Comment is neither free or easy on the Gruaniad. I notice that Jenkins (a Brexit supporting unionist) failed to mention that Scots were included in Sunaks list of threats.
So much for free comment, and another reason I dropped my contribution to this SE England rag.
Currently I'm setting up an environment to create a new song book. I'm using #lilypond, #latex, #git, and #jenkins.
My kid(12) wants to help creating the book. Now I'm in trouble: should I teach him #vim (no, #emacs isn't a choice!), or should I be easy on his soul and the rest of his life by teaching him some gui text editor?
During @fosdem I realized that it has been 10 years since I started the #Jenkins plugin for #Kubernetes. 10 years!!! 4170 commits, installed in 13% of all Jenkins instances (more than 37k instances of those that report usage). What a ride 🎉
Horizon3 discusses factors that could significantly increase the criticality of Jenkins RCE CVE-2024-23897 (9.8 critical): "There are two dangerous Jenkins configuration options that allow unauthenticated attackers to effectively act like authenticated attackers. The “Allow users to sign up” option allows anyone with access to the Jenkins instance to self-register an account. And the “Allow anonymous read access” option gives everyone the Overall/Read permission." The impact matrix alone was worth taking a look at.
🔗 https://www.horizon3.ai/cve-2024-23897-assessing-the-impact-of-the-jenkins-arbitrary-file-leak-vulnerability/
Jenkins RCE CVE-2024-23897 (9.8 critical, proofs of concept publicly available) allegedly being exploited in the wild, reported 3 days ago by a graduate student researcher* of Sky Computing Lab, UC Berkeley.
Good morning! Have a fairly gnarly RCE in #Jenkins:
Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.
There's nothing quite like teaching someone half your age to use #git and #jenkins, which seem like such ancient and arcane magic to them, but you remember when they were new and what life was like before them.