Over the weekend, a family member could not log into their laptop any longer. Turned out to be “a problem with Teams” that required an unscheduled update which was marked as optional. Needless to say that they never used Teams on that machine.
When the login worked partially, their files weren’t accessible because they accidentally saved it on OneDrive which now defaults to storing online only. And OneDrive was also affected by the Teams bug.
Spent a good part of the day cursing in the direction of Redmond.
This happened on my work machine. One day I noticed tons of important files had been deleted without my permission after being migrated to OneDrive online only. At no point did I authorize anything like this and it took some time to copy them all back and disable everything I could access related to this.
Utter insanity that this can happen in a major OS. I switched to Linux for personal use years ago and have only gotten more grateful for that decision over time. My head would explode if a Linux distro tried any number of things that Windows regularly does to abuse their users, it's unfathomable.
Since forever, I've been pretty stubborn with managing my tech/digital stuff myself, even if it's kind of a pain, and this kind of shit reinforces that belief. Other entities, especially big companies, cannot be trusted with your tech. The best place for my hardware is in my house; software, in my own git repo; data, in plain files on my hard drives. The fewer hands that touch it, the better. Just let me have it my own way, please.
All they (all big tech companies) have been doing for the past decades has been mining data for ads. Yet, they still are pretty much stuck on the same level:
- I search for and buy something, they keep showing me ads for the thing I don't need anymore.
- I check out some random product, they all think if they just show me one more ad with that product, I will surely buy it.
While I am not immune to ads and they help with brand recognition, it can sometimes serve opposite purpose than intended.
- You started watching videos about farm equipment and how repairable it isn't. Now you get ads for farm supplies. You haven't been on a farm in 25 years.
The problem is that on a fresh system with a free MS account, OneDrive shows up as the first choice as “$User - Personal files”. No notice that this actually only stores it online and offers only a fraction of the 1TB local drive.
Truly deceptive and my mistake for not noticing when I helped to set up that laptop.
Don't feel bad.
Even if you noticed,
It is likely that during the next "security" update, one drive would be re-enabled, as the default - and possibly everything moved there.
This sounds exciting and it seems to be enabled on my Windows installation (checked with their tool).
But where do I go from here? Is there something usable for the end user (like the settings app they mention) or is it developers-only for now? How do I use it with my Ableton + external setup?
Interesting that for a paper by Don Knuth himself the PDF was created with dvips (TeX Live) but then switched to Acrobat Distiller, resulting in a rather low resolution (at least on my screen).
From the document properties:
> Creator: dvips(k) 2023.1 (TeX Live 2023)
> PDF Producer: Acrobat Distiller 25.0 (Macintosh)
The issue is not of low resolution exactly, but font format.
Knuth uses bitmap fonts, rather than vector fonts like everyone else. This is because his entire motivation for creating TeX and METAFONT was to not be reliant on the font technology of others, but to have full control over every dot on the page. METAFONT generates raster (bitmap) fonts. The [.tex] --TeX--> [.dvi] --dvips--> [.ps] --Distiller--> [.pdf] pipeline uses these fonts on the page. They look bad on screen because they're not accompanied by hinting for screens' low resolution (this could in principle be fixed!), but if you print them on paper (at typical resolution like 300/600 dpi, or higher of typesetters) they'll look fine.
Everyone else uses TrueType/OpenType (or Type 3: in any case, vector) fonts that only describe the shape and leave the rasterization up to the renderer (but with hinting for low resolutions like screens), which looks better on screen (and perfectly fine on paper too, but technically one doesn't have control over all the details of rasterization).
If somebody is MITMing a target person, they will respond positively to "update available?" calls from that person and then serve the tainted update. The article does not say what the frequency of auto update check is. Let's say one per day. If somebody is targeted it's one day away from RCE.
TLS doesn’t mask the IP of the server. The updater probably isn’t using DNS over HTTPS. If I can determine that a user’s updater just hit the update check server, I can start impersonating the update server.
That takes it out of the one day away territory, but it does allow an attacker to only have a malicious HTTP capture up and detectable during the actual attack window.
Then, of course, if you’re also being their DNS server you can send them to the wrong update check server in the first place. I wonder if the updater validates the certificate.
Yes. As you say it maps to a key sequence, not a scancode. Additionally, it maps as a rapid key-down sequence followed immediately by key-up, so it cannot be remapped to a modifier key, such as right control (which it often takes over from on laptops).
There are ways, which involve using a software trap to capture it and then emit right control for a set period of time, but that's a workaround rather than a real fix.
Excellent! I tried to use Claude on the Ableton file format about a year ago and it left me quite frustrated -- but now I have a new reason to look at this again.
Generally, it would be nice of Ableton to release an official documentation of their API.
I've been vibe-coding a diff tool[1] for Ableton Live project files in my spare time, though the project is still far from complete. It's meant to generate human-readable, meaningful summary text that shows the differences between two versions of a project file (.als). With this diff tool, I can then use Git to properly version-control Ableton Live project files.
So far I've completed roughly 70% of the Ableton Live project-file XML parsing, though some parts like Session View and the Groove Pool are not finished yet.
As for using Claude or other agents to parse Ableton Live's XML, my original plan was to build an automated workflow with ableton-mcp: have Claude use ableton-mcp to make edits in a blank project (for example, add an EQ8 or modify some automation), save the project file, then have Claude compare the modified project file with the original blank project and write the corresponding parsing code. But ableton-mcp still lacks many features[2], and the XML schema of .als files is inconsistent, so I ended up doing most of the review and verification manually.
> these appliances emitted a high number of UFPs. The worst offender was a pop-up toaster, which without any bread inside it, gave off around 1.73 trillion UFPs per minute.
If my math is correct, that toaster is shedding about 0.6 mm^3 per minute of its heating coils.
Over the weekend, a family member could not log into their laptop any longer. Turned out to be “a problem with Teams” that required an unscheduled update which was marked as optional. Needless to say that they never used Teams on that machine.
When the login worked partially, their files weren’t accessible because they accidentally saved it on OneDrive which now defaults to storing online only. And OneDrive was also affected by the Teams bug.
Spent a good part of the day cursing in the direction of Redmond.
reply