social.gl-como.it
Wrote an article about turning a ThinkPad X1 Carbon 6th Gen laptop into a programmable USB device by enabling the xDCI controller 😯
Now I can emulate USB devices from the laptop without any external hardware, including via Raw Gadget or even Facedancer 😁
The overall process included fiddling with Linux kernel drivers, xHCI, DWC3, ACPI, BIOS/UEFI, Boot Guard, TPM, NVRAM, PCH, PMC, PSF, IOSF, and P2SB, and making a custom USB cable 😱
xairy.io/articles/thinkpad-xdc…
Enabling and using xDCI controller on ThinkPad X1 Carbon 6th GenAndrey Konovalov
Purtroppo a rimetterci è anche la reputazione dell'Agcom.
dday.it/redazione/48554/piracy…
Sabato 24 febbraio 2024 la piattaforma PiracyShield ha ordinato ai provider italiani di escludere un IP dalla navigazione, una delle tantissime segnalazioni. Ma si trattava di un IP di Cloudflare: in un colpo "bannati" decine di siti leciti.Gianfranco Giardina (DDay.it)
I received an intriguing notification in the Microsoft Outlook 365 web interface: "This message can't be saved because it no longer exists. It can only be discarded. Make sure you copy the contents of the message before you discard if you want to use them later. " I have some ontological questions.www.kmjn.org
On my blog: Why pandas feels clunky when coming from R
sumsar.net/blog/pandas-feels-c…
Five years ago I started a new role and I suddenly found myself, a staunch R fan, having to code in Python on a daily basis. Working with data, most of my Python work involved using pandas, the …Rasmus Bååth's Blog
"One price of free speech is eternal humility, recognizing that none of us is immune to becoming a tool of censorship if we fail to recognize its manipulative tactics."
“Tools for Thinking About Censorship”
Since Reddit has now sold out to AI, a reminder if you're into #Linux / #LinuxGaming that Lemmy exists and it's open source.
I'm a mod here too: lemmy.ml/c/linux_gaming@lemmy.…
This youtube video does something I literally had no idea was possible with the subtitle system. Watch it without subtitles to get an idea for what the base video looks like, then watch it with the subtitles on.
youtube.com/watch?v=ZYlaUrj2Zk…
Oshi no Ko OP / Opening Theme "Idol (アイドル)" by YOASOBITV Anime "推しの子" Opening ThemeLyrics by @yaco77 , @ichimonji4kanime , https://www.youtube.com/@JakeUHDv...YouTube
Very proud that the IEEE has published my article “Why Bloat Is Still Software’s Biggest Vulnerability - A 2024 plea for lean software”:
È strano che non abbia ancora registrato puntarella it.
[EDIT]Ah, capito… è GIÀ registrato.
Qualys has disclosed a vulnerability in the GNU C Library that can be exploited by a local attacker for root access. It was introduced in the 2.37 release, and also backported to 2.36.lwn.net
Google announced that starting in June 2024, ad blockers such as uBlock Origin #uBO will be disabled in Chrome 127 and later with the rollout of Manifest V3 (#Mv3).
The new #Chrome manifest will prevent using custom filters and stops on demand updates of blocklist. Only #Google authorized updates to browser extension will be allowed in the future, which mean an automatic win for Google in their battle to stop YouTube #AdBlockers .
#ManifestV3 is deceitful and threatening to your privacy, and now is a good time to switch to #Firefox (@mozilla) and/or #TorBrowser (@torproject) if you haven't done so already!
EFF (@eff) on Google’s Manifest V3:
⚠️eff.org/deeplinks/2021/12/chro…
⚠️eff.org/deeplinks/2021/12/goog…
Chrome Manifest V3 Transition Timeline (2023-11-16)
🚩developer.chrome.com/blog/resu…
EDIT for clarification: MV3 in Chrome will still allow some ad blocking extensions, but will severely limit their blocking ability and even restricts pre-set filters to 50 MAX.
Like FLoC and Privacy Sandbox before it, Google Chrome’s Manifest V3 is another example of the inherent conflict of interest that comes from Google controlling both the dominant web browser and one of the largest internet advertising networks.Electronic Frontier Foundation
Desktop
📥mozilla.org/en-US/firefox/Android Play Store
📥play.google.com/store/apps/det…iOS App Store
📥apps.apple.com/us/app/firefox-…
Desktop
📥torproject.org/download/Android Play Store
📥play.google.com/store/apps/det…Fdroid Repo
📥support.torproject.org/tormobi…
iOS App Store(try OnionBrowser)
📥onionbrowser.com/
#Firefox #Mozilla #TorBrowser #Tor #Browser #Privacy
Firefox is more than a browser. Learn more about Firefox products that handle your data with respect and are built for privacy anywhere you go online.Mozilla
Hard to get more clear-cut than this: "this is my own performance of Bach. Who died 300 years ago. I own all the rights", and yet...
eff.org/takedowns/sony-finally…
Here’s the thing about different people playing the same piece of music: sometimes, they’re going to sound similar.Electronic Frontier Foundation
Based on ESP32-H2-MINI-1-N4 module with 4MB Flash. ESP32-H2 combines IEEE 802.15.4 connectivity with Bluetooth 5 (LE). The SoC is powered by a single-core, 32-bit RISC-V microcontroller that can be…olimex
We are currently having network issues. We are able to connect to our server's onboard recovery system, but the access is slow and unreliable.
We'll keep you updated.
againë
Forgive me if I'm stating a commonly asked question but why don't you guys use cloud flare. You just host code
An electrician had to cut a hole in our drywall and instead of just patching it up, my wife decided to make a little scene with miniatures embedded in the wall. 😂🖼️🤯
Edit: pixelfed.social/@thisfunhouse has some more pictures of the subway and I will post lots more quirky art over there.
2 Posts, 1 Following, 1 Followers · Documenting the quirky art, designer toys, weird projects, and collectibles in our house.Will provide links to the artist’s site when possible — please show ❤️ and support them if possible! 🎨Pixelfed
My million dollar idea I want someone to steal and do, so I can be a customer.
"Dumb Stuff" we sell electronic appliances that aren't Internet connected. That's all.
That's it. That's the pitch. I would buy the <bleep> out of this company if their electronic gadgets were even half way decent, and repairable.
Electronic, no wifi, regular screws to open it up. That's it. Do those three things, and you can be sold by this store.
I will pay this business to curate and find these devices for me.
Isn't buying a knife and getting a screwdriver, nail file and corkscrew the opposite of the simplicity requested here?
I have a new post: Live Migrating from #RaspberryPiOs #bullseye to #Debian #bookworm. changelog.complete.org/archive…
I got annoyed that #Raspbian officially has no upgrade path, the security situation, the lag behind Debian, lack of backports, and lack of initramfs in its custom kernel. So I managed to live migrate some Pis to Debian.
If you have /tmp on your SSD, instead of a tmpfs mount:
- create a new directory and mount it as tmpfs (1Gb)
# mkdir /tmp/tmp
# mount -t tmpfs -o size=1G tmpfs /tmp/tmp
- now tell gcc to use it:
# export TMPDIR=/tmp/tmp
I highly recommend supporting the Standard Ebooks project. 📚
«Standard Ebooks is a volunteer-driven project that produces new editions of public domain e-books that are lovingly formatted, open source, free of copyright restrictions, and free of cost.»
Donate 👇
standardebooks.org/donate
Please boost 🙏
#standardebook #standardebooks #ebook #ebooks #publicdomain #book #books #reading #epub #standard
It's that time of year, so we're embracing our roots and looking back at why we celebrate this Festivus for the rest of us!Find your local listing | http://...YouTube
postfix.org/smtp-smuggling.htm…
"SMTP Smuggling" vulnerability in Postfix allows to spoof senders even in the presence of some DMARC checks. Configuration workarounds exist.
Also, a wholehearted f* you to SEC Consult, who sat on this since June and disclosed it to some closed-source vendors and MSPs, but could apparently not be bothered to give e.g. Postfix a heads-up, publishing this close to the holidays.
Boosts for awareness welcome.
Edit: So this has kinda blown up. and especially because the author of the SEC advisory is going to have a slot at 37C3, I would like to add something important: I intentionally wrote "SEC Consult" above, not "$individual". Do not start harassing that person. For all we know, this is a corporate failure and the individual would actually appreciate guidance and tips. That does not mean to not ask the hard questions, but keep the framing in mind. They might genuinely have been told by their managers that that is how responsible disclosure works.
I see SEC Consult has amended their page sec-consult.com/blog/detail/sm… with something of an acknowledgment that they might have stuffed up disclosure a bit here. It does read a bit like "We contacted both vendors, Microsoft _and_ Cisco!"
A hearty Fuck You to SEC Consult for being bad at their one job, and a hearty side of Fuck You to Cisco for their arrogant "It's not a bug".
Now, after I have patched my Postfix server at $dayjob, back to my previously scheduled long weekend.
Introducing a novel technique for e-mail spoofingSEC Consult Unternehmensberatung GmbH
The internet is a big place. We can all have our own fedi. Each of us can have whatever kind of experience, community, connections, etc, we want here.
That’s the beauty of this place. There is enough room for everyone.
Be wary of anyone who tries to force you to be in community with them because of their myopic view of what online spaces should be.
We can make different decisions. We can make better decisions.
Thunderstrike2 details
Trammell Hudson's Projects