling towards the Yucatán peninsula.” (https://hackaday.com/tag/intel-me/)

Intel might have installed – over the course of at least a decade (to this day?) a closed source backdoor in your computer’s firmware, that might never receive updates and is hard to remove.

Once this backdoor is fully cracked, everyone (Russia, China and North Korea) can use it.

Having remote control over a server down to the BIOS is a neat feature.

https://dwaves.de/2018/12/03/intel-bmc-java-jviewer-kvm-remote-control-with-linux-and-intel-mainboard-s2600cwr/

Hackers think so too.

Because a firmware is sometimes hard to update.

BIOS-UEFI updates need to be as easy to install than OS updates.

There are even parts of Intel ME that can not be updated at all (yet) because they are encrypted & signed and the system won’t start if they are missing (security by obscurity).

another dramatic way to put it:

The biggest network security threat today is a remote code execution exploit for Intel’s Management Engine.”

“Every computer with an Intel chipset produced in the last decade would be vulnerable to this exploit, and RCE would give an attacker full control over every aspect of a system.

If you want a metaphor, we are dinosaurs and an Intel ME exploit is an asteroid hurtling towards the Yucatán peninsula.” (https://hackaday.com/tag/intel-me/)

Currently the OS must be hacked or USB access (“physical access equals root access”) before it is possible to malware very deeply in the system = having this guy say: “only solution” “shredder mainboard”

But it might be just a matter of time, until new attack vectors are found, that allow exploit over network, maybe even in the security-nightmare language that every browser runs: JavaScript? X-D (just turn it off globally thanks!)

https://www.golem.de/news/conti-ransomware-gruppe-arbeitet-an-exploit-fuer-intel-me-2206-165848.html

(Conti is a hacker group associated with Russia)

https://www.golem.de/news/security-das-intel-me-chaos-kommt-2003-147099.html

https://www.golem.de/news/security-hackern-gelingt-vollzugriff-auf-intel-me-per-usb-1711-131065.html

Intel ME: Will Intel deliver updates? I hope so. Otherwise: Seriously sue intel to put your IT hardware at danger of being destroyed PERMANENTLY.

As it has happened with those KA-SAT satellite modems.

solutions anyone?

Yes multiple hard one’s.

  • try turning AMT BMC Intel ME off in the bios
    • some BIOS even allow to disable Intel ME permanently
  • on some systems BMC can be disabled with a jumper on the motherboard
  • Flash GNU Linux to the BIOS! (CoreBoot, LibreBoot with the Lenovo x60s no problem, with newer notebooks / PCs probably more effort)
  • “Just use AMD”, yes better but according to this video only a partial solution?

intel needs to work with it’s damaged customers to fix this mess

Or be sued for every hack and every ransomware attack and every downtime and every destroyed motherboard.

seriously.

open source backdoors instead of closed source backdoors!

ok ideally no backdoors at all?

“Intel had already found the vulnerability (CVE-2019-0090) itself last year, described only as a privilege escalation and tried to fix a possible attack vector.

According to PT, however, there are probably other attack vectors and the real problem in ROM still remains, as this part cannot be updated.

This is the preliminary culmination of an embarrassment on the part of Intel, which the manufacturer is trying to sell as security.

By now at the latest, Intel should mothball the concept of a proprietary ME and work on the open hardware security chip that Google

“Customers, users and Intel would be the winners.”

translated from: https://www.golem.de/news/security-das-intel-me-chaos-kommt-2003-147099.html

“Together with partners, Google has announced the Open Titan project.

The goal is a completely openly designed chip based on RISC-V, which is to be used as root-of-trust in many different devices.”

https://www.golem.de/news/open-titan-google-startet-oss-projekt-fuer-hardware-security-chip-1911-144816.html

links:

https://www.rapid7.com/blog/post/2013/07/02/a-penetration-testers-guide-to-ipmi/

#linux #gnu #gnulinux #opensource #administration #sysops #cybersec #itsec #cyber #intel #intel-me #intelme

Originally posted at: https://dwaves.de/2022/06/10/russias-conti-working-on-exploits-for-intel-me-bmc-amt-ipmi-intel-me-the-biggest-security-fuck-up-in-computing-history-sue-intel/

canoodle@nerdpol.ch

The Deep Fake Crisis destroying trust in online conferencing - From Fake Klitschko conferences to Fake Tom Cruise videos - "Massive challenge for Europe" - is technology "neutral"?

update: major of Berlin fooled by Klitschko LIVE deep fake video conference (actually not so funny)

  • it would mean: do not trust phone calls, even if the number is shown as “police” “doctor” “friend”
  • trust no video conference
  • what can be trusted?

https://www.youtube.com/watch?v=CDMVaQOvtxU

https://www.youtube.com/watch?v=CDMVaQOvtxU

how deep fakes work:

  • computer program analyzes facial expressions of person A in footage
  • computer program then applies this, to make the facial expressions of person B, look like person A
    • (it is easier for the program to generate good results, if person A and person B look alike, but in the future not even this might need to be necessary)
  • this is great news, for fake news, but bad news, for truth, as it adds to confusion of the masses (land of confusion)
  • that means, for authenticity, other ways to truly identifying a person in a video have to be found

“Massive challenge for Europe”

‘A “massive challenge for Europe” is when citizens are confronted with disinformation through misleading or openly false information. AI could exacerbate the effects of such “hybrid threats”, as such lies and propaganda could be brought to the people en masse “without technical expertise”. Trends in “deepfake technology” also increased concerns here. According to reports, criminals have already taken advantage of such procedures. AI is also likely to play into the hands of “traditional organized crime” and terrorists.”‘

  • ‘5G also poses problems for investigators’
  • ‘more difficult to identify SIM cards and their users and to eavesdrop on or locate them afterwards’
  • ‘mandatory end-to-end encryption could make eavesdropping even more difficult’
  • ‘virtualization of networks with the new standard does not taste good to the law enforcement officers’

auto translated from: https://www.heise.de/newsticker/meldung/KI-5G-und-Krypto-Europol-warnt-vor-disruptiven-Technologien-4547719.html

https://www.heise.de/news/Europol-Deepfakes-drohen-zum-Standardwerkzeug-Krimineller-zu-werden-7069235.html

#linux #gnu #gnulinux #opensource #administration #sysops #fake #fakenews #news #deepfake #berlin #major #video #conference #fakes

Originally posted at: https://dwaves.de/2022/05/01/the-deep-fake-crisis-destroying-trust-in-online-conferencing-from-fake-klitschko-conferences-to-fake-tom-cruise-videos-massive-challenge-for-europe-is-technology-neutral/

lorenzoancora@pod.mttv.it

Gain unprivileged access to an overlapped directory in Flatpak

Issue

/usr and other hierarchies on the host cannot be accessed from Flatpak, because they conflict with the sandbox. Instead, you are presented with a fake, overlapped filesystem hierarchy. Currently, Flatpak alone has no working options to solve this issue, as configuration overrides have no effect on those special filesystem hierarchies. As Linux does not support directory hard links, this is a serious nuisance!

Solution

Luckily, there is a workaround to safely access the original directory without having root access, if your sysadmin (or you, if you own the system) installed the bindfs package.

The bindfs command uses a FUSE filesystem to mirror the contents of a directory to another directory:

bindfs /overlapped ~/.overlapped

If high performance is needed:

bindfs -o multithreaded /overlapped ~/.overlapped

If security (read-only access) is needed:

bindfs -o ro /overlapped ~/.overlapped

Example

TASK: access the documentation on a Debian system from a Flatpak app.

user@localhost:~$ mkdir .doc
user@localhost:~$ bindfs -o ro,multithreaded /usr/share/doc .doc
user@localhost:~$ ls .doc

…will grant you fast, read-only access to /usr/share/doc by visiting .doc in your user home.
ls .doc will list the contents of /usr/share/doc, while .doc is not a symlink but a simple directory created by you.
You can now eg. use the Flatpak version of Mozilla Firefox to browse file:///home/yourusername/.doc and it will let you read the files in /usr/share/doc, which are normally inaccessible under Flatpak.

Note: this is not an official workaround, I've found by accident. If you know better alternatives please feel free to comment so other users can benefit. Thank you.


Tags: #linux #gnulinux #debian #flatpak #sandbox #virtualization #security #hacking #filesystem #fs #docs #sysadmin #sys #documentation

canoodle@nerdpol.ch

Deutsche Telekom and LANCOM hardware partnership - how to reach lancom support - VPN IKEv1 vs IKEv2

https://www.amazon.de/LANCOM-884-VoIP-Over-ISDN/dp/B01ERY8A8S/

https://www.amazon.de/LANCOM-884-VoIP-Over-ISDN/dp/B01ERY8A8S/

LANCOM is a major parnter of Deutsche Telekom.

“Würselen, August 26, 2002 – LANCOM Systems GmbH and Deutsche Telekom AG have agreed to cooperate on the sale of LANCOM Systems products.”

https://my.lancom-systems.de/newsroom/presse/archiv/archivansicht/lancom-systems-kooperiert-mit-deutscher-telekom/

that’s how a lot of lancom products end up at Telekom customers.

They could also have partnered with AVM that builds those pretty nice fritzboxes, why not?

just in case anyone wonders, this is NOT the official lancom forum: https://www.lancom-forum.de/

it is a forum run by social incompetent hobbyists and not paid by lancom.

so don’t expect to reach lancom tech support via this forum.

to reach the official lancom support, the user will need to register at LANCOM’s Jira instance here: https://support.lancom-systems.com/servicedesk/customer/portal/3/user/signup

the lancom support has answered… it only took them 5 weeks…

English:

  • Since 2019, IKEv1 has been described as deprecated and insecure by the IETF (Internet Engineering Task Force) and should therefore no longer be used.
  • LANCOM Systems recommends using the current IKEv2 standard instead.
  • The IKEv1 functionality is retained in LANCOM devices and can therefore continue to be used for scenarios with devices without IKEv2 support.
  • However, LANCOM Systems will no longer provide support for the analysis of connection problems with IKEv1 connections.
  • Also, there will be no bug fixes or new features in the firmware for IKEv1.

German:

  • IKEv1 wird seit 2019 durch die IETF (Internet Engineering Task Force) als veraltet (deprecated) und unsicher bezeichnet und sollte daher nicht mehr verwendet werden.
  • LANCOM Systems empfiehlt stattdessen den aktuellen Standard IKEv2 zu verwenden.
  • Die IKEv1 Funktionalität bleibt in LANCOM Geräten erhalten und kann somit weiterhin für Szenarien mit Geräten ohne IKEv2 Unterstützung verwendet werden.
  • LANCOM Systems wird allerdings keinen Support mehr bei der Analyse von Verbindungs-Problemen mit IKEv1-Verbindungen leisten.
  • Auch wird es für IKEv1 keine Fehlerbehebungen oder neue Features in der Firmware geben.
  • In Einzelfällen kann es zu Verbindungsabbrüchen während des Rekeyings kommen.
  • In einem solchen Fall kann es sinnvoll sein, die Lifetimes anzuheben, damit die Verbindungsabbrüche nicht mehr so häufig auftreten.
  • Informationen erhalten Sie in folgenden Artikeln:

#linux #gnu #gnulinux #opensource #administration #sysops #lancom #vpn #telekom #IKEv1 #IKEv2

Originally posted at: https://dwaves.de/2022/05/18/deutsche-telekom-and-lancom-hardware-partnership-how-to-reach-lancom-support-vpn-ikev1-vs-ikev2/

canoodle@nerdpol.ch

Russia's Conti working on exploits for Intel ME BMC AMT - Intel ME the biggest security fuck up in computing history - sue Intel

Intel might have installed – over the course of at least a decade (to this day?) a closed source backdoor in your computer’s firmware, that might never receive updates and is hard to remove.

Once this backdoor is fully cracked, everyone (Russia, China and North Korea) can use it.

Having remote control over a server down to the BIOS is a neat feature.

https://dwaves.de/2018/12/03/intel-bmc-java-jviewer-kvm-remote-control-with-linux-and-intel-mainboard-s2600cwr/

Hackers think so too.

Because a firmware is sometimes hard to update.

BIOS-UEFI updates need to be as easy to install than OS updates.

There are even parts of Intel ME that can not be updated at all (yet) because they are encrypted & signed (security by obscurity).

Currently the OS must be hacked or USB access (“physical access equals root access”) before it is possible to malware very deeply in the system = having this guy say: “only solution” “shredder mainboard”

But it might be just a matter of time, until new attack vectors are found, that allow exploit over network, maybe even in the security-nightmare language that every browser runs: JavaScript? X-D (just turn it off globally thanks!)

https://www.golem.de/news/conti-ransomware-gruppe-arbeitet-an-exploit-fuer-intel-me-2206-165848.html

(Conti is a hacker group associated with Russia)

https://www.golem.de/news/security-das-intel-me-chaos-kommt-2003-147099.html

https://www.golem.de/news/security-hackern-gelingt-vollzugriff-auf-intel-me-per-usb-1711-131065.html

Intel ME: Will Intel deliver updates? I hope so. Otherwise: Seriously sue intel to put your IT hardware at danger of being destroyed PERMANENTLY.

As it has happened with those KA-SAT satellite modems.

solutions anyone?

Yes multiple hard one’s.

  • try turning AMT BMC Intel ME off in the bios
    • some BIOS even allow to disable Intel ME permanently
  • on some systems BMC can be disabled with a jumper on the motherboard
  • Flash GNU Linux to the BIOS! (CoreBoot, LibreBoot with the Lenovo x60s no problem, with newer notebooks / PCs probably more effort)
  • “Just use AMD”, yes better but according to this video only a partial solution?

intel needs to work with it’s damaged customers to fix this mess

Or be sued for every hack and every ransomware attack and every downtime and every destroyed motherboard.

seriously.

open source backdoors instead of closed source backdoors!

ok ideally no backdoors at all?

“Intel had already found the vulnerability (CVE-2019-0090) itself last year, described only as a privilege escalation and tried to fix a possible attack vector.

According to PT, however, there are probably other attack vectors and the real problem in ROM still remains, as this part cannot be updated.

This is the preliminary culmination of an embarrassment on the part of Intel, which the manufacturer is trying to sell as security.

By now at the latest, Intel should mothball the concept of a proprietary ME and work on the open hardware security chip that Google

“Customers, users and Intel would be the winners.”

translated from: https://www.golem.de/news/security-das-intel-me-chaos-kommt-2003-147099.html

“Together with partners, Google has announced the Open Titan project. The goal is a completely openly designed chip based on RISC-V, which is to be used as root-of-trust in many different devices.”

https://www.golem.de/news/open-titan-google-startet-oss-projekt-fuer-hardware-security-chip-1911-144816.html

#linux #gnu #gnulinux #opensource #administration #sysops #cybersec #itsec #cyber #intel #intel-me #intelme

Originally posted at: https://dwaves.de/2022/05/17/russias-conti-working-on-exploits-for-intel-me-bmc-amt-intel-me-the-biggest-security-fuck-up-in-computing-history-sue-intel/

canoodle@nerdpol.ch

rant: system philosophy: IT that ignore UNIX K.I.S.S will die - in Germany there are only one man teams

https://www.youtube.com/watch?v=pGFGD5pj03M

https://www.youtube.com/watch?v=pGFGD5pj03M

team, team, team team…

In Germany, everyone is his/her own team, there are only one-man, one-woman teams.

teams not necessarily help each other

the best “help” you can get from another “team” is “it is somewhere in the (incomplete, outdated, no body cares) dokuwiki”

often they also work against each other

so actually there are no teams

without social skills and development as human being

the only interface that still exists is text and money

“give me that, here the money”

a “helpful” “community” isn’t it?

which reminds me of:

have no problem with that, just please do not raise any expectations that it might be otherwise.

“we are a hip, cool and fun company” (no)

just say it out loud: “we are a boring company, our systems are a grown mess and we are about to lose control, want to fix it?”

well if you read & understood K.I.S.S (simplify, simplify, simplify, standardize, automate) it could be fixed over the course of several years, if not: no.

to ignore K.I.S.S means: leaving behind an badly documented mess, either for others to fix or to die (delete & restart).

Any newcomer’s motivation will die fast, when being stuck without help and with outdated documentation.

Aka: the company is doomed to die in a self made mess. (Don’t tell me i did not warn ya)

Some will ride the rainbow, until it dies.

You just killed your own company and your job, but not in the way McIlroy envisioned it:

“As a programmer, it is your job to put yourself out of business. What you do today can be automated tomorrow.”

Doug McIlroy

(probably quoting JFKennedy)

PS: those guys at ubuntu surely also never have heard of K.I.S.S

the only reason ubuntu is still a thing, is that it is based on K.I.S.S respecting Debian

also: systemd has become “creepware” (it used to do startup, now it also does network config, WHY? WHY? (because it want’s to rule them all)

#linux #gnu #gnulinux #opensource #administration #sysops #team #teams #it #crowd #company #germany #error #mistake #unix #kiss #simplify #simplicity #rant

Originally posted at: https://dwaves.de/2021/11/10/rant-system-philosophy-it-that-ignore-unix-k-i-s-s-will-die-in-germany-there-are-only-one-man-teams/

canoodle@nerdpol.ch

system philosophy: IT that ignore UNIX K.I.S.S will die - in Germany there are only one man teams

https://www.youtube.com/watch?v=pGFGD5pj03M

https://www.youtube.com/watch?v=pGFGD5pj03M

team, team, team team…

In Germany, everyone is his/her own team, there are only one-man, one-woman teams.

teams not necessarily help each other

the best “help” you can get from another “team” is “it is somewhere in the (incomplete, outdated, no body cares) dokuwiki”

often they also work against each other

so actually there are no teams

without social skills and development as human being

the only interface that still exists is text and money

“give me that, here the money”

a “helpful” “community” isn’t it?

which reminds me of:

have no problem with that, just please do not raise any expectations that it might be otherwise.

“we are a hip, cool and fun company” (no)

just say it out loud: “we are a boring company, our systems are a grown mess and we are about to lose control, want to fix it?”

well if you read & understood K.I.S.S (simplify, simplify, simplify, standardize, automate) it could be fixed over the course of several years, if not: no.

to ignore K.I.S.S means: leaving behind an badly documented mess, either for others to fix or to die (delete & restart).

Any newcomer’s motivation will die fast, when being stuck without help and with outdated documentation.

Aka: the company is doomed to die in a self made mess. (Don’t tell me i did not warn ya)

Some will ride the rainbow, until it dies.

You just killed your own company and your job, but not in the way McIlroy envisioned it:

“As a programmer, it is your job to put yourself out of business. What you do today can be automated tomorrow.”

Doug McIlroy

(probably quoting JFKennedy)

#linux #gnu #gnulinux #opensource #administration #sysops #team #teams #it #crowd #company #germany #error #mistake #unix #kiss #simplify #simplicity

Originally posted at: https://dwaves.de/2021/11/10/system-philosophy-it-that-ignore-unix-k-i-s-s-will-die-in-germany-there-are-only-one-man-teams/

linuxmao.org@diaspora-fr.org

Éditorial de juin 2022

#art #art_libre #artiste #artlibre #cc-by-sa #chanson #copyleft #creative-commons #creative_commons #creativecommons #culture #culture-libre #culture_libre #culturelibre #francophone #français #gnu #gnu-linux #gnulinux #gpl #informatique-musicale #informatique_musicale #informatiquemusicale #libre #libre-art #linux #linux-mao #linux_mao #linuxaudio #linuxmao #logiciel-libre #logiciel_libre #logiciellibre #mao #mao-linux #mao_linux #maolinux #musicien #musiciens #musique #musique-libre #musique_libre #numerique #productionmusicale

Avec le retour des beaux jours, rien de tel qu’une petite sieste pour meubler paisiblement un début d’après-midi. C’est du moins ce que je pensais…

Mes yeux se ferment sur une page de lecture et me voici propulsé 3500 années en arrière.

A cette époque, le monde connu se représente sous l’aspect d’une galette ronde, percée en son centre d’un vertigineux cratère. Nous le nommons San-Treur et de vieilles peurs nous en tiennent éloignés.

Le peuple parmi lequel j’évolue, ce sont les Hif-Reqs, et nous nommons ceux des antipodes les Lof-Reqs.

Les deux peuples s’ignorent et seules deux tribus nomades, ici les Yiwis et, là-bas, leurs contraires les Yowos, maintiennent quelques échanges car, toutes deux intrépides, elles savent communiquer d’une face à l’autre de notre monde, via le San-Treur.

Nous sommes à l’aube d’une ère où, de croisements en métissages, de part et d’autre du monde connu, s’intègre une tribu peuplée par les Midf-Reqs, dont la population tend maintenant à l’égalité numérique.

Trois peuples, donc et quelques nomades, tous vivant en paix et en harmonie, selon les principes de leur antique philosophie : le Mhû-Ziq, dont les chants sont d’ailleurs parvenus jusqu’à nous.

Seule dissonance, un drôle de son. Mais … c’est quoi, ce bruit ? On dirait un…

Le téléphone !

Fin de la sieste.

Bonnes rêveries et bon mix !

linuxmao.org@diaspora-fr.org

Éditorial de mai 2022

#art #art_libre #artiste #artlibre #cc-by-sa #chanson #copyleft #creative-commons #creative_commons #creativecommons #culture #culture-libre #culture_libre #culturelibre #francophone #français #gnu #gnu-linux #gnulinux #gpl #informatique-musicale #informatique_musicale #informatiquemusicale #libre #libre-art #linux #linux-mao #linux_mao #linuxaudio #linuxmao #logiciel-libre #logiciel_libre #logiciellibre #mao #mao-linux #mao_linux #maolinux #musicien #musiciens #musique #musique-libre #musique_libre #numerique #productionmusicale

Autrefois, les aspirateurs étaient construits de telle façon que vous obteniez soit de l’aspiration soit du souffle, selon l’extrémité à laquelle vous branchiez le tuyau.

Les normes en matière de décibels domestiques, la technologie des années 50-60, en faisaient des machines terriblement bruyantes. Impossible de tenir une conversation dans une pièce où s’exprimait l’engin. Celui-ci était, bien évidemment, dépourvu de réglage de puissance et c’est au maximum de celle-ci, en permanence, que la bête venait à bout des nerfs les plus endurcis en quelques minutes.

C’est là, amis musiciens, qu’intervient le Mélodica.

Il s’agissait d’un instrument à vent pourvu, sur un octave ou deux, de touches "piano". Un embout amovible en matière plastique tenait lieu d’embouchure. Le corps de cet instrument d’une trentaine de centimètres de long se pinçait d’une main tandis que la main opposée courait sur le clavier. Cela produisait un son de texture et de volume similaires à ceux d’un harmonica chromatique, un peu plus nasillard, un peu moins puissant.

L’instrument était vendu avec un tuyau qui pouvait se substituer à l’embouchure, permettant ainsi de le connecter à la sortie soufflerie d’un aspirateur. Sur le papier : génial, un orgue !

Mais, inutile de préciser que dans cette configuration, l’instrument était totalement inaudible et c’est avec les 2 tympans broyés que la confrontation entre musicien et aspirateur prenait (vite) fin.

Je me suis toujours demandé pourquoi, malgré tous mes efforts, je n’avais jamais réussi à progresser à la clarinette ni au sax. Idem pour les claviers. Le Mélodica, bien sûr !

Au terme de cette petite introspection, je pense avoir enfin mis le doigt sur le traumatisme fondateur…

Et je me dis :

  • allez, ne te cherche pas d’excuses fallacieuses pour ne pas bosser ta musique, au taf !
canoodle@nerdpol.ch

The Unix philosophy - simple and beautiful (so it "just works")

“The Unix Philosophy in One Lesson”

“All the philosophy really boils down to one iron law, the hallowed ‘KISS principle’ of master engineers everywhere:”

https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html

https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html

src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html

“Keep It Simple, Stupid” or “Keep It Super Simple” (less offensive)

The Unix philosophy emphasizes building simple, short, clear, modular, and extensible code that can be easily maintained and repurposed by developers other than its creators.

This is what allows a system to “boom” “it just work” as Mr Jobs puts it.

The Unix philosophy favors composability as opposed to monolithic design.

Later summarized by Peter H. Salus in A Quarter-Century of Unix (1994):[1] This is the Unix philosophy:

would add:

  • Keep it as simple as possible and as complex as ABSOLUTELY necessary (more moving parts = more problems)
  • simplify & agree on common standards & automate:
    • design standards together “open standards”, so they can take care of (almost) all required use cases
  • software minimalism
    • only run as little software on a system (even if it has plenty of resources) as absolutely necessary
    • for example: don’t run full blown desktop guis on servers that do not need them
      • a lot of admins rely on the “html gui” webmin, and virtualmin
        • if that helps to keep a system in well working secure shape, that’s fine but… it is not optimal for two reasons: - less software = always better - at least enhance security with a ssh-tunnel, meaning the port to access web-console (80 or 443) should only be accessible by localhost via ssh-tunnel (if there are zero-day exploits against latest OpenSSH (aka OpenSSH hacked) it’s “all internet offline doomsday” anyway… so this very very critical piece of software needs relentless testing and fast updates/patching) - gui-admins using this software, know “the gui buttons” but not the bash commands - thus: the gui-admins do not really know, what the software is actually doing in the background when they click a button, thus they might be unable to debug the problem, if things fail (that is where this “monitor all logs” bash script comes in handy)
  • genius: “the genius is in control of chaos” (maybe true for a while, but long term it’s deadly wrong)

  • standards:

    • to standardize is a good thing, imagine a world, where every electronic device would have it’s own power plug… nobody could plugin anywhere without adapters… adding adapters increases complexity (fire hazard?) and decreasing simplicity
    • https://dwaves.de/2019/02/26/usb-cable-salad-of-madness-usb-3-0-and-wifi-interference-micro-usb-usb-c-mess-has-finally-arrived/
    • what existing standards are there?
    • can they be adapted? (try to identify & contact the creators)
      • instead of everyone making a new standard -> mess-of-standards (maximum incompatibility to each other)
    • is it really necessary to create a new standard? (e.g. one fine day, someone might decide to use /config for config files and not /etc, because what does etc stand for? (it stands for “all other files that do not fall in the /bin /dev /lib /usr /sbin… category” it stands for “et cetera” (lat. “the rest”))
      • it evolved into “the directory where config files are stored” and everyone knows that, so it has “grown” into a standard
      • it is agreed, that things should be called what they are and the naming of this directory is just bad (not self speaking)
      • but changing that standard would mess up this “grown-into-standard” and get a lot of users and programs confused… worth it?
      • imho THE worst idea is to add another directory and place another network config file, so that there are 2, 3, 4, 5 different places to configure network = complete mess

Malcolm Douglas McIlroy: “Everything was small… and my heart sinks for Linux when I see the size of it. […]

The manual page, which really used to be a manual page, is now a small volume, with a thousand options…

We used to sit around in the Unix Room saying, ‘What can we throw out? Why is there this option?’

It’s often because there is some deficiency in the basic design — you didn’t really hit the right design point.

Instead of adding an option, think about what was forcing you to add that option.” (src: https://en.wikiquote.org/wiki/Doug_McIlroy)

https://archive.org/details/DougMcIlroy_AncestryOfLinux_DLSLUG

Ken Thompson and Dennis Ritchie, key proponents of the Unix philosophy.

“we are trying to make computing as simple as possible – in the late 1960s Dennis Richie and I realized that the then current Operating System where much way too complex – we attempted to reverse this trend by building a small simple operating system on a minicomputer” (Ken Thompson)

“What we wanted to preserve was not just a good programming environment in which to do programming – but a system around which a community could form – fellowship – we knew from experience that the essence of communal computing – as supplied by remote access time sharing systems – is not just to type programs into a terminal instead of a key-punch – but to encourage close communication” (Dennis M. Ritchie)

https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s06.html

https://en.wikipedia.org/wiki/Unix_philosophy

“As a programmer, it is your job to put yourself out of business. What you do today can be automated tomorrow.”

Doug McIlroy

Damn this guy is a philosopher.

Working in IT seems to be just like capitalism itself: working to make one’s job obsolete. “great” outlook.

There need to be alternative lifestyles that make sense and are sustainable.

https://ytpak.net/watch?v=JoVQTPbD6UY

[video width=”586″ height=”436″ mp4=”https://dwaves.de/wp-content/uploads/2017/05/Ken-Thompson-and-Dennis-Ritchie-Explain-UNIX-Bell-Labs.mp4″\]\[/video\]

what happens if companies can not agree on standards:

  • probably the best example:

    • Apple and the “one button vs two button mouse”
    • “Steven P. Jobs, once said that one was the obvious answer because that made it impossible to push the wrong button” (src)

      • turns out: two button mouses are “easy enough” for users that used them for more than 3 days straight
      • by now, approx 99% of Apple’s one-button mouses are in the (recycling?)trash and got replaced by at least two-button mouses (what a waste of resources, right?)
      • GNU Linux users would want a 3 button mouse (the middle button is for pasting stuff)
      • Why Apple hates USB?

        • probably: so Apple can sell more power adapters
        • turns out: shipping iphones without adapters while charging the same price makes even more money
        • finally in 2020 (after aprox. 10 years?) they came along and adopted USB-C Macbook ARM M1 CPU

          - they are still refusing to make the iPhone charge via USB-C
          - [![https://dissectiontable.com/best-chargers-iphone-12-pro-mini-max/](https://dissectiontable.com/wp-content/uploads/2020/10/Best-chargers-for-iPhone-12-iphone-12-Pro-12-Mini-iphone-12-pro-max.jpg)](https://dissectiontable.com/best-chargers-iphone-12-pro-mini-max/)
          
                    > <https://dissectiontable.com/best-chargers-iphone-12-pro-mini-max/>
          - so the user STILL in 2022 needs a special Apple cable to plug into “everyone’s else’s” chargers 
                    - it is… 
                                - 1) truly ridiculous
                                - 2) wasting resources (in 2022 the electronic trash recycling quotas are still pretty bad, only [13% to 35%](https://duckduckgo.com/?t=ffab&q=how+much+of+electronic+waste+get%27s+recycled) of disposed electronics becomes new electronics)
                                - 3) #wtf Apple seriously?
          

#linux #gnu #gnulinux #opensource #administration #sysops #unix #philosophy #m #mcilroy #philosophie #torvalds #itsec #cybersecurity #security #kernel #thompson #ritchie #apple #jobs #standards #standard #gnu-linux #simplify #open #source #openstandards

Originally posted at: https://dwaves.de/2017/05/02/the-unix-philosophy-simple-and-beautiful-so-it-just-works/

linuxmao.org@diaspora-fr.org

Éditorial de juin 2022

#art #art_libre #artiste #artlibre #cc-by-sa #chanson #copyleft #creative-commons #creative_commons #creativecommons #culture #culture-libre #culture_libre #culturelibre #francophone #français #gnu #gnu-linux #gnulinux #gpl #informatique-musicale #informatique_musicale #informatiquemusicale #libre #libre-art #linux #linux-mao #linux_mao #linuxaudio #linuxmao #logiciel-libre #logiciel_libre #logiciellibre #mao #mao-linux #mao_linux #maolinux #musicien #musiciens #musique #musique-libre #musique_libre #numerique #productionmusicale

Avec le retour des beaux jours, rien de tel qu’une petite sieste pour meubler paisiblement un début d’après-midi. C’est du moins ce que je pensais…

Mes yeux se ferment sur une page de lecture et me voici propulsé 3500 années en arrière.

A cette époque, le monde connu se représente sous l’aspect d’une galette ronde, percée en son centre d’un vertigineux cratère. Nous le nommons San-Treur et de vieilles peurs nous en tiennent éloignés.

Le peuple parmi lequel j’évolue, ce sont les Hif-Reqs, et nous nommons ceux des antipodes les Lof-Reqs.

Les deux peuples s’ignorent et seules deux tribus nomades, ici les Yiwis et, là-bas, leurs contraires les Yowos, maintiennent quelques échanges car, toutes deux intrépides, elles savent communiquer d’une face à l’autre de notre monde, via le San-Treur.

Nous sommes à l’aube d’une ère où, de croisements en métissages, de part et d’autre du monde connu, s’intègre une tribu peuplée par les Midf-Reqs, dont la population tend maintenant à l’égalité numérique.

Trois peuples, donc et quelques nomades, tous vivant en paix et en harmonie, selon les principes de leur antique philosophie : le Mhû-Ziq, dont les chants sont d’ailleurs parvenus jusqu’à nous.

Seule dissonance, un drôle de son. Mais … c’est quoi, ce bruit ? On dirait un…

Le téléphone !

Fin de la sieste.

Bonnes rêveries et bon mix !

canoodle@nerdpol.ch

Rant: wordpress & privacy - self hosted instances upload all content to their CDN servers i2.wp.com imho without consent and no possibility to delete?

correct if wrong but…

checkout this picture, just uploaded to this self-hosted wordpress instance recently:

it “suddenly” and without consent it also exists on this server i2.wp.com, the “cool” wordpress CDN, that is supposed to speed up loading time of a blog… well… not this blog eh?

https://i2.wp.com/dwaves.de/wp-content/uploads/2022/05/S21_Ultra_Sample_Test_Photo_RawTherapie_post_processed_20220525_sky.jpg

if the user would have wanted that, instead of going self-hosting, the user could have just spared all the hazzle and used wordpress.org.

so even when the author-user deletes that image from the user’s blog… (just tested) it will be still there on https://i2.wp.com/dwaves.de/wp-content/uploads/2022/05/S21_Ultra_Sample_Test_Photo_RawTherapie_post_processed_20220525_sky.jpg

“great” isn’t it? so much for “control over one’s data”.

“This is happening because you’re using Jetpack’s built-in Image CDN that relies on WordPress.com. If you like to disable that feature go to your Dashboard > Jetpack > Settings > Performance and toggle off the Enable site accelerator option under the Performance & speed section. You can read more about this feature here:

https://jetpack.com/support/site-accelerator/” (src)

no – this blog is NOT using jetpack site accelerator.

also the option described is not available on self hosted wordpress.

#wtf?

wordpress – a giant content “sucking up ur content and storing it forever” machine?

time for alternatives.

if the visitor Firefox -> F12 -> network checks where the parts of this blog are coming from, they are all coming from dwaves.de and not some wordpress CDN for “faster loading time”.

the only external content are the smileys: https://s.w.org/images/core/emoji/14.0.0/svg/1f61c.svg

(those evil smileys probably “report back” to wordpress… how much that article was visited… and they (probably) sell it again… to G*** and M$ and whoever is willing to pay for that data)

…ah there it is:

https://wordpress.org/about/privacy/

https://wordpress.org/about/privacy/

https://wordpress.org/about/privacy/

so this is how wordpress argues, that they have “legitimate interests” to store all pictures uploaded to self-hosted wordpress instances on: ipv4.de-cix.fra.de.as2635.automattic.com (80.81.193.69)

hosted by: https://www.northdata.de/de-CIX+Management+GmbH,+K%C3%B6ln/HRB+51135

associated with:

https://www.northdata.de/deutsche+medienakademie+GmbH,+K%C3%B6ln/HRB+57192

https://www.northdata.de/7P+Business+Solutions+GmbH,+K%C3%B6ln/HRB+65133

#linux #gnu #gnulinux #opensource #administration #sysops #wordpress #privacy #cdn #cms #web #www #html

Originally posted at: https://dwaves.de/2022/06/06/rant-wordpress-privacy-self-hosted-instances-upload-all-content-to-their-cdn-servers-i2-wp-com-imho-without-consent-and-no-possibility-to-delete/

canoodle@nerdpol.ch

so wordpress uploads all content to their CDN servers i2.wp.com - even when self hosted

correct if wrong but... checkout this picture, just uploaded to this self-hosted wordpress instance recently: it "suddenly" and without consent it also exists on this server i2.wp.com, the "cool" wordpress CDN, that is supposed to speed up loading time of a blog...[...]

#linux #gnu #gnulinux #opensource #administration #sysops #wordpress #privacy #cdn #cms #web #www #html

Originally posted at: https://dwaves.de/2022/06/06/so-wordpress-uploads-all-content-to-their-cdn-servers-i2-wp-com-even-when-self-hosted/