Oh cool, I didn't know about the second argument of pledge(2).
> A whitelist of permitted paths may be provided in paths. All other paths will return ENOENT.
BGP Hijacking - the internet is still broken.
"facsimile of an early 90s LAN party"
If you really wanna run your own mail server, just get a cheap VPS. For around $5 a month, you get something with better uptime that's probably not on any blacklists.
Just be aware that the spam struggle is real and you'll have to manage certs and updates.
You can't make this up. Nomx is now claiming that their un-authenticated CSRF leading to admin privileges on a public URL poses "non-existing threat" because "the user must visit a hacked website".
https://www.infosecurity-magazine.com/news/nomx-researchers-defend-unfair-test/
That's it. CSRF is solved folks! You wanted to rework the OWASP Top 10 anyway, no?
The nomx story reminds me of a conversation I had with a friend a few weeks ago. He wanted to set up a mail server at home using a RasPi and grudgingly accepted that it's not a good idea after I told him that:
a) All dynamic IP ranges are blocked in DNSBL
b) His ISP explicitly forbids non-business customers hosting publicly reachable servers
c) All sane customer ISPs block port 25 outbound
d) He can't provide the uptime for anything critical.
https://arstechnica.com/information-technology/2017/04/punching-holes-in-nomx-the-worlds-most-secure-communications-protocol/
New #Phrack paper feed: "VM escape - QEMU Case Study" by Mehdi Talbi & Paul Fariello:
https://arxiv.org/abs/1704.08065
Systematizing Decentralization and Privacy: Lessons from 15 years of research and deployments
Carmela Troncoso et al.
Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview[...]
Maintaining bad code is unhealthy for your sanity and how you end up a psychopath
Don't take my word for "one of the fuzziest, cutest dogs in town", though.
He gets people who are so afraid of dogs that they haven't touched one for a decade to pet him. Waiters ask me if they can give him leftovers. Pretty much the best bundle of charisma and fur I could ask for.
personal stuff, aspie relationship ineptitude Show more
I've seen things your programs wouldn't believe.
Stack frames unwinding with Turing complete behaviour.
I watched threads racing trampoline bindings in ld.so.
All those overwrites will be lost in memory
like accesses to NULL.
Time to dump core.
Old but good:
Why does Windows think my wireless keyboard is a toaster?
Why does Windows even have a toaster icon?
https://superuser.com/questions/792607/why-does-windows-think-that-my-wireless-keyboard-is-a-toaster
For the JavaScript enthusiast, this is nice! http://bonsaiden.github.io/JavaScript-Garden/
@whitequark https://mastodon.social/media/h6wijiMmdAaPOHLjh8Q when you obfuscate your code but leave the actual exploit in clear
Due to gravitational time dilation in relativity, Earth's center is 2.49 years younger than the surface.
https://arxiv.org/abs/1604.05507
Note: This is not strictly a new result. Feynmann made a remark about it in '62-63, but he said "...a day or two younger..."; this paper just corrects the result, which was generally accepted via "proof by authority".
I think my dog is drunk.
(note the paw in the top left)
I'm posting this on Mastodon first since this is where people encouraged me to write it. I will post it to bird site eventually.
Anyway my history of the creation, evolution and usage of the word cyber.
The Continuing Evolution of Cyber
http://www.spacerogue.net/wordpress/?p=655
#grsecurity is moving to commercial-only, which is a heavy loss for Linux security and probably the end for #HardenedGentoo :(
https://grsecurity.net/passing_the_baton.php
PaX team and spender are the two people with the greatest positive impact on Linux security of all time. In the past decade, around 9/10 Linux vulnerabilities simply had no effect on grsec kernels.
For me, this probably means switching to #OpenBSD on all my remaining machines.
Browserprint: Browser fingerprint tool now can guess client OS even when spoofed
https://browserprint.info/#fingerprint
(submitted by jerheinze)
