## Summary:
During a comprehensive security audit of the cURL codebase, multiple instances of unsafe strcpy() function usage were identified in critical code paths. These implementations violate...
Related, your examples are fodder for my explanations within friends & family on why “AI” isn’t a good idea to use if you don’t know what you’re doing.
@tinylittleenormous no, that would be giving in to stupid and I don't approve of that. Plus the fact of course the detail that if this is "insecure" then what *is* secure?
As it might happen with many other of these "reports", surely he's just running a script against all the code that he can find and then file bug reports in order to get a bounty and the problem is that other enities prefer to pay instead of stand up and tell them to go away hackerone.com/anony_gaku?type=…
My take is possibly too long for social media but let me try. Platforms like h1 allow researchers to streamline supporting. This allows reporters to scale their low hanging fruits findings across many, many targets. They can tolerate their low probability of success through scale. The cost is almost exclusively on the receiving end. 1/n
I like how the LLM included steps for running apt-get update and cloning the git repo on a bug report, the maintainers definitely didn't know how to do that. Also isn't apt-get deprecated now?
Customer runs some security tools. Comes up with hundreds of "vulnerabilities". They aren't interested in your proof that the code path they're worried about can never actually occur, all they care about is clean output from their tools. Which they've been sold by a "security consultant" and quite likely don't understand.
the volumous, unnecessary in-line comments tell me right off the hop this was ai copypasted nonsense. when i use gpt for example, it will straight up slam in inline comments IMMEDIATELY after i tell it not to.
Citing concerns about DEI, the U.S. Department of Education has halted funding for programs that support students with combined hearing and vision loss in eight states.
“How low can you go?” one advocate asked.
Want to play your PC audio on your Android phone, or the other way around? Want to use your Android phone as a microphone for your PC? Check out AudioRelay. It's pretty darn cool! audiorelay.net/
Do they have a certain dress code? My grandfather went to the nobel prize in sweden once and he told me he had to get a custom suit tailored just to attend
ChatGPT leaked private Gmail data to attackers by Friday. 🤦♂️
Because #promptinjection is not a problem these "PhD level" AI assistants have solved.
Look at that calendar invite. That text is all it took for taking over someone's #ChatGPT connected data. Allowing the attacker to use the same #MCP enabled tools that are supposed to make AI useful at work.
It really is as stupid as @davidgerard keeps telling in Pivot to AI.
@patrick_h_lauke I think Elon musk gets on drugs and spews all this nonsense because he can. If he doesn't even know how many years it is to the next election, that tells you something about how much he really cares about he says. Gosh, why doesn't he just shut up and take care of his failing businesses? :)
I finally have a #pixel10pro. Now it's going in the drawer, and I'll be rooting for the #GrapheneOS developers to finish support for it as soon as possible.
@decathorpe finally because I couldn't wait to check out the hardware, but I never planned to use it before I can get GrapheneOS on it. The main reason why I got it now is that there $250 cashback only until the end of the month. Waiting for GOS would only make the phone more expensive.
@andrew773 yes, I already have a Pixel 6a with it. It's a good entry phone for GrapheneOS because you can get it for ~€120 and it still has 2 years of support. A good way to try GOS out without spending a lot of money.
Nice one! Will probably buy one too when Pixel 11 will come out (I'm buying older Pixels when the new ones come out as there are usually good deals on them). Tbh, I'm interested in the desktop mode a lot - it seems it's really close to the official release now - and Pixel 10 may be a good device to run a Linux VM smoothly enough to be useful in the desktop mode.
@kayla I was thinking about getting Pixel 9 because 10 isn't a major upgrade and I wouldn't have to wait for GOS, but at the moment with the cashback 10 is for the price of 9.
Ano, problémový toot jsem už ráno smazal a uživatele kontaktoval. Snažíme se věci řešit co nejrychleji, ale ne každý sedí u počítače nonstop. Jen upozorňuju na tohle chování – místo aby proběhla komunikace, hned se sahá po #fediblock celé instance.
@schmaker Ano, někteří to tak prezentují. Můj postup je: první přestupek = varování a smazání příspěvku. Mazat účet hned po prvním průšvihu nechci – pokud by se problém opakoval, pak už ano.
@schmaker Vážně řešíte někoho, kdo provozuje cosi s názvem “pizza.enby.city”? Kolik to má lidí? Tři? A tbh přijde mi ten toot na hraně, ale asi ne přes čáru.
@Unreed Ten maník z pizza.enby.city mi je úplně u zadele. Jde o to, že podobně „chytrého“ může napadnout udělat seznam blokovaných instancí, vytáhne je z hashtagu #fediblock a pak se to tu začne šířit.
Ostatně podobné seznamy už kolovaly při migraci z Twitteru a některé CZ instance je tehdy také importovaly. @schmaker
@schmaker Takže na vycukání adminů stačí chodit a hulákat jeden hashtag? Ten seznam bude úplná blbost. Co když začnu používat fediblock na svoje skříplý pravý rameno?
myslim to roztleskávání fediblocku. u autora příspěvku se pořád nemůžu rozhodnout, jestli bydlí někde Neštěmkách u Mojžíře, nebo jestli to odkoukal u alt-right kolegů z Xka
jo me kdysi přišlo hlášení ze “overtly racist”. Přišlo na me. Za příspěvek kdy jsem řekl ze za mlada jsem mel za sousedy cigany a půlka z nich byli nepřizpůsobivý průseráři a druhá půlka naprosto v poho 🤷♂️ tak snad zas něco nepřijde když to tu opakuju
jo, tohle přehnaný blokování je zvláštní. Na takové instanci bych nechtěl být. Takhle mě dlouho blokoval mastodon.art za to, že provozuju fedisearch. Vůbec nebyla možnost se bránit, prostě ke mě doputoval příspěvek typu "tenhle týpek indexuje posty na fedi a není jak se opt-outnout, zablokovat" a bylo hotovo. Nikomu nevadilo že to není pravda. Neindexují se posty, ale accounty. A opt out způsoby mám asi 3. 🤷
I posted about adding pthread_cancel use in curl about three weeks ago, we released this in curl 8.16.0 and it blew up right in our faces. Now, with #18540 we are ripping it out again.
I think it's reasonable to declare that pthread_cancel() is effectively broken for any nontrivial use on contemporary OSes and it is unlikely to be fixed any time soon.
(I suspect it would actually be easier to cajole libc maintainers into adding an async friendly version of GAI() than to make GAI() cancellation safe.)
If you want a cancellable thing from which you can make blocking calls, the only near-universal option is subprocesses. Unfortunately there are reasons why in some ecosystems it is impolite for a library to start a subprocess.
📣 Sei #A11y und unterstütze den Zugang zum !@metalab für Menschen mit Sehbehinderung oder Blindheit! Komm zum Do-It-Blind (DIB) Treffen 🛠️ am Montag, 15. September, Treffpunkt Ring-Passage, U3-Station Volkstheater um 16:00; Ende 20:00 metalab.at/calendar/event/8152… #make #blind #inklusion
It’s hard to communicate sometimes just how legacy and niche the concept of a desktop workstation has become. The idea of sitting down at a dedicated space to do computer things is outdated. If we—desktop Linux I mean—are building solely for that experience we’ll die out. If you’re not building towards notebook, tablet, and mobile workflows you’re building for the past cyberplace.social/@GossiTheDog…
Kids nowadays get Chromebooks at college, MacBooks for uni, use Android or iOS on their phones and game on PlayStation 5 and Switch.
Windows is this legacy thing forced on them by old people in business.
fediblock for racism and slurs - mastodon.arch-linux.cz
Sensitive content
fediblock of mastodon.arch-linux.cz. Providing a screenshot so you don't have to visit the instance, and even if it's deleted later, we retain evidence. The issue was this sort of thing has been reported up to the instance admin and they have not done their proper job moderating.
fediblock for racism and slurs - mastodon.arch-linux.cz
Sensitive content
Yes, I am aware of the report and the user has already been contacted. It’s not always possible to respond immediately – not everyone can just sit down at the computer right away. Some of the reports were handled in the morning, and I will finish the rest after returning home.
I take moderation seriously, but running the instance is a volunteer activity that I do in my free time. If any further issues come up, please feel free to reach out – I always review reports as soon as I can.
I don’t understand why you immediately issue a fediblock. Is it really the case that if something isn’t resolved within five minutes, the whole instance gets blocked? I honestly don’t get it.
In world political news that went under the radar over the past few days: the government of #Nepal has been overthrown by youths following a governmental move to block social media, and accusations of corruption.
A new PM was elected over #Discord, and has been accepted by the military. They aim to hold elections within 6 months.
I repeat:
THEY ELECTED A NEW GOVERNMENT
OVER
DISCORD.
And no second ammendment was needed to rise up against against tyranny.
@adam You might be interested to know that I completely replaced the Bell Gigahub modem without any issues this morning. The process is perfectly accessible, other than needing someone to read the ONT ID off the back of your bell modem. You need a router or switch with an SFP+ port. You also need a fan or other active cooling for the fiber module; they run at about 90 degrees. Then I purchased my x-onu-sfpp from fibermall. Once you have these things, you can use these instructions: pon.wiki/guides/masquerade-as-the-bce-inc-giga-hub-with-the-was-110/#purchase-a-was-110-or-x-onu-sfpp
Cool stuff. Glad you're off that garbage modem. You should notice a huge increase in connection stability. I have two WAS-110 SFP+ modules, so when i upgrade the 8311 firmware, I just pull the fiber, plug it into the second one, connection comes right back up, then I do the firmware upgrade, and then swap the fiber back when its done.
Seems to have slowed down, star its GitHub repo for updates. github.com/djGrrr/8311-was-110… Although I'm not sure if that is what's running on your device. But its the custom firmware I'm running.
I’m running whatever FIBERMALL put on it. It claims to be 8311 community firmware. And its web updater says it’s up to date with the latest release from 2024.
Oh yeah, they really do get warm. The chassis is the heatsink, essentially. Some have come up with air cooling solutions, but mine have run without fail for years without active cooling. As for benefits over PPPoE passthrough, you'll probably notice a bit of a reduction in latency, perhaps 1 MS better. Minor, but a perk. Certainly the fact that you're in control of everything up to the fiber connector, you can choose when firmware updaes happen, and not Bell. No more modem reboots over night, and even randomly during the day. Oh yeah, and no more incidents of pushing bad configs to a million modems causing them to be down for 8 plus hours, LOL. I was enjoying the net all through that incident. Also, may be a good reason to revisit some VLAN snooping to see if IPv6 can be found anywhere.
I got myself a heatsync I'm gonna stick on there with a thermal pad, and a little five volt fan, as I happened to have a USB plug nearbye to run it. I'm kinda worried about the heat from the PFS port causing the switch to throddle itself.
Sorry to barge in like this, but I've been considering bypassing my AT&T gateway for a while. It would require a different module than the WAS110 since I'm only on gpon, but I'm a little scared to unplug the fiber cable. How do you do it properly? It feels extremely fragile.
No worries. Glad to do my best attempt at describing the process. To be specific, I am describing attaching and detaching an SC-APC connector on the end of an ISP-provided singlemode 125NM fiber line. So you will note that the connector is square, and if you feel along the sides of the square that naturally face your fingers as you grip the connector, you will feel narrow slits, that should feel like they're for finger usage to loosen or unlock the connector. And this is what happens. You squeeze these tabs inward, and the lock is released. You then pull very gently, very slowly, and very straight with your entire hand, and the connector should slide off the SFP+ module, or out of the modem. The modem will likely be a bit trickier in handling, and may require some effort to unplug the connector. Do your best in gaging if you think you're overdoing something, but at the same time, the modem connector may be stubborn. Most of all, always pull or push connectors straight. Also, never, under any circumstances that you can control, touch or point the end of the fiber connector at your face or any one elses. Touch should be absolutely limited to necessities, or purposefully destroying a connector. To plug the connector back in, ensure it is aligned with the square receptical, and push gently. If aligned, it will slide a short distance, then lock into place with a bump and a slight click. Hope this helps some.
No worries! If I wanted it to be private, I’d have sent a dm. What Adam says aligns with my experience. The plug on the modem was extremely stubborn; I had to tug on it harder than I like pulling on any connector, and I had nearly resigned myself to giving up before it finally came out. Even then I was scared I had broken it. As for touching the connector, I was cowardly and had the rubber cover in my hand and ready to go. I put the cover on until I was ready to plug it into the new module.
In einem Deiner Error-Logs sollte was zu finden sein. Schaue mal in das Error-Log des PHP-Prozesses oder des Webservers. Alternativ kannst Du schauen, ob Du Einträge mit "ERROR" im Friendica-Log findest.
Abhängig von Deiner Installation wirst Du an einer dieser Stellen fündig werden.
Das kommt bei mir auch ab und zu vor, vor allem wenn ich lange nicht online war. Beim zweiten oder dritten Aufruf des Profils funktioniert es dann wieder, daher vermute ich etwas mit Timeout und stückweise nachgeladene Beiträge nach langer Abwesenheit.
#serviceToot one of the mirrors at #IzzyOnDroid had a power outage, and is currently in recovery (file system repair) – the USV didn't like to be triggered 3 times in a row 🙈). Good thing there are multiple mirrors, so you shouldn't even notice it – unless you pinned your client to our US mirror…
You can watch the state at our monitor, and thus see when the mirror recovered:
Welcome to the official IzzyOnDroid Status Page.
This page contains an overview of the status of various IzzyOnDroid services and the official mirrors.
I
@Bodo Danke Bodo! Den meisten Stress damit hatte Andrew, der die Server in den US betreut. Und ja, Murphy hat natürlich zur passenden Unzeit (Dinnertime) zugeschlagen. Wir hoffen jetzt, die letzten Rätsel bzgl. unseres Buildservers noch zu lösen – und auch das bleibt leider wieder größtenteils an Andrew hängen, wir können von hier aus nur mit "SchauMalObsJetztGeht" helfen, da wir den Server derzeit nicht erreichen können, obwohl er fein läuft… Verrücktes IT Zeugs das…
Danke dir für den kurzen Einblick! Dann erweitere ich meine Wünsche für einen entspannten und erholsamen, sonnigen Sonntag für Andrew gleich mit. 😉
Wie so vieles im Leben, weiß man gewisse Dinge erst zu schätzen, wenn sie nicht mehr rund laufen. Toi, toi, toi, dass quasi "im Schlaf" des Rätsels Lösung dich/euch finden wird! ✨
I can’t believe how easy it is to switch to @Tutanota and its excellent apps. I’ve been frustrated by how most alternatives to Apple Mail and Apple Calendar fall short. But Tuta Mail and Calendar work so well — including with my own domains. ⭐️⭐️⭐️⭐️⭐️ #email #calendar #ios #macos #apple #EUAlternatives
Snap! I switched to Tuta mail and calendar too (as an end-user, moving from Microsoft) and was pleasantly surprised by how easy it was. And I love the simplicity of it. And the glorious absence of noise and interruptions. And unexpected bonus: five months later, I have yet to receive a single spam or phishing mail.
Tuta mail was such a breath of fresh digital air after Big Tech that I only tried it for a week before signing up to be a Revolutionary. Am now awaiting and looking forward to Tuta Drive.
Více informací o kole 👉 https://www.cyklopoint.cz/merida-scultura-endurance-8000-white-black-_d80108.html🛒 TRAIL HUNTER SHOP: https://shop.trailhunter.cz/ ...
Líbí se mi věta "jet 30-40 na cyklostezce kde jsou rodiny s dětmi a bruslaři by byla bezohlednost" ... Tesat do kamene, bohužel 90% cyklistů to má naopak, ostatní jim překáží....
@jackc Já mám rád jeho videa, navíc zrovna s tím, že dost cyklistů jezdí po cyklostezce 40 km v hodině je pravda a je jim jedno, že za zatáčkou může být děcko na bruslích.
@janantos Já mám silničku, já už bych taky neměnil. Sice přemýšlím, že ještě koupím horský kolo, ale silnička bude hlavní. Jen se mi ty jeho videa líbí.
Proton Mail suspended the account of a journalist writing for the hacker zine Phrack at the request of a cybersecurity agency, only reinstating the account after public outcry theintercept.com/2025/09/12/pr…
@wonkothesane Any option is better. ProtonMail dude is fash, can't be trusted to protect users. Mail is not e2ee and there are no technical measures that can prevent them from betraying you, only trust.
Martyrs are used by messianic movements to sanctify violence. To show any mercy or understanding toward the enemy is to betray the martyr and the cause the m...
![due to circumstances
beyond my control
i am awake
[Photo of a tiny white bunny in bed laying on a pillow]](https://fedi.ml/photo/preview/640/704542 "due to circumstances
beyond my control
i am awake
[Photo of a tiny white bunny in bed laying on a pillow]")
))
Gregory
in reply to daniel:// stenberg:// • • •Götz Hoffart
in reply to daniel:// stenberg:// • • •🫂
Related, your examples are fodder for my explanations within friends & family on why “AI” isn’t a good idea to use if you don’t know what you’re doing.
Étienne Parmentier
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Étienne Parmentier • • •Alfonso Martínez de Lizarrondo
in reply to daniel:// stenberg:// • • •hackerone.com/anony_gaku?type=…
HackerOne profile - anony_gaku
HackerOneFrederik Braun �
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Frederik Braun � • • •Frederik Braun �
in reply to daniel:// stenberg:// • • •Kirils Solovjovs
in reply to daniel:// stenberg:// • • •Aljoscha Rittner (beandev)
in reply to daniel:// stenberg:// • • •Graeme 🏴
in reply to daniel:// stenberg:// • • •Richard Levitte
in reply to daniel:// stenberg:// • • •young man yells at the cloud
in reply to daniel:// stenberg:// • • •Tim Ward ⭐🇪🇺🔶 #FBPE
in reply to daniel:// stenberg:// • • •Trouble is, it's like that in the real world.
Customer runs some security tools. Comes up with hundreds of "vulnerabilities". They aren't interested in your proof that the code path they're worried about can never actually occur, all they care about is clean output from their tools. Which they've been sold by a "security consultant" and quite likely don't understand.
Numerfolt
in reply to daniel:// stenberg:// • • •Bygone12
in reply to daniel:// stenberg:// • • •Bredroll
in reply to daniel:// stenberg:// • • •Viss
in reply to daniel:// stenberg:// • • •Billy O'Neal
in reply to daniel:// stenberg:// • • •