Adding Customizable Frame Contrast to KDE Plasma
Comments ⌘ Read more

Samsung’s $2000 smart fridges are getting ads
Comments ⌘ Read more

B.C. to launch anti-tariff ads as Ontario pauses controversial campaign ⌘ Read more

Trump punishing Canada with 10% extra tariffs for not pulling down anti-tariff ad sooner ⌘ Read more

‘They played dirty, I can play dirtier’: Trump blasts Canada, won’t meet Carney over Reagan ad ⌘ Read more

Ontario to pause Reagan tariffs ad after Trump terminated Canada trade talks ⌘ Read more

Trump says he’s terminating trade negotiations with Canada over Ontario anti-tariff ad ⌘ Read more

Trump says he’s ending trade talks with Canada over TV ad ⌘ Read more

OpenBSD 7.8 released
Like clockwork, every six months, we have a new OpenBSD release. OpenBSD 7.8 adds support for the Raspberry Pi 5, tons of improvements to sleep, wake, and hibernate, the TCP stack can now run in parallel on multiple processors, and so much more. DRM has been updated to match Linux 6.12.50, and drivers for the Qualcomm Snapdragon DRM subsystem and Qualcomm DisplayPort controller were added as well. The changelog is, as always, long and detailed, so head on over for the finer details. OpenBS … ⌘ Read more

The early Unix history of chown() being restricted to root
Chris Siebenmann with another interesting look at a tiny detail of UNIX history. A few years ago I wrote about the divide in chown() about who got to give away files, where BSD and V7 were on one side, restricting it to root, while System III and System V were on the other, allowing the owner to give them away too. The answer is that the restriction was added in V6, where the V6 chown(2) manual page has the same word … ⌘ Read more

Adding distributed tracing to AI Gateway: My LFX mentorship journey
In today’s rapidly evolving AI landscape, effectively monitoring and debugging AI Gateways has become a critical challenge. This article shares my complete experience through the LFX Mentorship program, where I added OpenTelemetry distributed tracing support to… ⌘ Read more

Bible and Quran apps flagged NSFW by F-Droid
Comments ⌘ Read more

Republicans use deepfake video of Chuck Schumer in new attack ad
Comments ⌘ Read more

Microsoft Adding AI Facial Recognition, “You can only turn off 3 times a year.”
Al Notepad, Al Paint, Al Excel, Al Word, Al GitHub… ⌘ Read more

Google runs Israel’s ads: ‘There is food in Gaza’
Comments ⌘ Read more

Google changes how ads in Search are shown, and surprisingly it doesn’t make things worse
Text ads on the search results page will now be grouped with a single “Sponsored results” label. This new, larger label stays visible as people scroll, making it clear which results are sponsored — upholding our industry-leading standards for ad label prominence. We’re also adding a new “Hide sponsored results” control that allows you to collapse text ads … ⌘ Read more

Bypass 403 Response Code by Adding Creative String | IRSYADSEC

Image

HTTP 403 is a response code indicating that access to the requested resource is forbidden. This can happen due to various reasons, such as…

[Continue reading on Inf … ⌘ Read more

Welcome to our new babies Ade 🖤and Persefone 🤍 ⌘ Read more

HTB AD Track: Sauna Walkthrough

Image

Hello Everyone!! Here’s my writeup for the machine Sauna.

Continue reading on InfoSec Write-ups » ⌘ Read more

Honest Government Ad | Visit New Zealand! ⌘ Read more

Getting Hands-On with Kerbrute: Practical AD Enumeration & Attack Tactics ⌘ Read more

Adding Stride Scheduling to xv6
Comments ⌘ Read more

@lyse@lyse.isobeef.org Yeah, those are my bad.

A couple of weeks ago, I added CORS support, which is the source of the OPTIONS call. What I didn’t do was store the result so it stops trying to make further attempts. I’ll get that in tomorrow.

As for the “If-Modified-Since” header, the server-based component of TwtStrm should be sending that (along with its user-agent tag and my user info). I wasn’t sure if that could be sent with CORS requests, so I’ll need to look into that a bit more.

Thanks, I appreciate the feedback!

@prologic@twtxt.net considering other alternatives we have seeing (of which I have lost track already), yes. Why don’t you guys (client makers) take a step at a time and, for now, increase the hash length to deal with the collisions. Then location-based addressing can be added… or not, you know. 😅

Raspberry Pi Updates Keyboard PC with New 500+ Model
Raspberry Pi 500+ is the newest all-in-one personal computer in the Raspberry Pi family. It combines the Raspberry Pi 5 platform with a mechanical keyboard, upgraded memory, and integrated storage. The design builds on the earlier Raspberry Pi 400 and 500 models while adding higher specifications and new input features. The Raspberry Pi 500+ is […] ⌘ Read more

@bender@twtxt.net Thanks for asking!

So, I’ve been working on 2 main twtxt-related projects.

The first is small Node / express application that serves up a twtxt file while allowing its owner to add twts to it (or edit it outright), and I’ve been testing it on my site since the night I made that post. It’s still very much an MVP, and I’ve been intermittently adding features, improving security, and streamlining the code, with an eye to release it after I get an MVP done of project #2 (the reader).

But that’s where I’ve been struggling. The idea seems simple enough - another Node / express app (this one with a Vite-powered front-end) that reads a public twtxt file, parses the “follow” list, grabs (and parses) those twtxt files, and then creates a river of twts out of the result. The pieces work fine in seclusion (and with dummy data), but I keep running into weird issues when reading real-live twtxt files, so some twts come through, while others get lost in the ether. I’ll figure it out eventually, but for now, I’ve been spending far more time than I anticipated just trying to get it to work end-to-end.

On top of it, the 2 projects wound up turning into 4 (so far), as I’ve been spinning out little libraries to use across both apps (like https://jsr.io/@itsericwoodward/fluent-dom-esm, and a forthcoming twtxt helper library).

In the end, I’m hoping to have project 1 (the editor) into beta by the end of October, and project 2 (the reader) into beta sometime after that, but we’ll see.

I hope this has satisfied your curiosity, but if you’d like to know more, please reach out!

@movq@www.uninformativ.de better than in the US. Our lasts only 10 years, and you need to go through the vision test, and, of course, pay). Recently they added a little gold star denoting “real ID” compliance, and we had to pay $10 to get the old one replaced—out of the regular renew “schedule”.

In here it is all about control, and money.

@kat@yarn.girlonthemoon.xyz, see this one, regarding “Anubis” (which I believe you use, right?): https://github.com/eternal-flame-AD/pow-buster

Adding too this. The configuration example at the repository reads:

{
	"nick": "Example",
	"description": "alice's twtxt instance!",
	"host": "twtxt.example.com",
	"admin": "alice"
}

Would it make more sense changing nick to instance_name or similar? Usually nick is reserved for users, like here, quark. Right? Also, is host the same FQDN to be used while proxying traffic to the application? That is, using the above configuration, it’s Caddy configuration would be:

twtxt.example.com {
	encode
	reverse_proxy :31212
}

Is that correct?

Honest Government Ad | Global Sumud Flotilla ⌘ Read more

good afternoon yarnverse i have done nothing productive so far. except edit my fandom site a little bit (i added tag pages!). does that count lol

added opengraph to my blog :D https://bubblegum.girlonthemoon.xyz/articles/underground-soundcloud-remixes

Honest Government Ad | Visit Norway! ⌘ Read more

@prologic@twtxt.net AHA the .* entry did the trick! i originally had these rules in there, they were added by default except for the youtube rules:

imgur\.com
giphy\.com
imgs\.xkcd\.com
reactiongifs\.com
githubusercontent\.com
youtube\.com
yt.\be

also oooh the missing feature sounds very handy!

@lyse@lyse.isobeef.org “Advanced”, well, probably more “mature”. There aren’t a ton of crazy features and that icon thing is the largest code addition in the last 10 years. %)

Speaking of OS/2 … I just realized that Windows 3.x didn’t have icons, either. If I’m not mistaken, this only got added in Windows 95. In other words, OS/2 had this feature before Windows did, because at least OS/2 2.1 from 1993 had icons. Who would have thunk.

(Now I kind of want to know which system really introduced this feature.)

@aelaraji@aelaraji.com And I read the following funny response to that:

Bluesky: Users verify their age by adding a payment method or uploading a photo ID.

Mastodon: Users verify their age by posting pictures of the vintage computer equipment in their homes.

https://beige.party/@maxleibman/114848276288629121

😏

Another example:

$ setpriv \
    --landlock-access fs \
    --landlock-rule path-beneath:execute,read-file:/bin/ls-static \
    --landlock-rule path-beneath:read-dir:/tmp \
    /bin/ls-static /tmp/tmp/xorg.atom

The first argument --landlock-access fs says that nothing is allowed.

--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).

--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.

The output of the ls-static program is this line:

─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

It was able to read the directory, see the file, do stat() on it and everything, the little x indicates that getting xattrs also worked.

3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.

Adding --landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:

─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

@prologic@twtxt.net Yeah, this really could use a proper definition or a “manifest”. 😅 Many of these ideas are not very wide spread. And I haven’t come across similar projects in all these years.

Let’s take the farbfeld image format as an example again. I think this captures the “spirit” quite well, because this isn’t even about code.

This is the entire farbfeld spec:

farbfeld is a lossless image format which is easy to parse, pipe and compress. It has the following format:

╔════════╤═════════════════════════════════════════════════════════╗
║ Bytes  │ Description                                             ║
╠════════╪═════════════════════════════════════════════════════════╣
║ 8      │ "farbfeld" magic value                                  ║
╟────────┼─────────────────────────────────────────────────────────╢
║ 4      │ 32-Bit BE unsigned integer (width)                      ║
╟────────┼─────────────────────────────────────────────────────────╢
║ 4      │ 32-Bit BE unsigned integer (height)                     ║
╟────────┼─────────────────────────────────────────────────────────╢
║ [2222] │ 4x16-Bit BE unsigned integers [RGBA] / pixel, row-major ║
╚════════╧═════════════════════════════════════════════════════════╝

The RGB-data should be sRGB for best interoperability and not alpha-premultiplied.

(Now, I don’t know if your screen reader can work with this. Let me know if it doesn’t.)

I think these are some of the properties worth mentioning:

• The spec is extremely short. You can read this in under a minute and fully understand it. That alone is gold.
  
• There are no “knobs”: It’s just a single version, it’s not like there’s also an 8-bit color depth version and one for 16-bit and one for extra large images and one that supports layers and so on. This makes it much easier to implement a fully compliant program.
  
• Despite being so simple, it’s useful. I’ve used it in various programs, like my window manager, my status bars, some toy programs like “tuxeyes” (an Xeyes variant), or Advent of Code.
  
• The format does not include compression because it doesn’t need to. Just use something like bzip2 to get file sizes similar to PNG.
  
• It doesn’t cover every use case under the sun, but it does cover the most important ones (imho). They have discussed using something other than RGBA and decided it’s not worth the trouble.
  
• They refrained from adding extra baggage like metadata. It would have needlessly complicated things.

The lid is on and the first saw brackets are done. Let’s see how impractical they are. I might have to add heavy chamfers to better guide them in.

I added 07 to 11: https://lyse.isobeef.org/tmp/hobelbankschubladen/

Saw this on Mastodon:

https://racingbunny.com/@mookie/114718466149264471

18 rules of Software Engineering

1. You will regret complexity when on-call
   
2. Stop falling in love with your own code
   
3. Everything is a trade-off. There’s no “best” 3. Every line of code you write is a liability 4. Document your decisions and designs
   
4. Everyone hates code they didn’t write
   
5. Don’t use unnecessary dependencies
   
6. Coding standards prevent arguments
   
7. Write meaningful commit messages
   
8. Don’t ever stop learning new things
   
9. Code reviews spread knowledge
   
10. Always build for maintainability
    
11. Ask for help when you’re stuck
    
12. Fix root causes, not symptoms
    
13. Software is never completed
    
14. Estimates are not promises
    
15. Ship early, iterate often
    
16. Keep. It. Simple.
    

Solid list, even though 14 is up for debate in my opinion: Software can be completed. You have a use case / problem, you solve that problem, done. Your software is completed now. There might still be bugs and they should be fixed – but this doesn’t “add” to the program. Don’t use “software is never done” as an excuse to keep adding and adding stuff to your code.

@prologic@twtxt.net will do. No worries, not a show stopper. I will suggest that the muted numbered list not be sorted, but latest muted first. That way we have a better idea. Maybe adding timestamps to those too? Just a thought.

OIDC: Integrate Kubernetes authentication with Azure AD via OIDC (Part IV)

Image

You want to authenticate Kubernetes users by integrating it with Azure AD using OIDC. This setup involves configuring the following … ⌘ Read more

Honest Government Ads | News, Bloopers & Behind the Scenes ⌘ Read more

@movq@www.uninformativ.de oh, you bet someone is adding them. Being as we are a small community, I could almost guess who added what. 😅

@lyse@lyse.isobeef.org oh it wouldn’t be very long, maybe that’d make for a fun blog post! i just used the same tool that the nerd font people use to add glyphs, but for a “custom glyph set” i just added. the whole noto font LMAO

The Hidden Admin Backdoor in Reddit Ads

Image

An Invisibility Cloak for Attackers: How One Admin Created a Stealth Account That Even the Owner Couldn’t See or Remove

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/the-hidden-admin-backdoor-in-reddit-ads … ⌘ Read more

Adding Mastodon Comments to your Blog
Comments ⌘ Read more

I’m thinking about adding one more white guy podcaster into the world (me)

I’m also thinking of adding eye-off icon next to every Twt that, when clicked, hides that feed (tooltip: “Hide this feed”). This would work with the filters as a “temporary additive filter” to restrict/control the current view.

“AI” automated PR reviews mostly useless junk
The team that makes Cockpit, the popular server dashboard software, decided to see if they could improve their PR review processes by adding “AI” into the mix. They decided to test both sourcey.ai and GitHub Copilot PR reviews, and their conclusions are damning. About half of the AI reviews were noise, a quarter bikeshedding. The rest consisted of about 50% useful little hints and 50% outright wrong comments. Last week we reviewed all our exp … ⌘ Read more