tweedge

uint8_t, 6 days ago to random

Any app that interrupts my workflow to ask for a review, with “maybe later” being the only alternative, gets a review! ⭐️

GossiTheDog, 19 days ago to random

For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.

From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.

video/mp4

molly0xfff, 19 days ago to ai

back in my day we called this spyware

#AI #privacy #Microsoft

NotTheLBCGuy, 19 days ago to random

Three years from now, when vendors are ripping their hugely expensive and utterly failed AI bullshit out of their products, their Product Owners will be laughing and shaking their heads and saying “what WERE they thinking?” And then rushing to implement the next digital panic to dogshit their products because they can’t let their competitors get a lead on the brand new dogshit.

histoftech, 28 days ago to random

“At Microsoft, the share of senior employees as a portion of the company’s overall workforce declined more than 5 percentage points after the return-to-office mandate took effect, the researchers found. At Apple, the decline was 4 percentage points, while at SpaceX — the only company of the three to require workers to be fully in-person — the share of senior employees dropped 15 percentage points.”

https://www.washingtonpost.com/business/2024/05/12/rto-microsoft-apple-spacex/

fluffypaws, 1 month ago to random

god bless our troops [the people at ublock origin who keep updating the filters to keep working on youtube]

GossiTheDog, 1 month ago to random

My Mastodon server, cyberplace.social, has received a legal threat in an attempt to have a user's thread deleted. It is styled as a cease and desist.

I have published the email here:
https://github.com/GossiTheDog/Cyberplace/blob/main/LegalThreats/Cease%20and%20Desist%20Order%20-%20Felix%20Juhl

#mastoadmin

HalvarFlake, 1 month ago to random

Next time management asks you to stack-rank the members of your team, buy an electrical motor assembly kit, drop it on their desk, and ask them to rank the parts by importance/performance.

eb, 1 month ago to random

What’s wrong babe? You’ve hardly created any shareholder value today

simontatham, 1 month ago to random

We've released #PuTTY version 0.81. This is a SECURITY UPDATE, fixing a #vulnerability in ECDSA signing for #SSH.

If you've used a 521-bit ECDSA key (ecdsa-sha2-nistp521) with any previous version of PuTTY, consider it compromised! Generate a new key pair, and remove the old public key from authorized_keys files.

Other key types are not affected, even other sizes of ECDSA. In particular, Ed25519 is fine.

This vulnerability has id CVE-2024-31497. Full information is at https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

TwoClownsEating, 1 month ago to random

Just popped back on to Twitter. My favourite independent chilli sauce vendor is currently arguing with Nazis. Logged out again (75 seconds)

Show me cats and talk about IT shit I don't understand please

zarfeblong, 2 months ago to random

I guess the takeaway from the xz backdoor situation is:

If you’re an open-source project maintainer, and somebody starts getting on your case for not doing enough free work for them, you reply “big Jia Tan energy there” and then block them forever.

gordonmessmer, 2 months ago to random

The least surprising thing about the xz vulnerability is that it happened to a widely used project after a maintainer hand-off. We've seen exactly the same thing repeatedly in npm, pypi, browser extensions, and other code marketplaces.

Humans don't last forever. Hand-off is inevitable. And I've long held that because that is true, the size of the group of maintainers is an important security characteristic.

Small projects create big risks.

Sustainability is a security concern.

chjara, 2 months ago to random

eb, 2 months ago to security

Unfolding now: https://news.ycombinator.com/item?id=39865810

• https://www.openwall.com/lists/oss-security/2024/03/29/4
• https://github.com/tukaani-project/xz/commit/cf44e4b7f5dfdbf8c78aef377c10f71e274f63c0

An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts:

• https://github.com/tukaani-project/xz/commit/ee44863ae88e377a5df10db007ba9bfadde3d314
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
• https://github.com/jamespfennell/xz/pull/2

The timeline on this is going to take so long to unravel

#security #linux

AndresFreundTec, 2 months ago to random

I accidentally found a security issue while benchmarking postgres changes.

If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.

https://www.openwall.com/lists/oss-security/2024/03/29/4

orion, 2 months ago to random

I made an HTML/DOM viewer you can paste into your console to view or debug any website in 3D. Choose from random/gradient/clear colors or whether layers have sides.

You can save it as a bookmarklet so it's 1 click away. It's just a tiny IIFE JS function.
https://gist.github.com/OrionReed/4c3778ebc2b5026d2354359ca49077ca

video/mp4

jimray, 2 months ago to random

Me, an idiot: “So, kids, by setting the thermostat a little lower and eating less meat, we’re doing our part to make the world more sustainable”

VCs, very smart: “We just raised $100 billion dollars from the sovereign wealth funds of three petrostates to build the world’s largest AI supercomputer. It uses as much power and water as Guatemala and the primary use case is for management consultants to autogenerate powerpoints for justifying mass layoffs.”

baldur, 2 months ago to random

I’ll let you in on a secret: I love sporadically updated weblogs. I subscribe to over 1200 feeds and most of them are sporadic or even technically “inactive”. Months often pass between updates

It means that every post published was important to the writer

Back in the days of snail mail, letters that began with “It’s been a while since I last wrote to you” were the ones people cherished the most

You don’t need to post every day or even every week to have a blog that matters

dev, 3 months ago to random

jsrailton, 3 months ago (edited 3 months ago) to poland

BREAKING: #Pegasus spyware abused in 🇵🇱#Poland under previous PiS-party government, confirms the new PM Donald Tusk

"Very, very long" victim list.

Vindication.

When we @citizenlab first confirmed the hacking in 2021 both we & victims were targeted w/extensive harassment & disinformation.

REPORT: https://apnews.com/article/poland-government-pegasus-spyware-tusk-duda-78420fc7099401926d28b5be98669192

#cybersecurity #infosec #spyware #hacking #surveillance #malware #NSOGroup #authoritarianism #democracy #europe

reverseics, 4 months ago to random

mjgardner, 4 months ago to programming

There’s nothing more permanent than a temporary fix that works.

#TechnicalDebt #TechDebt #programming #coding #SoftwareDevelopment #SoftwareEngineering #development

ktemkin, 4 months ago to random

security budget:

• $1 looking into languages that don’t trivially buffer overflow
• 50¢ looking into enabling exploit mitigation features
• 1¢ research into things like compile-time diversity
• $10M hiring a disgraced CISO from a FAANG company
• $100 hiring a red team to ignore feedback from

someone who is good at the economy please help me. my enterprise platform is dying

dasharez0ne, 4 months ago to random

NEVVER - https://DASHARE.ZONE ADMIN