br00t4c, to security avatar
nixCraft, to random avatar
br00t4c, to security avatar
davidaugust, to Russia avatar
Nonilex, to DaftPunk avatar

Speaker released 3 bills Wed to provide aid to , & , & plans to hold final votes on Sat.

The votes will test if Johnson can control his party. Reps , & are threatening to remove him for the bills.

Some w/ interest want Ukraine to fend off , but anti- are taking orders from & .

raph, to privacy avatar

Some personal news!

I'm excited to receive the award from the @mozilla Foundation! The award honors "25 visionaries reshaping our digital future" for my work with @horizontal. I've always been a huge fan and supporter of Mozilla's work in building a safe, open, and privacy-respecting internet, so being recognized by Mozilla is a real honor.

Quick context ⬇️

AskPippa, to Canada avatar

I wonder if the thieves behind this heist were inspired by the Oceans movies? have arrested 19 people, recovered some of the gold and found 64 illegal guns heading to .
As an aside, theft in airports around the world is rampant. Mostly it's stuff removed from peoples checked luggage (cash, jewelry, electronics, etc.). I wrote to the transport authorities when my Swiss army knife vanished from checked luggage, they wrote back saying it was too small a matter to bother with. My point in the complaint was that theft is hugely common (ask people you know who travel, a surprising number have had something stolen from luggage), and that it's a risk -- if people can take stuff out of a suitcase, they can put something bad into it.

jake4480, to Discord avatar

If you use Discord, you might wanna know this.

A service called Spy Pet is scraping Discord servers, archiving and tracking users' messages and activity, and then selling access to that data.

Spy Pet scrapes more than 10,000 Discord servers, and besides selling access to anyone with cryptocurrency, it offers the data for training AI models or to assist law enforcement agencies, according to its website.

Spy Pet claims to be tracking more than 14,000 servers, 600 million users, and includes a database of more than 3 billion messages.

(The article is paywalled probably, etc but it's here)

sethmlarson, to security avatar

I'm attending #OSSummit, reach out to me if you want to chat about #security of #Python or #PyPI 👋

Nonilex, to anime_titties avatar

Secret document urges action to weaken the

’s Foreign Ministry has been drawing up plans to try to weaken its Western adversaries, including the , & leverage the to forge a global order free from what it sees as American dominance, acc/to a secret Foreign Ministry document.

Nonilex, avatar

…The creation of the Concept & the classified addendum followed a call to Russian academics for policy suggestions. One proposal submitted in Feb 2023 to the Foreign Ministry by the deputy head of Moscow’s Institute for the Commonwealth of Independent States, which maintains close ties to ’s apparatus, laid out Russia’s options more bluntly still.

thejapantimes, to worldnews avatar

Global warming is still not a mainstream political issue, even though it is fundamentally affected by and affects how power and wealth are distributed.

osjobhub, to opensource avatar
seanjmullan, to Java avatar

The XML Signature secure validation mode has been enabled by default in Oracle's JDK 11.0.23 and 8u411 releases. The mode was already enabled by default in JDK 17 and later. This mode provides additional protection by disabling weak algorithms and other potentially unsafe constructs in XML Signatures.

See the Released Changes of the Java Crypto Roadmap ( for more details.

davemark, to security avatar

"Twitter’s Clumsy Pivot to Is a Gift to Phishers"


The simpleminded change from the text "" to read "" led to embedded URLs being changed from, say, "" to "" (the ellipsis is mine).

Phishing schemes abound. 🙄

Edent, to webdev avatar

🆕 blog! “I can't use my number pad for 2FA codes”

This has to be the most infuriating bug report I've ever submitted. I went to type in my 2FA code on a website - but no numbers appeared on screen. Obviously, I was an idiot and had forgotten to press the NumLock button. D'oh! I toggled it on and typed again. No numbers appeared. I […]

👀 Read more:

blog, (edited ) to aa avatar

I can't use my number pad for 2FA codes

This has to be the most infuriating bug report I've ever submitted.

I went to type in my 2FA code on a website - but no numbers appeared on screen. Obviously, I was an idiot and had forgotten to press the NumLock button. D'oh! I toggled it on and typed again. No numbers appeared. I switched to another tab, my numbers appeared when I typed them. So I was reasonably confident that my keyboard was working.

I swapped back to the 2FA entry and tried again. Still nothing. Then I tried typing the numbers using the number row on my keyboard. My 2FA code appeared.


Developers often use JavaScript to "improve" the standard features of HTML. For example, using <input type="number"> has some accessibility concerns and using is great for showing a number key board on mobile, but not much else.

So a developer wants a reliable way to make sure a user can only type numbers. Fair enough.

There are two ways to do this - a right way and a wrong way - using

One way is to listen for the character being sent from the keyboard - known as the key.

The other is to listen for the - known as the code.

A good demo of this is at - play around with it to see what keyboard buttons your browser can detect.

When I press 7 on the top row of my keyboard, the key is 7 and the code is Digit7.

But when I press 7 on my number pad, the key is 7 but the code is Numpad7.

The JavaScript on the website was rejecting any key code which wasn't a "Digit"!

Perhaps I am a weirdo for insisting on both having and using my numpad? Perhaps developers need to test on something other than MacBooks? Perhaps JavaScript was a mistake and the Web would be better without it?

Either way, don't be like that website. Let users type in using whatever keys they like.

#HTML #javascript #security #ui #ux

nixCraft, to linux avatar

Web server fingerprinting is the process of figuring out what type and version of web server a target is using. This page explains various techniques to identify the software and version of a remote web server

metin, to security avatar
Jeremiah, to security avatar

TIL from @cigitalgem that the US government cut NIST’s budget for the first time ever and this has had rippling effects on the world’s software security reporting since February.

When we talk about security not getting enough budget priority, NIST’s entire budget request was $1.6 billion. For comparison, the US military’s budget request was $850 billion.

ramsey, to security avatar

I just received word that someone found code in ramsey/uuid on their server that had been compromised to provide a back door into their system. The good news is that ramsey/uuid itself has not be affected. This appears to be a hacker who gained access to their system and modified code (locally) in ramsey/uuid to provide a back door.

I’m asking for more details to share, and I’ll update this thread, as I’m able.

sjvn, to security avatar

Meet the System Package Data Exchange: SPDX 3.0, with Profiles: by @sjvn

With 3.0, you can track not just software packages, but pretty much anything and everything. It's a game-changer.

osjobhub, to python avatar

Are you looking for a remote role in open source? Browse more than 500 positions now on #OSJH #RemoteWork #jobs #career #Python #kernel #Linux #sales #developer #engineer #marketing #security

campuscodi, to random avatar

Security researcher Shantanu Ghumade has published CVENotifier, a tool that parses CVE RSS feeds and sends Slack notifications based on certain vulnerability keywords.

Snowshadow, to news avatar

We had the same problem in Canada.

Telehealth firm Cerebral fined $7 million over ‘careless’ privacy violations
The FTC accused it of sloppy data handling and sharing patient data with third parties like TikTok without consent

gbraad, to security avatar

The kids who hacked the CIA: cracks with attitude

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag4
  • InstantRegret
  • DreamBathrooms
  • khanakhh
  • magazineikmin
  • mdbf
  • Youngstown
  • slotface
  • thenastyranch
  • osvaldo12
  • Leos
  • ethstaker
  • kavyap
  • rosin
  • relationshipadvice
  • cubers
  • normalnudes
  • tacticalgear
  • everett
  • Durango
  • anitta
  • GTA5RPClips
  • cisconetworking
  • lostlight
  • modclub
  • provamag3
  • tester
  • HellsKitchen
  • All magazines