What if dragons came in broods like cicadas?
Every Y centuries a brood returned.
Brood 19 and Brood 37 overlap next year and your people are very, very worried. #DnD#WorldBuilding#TTRPG
For no obvious reason whatsoever, AmiTCP (a third party port port of the BSD IP stack to AmigaOS that was used a bunch) enabled the chargen service (a service that just sends printable ASCII characters as fast as possible) and had no firewall so back in the 90s you could just DoS Amiga users by connecting to port 19 on their machine and they'd saturate their uplink and ping out of IRC and not everything in the past was better
@mjg59 if you made inetd work, and you didn't think about the copied inetd.conf default, it would just work. chargen is implemented inside inetd itself, so it really would be easy to not mean to enable it... i think.
NetBSD Security Advisory 2024-001: Inadequate validation of user-supplied hostname in utmp_update(8)
No CVE or CVSS assigned, but the vulnerability seems pretty minor to my naive evaluation. The interesting thing is that it affects all versions of the OS up to 10.0RC4.
I'll try updating my 9.3 vm and report. :netbsd:
Any NetBSD dev reading this, please feel free to comment before I make a fool of myself. 😊
@ParadeGrotesque it means someone with login access to the host can put terminal escape codes into the hostname field, which can fool your terminal program into showing you something else. at worst it is a step in an attack sequence, and requires the attacked user do something else. if you know they have say a screen filter program that reacts to specific text, maybe you can fool that to do something. there are probably other things.
More often than not, booking a “newly renovated / modernized” hotel room means there’s no desk or workspace. As an older grumpy person, I hate this trend.
@mattblaze i often shop hotels by room size and/or having a separate bedroom and the number of large rooms with almost useless layouts has grown so much in the last decade or two.
I appreciate Synology releasing the source code for their OpenSSH modifications, but I don't really appreciate that I needed to read the fucking source code to figure out why SFTP wasn't working with key authentication (spoiler if anyone other than the user or admin has ACL permissions on the user's home directory it just silently fails unless you're running sshd in debug mode)
Wrote some terrifying code that pulls a FIT image apart, finds an embedded dtb, pulls that apart, injects a new node, and then puts it all back together again and alarmingly it actually works now
It's perfectly reasonable to buy a $25 thermostat and then spend hours figuring out how to bodge an ESP onto it rather than buying a $150 "smart" thermostat that's going to demand cloud access, right?
We're big supporters of the EFF, but I can't get on board with the idea that somehow it's wrong or a slippery slope for Tier 1 ISPs to be blocking Kiwifarms.
@briankrebs what i found most ridiculous about it was the statement said leave it to the law, and a couple of sentences later admitted that the law wasn't working here. seriously unimpressed.
Covid isn’t gone. The CDC says that wastewater samples, test positivity, and ER visits have shown a small uptick, and hospitalizations have ended their decline and have now leveled off: https://covid.cdc.gov/covid-data-tracker/#datatracker-home