ok, need some feedback: It appear that pixelfed is moving in the direction of mariadb, away from postgres, and the current issues appear to stem from my us of postgres. I've been contemplating a move to the domain infosec.pics, which would essentially be starting over. There is no (as far as I know) working way to migrate pixelfed accounts from one server to a different server. I don't like the idea, but I also don't like the idea of a persistently partially broken instance, either.
We have 323 total accounts and 26 active accounts, so while the blast radius may be small, it's a complete PITA for those 26 people.
@jerry since the last update, landscape mode always behaves like a desktop (4 columns side by side) even on my tiny iPhone SE
I tried the setting to control that in layout options but no luck
Sometimes I prefer just to read wider lengths of text (instead of narrow), especially on longer posts. As in, I’d love for one post/thread to fill the screen in landscape mode.
Would you happen to know if this has been reported yet?
(I’m using iOS Safari with a Home Screen shortcut)
I have so many part-done projects on the burner/backburner I have lost track of them all multiple times. Mostly old manual restorations (60s/70s cars, 70s-90s compute gear, and australian stickers from any old time).
I need a kind of ticketing system to keep track of these. Something basic, with customisable stages, auto numbering, gods I don't know what else. Something local too probably so it's still here in a decade or more.
It says that HP's Bug Bounty program found such attacks are possible, but there are no details about who reported the bug that made such attacks possible. I remain skeptical about the accuracy.
Any help from experts in the form of pointers to attacks or analysis about whether printer cartridges are a viable infection vector would be much appreciated.
I am, like, pretty far at the periphery of this #opensource-funding-related discussion about PlatformIO's potential support for the Raspberry Pi Pico. But it just leaves a bad taste in my mouth :P
@geerlingguy on the flip side, we’ve been generally making their same argument for contributions to side projects: the maintainer doesn’t have to accept every PR, perfectas they may be, for exactly the reasons pio stated (long term cost of the added complexity)
Essentially,
You want this feature in but I don’t want to be the one to maintain it down the line? A project fork is the way to go
Not sure where I stand on this one though. Looks like more of a bad look on rpi than pio?
@geerlingguy like you said in another blog post, there is also the possibility to enable plugins (for that part of the project), so that the user who submitted the patch in the first place can still do that without outright forking the entire thing, which would be adding to their own maintainer load
But of course pio are unlikely go that route, I guess
YouTube has started doing this thing where it makes the background around the video slightly coloured the same as the edge of the video contents (including the “letterbox” or whatever we call the overflow wide parts of the screen with no video).
This seems like a good idea, but it’s awful for those of us who watch things in the dark on OLED screens. Previously, these no-content parts of the screen would be actually black and disappear. Now there’s a hint of light.
Mandiant, the Google-owned company that sells cyber security services for large sums of money, got its Twitter account hacked last week.
Today, @mandiant issued a terse and vaguely-worded update that strongly suggests (1) the password protecting the account was weak and readily guessable and (2) the account had previously used SMS, the weakest form of 2FA available before eventually allowing 2FA to lapse entirely. I asked for clarification and a representative responded: "we ultimately aren’t going to be sharing further details at this time."
It's reasonable to ask billion-dollar security companies to account for mistakes that have the potential to harm customers or the public at large. So much for transparency.
Mandiant's explanation that the recent hack of its Twitter account was the result of a "brute force password attack" illustrates precisely why the frequent misuse of this term is problematic.
Once upon a time, brute force was a very particular form of password cracking technique. Specifically, it meant an attacker methodically tried every possible password combination until, finally, arriving at the correct one. It stood in contrast to a "dictionary" password attack, in which an attacker used a finite list of likely strings in hopes one was correct.
Now that brute force and dictionary have become synonymous, we're left to guess (although I'm going to guess in this case it was the latter, in which case, someone chose a weak password).
@dangoodin I tend to read those as “it’s in the realm of XYZ” rather than exactly this technique
Especially with authentication attacks, there are a lot of very specific techniques and none of them are used in isolation any more?
I understand the writer not wanting to be precise, it would be lengthy and confusing and I’m not sure it would be better. Laypersons don’t care, and experts already know.
@dangoodin yes I’m all for a generic name, but I’m guessing that writers feel the specific name lends credibility to their story? You’d know better than be
Would some kind soul with access to Ivanti's customer forum please send me the contents of the restricted page detailing CVE-2023-39336, the critical vulnerability in Endpoint Manager Solution?
In response to Microsoft's announcement of a "copilot" key to launch their AI engine*, I am working on a line of keyboards that includes a DF key, which when pressed, will insert a context appropriate image of a dumpster fire into whatever you are working on. If you are working on code, it will do nothing, since it's probably already a dumpster fire.
*if it really were truly AI, wouldn't it already know that you needed its help?