rotopenguin

rotopenguin, 1 month ago (edited 1 month ago)

I can kinda see “shot an old horse or two” as being a positive thing, okay you got over the squeamishness of it and did a sick animal a mercy.

Winging a goat and gosh I gotta go get more ammo to finish this one off, well that’s starting to get a little peculiar.

LIKING IT SO MUCH THAT YOU WENT OUT AND GOT A NEW PUPPY SO YOU COULD DO IT AGAIN, well hoooly fuck we are getting into something entirely else now aren’t we?

rotopenguin, 2 months ago (edited 2 months ago)

How do you know there isn’t a logic bug that spills server secrets through an uninitialized buffer? How do you know there isn’t an enterprise login token signing key that accidentally works for any account in-or-out of that enterprise (hard mode: logging costs more than your org makes all year)? How do you know that your processor doesn’t leak information across security contexts? How do you know that your NAS appliance doesn’t have a master login?

This was a really, really close one that was averted by two things. A total fucking nerd looked way too hard into a trivial performance problem, and saw something a bit hinky. And, just as importantly, the systemd devs had no idea that anything was going on, but somebody got an itchy feeling about the size of systemd’s dependencies and decided to clean it up. This completely blew up the attacker’s timetable. Jia Tan had to ship too fast, with code that wasn’t quite bulletproof (5.6.0 is what was detected, 5.6.1 would have gotten away with it).

https://infosec.pub/pictrs/image/4f3d0ee2-0e47-4454-9684-3afbd424f46a.png

rotopenguin, 2 months ago (edited 2 months ago)

My $0.05 reading of it is that they want to hose down the build servers* and start clean, in case if the attacker escaped the sandboxing there.

• (the computers that compile all of the new packages from source, not web servers that are handing out finished deb binaries to the public.)

rotopenguin, 3 months ago

Nah m8, the Wojak looks too human to be him

rotopenguin, 4 months ago

Patch notes: clause unnecessary. Refactored to cover the general case.

https://infosec.pub/pictrs/image/abbfe90e-4ae1-42d8-aa3a-79638defbe54.jpeg

rotopenguin, 5 months ago

It’s an “.avi.exe”.

rotopenguin, 5 months ago

Some women have four legs. It’s a temporary condition, but I gander that it’s common enough to offset the amputees.

rotopenguin, 5 months ago

Thanks, but I only take advice from the Arch Wiki.

rotopenguin, 6 months ago

Jeff didn’t follow the machine shop floor rules.

rotopenguin, 6 months ago

It’s kinda wild that GTK’s grandpappy is now the last thing to get updated to the current GTK.

rotopenguin, 6 months ago

A SECOND WEDGE HAS HIT THE TOWER

rotopenguin, 6 months ago

An AAAA cell has 200-350 mohms resistance. A 9v battery has 6 of them in series (many of them are literally that, others have their cells as a stack of plastic buckets). The nose ring is a short run of wire, it’s idunno a 0.2 ohm heater?

I think the septum is going to get pretty toasty.

data.energizer.com/pdfs/e96.pdf

rotopenguin, 6 months ago

Dry skin is hundreds of thousands of ohms. Even wet skin has pretty good resistance. When you touch a 9v to your tongue, you’re starting to mess around with lower resistance flesh, it is definitely not a comfortable thing to do.

The metal ring doesn’t do anything to move more electricity into your body, but it soaks every electron the battery can push and turns it into heat. Best I can figure it would amount to a few watts, which would be toasty if you were holding it between your fingers. The septum is a thin piece of flesh, I think it would sauté pretty quickly.

rotopenguin, 6 months ago

Do it with the piercing OUT OF YOUR BODY. You don’t want a hot piece of metal that you can’t get off of yourself fast enough.

rotopenguin, 7 months ago

This is the first time I’ve heard about gluing a cable to the heat shield cover. Oof.

rotopenguin, 7 months ago

I’m happy for new buyers getting a better deck that I got. That makes more of us to tell game devs “you will test and tune your game to run well on the Deck”. It means more games that work for me.

rotopenguin, 7 months ago

Some of these games now also have a whiteout image that you’re calibrating at the same time.

Buddy, that’s not gonna stop me from cranking it up.

rotopenguin, 7 months ago

I use Ubuntu, which is apparently the least popular distro around.

rotopenguin, 8 months ago

It’s a shame that Valve couldn’t get Steam to issue them a new AppID, so they had to delete CSGO in order to put CS2 on the store. It was the only way.

rotopenguin, 8 months ago

oops haha, I accidentally dropped the one good “what girls do vs what boys do” macro. How clumsy of me.

rotopenguin, 9 months ago

My favourite part is when it ends with “buy the steam deck on Amazon [affiliate link]”

Yeah, that’s the last place where I’ll buy it.

rotopenguin, 9 months ago

But I might need 99 of every potion for the last boss!

rotopenguin, 9 months ago

KDE: we have compositor crash recovery in testing

Gnome: we broke the extension interface, again

rotopenguin, 9 months ago

Has anybody mentioned yet that tar isn’t even a “compression format”?

rotopenguin, 9 months ago

I’m so old, I remember when instead of “crypto” it was “Amway”.