Das Risiko dabei, Nachrichten von Praktikanten schreiben zu lassen: Manchmal kommt solcher Stuß dabei heraus.

https://www.tagesschau.de/ausland/farout-103.html

Highlights:

• »Nie zuvor wurde ein Objekt gesehen, das so weit von der Erde entfernt liegt.«

  OK, wenn man es ganz genau nimmt, stimmt das. In exakt derselben Entfernung wie der von »Farout« gibt es vermutlich noch kein bekanntes Objekt, erst recht nicht, weil sich die Entferung ja ständig verändert und deshalb nur ein Punkt immer genausoweit entfernt ist.

  So ist der Satz aber natürlich nicht gemeint, und deshalb darf der Hinweis nicht fehlen, daß selbst in der »Artist’s Impression«, die den Artikel bebildert (und in der die Sonne viel zu groß dargestellt ist), schon mehrere Sterne im Hintergrund zu sehen sind. Die sind natürlich um einiges weiter weg.

• »Zur Messung empfehlen die Wissenschaftler die Astronomische Einheit (AU).«

  »Empfehlen« tun die garantiert gar nix, schon gar keine Einheiten. Und erst recht nicht die Einheit, die zur Angabe von Entfernungen innerhalb des Sonnensystems (und oberhalb von Mondumlaufbahnen) völlig üblich ist und keiner weiteren »Empfehlung« bedarf.

• »Ein AU entspricht etwa 150 Millionen Kilometern […]«

  Ich nehme an, das ist eine Tippfehler.

reg add HKCU\Software\Wacom\Analytics /v Analytics_On /t REG_SZ /d FALSE /f

Interessanterweise interessiert sich das Wacom Desktop Center beim Start sogar ausdrücklich dafür, ob procmon läuft. Sachen gibt’s …

Note to self:

When you cannot make installworld from NFS and have to use rsync to get the src and obj trees to the target, do not try to --exclude '*.o'. installworld really likes crt1.o and will be exceedingly unhappy if it is not there.

D’o!

I just spent a total of about two days bisecting the FreeBSD kernel to find the cause of a particular panic I’d been getting while booting on a Jetway NF9HG Mini-ITX mainboard.

Of course, -CURRENT being what is, some revisions between the branch point and releng/12.0 aren’t exactly amenable to compilation, and where they are, other bugs like to hide the behavior I’m looking for.

(Having to react to “fatal trap 12” with git bisect good is also somewhat unnatural, but that’s not what I was looking for, after all.)

Anyway, at some point during my travails, I became aware of a particular kernel tunable, introduced to prevent trouble with something called “EFI runtime services”. The name of the thing was efi.rt_disabled. I put it into loader.conf and happily kept bisecting. It even worked, preventing some crashes on kernels that had not previously booted.

Then things became confusing. The problem appeared to be fluctuating; rather than the “trap 12” on earlier revisions and the panic on later ones the two seemed intermixed somehow.

End of day 1.

On day 2, being the present day, I started over from the beginning, and the results made sense again. At first anyway. I had forgotten about the tunable, which turned out to have been a very good thing.

Five hours into bisecting, I had just arrived at the very last commit to test, the commit message reminded me, and I looked in UPDATING again to refresh my memory.

Then my eyes went wide … where did that dot come from … no, they didn’t … did they?

Yes, they did. Back in July, someone renamed the tunable, replacing the underscore with a second period; what had been efi.rt_disabled now became efi.rt.disabled. When I first found it in UPDATING I must have been on a commit before this change. Later on, I obviously had no reason to recheck the spelling.

Anyway, setting the correctly spelled tunable fixed the panic.

git bisect is the best binary-tree thing since Turduckenailailenailailduckenailailenailail.

When Knuth started on TeX, his motivation is reported to have been to improve math typesetting, because his earlier books were often mangled by typesetters/printers who did not understand the math and hence did not notice when they got it wrong.

Hence, the whole point of and reason for TeX is to produce good-looking math.

Why, then, is this still allowed to happen today?

Use \mathit{}, people!

Update: Then again, from the same paper:

ISWYDT.

According to the company, this is not a security issue. I reserve – and exercise – my right to disagree, but I’m not a security researcher.

They say that:

1. The global write permissions on the firmware files (they are firmware files) is

   • necessary to enable successful updates, and
   • not a problem because the PC software does not interpret them when feeding them to the reader, and the reader will reject manipulated files due to invalid signatures.

2. The registry permissions are necessary for interoperability between components on the same system.

Finally, they say their software and devices are getting tested not only by them, but also by the IT security people of the companies using the things, and if no one complains, everything must be fine.

Very well then; if they won’t fix their bugs, I can only do work around them in my own environment.

From the installation log of the driver for a REINER SCT smart card reader:

Executing Process <C:\Program Files (x86)\REINER SCT\cyberJack\subinacl.exe> with </subdirectories "C:\ProgramData\REINER SCT\*" /grant="S-1-1-0"=F>

Um. Come again? S-1-1-0 is Everyone.

C:\ProgramData\REINER SCT\cyberJack Base Components>icacls ctf_bdr.rsct
ctf_bdr.rsct Everyone:(F)
             NT AUTHORITY\SYSTEM:(I)(F)
             BUILTIN\Administrators:(I)(F)
             BUILTIN\Users:(I)(RX)

C:\ProgramData\REINER SCT\cyberJack Base Components>icacls .
. Everyone:(OI)(IO)(F)
  Everyone:(CI)(F)
  NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
  BUILTIN\Administrators:(I)(OI)(CI)(F)
  CREATOR OWNER:(I)(OI)(CI)(IO)(F)
  BUILTIN\Users:(I)(OI)(CI)(RX)
  BUILTIN\Users:(I)(CI)(WD,AD,WEA,WA)

The files are “transfer files” according to the (rather pointless) file type registration. They look encrypted. I suspect they are some kind of firmware.

Why would anyone in their right mind set a directory full of firmware for a smart card reader to be world writable?

The next line in the log file is this:

Executing Process <C:\Program Files (x86)\REINER SCT\cyberJack\subinacl.exe> with </keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Readers" /grant="S-1-5-19"=F>

NT AUTHORITY\LOCAL SERVICE. Probably also not a good idea; I think this is left from before there were virtual service accounts.

Time to ask the company.

• Weichenlaufkettensperrmelder

How to remove a systemwide installation of Fusion 360

"Fusion 360 Client Downloader.exe" --globalinstall -p uninstall