Skip to main content



So this "CVSS 9.9" "unauthenticated RCE vs all GNU/Linux systems (plus others)" thing...

- Does NOT affect all GNU/Linux systems.
- Is not CVSS 9.9. I put it at a 6.3

It also requires:
1) The victim system has no active firewall to block incoming connections.
2) A user on the victim system must print something to a printer that mysteriously appears on the system that has never been there before.

If these two things happen, then command execution can happen as the "lp" user.

<yawn>

We get it. You found a vulnerability.
Lying about it to try to stir up interest in it is not appreciated by anybody who takes themselves seriously in this industry.

CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 have been assigned.

evilsocket.net/2024/09/26/Atta…



Passive income? I've seen today's rich. More like passive/aggressive income.


Github is telling me that because of my role in “the software supply chain” I am no longer allowed to disable 2FA on my account

and quite frankly there’s nothing else you could have said that would have given me a greater desire to remove 2FA from my GitHub account

Unknown parent

Matthew Lyon

the site basically enlisted everyone who used it into helping it become critical societal infrastructure, in the same way that Amber Alerts now include t.co links to x dot com accounts that require you to be signed in in order to read

and it was us who helped it get there, simply by participating

This entry was edited (1 month ago)
Unknown parent

Glyph

I have so much to quibble with here, but I just have to endorse your key insight that IT IS NOT A SUPPLY CHAIN and the "supply chain" verbiage and assumptions are corrosive and they chafe a little more every time I hear them.

However, you *should* turn on 2FA on Github (and everywhere else) because of the position of social and infrastructural trust that your packages place you into. I really want better language to describe this role that isn't "supply chain" based, but I don't have it



My All Systems Go talk, "busd: There is a new D-Bus broker in town" is going live in less than an hour.

cfp.all-systems-go.io/all-syst…

Live stream: streaming.media.ccc.de/asg2024



I wrote a benchmark of game engine performance primarily geared towards the types of 2D games that are popular these days.

Here are the results for Flutter, Flame, Unity and Godot. It's a long read with many caveats, so buckle up.

Here:
filiph.net/text/benchmarking-f…

#Flutter #gamedev



On elementary OS you can download #Flatpak apps from alt stores like @flathub or directly from developers like @1password while still getting automatic updates and with app sandboxing that helps keep you safe. And you can install them with just a couple mouse clicks, no Terminal, developer mode, or workarounds required 🎉
This entry was edited (1 month ago)


New app listing: Mirror Hall

Use Linux devices as virtual displays in a peer-to-peer fashion

linuxphoneapps.org/apps/eu.nok…



The National Weather Service is warning that flooding in Western North Carolina will be "one of the most significant weather events to happen ... in the modern era" and that it is comparable to the flood of record, which hit in 1916.

#NCwx #weather #hurricane #Helene



People on StackOverflow telling people to screw up #accessibility with the HTML dialog element defeats the purpose of using that element in the first place IMO. Please upvote my answer that corrects the numerous wrong answers, including the accepted answer, to this question if you have an SO account.

stackoverflow.com/a/79028606/2…

#webDev #a11y #html #css #javaScript



Order free at-home COVID-19 tests for Blind and Low Vision Users | ACL Administration for Community Living acl.gov/accessibletests acl.gov/accessibletests


Reminder that the original Metatext third party app is no longer being maintained, as its lead developer had to step back due to health issues.

However, there is a new version of Metatext run by different people called Feditext which is currently in public beta testing. You can follow the official Feditext account at:

➡️ @Feditext

If you would like to join the public beta testing, it's on Apple TestFlight. There are more instructions here:

➡️ mastodon.social/@Feditext/1128…

#FediTips #Mastodon #iOS

reshared this



Order Free At-Home COVID-19 Tests That Are More Accessible for People Who Are Blind/Low Vision or Who Have Low Dexterity
special.usps.com/testkits/acce…


Sutherland said the threshold for informing Canadians was deliberately set very high because of the risk that such an alert could disrupt an election.


[speechlessly confused/exasperated Mal.gif]

cbc.ca/news/politics/foreign-i…





Kamarádi, jste úžasní. Strašně moc jste nakopli předprodej Syndikátu, knihy, u které vám nemůžeme říct, o čem je. Ale je skvělá. Je o budoucnosti. Blízké. A trochu detektivka. Trochu akční thriller. A trochu o lásce. Jinak by to nešlo.
Knihy z předprodeje jsou, samozřejmě, se slevou a podpisem. Když budete knihu číst mezi prvními, bude to rozhodně nejlepší. knihydobrovsky.cz/kniha/syndik…


"Britain's racist immigration laws led to wrongful deportations of Black people, report says"
reuters.com/world/uk/britains-…


🔴🇲🇽 COMUNICADO | La Casa Real no puede ser un obstáculo para mejorar las relaciones con México y apuesta por retomar el diálogo y el entendimiento.

España tiene la obligación de hacer autocrítica y reconocer los horrores y errores de la colonización.

🧵



The least competent people on earth are burning all the resources they can get their hands on to maintain the illusion that this system is not completely on fire and collapsing.

There are a narrow set of cases where LLMs do provide value, and somehow "leaders" everywhere have decided instead to invest in the use cases where they are indistinguishable from magic.

Can someone please invent a new snake oil to sell these fucking people that doesn't require the power of a small nation?

This entry was edited (1 month ago)


Recordatorio periódico de que si alguna vez te tuviste que comer la tontera de que la música que escuchabas "no era música, era ruido", no le hagas lo mismo a la música que ahora escucha otra gente. Por más que no te guste, que está perfecto.
in reply to Adriano

en este caso no conozco ninguna canción que no haga apología de ese modo de vida. Yo sé que es un tema presente en la vida cotidiana (vivo en México hace 12 años) pero de todos modos me molesta el género en general y no por razones artísticas 🤷‍♀️


Das Paradies

<Happy Dickenhobelix Noises>

This entry was edited (1 month ago)
in reply to Dickenhobelix

Was es nicht alles gibt in Berlin! (Sieht sehr cool aus, hatte ich bisher nicht auf dem Schirm!)


Ok, so reading people who have cats they sound like a mixture between the devil incarnate and the spirit of contradiction.

Why do people even like them?

in reply to modulux

they're small and soft and warm, they love you and need you, and it's so easy to make them happy with treats or toys. It all adds up to making them ridiculously good at lighting up our parental reward circuits. They even have voices and faces like babies.

And cats mostly warn you before biting or scratching. That's why people joke that cats insist on consent. One of my friends who does kink education says that reading cats' non-verbal signals is really good practice for doms.

in reply to Yingtai

I'll admit the sounds can be quite cute, both the purring and meowing thing. The hissing... not so much. :)

Good catch with the consent issue though, you're the second person on my replies that highlights that side of it and it had never come to my mind.



I don’t usually post much about work but we’re hiring a “junior to mid level” (2–3 years experience) Rails/fullstack developer (hybrid/London) unboxed.co/culture/join-us/ful… — deadline tomorrow, 27 Sep (or ASAP afterwards). We’re nice, I promise! Feel free to ask me if you want more details #GetFediHired #ruby #rails #rubyonrails


Congrats to the great people at #OmniGroup making great productivity apps for #Apple platforms. Their accessibility with #VoiceOver is outstanding. The operation is more convenient than the built-in reminders app.


Switch your file share access from Amazon FSx File Gateway to Amazon FSx for Windows File Server
aws.amazon.com/blogs/storage/s… #aws #blog
#blog #aws


Samsung unveils the $649+ Galaxy S24 FE, a "Fan Edition" value-focused version of the S24 with a 6.7" display, Exynos 2400e, and 8GB of RAM, in five colors (Ben Schoon/9to5Google)

9to5google.com/2024/09/26/sams…
techmeme.com/240926/p26#a24092…



Remember way back at the start of 2024 how everyone was so gaga for the Rabbit R1 and Humane AI pin. Well Karma is a bitch build a device with zero accessibility and the blind community gets to laugh its ass off when these products are having more people return them then actually use them! theverge.com/2024/9/25/2425425…


Philosophy and mental health are deeply interconnected. The practical wisdom derived from philosophical reflection offers valuable insights and tools for navigating life's challenges. By integrating philosophical concepts into counseling, individuals can gain a deeper understanding of themselves and their experiences, fostering greater mental well-being.

#Philosophy #MentalHealth

psychologytoday.com/intl/blog/…



Thunderbird users: I don't know when this started, but you can now re-order your mailbox columns without the need of an NVDA add-on or annoying process. From the messages list, shift-tab, then arrow to a column header. Use alt-left or alt-right to move it. I just swapped subject and from, so the subject is spoken first. Then tab once to your messages list and enjoy the new reading order.

reshared this



Oktoberfest – Wiesnwahnsinn hautnah!
Wir blicken eine Woche lang hinter die Kulissen des größten Volksfests der Welt. Eine Doku-Serie zeigt das Fest und seine vielen Helfer in fünf Teilen.
Habt ihr das Oktoberfest schon einmal besucht und richtig mitgefeiert? Wie sind eure Erinnerungen?
zdf.de/dokumentation/oktoberfe…


Nightmare.
Today's nap nightmare: diving in the pool, then drowning.
in reply to modulux

Nightmare.

Sensitive content



Je čtvrtek. Bylo půl čtvrté. Vyhlašuji víkend pro všechny zaměstnance zaměstnavatelů, kteří mají pokrokové myšlení! @archos
in reply to Robin Bedrunka 🐞

Ti řeknu, nevím co si to dovolují. Už jsem jim říkal, že peněz mám dost, nepotřebuji jich víc a když chci volno za přesčas, tak se kroutí. 😀


Aight, listen up y'all.
Here are 5 reasons why you should sponsor me ⬇️

1. I maintain your favorite CLI tools for Arch Linux btw (~500)
2. I write useful blogs, craft interesting posts & promote projects
3. Maintainer of @ratatui_rs
4. Creator of @git_cliff, binsider.dev & more
5. All my work is open source and streamed on YouTube
6. Not convinced? I make music too!

💖 GitHub Sponsors: github.com/sponsors/orhun

#rustlang #ratatui #opensource #sponsorship



It's Xfinity working on the internet kinda day, creating outages in the process. Switched to Verizon hotspot and noticed right away how my GMail Inbox took twice the time to load, Slack threads don't pop up as quickly as they used to, and I don't see this reliable for downloading fresh internal repos that are large, only conducive to working on lightweight Google Docs and maybe downloading videos from G-drive made by colleagues, that type of thing.


***** Controlling AI scraping *****

Cloudflare's plan to give its users ways to block and/or monetize AI scraping is interesting, but of course there are ethical and other reasons to avoid using Cloudflare, since they continue to support some of the most disreputable sites on the Net.

This does however suggest the concept of an open source mechanism to provide the same sorts of features broadly (e.g., in conjunction with Apache servers) to any sites, anywhere. This could be paired with a system to keep sites updated about discovered source IP addresses of AI scrapers that are not adhering to robots.txt directives. Sidenote: #Google announced an effort to expand robots.txt to better deal with AI scraping issues, a concept I had already earlier suggested. I signed up for this, but never heard another word about it since the earliest days.

Time to get serious about controlling AI scraping.

This entry was edited (1 month ago)


I miss the days when Mac OS used to be at least a little tiny bit usable.
in reply to Mason

What did they break now? I haven’t upgraded and don’t plan on it


Today, I'll sign an Executive Order to crack down on emerging firearm threats like unserialized, 3D-printed guns and machine gun conversion devices.

It'll also direct my Cabinet to help improve school-based active shooter drills.

It's our job to do better.



@Tutanota
Hey I have been reaching out all week on support mail, however I keep getting blocked on IP address from using my paid subscription. This is basically screwing me out of work. I am NOT doint anything untowards, not generating a lot of traffic. Please make sure someone gets in touch ASAP to stop this shit.
@Tuta
in reply to Martijn de Vrieze - TK69241

Hi Martin! Apologies for the inconvenience. We will private message you to assist further.


@Tutanota for some reason, i'm getting (ios) notifications for a calendar i deleted. is this a known bug and/or anything to try to fix it?
@Tuta
in reply to vvampa⁂

Hi there! Please delete your stored credentials from the Tuta App and the log in again :) To do so, please make sure that you're logged out and then click on "Remove Account" > Then click on "Delete" next to your address. After this you can log back in.


Myslíte, že by problémy českých Pirátů řešila větší uzavřenost diskuzního fóra širší veřejnost a médiím?

@ankety @Pirati @keddie

#pirati #anketa #ankety #politika

  • Jsem člen Pirátů - ano (0%, 0 votes)
  • Jsem člen Pirátů - ne (5%, 1 vote)
  • Jsem volič Pirátů - ano (26%, 5 votes)
  • Jsem volič Pirátů - ne (21%, 4 votes)
  • Nečlen a nevolič - ano (10%, 2 votes)
  • Nečlen a nevolič - ne (26%, 5 votes)
  • Nevím nebo nepovím (10%, 2 votes)
19 voters. Poll end: 1 month ago

in reply to SuspiciousDuck

@SuspiciousDuck ano, a co přesně hodlá provést strašného, pokud se dostane k moci? Což se nedostane, protože prudí Čechům do jejich chlastu... a to se odpouští ještě míň, než "komunismus" :-)

@ankety @Pirati @keddie