Show newer

Somehow I didn't really think about what happens when an instance changes their media provider...
Apparently toots on remote instances get out of sync - just now came across an older one where the images had expired in my cache and wouldn't load through the image proxy - the local version references a removed AWS bucket, while the originating instance uses a different provider by now, and the images load when using their web interface.
Is there some way to update that metadata?

Updating this thread, I mentioned the CAWS audio I posted before could only be considered preliminary, because I hadn't fully figured out the encoding it uses, so the quality was not as good as it should be.

I ended up tracing out some of the power supply circuit so I could power up the unit and get good quality recordings directly from the output. These are "assembled" the way they should be (instead of individual words in random order) and of course are decoded properly.

Show thread

So now, filled up the cavities in that piece with a putty, and then glued a sheet of plastic on top over all of the surface. Seems stable for now, and the lamp is back to hanging from the ceiling... Only now I'm left with two washers - no idea where those were in that construction before...

Show thread

Finally found my childhood computer book at archive.org. The Complete PC Upgrade and Maintenance Guide by Mark Minasi, 4th ed, 1995. 1300 pages cover absolutely everything there is to know about the IBM PC and compatibles.

I know I'm a Fedi user when the first thing I've ever read at school library back in 2nd grade was the difference between polling and interrupt from a long obsolete book for an ancient machine... archive.org/details/completepc #retrocomputing

ROFL. Just now deleted a toot after I noticed I had written almost the same text about the same piece of software three years ago, after looking at MP3 files from the same album as back then (was mastodon.infra.de/@galaxis/993)

Mastodon search is not always useless 😉

This came out for a bunch of computers, but alas, archive only has the Commode-odor version, so imagine this is for a good computer instead.

Also, ever notice that power switches are harder and harder to reach on computers? That's because *they* don't want you in control.

archive.org/details/power-up-k
#retrocomputing

Hrm. When did pasting Android clipboard content into SubwayTooter with ctrl-v from Hacker's Keyboard break?

(I can paste with a long tap into the edit field and selecting "paste", but ctrl-v just does nothing. It's still usable it in other Android apps though.)

I wasn't aware of WineVDM yet ("16-bit Windows (Windows 1.x, 2.x, 3.0, 3.1, etc.) on 64-bit Windows"):

github.com/otya128/winevdm

(via virtuallyfun)

Since #FreeBSD hasn't enabled WX, its (already ineffective) ASLR implementation is entirely useless.

I started this thread with a story on an old, 1990s-era underground hacking group.

It's almost 2022, and the situation hasn't changed for FreeBSD, even with the project's recent work on exploit mitigations.

Until these core issues are addressed, exploitation of applications on FreeBSD systems will always be much easier than on other OSes with battle-tested implementations.

Exploiting FreeBSD systems today really doesn't look much different than it did in 1998.

But wait, there's now stack cookies! Unfortunately, stack cookies are incredibly easy to bypass. I've popped shells before bypassing the stack cookie on a simple integer overflow vulnerability. It took me a couple hours to write the exploit. I then set up a lab with a few dozen FreeBSD systems and ensured that I could reuse my exploit on all the systems without modification of the exploit payload.

Both base and ports do not enable PIE by default. Applications MUST be compiled as PIEs, otherwise the application is loaded at a deterministic address.

--

Suggestions I would make to FreeBSD:

Apply randomization to both the stack top address and a gap.
Randomize the shared page
To avoid AS fragmentation and perf hits, use deltas calculated at image activation time.
Compile "ALL THE APPLICATIONS!" as PIEs.
Implement and enable by default a WX implementation that differentiates between mmap and mprotect. Pages shouldn't be created WX (mmap) and shouldn't transition between W and X (mprotect).
Simplify the sysctl knobs. There's so many sysctl knobs that sysadmins will likely have a hard time understanding what's going on.
Remove the unneeded complexity of the ASR implementation.
Research history on old hacking groups and how they operated. Since FreeBSD's late to the game, they have the opportunity to innovate. FreeBSD's literally starting from a single (now considered ineffective) 2001-era exploit mitigation (stack cookies).

Show thread

I kinda wonder if the recent spam that looks like it could come from compromised accounts on hosted Jira instances is actually from that source, or just an elaborate forgery...

Some of the headers certainly look wrong, but it does seem to have valid ARC and DKIM headers, or at least rspamd assigns them a negative score?

Google Cloud Status dashboard has updated

status.cloud.google.com/incide

"Summary: Global: Experiencing Issue with Cloud networking

Description: We are experiencing an issue with Cloud Networking beginning at Tuesday, 2021-11-16 09:53 US/Pacific.

Our engineering team continues to investigate the issue.

We will provide an update by Tuesday, 2021-11-16 10:40 US/Pacific with current details.

We apologize to all who are affected by the disruption."

Show thread

Every time Tor browser on the PC gets updated, I'm so glad I ditched Firefox. I would rage to no end if I had to work with that broken UI.

Good that I don't work in infosec anymore, otherwise I might be tempted to buy a new phone...

Hey #hackers of the #fediverse, anyone working at @Tutanota ?

How do you feel about being branded as those who "steal personal data"?

mastodon.social/@Tutanota/1072

Webapps are applications that you don't get to keep.

Talking of NNTP... Ugh. Has it really been ... 15 years since I rebuilt the cnews binaries from the last avalable source package for whatever the latest Debian release was back then?

# ls -al /usr/lib/news/nntp/nntpd
-rwxr-xr-x 1 root root 69888 Oct 7 2006 /usr/lib/news/nntp/nntpd

These same binaries still work today on Devuan beowulf (Debian 10), and I'll see if upgrading to the next release breaks anything...

Maybe I should really switch to inn...

Show older
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!