Another win for the Digital Markets Act: Microsoft gives truly free access to additional year of Windows 10 updates to EU users
A few months ago, Microsoft finally blinked and provided a way for Windows 10 users to gain “free” access to the Windows 10 Extended Security Update program. For regular users to gain access to this program, their options are to either pay around $30, pay 1000 Microsoft points, or … ⌘ Read more
Aussie apple exports to Canada easier as restrictions relaxed
Australia apple growers will have easier access to the Canadian export market following trade negotiations between the nations. ⌘ Read more
↳
In-reply-to
»
The bots have begun to access my website way more often. I’m getting about 120k hits on https://www.uninformativ.de/git/ now in a couple of hours.
⤋ Read More
This probably means that I can no longer host my own website. I don’t want to deploy something like Anubis, because that ruins the whole thing: I want it to be accessible from ancient browsers, like OS/2 or Windows 3.11.
I’ll keep an eye on it for a while. Maybe try to block some IPs.
Sooner or later, I’ll take the website down and shift everything to Gopher.
The bots have begun to access my website way more often. I’m getting about 120k hits on https://www.uninformativ.de/git/ now in a couple of hours.
They don’t cache anything, probably on purpose.
It comes in waves. I get about 100 hits (all at once) on that /git endpoint, all from different IPs. Then it takes a moment until I get another wave of about 500-1000 requests (all at once) where they do HEAD requests on some of the paths below /git. I assume they did a GET earlier and are now checking if something has changed.
We use all the Microsoft programs at work - Teams and Outlook especially.
After all kinds of technical problems with Teams, that sometimes go unresolved for over a year, Microsoft shifted their priorities away from fixing things and towards adding an annoying AI Copilot button, that just takes up space and all it does, is loads the website in Teams, so I disabled it. Soon they just add it back, but in a different row of icons, therefore it’s now a different button, you have to disable (I think they added yet another one, to the Teams, on my work phone and I had to disabled that too). Not too long after, the desktop one just enabled itself, because of “an error” and I can disable it, but doing so activates a popup, that begs you to turn it back on, every once in a while. You can’t disable the popup and can only click “Yes” or “Not now” on it. I still keep it disabled, out of principle, but yesterday I noticed yet another Copilot button, this time in the top right corner of my Outlook and this one cannot be disabled, on the business version of Outlook and even on the personal one, it’s only possible to do it through hidden privacy settings, by prohibiting the program from connecting to Microsoft servers, for extra “features”.
There’s people complaining about it online, so it’s clear nobody really wants it, but at this point Microsofts position is that you will have at least one useless AI button on your screen, at any given time, and you will be happy. And yes, their AI sucks and if I absolutely have to use AI for something, there’s already 2 better options, we have access to, at work.
↳
In-reply-to
»
Another wave of tens of thousands of hints by the same bot on the same file:
⤋ Read More
I just saw that these motherfuckers also query my twtxt feed. I have to enable access logs for everything again and see who else wants some napalm response. :-(
In 1996, they came up with the X11 “SECURITY” extension:
https://www.reddit.com/r/linux/comments/4w548u/what_is_up_with_the_x11_security_extension/
This is what could have (eventually) solved the security issues that we’re currently seeing with X11. Those issues are cited as one of the reasons for switching to Wayland.
That extension never took off. The person on reddit wonders why – I think it’s simple: Containers and sandboxes weren’t a thing in 1996. It hardly mattered if X11 was “insecure”. If you could run an X11 client, you probably already had access to the machine and could just do all kinds of other nasty things.
Today, sandboxing is a thing. Today, this matters.
I’ve heard so many times that “X11 is beyond fixable, it’s hopeless.” I don’t believe that. I believe that these problems are solveable with X11 and some devs have said “yeah, we could have kept working on it”. It’s that people don’t want to do it:
Why not extend the X server?
Because for the first time we have a realistic chance of not having to do that.
https://wayland.freedesktop.org/faq.html
I’m not in a position to judge the devs. Maybe the X.Org code really is so bad that you want to run away, screaming in horror. I don’t know.
But all this was a choice. I don’t buy the argument that we never would have gotten rid of things like core fonts.
All the toolkits and programs had to be ported to Wayland. A huge, still unfinished effort. If that was an acceptable thing to do, then it would have been acceptable to make an “X12” that keeps all the good things about X11, remains compatible where feasible, eliminates the problems, and requires some clients to be adjusted. (You could have still made “X11X12” like “XWayland” for actual legacy programs.)
↳
In-reply-to
»
PSA:
⤋ Read More
setpriv on Linux supports Landlock.
Another example:
$ setpriv \
--landlock-access fs \
--landlock-rule path-beneath:execute,read-file:/bin/ls-static \
--landlock-rule path-beneath:read-dir:/tmp \
/bin/ls-static /tmp/tmp/xorg.atom
The first argument --landlock-access fs says that nothing is allowed.
--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).
--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.
The output of the ls-static program is this line:
─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom
It was able to read the directory, see the file, do stat() on it and everything, the little x indicates that getting xattrs also worked.
3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.
Adding --landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:
─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom
hey! i asked this a while ago but i have to ask again – is anyone willing to offer space on their yarn pod to my friend? i would love to invite her to my own but she’s unable to access my site for personal reasons. she’s really interested in seeing what yarn is about so if anyone is willing and able, let me know!
Okay, here’s a thing I like about Rust: Returning things as Option and error handling. (Or the more complex Result, but it’s easier to explain with Option.)
fn mydiv(num: f64, denom: f64) -> Option<f64> {
// (Let’s ignore precision issues for a second.)
if denom == 0.0 {
return None;
} else {
return Some(num / denom);
}
}
fn main() {
// Explicit, verbose version:
let num: f64 = 123.0;
let denom: f64 = 456.0;
let wrapped_res = mydiv(num, denom);
if wrapped_res.is_some() {
println!("Unwrapped result: {}", wrapped_res.unwrap());
}
// Shorter version using "if let":
if let Some(res) = mydiv(123.0, 456.0) {
println!("Here’s a result: {}", res);
}
if let Some(res) = mydiv(123.0, 0.0) {
println!("Huh, we divided by zero? This never happens. {}", res);
}
}
You can’t divide by zero, so the function returns an “error” in that case. (Option isn’t really used for errors, IIUC, but the basic idea is the same for Result.)
Option is an enum. It can have the value Some or None. In the case of Some, you can attach additional data to the enum. In this case, we are attaching a floating point value.
The caller then has to decide: Is the value None or Some? Did the function succeed or not? If it is Some, the caller can do .unwrap() on this enum to get the inner value (the floating point value). If you do .unwrap() on a None value, the program will panic and die.
The if let version using destructuring is much shorter and, once you got used to it, actually quite nice.
Now the trick is that you must somehow handle these two cases. You must either call something like .unwrap() or do destructuring or something, otherwise you can’t access the attached value at all. As I understand it, it is impossible to just completely ignore error cases. And the compiler enforces it.
(In case of Result, the compiler would warn you if you ignore the return value entirely. So something like doing write() and then ignoring the return value would be caught as well.)
↳
In-reply-to
»
@bender Both Gopher and Mastodon are a way for me to “babble”. 😅 I basically shut down Gopher in favor of Mastodon/Fedi last year. But the Fediverse doesn’t really work for me. It’s too focused on people (I prefer topics) and I dislike the addictive nature of likes and boosts (I’m not disciplined enough to ignore them). Self-hosting some Fedi thing is also out of the question (the minimalistic daemons don’t really support following hashtags, which is a must-have for me).
⤋ Read More
@bender@twtxt.net Yeah, well, it’s a bit like twtxt. There is a Gopher community, but it’s small. I actually don’t like that HTTP is so easily accessible. I don’t like it that much when people post links to my site on HackerNews or something like that. Too much exposure.
Gopher is a small world. It’s slow and cozy.
And much like twtxt, the protocol is simple®, so it’s easier to tinker with it.
https://omnitools.app/ Access thousands of user-friendly utilities for editing images, text, lists, and data, all directly from your browser.
Radxa UFS/eMMC Module Reader and Storage Solution Enables Fast Flashing and Scalable Embedded Storage
Radxa’s UFS/eMMC Module Reader is a compact USB 3.0 adapter for flashing OS images, accessing firmware, and transferring large files. It supports both eMMC v5.0 and UFS 2.1 modules with speeds up to 5 Gbps The adapter is compatible with eMMC and UFS modules from Radxa, and also works with modules from platforms like PINE64 and […] ⌘ Read more
↳
In-reply-to
»
A bill from our ISP in 1998.
⤋ Read More
@lyse@lyse.isobeef.org Only 10% of the German population had Internet access in 1998: https://de.wikipedia.org/wiki/Internet_in_Deutschland#/media/Datei:Diagramm_Internetnutzer_in_Deutschland.svg I guess I was lucky in that regard.
(If today’s tech wasn’t constantly trying to track and scam you, I might still be an early adopter.)
Settings Management for Docker Desktop now generally available in the Admin Console
We’re excited to announce that Settings Management for Docker Desktop is now Generally Available! Settings Management can be configured in the Admin Console for customers with a Docker Business subscription. After a successful Early Access period, this powerful administrative solution has been enhanced with new compliance reporting capabilities, completing our vision for … ⌘ Read more
Settings Management for Docker Desktop now generally available in the Admin Console
We’re excited to announce that Settings Management for Docker Desktop is now Generally Available! Settings Management can be configured in the Admin Console for customers with a Docker Business subscription. After a successful Early Access period, this powerful administrative solution has been enhanced with new compliance reporting capabilities, completing our vision for … ⌘ Read more
When I chose the MIT license for all of my software, I thought:
“Should I use GPL, which I don’t really understand? Is that worth it? Yeah, there is a theoretical possibility that some company might use my code in their proprietary product … and then what? Should I sue them to enforce the GPL? I’m not going to do that anyway, so I’ll just use the MIT license.”
And now we have those LLM scrapers and now it’s suddenly a reality that these companies (ab)use my code. I can see it in my logs. I didn’t expect that back then.
GPL wouldn’t help, either, of course. (Regardless, I now think that GPL would have been the better choice anyway.)
I’m honestly considering taking my code and website offline. Maybe make it accessible through some obscure protocol like Gopher or Gemini, but no more HTTP.
(Yes, Anubis might help. Temporarily.)
I’m just tired.
Settings Management for Docker Desktop now generally available in the Admin Console
We’re excited to announce that Settings Management for Docker Desktop is now Generally Available! Settings Management can be configured in the Admin Console for customers with a Docker Business subscription. After a successful Early Access period, this powerful administrative solution has been enhanced with new compliance reporting capabilities, completing our vision for … ⌘ Read more
$540 Bounty: How a Misconfigured Warning Endpoint in Apache Airflow Exposed DAG Secrets
CVE-2023–42780: An Improper Access Control Bug That Let Low-Privileged Users View DAG Impo … ⌘ Read more
Banana Pi Previews BPI-R4 Pro Router Board with MediaTek MT7988A and Wi-Fi 7 Support
Banana Pi has revealed early details about the BPI-R4 Pro, an upcoming router board powered by the MediaTek MT7988A (Filogic 880). Designed as a successor to the BPI-R4, it targets high-speed wireless and wired networking for applications such as Wi-Fi 7 access points and multi-gigabit gateways. The BPI-R4 Pro features a quad-core Arm Cortex-A73 CPU […] ⌘ Read more
Memory Analysis Introduction | TryHackMe Write-Up | FarrosFR
Non-members are welcome to access the full story here.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/memory-analysis-introduction-tryhackme-write-up-farrosfr-32e … ⌘ Read more
Logic Flaw: Deleting HackerOne Team Reports Without Access Rights
How a GraphQL Mutation Allowed Unauthorized Report Deletion Across Teams
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/logic-flaw … ⌘ Read more
This One Hacker Trick Got Me Access to an Admin Dashboard ️
Sometimes, it’s not about brute force. It’s about finesse. One header. One oversight. One open door.
— A Hacker’s Mindset 🧠
[Continue reading on InfoSec … ⌘ Read more
$500 Bounty: Shopify Referrer Leak: Hijacking Storefront Access with a Single Token
Referrer Header Leaks + Iframe Injection = Storefront Password Bypass
[Continue reading on InfoSec Writ … ⌘ Read more
Hacking Insights: Gaining Access to University of Hyderabad Ganglia Dashboard ⌘ Read more
Maybe you’ll enjoy this as well:
I still have one of my first modems, a Creatix LC 144 VF:
I think this was the modem that I used when I first connected to the internet, but I’m not sure.
I plugged it in again and it still works:
The firmware appears to be from 1994, which sounds about right. I don’t think we had internet access before that. We certainly did use local mailboxes, though. (Or BBS’s, as you might call them.)
I now want to actually use that modem again. For the moment, I can only use a phone to dial into it, I lack a second modem to actually establish a connection. Here’s a video:
Not spectacular, but the modem does answer after me entering ATA.
I bought another cheap old modem on eBay and am now waiting for it to arrive. Once it’s here, I want to simulate an actual dial-up session, hopefully from OS/2 or Windows 3.x.
NanoKVM Pro Delivers 4K IP-KVM Capabilities with Dual-System Support and Enhanced Remote Management
The NanoKVM Pro is a compact IP-KVM device designed for remote access, system control, and local display monitoring. Building on the earlier NanoKVM, this version introduces 4K resolution support, improved connectivity, and broader compatibility with open-source platforms. This device enables real-time remote desktop access at up to 4K at 30 fram … ⌘ Read more
GhostBSD: from usability to struggle and renewal
This article isn’t meant to be technical. Instead, it offers a high-level view of what happened through the years with GhostBSD, where the project stands today, and where we want to take it next. As you may know, GhostBSD is a user-friendly desktop BSD operating system built with FreeBSD. Its mission is to deliver a simple, stable, and accessible desktop experience for users who want FreeBSD’s power without the complexity of manual set … ⌘ Read more
Writing Pentest Reports | TryHackMe Write-Up | FarrosFR
Non-members are welcome to access the full story here. Write-Up by FarrosFR | Cybersecurity
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/writing-pentest-reports-tryhackme-wri … ⌘ Read more
I Broke Rate Limits and Accessed 1000+ User Records — Responsibly
👉Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-broke-rate-limits-and-accessed-1000-user-records-responsibly-8c45f … ⌘ Read more
How I Gained Root Access on a Vulnerable Web Server: From Reconnaissance to Privilege Escalation
Web Server Exploitation & Privilege Escalation - Full Walkthr … ⌘ Read more
M0SS-101 Synth with BL616 RISC-V Delivers Classic Controls in a Compact DIY Kit
The M0SS-101 is a compact virtual analog monosynth designed for hands-on subtractive synthesis. It features 42 editable parameters accessible through 26 buttons and a rotary encoder, with RGB LEDs providing visual feedback for signal flow and modulation. The synth includes dual oscillators, a multi-mode filter, envelope and LFO control, delay effects, and 17 preset slots […] ⌘ Read more
Accessibility on Linux sucks, but GNOME and KDE are making progress
Accessibility in the software world is a problem in general, but it’s an even bigger problem on open source desktops, as painfully highlighted by this excellent article detailing the utterly broken state of accessibility on Linux. Reading the article is soul-crushing as it starts to dawn on you just how bad the situation really is for those among us who require accessibility features, making it vir … ⌘ Read more
Touch Bar Not Working After MacOS Update? Troubleshooting Black Touch Bar on MacBook Pro
A fair number of MacBook Pro users with Touch Bar equipped Macs have discovered the Touch Bar stops working or goes black after installing a MacOS update. Given that the Touch Bar serves as Function keys, F1, F2, F3 etc keys, as well as toggles for adjusting brightness, system audio, and accessing many MacOS and … Read More ⌘ Read more
Our pledge to help improve the accessibility of open source software at scale
GitHub takes the Global Accessibility Awareness Day (GAAD) pledge.
The post Our pledge to help improve the accessibility of open source software at scale appeared first on The GitHub Blog. ⌘ Read more
↳
In-reply-to
»
@bender Basically the way I'm reading this is
⤋ Read More
1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you're logged in. You can basically kiss "pursuing" casually, anonymously goodbye.
@prologic@twtxt.net that will not be a problem; as long as it doesn’t affect authenticated users it wouldn’t make a difference. But we are comparing apples and eggs here. I don’t access GitHub while unauthenticated, but I can see how others might. It comes across as anti-web in general.
↳
In-reply-to
»
RIP GitHub https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/
⤋ Read More
@movq@www.uninformativ.de, “60 requests per hour”, eh? Was that a thing (that is, unauthenticated access to GitHub)?! I know I am on the minority, perhaps, as I rarely (or never) access GitHub unauthenticated.
Bug Chain: pre-auth takeover to permanent access. ⌘ Read more
SSRF via PDF Generator? Yes, and It Led to EC2 Metadata Access
👨💻Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ssrf-via-pdf-generator-yes-and-it-led-to-ec2-metadata-access-39b8e5b41840 … ⌘ Read more
API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data
🔓Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more