Pitermach reshared this.
It’s another silent, snowy December night within a secret digital den lit by shimmering code-lights and pixel-wreaths. Three infamous Android screenAmir Soleimani (Accessible Android)
Glenn Miller was the swing era's biggest star. Then, he vanished without a trace.apple.news
Important reminder, if you own a domain name and don't use it for sending email.
There is nothing to stop scammers from sending email claiming to be coming from your domain. And the older it gets, the more valuable it is for spoofing. It could eventually damage your domain's reputation and maybe get it blacklisted, unless you take the steps to notify email servers that any email received claiming to come from your domain should be trashed.
Just add these two TXT records to the DNS for your domain:
TXT v=spf1 -all
TXT v=DMARC1; p=reject;
The first says there is not a single SMTP server on earth authorized to send email on behalf of your domain. The second says that any email that says otherwise should be trashed.
If you do use your domain for sending email, be sure to add 3 records:
SPF record to indicate which SMTP server(s) are allowed to send your email.
DKIM records to add a digital signature to emails, allowing the receiving server to verify the sender and ensure message integrity.
DMARC record that tells the receiving email server how to handle email that fails either check.
You cannot stop scammers from sending email claiming to be from your domain, any more than you can prevent people from using your home address as a return address on a mailed letter. But, you can protect both your domain and intended scam victims by adding appropriate DNS records.
UPDATE: The spf and the dmarc records need to be appropriately named. The spf record should be named "@", and the dmarc record name should be "_dmarc".
Here's what I have for one domain.
One difference that I have is that I'm requesting that email providers email me a weekly aggregated report when they encounter a spoof. gmail and Microsoft send them, but most providers won't, but since most email goes to Gmail, it's enlightening when they come.
#cybersecurity #email #DomainSpoofing #EmailSecurity #phishing
CISA just took CVE-2024-11053 from 9.1 all the way down to 3.4!
github.com/cisagov/vulnrichmen…
A repo to conduct vulnerability enrichment. Contribute to cisagov/vulnrichment development by creating an account on GitHub.GitHub
@darakian I don't think it was good to do that thing in the first place. I think the ripple effects of that damage is still to come as news sites and databases will be slow to update.
Also, it was not a "mistake" they "discovered". It was done on purpose and we/I had to waste time and energy correcting it, for the sanity and safety of millions of curl users.
Rude and stupid it was.
@literalgrill paging @Seirdy
You were right bro
RE: sakurajima.moe/@literalgrill/1…
So Bluesky might have provided Jesse Singal with a user's information so that his lawyer could track them down and force them to issue an apology over things said on the platform? Yeah... Kill your bridges, get people over here if you can.Sakurajima (桜島)
Jieshuo screen reader comes in two versions: Jieshuo+ and Jieshuo Lite. The Lite version is sometimes referred to as the "International" version on the GitHubKareen Kiwan (Accessible Android)
With so many great pizza places, there's no need to grab a pie from one that is subpar. Keep an eye out for these signs to ensure you're at the right shop.Jay Wilson (The Daily Meal)
Automakers have been selling data about the driving behavior of millions of people to the insurance industry.
In the case of General Motors, affected drivers weren’t informed, and the tracking led insurance companies to charge some of them more for premiums.
I’m the reporter who broke the story.
I recently discovered that I’m among the drivers who was spied on.
nytimes.com/2024/04/23/technol…
This privacy reporter and her husband bought a Chevrolet Bolt in December. Two risk-profiling companies had been getting detailed data about their driving ever since.Kashmir Hill (The New York Times)
reshared this
Where do I send my invoice?
github.com/cisagov/vulnrichmen…
The security problem this describes is mostly a risk that a user can accidentally stumble upon this. It is VERY hard for an attacker to exploit. "vectorString": "CVSS:3.1/AV:L/AC:H/...GitHub
Provided to YouTube by IDLAInfinitely Light Years · Steven PageExcelsior℗ Fresh Baked Goods IncReleased on: 2022-09-30Producer: Steven PageLead Vocals: Steve...YouTube
#UploadFilter #ResponsibleEncryption - politicians today use euphemisms when they want to break encryption. 🤯
We must keep fighting for our right to privacy! 💪
Learn here why #backdoors to #encryption must never be allowed: tutanota.com/blog/posts/why-a-…
61% of all Tuta emails are sent e2e encrypted - a huge success for privacy. But the authorities want to weaken encryption. We must stop them!Tuta
FYI: CVE-2024-11053 is *not* a critical security flaw, even if now several security related sites repeat that statement.
This is as good as any reminder that you should read the #curl advisories for #curl issues rather than trusting the scaremongers.
curl.se/docs/CVE-2024-11053.ht…
(edit: I wrote an extra '1' in there at first)
daniel:// stenberg:// reshared this.
We added your clarification in vulnerability-lookup.
vulnerability.circl.lu/cve/CVE…
Now I'm wondering if we should not add the ability to propose the author and maintainer to counter any element from a vulnerability description.
@cedric what do you think of it? Not sure how this could be efficiently implemented.
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.vulnerability.circl.lu
I get why it’s important to have an independent severity rating for security flaws. Vendors are incentivized to downplay the severity. Does anybody think Adobe would have appropriately rated even *half* of the bugs in Flash?
But for the independent ratings to be useful, they need to have high quality with extreme consistency. We certainly don’t seem to be getting that.
Apparently #CISA has rated #curl #vulnerability #CVE_2024_11053 as #CVSS v3 Base Score 9.1 "critical". This is wrong, and will lead to automation triggering unnecessary warnings and blocking use of perfectly fine systems until an update is installed (which can take months). nvd.nist.gov/vuln/detail/CVE-2…
Edit: In case you wonder my credentials for judging this: I found this vulnerability.
Edit2: This appears to be originating from CISA: cve.org/Media/News/item/blog/2…
Edit3: The score has now been fixed. Commit: github.com/cisagov/vulnrichmen…
A repo to conduct vulnerability enrichment. Contribute to cisagov/vulnrichment development by creating an account on GitHub.GitHub
Opt-Out von der "dunkelgrünen Schrumpel-Bananen Software" schon vorgenommen?
Elektronische Patientenakte: Sorge vor Verlust von Zeit und Vertrauen
heise.de/meinung/E-Patientenak…
Die "E-Patientenakte für alle" soll ab 2025 durchstarten. Ärzte und Ärztinnen wie unsere Autorin befürchten hohe Aufwände und Vertrauensverlust ihrer Patienten.heise online
"Die "E-Patientenakte für alle" soll ab 2025 durchstarten. Ärzte und Ärztinnen wie unsere Autorin befürchten hohe Aufwände und Vertrauensverlust ihrer Patienten."
Dafür ist es imho doch längst zu spät. Wer nicht völlig verblendet ist, misstraut dem Kram doch eh schon seit längerem.
@Cyb3rrunn3r "Dem Kram" ja, dem Arzt (hoffentlich) noch nicht. Und das ist es, was die Autorin da befürchtet: Verlust des Vertrauensverhältnisses zwischen Arzt und Patient. Patienten haben keine Kontrolle darüber, welche Daten in der Akte landen und was damit passiert – und Ärzte wundern sich, wenn jemand etwas nicht in die Akte eingetragen wissen will…
Für diese Datengier ("aber die (datengetriebene) Wirtschaft!11!") setzt man das also auf's Spiel.
@MrMST wider Erwarten, teilweise ja. Ich bekam erst kürzlich Bescheid, dass dieses tolle Teil ab Januar für mich eingerichtet würde – ohne irgendwelche Aufklärung. Habe also meine Versicherung aufgeklärt. Das (per Fax) zugestellte Opt-Out hatten sie bereits in weniger als 24h eingetragen, auf die schriftliche Bestätigung warte aber nun ich seit 8 Tagen…
Opt-Out ist auf allen Kanälen möglich: Anruf (da hast Du aber nichts in der Hand), Fax, Mail, Web-Formular… Vorsorglich machen.
Does anyone in Berlin need a washing machine? 
It's a Siemens E 14-4M, and it's free if you can move it (4th floor, no elevator).
It needs to be gone by tomorrow afternoon
Microsoft just released a tool that lets you convert Office files to Markdown. Never thought I'd see the day.
Google also added Markdown export to Google Docs a few months ago.
github.com/microsoft/markitdow…
Python tool for converting files and office documents to Markdown. - microsoft/markitdownGitHub
I thought about this, and I think they only did it because there's no way to convert those files back to their original format, not without losing details.
This is probably intended for feeding your documents to an LLM to do RAG on them etc, but it can't be used to collaboratively work on files, which is where the real money for Office is.
A creepy Sora output of the streamer Pokimane shows that despite guardrails, the video generator is good at depicting real-life people.Noor Al-Sibai (Futurism)
Day 15 - #adventOfIOSAccessibility. Touch target sizes are recommended to be at least 44 x 44 points for better usability. Buttons in the navigation bar (especially when not using nav bar button items), dismiss buttons, and custom toolbars, are common examples that often fall below this size.
TIL, Pemerintah Indonesia selepas era orde baru tetap melarang penyebaran paham komunisme karena demokrasi negeri ini berkembang bersama dengan sistem oligarki dan kapitalisme. Karena itulah, ada upaya oleh orang-orang berpaham kapitalisme agar ajaran paham komunisme tidak dapat berkembang di negeri ini.
hukumonline.com/berita/a/kenap…
Catatan: Saya tidak condong atau bahkan mendukung penuh dari salah satu kedua ajaran itu yaa
Walaupun RKUHP membatasi kriminalisasi apabila dilakukan untuk kepentingan ilmu pengetahuan, tidak berarti setiap orang dengan leluasa mempelajarinya, apalagi mengembangkannya.Mulya Sarmono (PT Justika Siar Publika)
David Goldfield reshared this.
BeSTspeech T-T-S speech synthesizer speak window. Contribute to rommix0/BeSTspeak development by creating an account on GitHub.GitHub
Everybody knows Ubisoft's NFT games and NFT initiative crashed and burned and they had to stop talking about AI, but one other thing I'm noticing is every game with generative AI elements is absolutely slated by consumers - e.g. these are a sample of comments on the Catly trailer from The Game Awards across different channels.
It's exciting to see a new generation just outright reject this stuff.
David Goldfield reshared this.
have been debugging it for 3 hours now but don't think it'll go anywhere. When 2025.1 comes out and they return integers in the config values for the output device, this could be made a little easier (though I don't know if it will still translate the correct mapping into the MME device ID right), but at least it'll mean not needing to enumerate them based on string name. Right now it's a mess:
def enumerateWaveOutDevices():
devices = {}
count = waveOutGetNumDevs()
for i in range(count):
caps = WAVEOUTCAPS()
res = waveOutGetDevCapsW(i, byref(caps), ctypes.sizeof(caps))
if res == 0:
devName = caps.szPname.strip()
devices[devName.lower()] = i
return devices
and then later:
" devices = enumerateWaveOutDevices()
log.info("Enumerating devices for exact match:")
for dn, did in devices.items():
log.info(f"Device '{dn}' = ID {did}")
if val in devices:
matched_id = devices
[val] log.info(f"Matched exact device '{val}' to ID {matched_id}")
return matched_id
else:
log.info(f"No exact match for '{val}', using WAVE_MAPPER")
return WAVE_MAPPER
"
So yeah. All because NVDA's config can return a string. The fuck.
Make $1.5 billion dollars of cuts!
(Cuts)
No not like that! Do it without cutting anything!
cbc.ca/news/canada/montreal/he…é-québec-home-care-services-cuts-1.7410895
Passenger trains in US vs Europe (image is making the rounds among U.S. transit advocates today)mapsontheweb (Tumblr)
The 2024 Godot showreel is finally out 🎥
Thank you to all the ones who submitted a project and wishing you good luck for the next ones. We plan on include more people in the voting process, so stay tuned to hear more about that next year.
youtube.com/watch?v=n1Lon_Q2T1…
0:00 PVKK - https://store.steampowered.com/app/2956040/PVKK_Planetenverteidigungskanonenkommandant/0:07 Megaloot - https://store.steampowered.com/app/2440380...YouTube
)
Andre Louis
in reply to Tamas G • • •Andre Louis
in reply to Andre Louis • • •Borris
in reply to Andre Louis • • •Andre Louis
in reply to Borris • • •Borris
in reply to Andre Louis • • •Tamas G
in reply to Borris • • •I also wish we had multiple versions of the DLL to play around with, maybe there's a more stable later revision out there in some obscure package.
Borris
in reply to Tamas G • • •Andre Louis
in reply to Tamas G • • •Borris
in reply to Andre Louis • • •Tamas G
in reply to Borris • • •Brandon Tyson
in reply to Tamas G • • •Tamas G
in reply to Brandon Tyson • • •Brandon Tyson
in reply to Tamas G • • •Tamas G
in reply to Brandon Tyson • • •Brandon Tyson
in reply to Tamas G • • •