social.gl-como.it
Qualys has disclosed a vulnerability in the GNU C Library that can be exploited by a local attacker for root access. It was introduced in the 2.37 release, and also backported to 2.36.lwn.net
Google announced that starting in June 2024, ad blockers such as uBlock Origin #uBO will be disabled in Chrome 127 and later with the rollout of Manifest V3 (#Mv3).
The new #Chrome manifest will prevent using custom filters and stops on demand updates of blocklist. Only #Google authorized updates to browser extension will be allowed in the future, which mean an automatic win for Google in their battle to stop YouTube #AdBlockers .
#ManifestV3 is deceitful and threatening to your privacy, and now is a good time to switch to #Firefox (@mozilla) and/or #TorBrowser (@torproject) if you haven't done so already!
EFF (@eff) on Google’s Manifest V3:
⚠️eff.org/deeplinks/2021/12/chro…
⚠️eff.org/deeplinks/2021/12/goog…
Chrome Manifest V3 Transition Timeline (2023-11-16)
🚩developer.chrome.com/blog/resu…
EDIT for clarification: MV3 in Chrome will still allow some ad blocking extensions, but will severely limit their blocking ability and even restricts pre-set filters to 50 MAX.
Like FLoC and Privacy Sandbox before it, Google Chrome’s Manifest V3 is another example of the inherent conflict of interest that comes from Google controlling both the dominant web browser and one of the largest internet advertising networks.Electronic Frontier Foundation
Hard to get more clear-cut than this: "this is my own performance of Bach. Who died 300 years ago. I own all the rights", and yet...
eff.org/takedowns/sony-finally…
Here’s the thing about different people playing the same piece of music: sometimes, they’re going to sound similar.Electronic Frontier Foundation
Based on ESP32-H2-MINI-1-N4 module with 4MB Flash. ESP32-H2 combines IEEE 802.15.4 connectivity with Bluetooth 5 (LE). The SoC is powered by a single-core, 32-bit RISC-V microcontroller that can be…olimex
We are currently having network issues. We are able to connect to our server's onboard recovery system, but the access is slow and unreliable.
We'll keep you updated.
againë
Forgive me if I'm stating a commonly asked question but why don't you guys use cloud flare. You just host code
An electrician had to cut a hole in our drywall and instead of just patching it up, my wife decided to make a little scene with miniatures embedded in the wall. 😂🖼️🤯
Edit: pixelfed.social/@thisfunhouse has some more pictures of the subway and I will post lots more quirky art over there.
2 Posts, 1 Following, 1 Followers · Documenting the quirky art, designer toys, weird projects, and collectibles in our house.Will provide links to the artist’s site when possible — please show ❤️ and support them if possible! 🎨Pixelfed
My million dollar idea I want someone to steal and do, so I can be a customer.
"Dumb Stuff" we sell electronic appliances that aren't Internet connected. That's all.
That's it. That's the pitch. I would buy the <bleep> out of this company if their electronic gadgets were even half way decent, and repairable.
Electronic, no wifi, regular screws to open it up. That's it. Do those three things, and you can be sold by this store.
I will pay this business to curate and find these devices for me.
Isn't buying a knife and getting a screwdriver, nail file and corkscrew the opposite of the simplicity requested here?
I have a new post: Live Migrating from #RaspberryPiOs #bullseye to #Debian #bookworm. changelog.complete.org/archive…
I got annoyed that #Raspbian officially has no upgrade path, the security situation, the lag behind Debian, lack of backports, and lack of initramfs in its custom kernel. So I managed to live migrate some Pis to Debian.
If you have /tmp on your SSD, instead of a tmpfs mount:
- create a new directory and mount it as tmpfs (1Gb)
# mkdir /tmp/tmp
# mount -t tmpfs -o size=1G tmpfs /tmp/tmp
- now tell gcc to use it:
# export TMPDIR=/tmp/tmp
I highly recommend supporting the Standard Ebooks project. 📚
«Standard Ebooks is a volunteer-driven project that produces new editions of public domain e-books that are lovingly formatted, open source, free of copyright restrictions, and free of cost.»
Donate 👇
standardebooks.org/donate
Please boost 🙏
#standardebook #standardebooks #ebook #ebooks #publicdomain #book #books #reading #epub #standard
It's that time of year, so we're embracing our roots and looking back at why we celebrate this Festivus for the rest of us!Find your local listing | http://...YouTube
postfix.org/smtp-smuggling.htm…
"SMTP Smuggling" vulnerability in Postfix allows to spoof senders even in the presence of some DMARC checks. Configuration workarounds exist.
Also, a wholehearted f* you to SEC Consult, who sat on this since June and disclosed it to some closed-source vendors and MSPs, but could apparently not be bothered to give e.g. Postfix a heads-up, publishing this close to the holidays.
Boosts for awareness welcome.
Edit: So this has kinda blown up. and especially because the author of the SEC advisory is going to have a slot at 37C3, I would like to add something important: I intentionally wrote "SEC Consult" above, not "$individual". Do not start harassing that person. For all we know, this is a corporate failure and the individual would actually appreciate guidance and tips. That does not mean to not ask the hard questions, but keep the framing in mind. They might genuinely have been told by their managers that that is how responsible disclosure works.
I see SEC Consult has amended their page sec-consult.com/blog/detail/sm… with something of an acknowledgment that they might have stuffed up disclosure a bit here. It does read a bit like "We contacted both vendors, Microsoft _and_ Cisco!"
A hearty Fuck You to SEC Consult for being bad at their one job, and a hearty side of Fuck You to Cisco for their arrogant "It's not a bug".
Now, after I have patched my Postfix server at $dayjob, back to my previously scheduled long weekend.
Introducing a novel technique for e-mail spoofingSEC Consult Unternehmensberatung GmbH
The internet is a big place. We can all have our own fedi. Each of us can have whatever kind of experience, community, connections, etc, we want here.
That’s the beauty of this place. There is enough room for everyone.
Be wary of anyone who tries to force you to be in community with them because of their myopic view of what online spaces should be.
We can make different decisions. We can make better decisions.
If that cheapo desktop PSU feels a bit heavy, you might want to check and see if it has a box of iron filings inside. You know, for extra quality.
hackaday.com/2023/12/12/cheap-…
Humans are funny creatures. For whatever reason, when handling a piece of electronics, we tend to equate heft with value. If something feels too light, it gives the impression of being cheap or in…Hackaday
Infocert (ma ce ne sono tante altre): come disincentivare l'uso di password sicure in 3 soli comodi passi:
1) ogni 6 mesi obbligare a cambiare password
2) chiedere di inserire una password forte (io la genero casualmente)
3) chiedere di confermare la password disattivando il copia/incolla
Risultato: password extra di 24 caratteri alfanumerici random che ci vuole una vita a ridigitare sostituita con "ForzaNapoli2023,.1", "ForzaNapoli2023,.2", "ForzaNapoli2023,.3", etc..
Io ho iniziato ad usare le iniziali di frasi. Una delle prime che avevo usato era una cosa del tipo:
Mi Sono Rotto Le Palle Di Cambiare La Password
completare con numeri :D
Comunque per il resto approvo al 100% . Aggiungi il fatto che: niente copia/incolla significa significa che non puoi gestire con password manager, e che uno dovrebbe usare password diverse per ogni singolo servizio. Alla fine convinci la gente usare la stessa password ovunque compreso siti scrausi che magari salvano le password degli utenti su db.
esatto, non posso usare il password manager per farmi generare una nuova pass. E poi avvisami prima! NON DURANTE UNA TRANSAZIONE CHE SCADE DOPO 60 secondi!
Non ricordo quale fosse, ma c'era un sito che controllava che tu inserissi effettivamente lettera per lettera la password, via javascript: se per caso ti mettevi a smanettare e riattivati il copia incolla, la password veniva considerata vuota 😭
Updated: Please, Expose your RSS rknight.me/please-expose-your-…
Added @james's suggestion (which I've done on my site) of making the RSS icon/button orange.
I noticed a lot of people don't have a link to their RSS feeds on their sites or have the correct metadata for auto-discoveryrknight.me
For anyone who is interested, the 6.1.66-1 #Debian kernel packages are now in the bookworm-proposed-updates suite (also known as proposed-updates) and are going out to the mirror network as I type.
These packages are replacements for the 6.1.64-1 packages which contain the ext4 corruption bug and should *not* be used.
A full stable point release which incorporates these kernel packages will follow as soon as is feasible.
A little status update.
We're currently rebuilding the debian-installer for the point release. When those packages are ready, we will pulse them onto the mirrors (this is necessary to complete the installer build). At that time, we will also remove the 6.1.64-1 packages so that no further installs can happen.
Shortly afterwards, we will do a point release which will put 6.1.66-1 into stable on the mirrors.
The mirror push which removed the 6.1.64-1 binary packages has now happened.
We are now building the final debian-installer components so that we can start the point release.
What is plagiarism? Where did plagiarism come from? Who made plagiarism? Where am I, plagiarism? Can you help me?My Patreon: https://www.patreon.com/HbombMy ...YouTube
Posted on December 1, 2023
Just a quick mention that I’ve updated my instructions on how I configured my XMPP serverto its current status under Debian Bookworm.
And yes, it took me just a bit of time, we release when we’re ready here :D
@dgar
We And They
- Rudyard Kipling
Father, Mother, and Me,
Sister and Auntie say
All the people like us are We,
And every one else is They.
And They live over the sea,
While We live over the way,
But would you believe it?
They look upon We
As only a sort of They!
We eat port and beef
With cow-horn-handled knives,
They who gobble Their rice off a loaf,
Are horrified out of Their lives;
While They who live up a tree,
And feast on grubs and clay,
(Isn’t it scandalous?) look upon We
As a simply disgusting They!
We shoot birds with a gun.
They stick lions with spears.
Their full-dress is un-.
We dress up to Our ears.
They like Their friends for tea,
We like Our friends to stay;
And, after all that,
They look upon We
As an utterly ignorant They!
We eat kitcheny food.
We have doors that latch.
They drink milk or blood,
Under an open thatch.
We have doctors to fee.
They have Wizards to pay.
And (impudent heathen!)
They look upon We
As a quite impossible They!
All good people agree,
And all good people say,
All nice people, like Us, are We
And every one else is They:
But if you cross over the sea,
Instead of over the way,
You may end by (think of it!)
Looking on We
As only a sort of They!
NASA is sending a software update to the Voyager 2 spacecraft today!
The patch contains logic to auto-recover from glitches similar to one in May 2022, when the AACS system on Voyager 1 started sending garbled data. The root cause was not fully diagnosed. The patch will be activated/tested on Oct 28. Voyager 1 will be next.
Data will be sent at 16 bps with a 19 kW transmitter using the 70-m dish at @canberradsn.
Distance: 20 billion km; 18:40 light hours
jpl.nasa.gov/news/nasas-voyage…
#Voyager
1/n
The efforts should help extend the lifetimes of the agency’s interstellar explorers.NASA Jet Propulsion Laboratory (JPL)
A "glitch" is not the same as a "bug". A glitch is something transient, easy to miss…maybe it never happened. The term predates computers.
When a spacecraft loses all communications it is not a mere glitch. It is a serious bug.
Not as much fun to say, but it's still the right word.
@Kent Borg @AkaSci 🛰️ @CanberraDSN They are two different classes of things. A glitch may be caused by a bug.
I don't have an opinion on whether this was correctly labeled a glitch, I haven't looked into it. I agree that a glitch is transient and disagree that it can't have serious impact.
Udite! Udite!
Sia noto in tutto il regno che sabato si terrà la conferenza gratuita "Un patrimonio per la città: gli stranieri a Como nel Quattrocento".
#ASpassoNellaStoria #Storia #GEP
@LaVi 🕊️📚🐈 sisi, decisamente interessante, e ti siam stati grati per la segnalazione.
l'unico problema è che forse forse dobbiamo un pezzettino di gratitudine anche a trenò? che se non t'avessimo seguita per le lamentele sui treni, non so se l'avremmo mai scoperto :D
(se ti è utile saperlo: hai causato 4 delle presenze :) )
Incredible. A fully modular gaming handheld using Framework Laptop 13 parts by pitstop_tech:
youtu.be/zd6WtTUf-30?si=aFQ8-j…
Project I've been working on that I'm very passionate about. A fully upgradeable gaming handheld where you can upgrade the battery, mainboard (cpu), ram, sto...YouTube
Posted on September 12, 2023
git secret_cabal greetBeyond git itself (of course), I use a few git-related programs:
mr) to manage multiple git repositories with one command;/etc directory;and some programs that don’t use git directly, but easily interact with it:
All of these programs are installed from Debian packages, on stable (plus rarely backports) or testing, depending on the machine.
I’m also grateful to the vcs-home people, who wrote most of the tools I use, and sometimes hang around their IRC channel.
And now, on to what I’m actually doing.
With the git repositories I’ve decided to err for too much granularity rather than too little3, so of course each project has its own repository, and so do different kinds of media files, dot-files that are related to different programs etc.
Most of the repositories are hosted on two gitolite servers: one runs on the home server, for stuff that should remain private, and the other one is on my VPS for things that are public (or may become public in the future), and also has a web interface with cgit. Of course things where I’m collaborating with other people are sometimes hosted elsewhere, mostly on salsa, sourcehut or on $DAYJOB related gitlab instances.
The .mr directory is where everything is managed: I don’t have a single .mrconfig file but a few different ones, that in turn load all files in a directory with the same name:
collections.mr for the media file annexes and inventories (split into different files, so that computers with little disk space can only get the inventories);private.mr for stuff that should only go on my own personal machine, not on shared ones;projects.mr for the actual projects, with different files for the kinds of projects (software, docs, packaging, crafts, etc.);setup.mr with all of the vcsh repositories, including the one that tracks the mr files (I’ll talk about the circular dependency later);work.mr for repositories that are related to $DAYJOB.Then there are the files in the .mr/machines directory, each one of which has the list of repositories that should be on every specific machine, including a generic workstation, but also specific machines such as e.g. the media center which has a custom set of repositories.
The dot files from my home directory are kept in vcsh, so that it’s easy to split them out into different repositories, and I’m mostly used the simplest configuration described in the 30 Second How-to in its homepage; vcsh gives some commands to work on all vcsh repositories at the same time, but most of the time I work on a single repository, and use mr to act on more than one repo.
The media collections are also pretty straightforward git-annex repositories, one for each kind of media (music, movies and other videos, e-books, pictures, etc.) and I don’t use any auto-syncing features but simply copy and move files around between clones with the git annex copy, git annex move and git annex get commands.
There isn’t much to say about the project repositories (plain git), and I think that the way I use my own program lesana for inventories and project tracking is worth an article of its own, here I’ll just say that the file format used has been designed (of course) to work nicely with git.
On every machine I install etckeeper so that there is a history of the changes in the /etc directory, but that’s only a local repository, not stored anywhere else, and is used mostly in case something breaks with an update or in similar situation. The authoritative source for the configuration of each machine is an ansible playbook (of course saved in git) which can be used to fully reconfigure the machine from a bare Debian installation.
When such a reconfiguration from scratch happens, it will be in two stages: first a run of ansible does the system-wide configuration (including installing packages, creating users etc.), and then I login on the machine and run mr to set up my own home. Of course there is a chicken-and-egg problem in that I need the mr configuration to know where to get the mr configuration, and that is solved by having setup two vcsh repositories from an old tarball export: the one with the ssh configuration to access the repositories and the one with the mr files.
So, after a machine has been configured with ansible what I’ll actually do is to login, use vcsh pull to update those two repositories and then run mr to checkout everything else.
And that’s it, if you have questions on something feel free to ask me on the fediverse or via email (contacts are in the about page)
Update (2023-09-12 17:00ish): The ~/.mr directory is not special for mr, it’s just what I use and then I always run mr -c ~/.mr/some/suitable/file.mr, with the actual file being different whether I’m registering a new repo or checking out / updating them. I could include some appropriate ~/.mr/machines/some_machine.mr in ~/.mrconfig, but I’ve never bothered to do so, since it wouldn’t cover all usecases anyway. Thanks to the person on #vcs-home@OFTC who asked me the question :)
Un amico mi scrive quanto segue:
“Ciao,mi devo liberare dei #libri di cui puoi trovare le copertine al seguente link:
data.laboccadellupo.it/index.p…
Li ho rozzamente classificati e non li ho catalogati perche' non trovo che il gioco valga la candela. Voglio provare a salvarli dal loro tristo destino: finire nella stufa, una pagina alla volta, questo inverno. Mi dai una mano?
Sono i vecchi libri miei, di mia madre e di mio padre che abbiamo deciso di non tenere dopo aver venduto la vecchia casa di famiglia. La URL ti permette di accedere ad un gestore di file web: accedi ad una cartella, clicca su un'immagine e comincia a scorrere con i tasti freccia destra e sinistra tra le copertine. Qualcosa so che finira' sicuramente nella bocca della stufa, ma magari qualcosa no (spero la maggior parte!).
Sono quasi tutti in italiano, tranne quelli in un'apposita e chiara cartella. Cosa troverai? Arte e romanzi, saggi sull'Italia repubblicana, qualcosa di filosofia, vecchi manuali liceali, qualcosa di informatico, vecchie riviste e fumetti, pubblicazioni molto locali. Guardati intorno.
Segnati il nome del file che appare sopra l'immagine della copertina e mandamelo per dirmi che vuoi il libro o maggiori informazioni. Passa pure questo messaggio a persone che possono aiutarci a salvarli, pero' io agisco nella sola area di #Varese e dintorni mentre tu ti prendi la responsabilita' per amiche o amici piu' lontani.
Consulta il file "istruzioni.txt" per trovare il modo di contattarmi ed eventuali altre informazioni che potrei aver aggiunto nel tempo rispetto al momento in cui hai ricevuto questo messaggio.”
(hashtag miei)
Qualcuno qui sul fediverso vuole dargli una mano?
Sto notando una nuova tendenza sulla locale, ossia quella di non utilizzare i CW per contenuti sensibili (violenza, politica, cronaca nera, etc).
Ricordiamoci che i CW non sono una limitazione alla nostra libertà di espressione, ma che consentono a tuttə di scegliere consapevolmente se esporsi a questi contenuti, espandendo quindi la libertà di tuttə tutelandoci a vicenda
Remember Kung Fury?
The crowdfunded, excellent 80s martial arts film spoof that is so absurd, it breaks the cool meter?
The full-length movie - Kung Fury II - has been in limbo for years due to an investor screwing the production team over after they finished filming.
But the film crew prevailed, and the movie is near!
David Sandberg has proven to be an excellent writer, director and actor, so I am pretty sure this movie will be a classic too :)
Kung Fury: The Movie: Directed by David Sandberg. With Arnold Schwarzenegger, Alexandra Shipp, Michael Fassbender, David Hasselhoff.IMDb
I would like to mention here Stamps Back, which is also a crowdfunded movie, and it has english subtitles, so if you are interested in the 80s of Central Europe and Commodore 64, it's worth a watch.
YT 📎: youtube.com/watch?v=YUqn1OPxtm…
Stamps Back: Directed by Szilárd Matusik. With János Almási, Zoltán Balla, Zsolt Bangha, Zoltán Berényi. The story of the birth of the Hungarian home computer scene back in the '80s behind the Iron Curtain.IMDb
Mozilla Firefox
Tor Browser
#Firefox #Mozilla #TorBrowser #Tor #Browser #Privacy
Firefox - Protect your life online with privacy-first products
Mozilla