@cR0w I'm not subscribed to that and it's too end-of-Q4 Friday to look them up...

Security Bulletin: #IBMi is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464]

https://www.ibm.com/support/pages/node/7179509

Somebody tell Elon: "Never go full retard."

Why AI language models choke on too much text
Compute costs scale with the square of the input size. That's not great.
https://arstechnica.com/ai/2024/12/why-ai-language-models-choke-on-too-much-text/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Heads up: Folks on #Codeberg

You might get an email belittling your project, seemingly from Michael Bell (mikedesu) via noreply@codeberg.org (an issue is created on your repo and then deleted, leading to the notification).

This appears to be part of a smear campaign someone is running that started on GitHub. e.g., see:

https://www.techradar.com/pro/security/github-projects-are-being-targeted-with-malicious-action-in-apparent-attempt-to-frame-researcher

CC: @Codeberg – hope you can identify the account(s) responsible and block them. Example (deleted) issue: https://codeberg.org/kitten/app/issues/216

@jgeorge @masek Nah, retro computer viruses are the best!

https://archive.org/details/malwaremuseum

#Physics Girl #DoingBetter after #LongCovid

I owe this YouTuber a lot. She educated people on physics. Took them to places.
More than 2 years ago she got really sick with Covid that soon became Long-Covid. Earlier messages from her [partner] she was barely alive, non responsive.
If you want to check out her channel:
-> Physics Girl <-
-> youtube.com/@physicsgirl <- And please do.

Now she gives a very happy sign of emprovement I'm happy to share:

"Hello from Dianna! - Two years in bed"
by physicsgirl

https://www.youtube.com/shorts/euCkKszuWDQ

Quote by PG:
"Nov 21, 2024
Here is a small update from Dianna herself! She hasn't been able to communicate directly here on Youtube for almost 2 years now. A quick hello and thank you!"

@chudypb Good luck!

[RSS] The Windows Registry Adventure #5: The regf file format

https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html

[RSS] CVE-2024-44825 - Invesalius Arbitrary File Write and Directory Traversal

https://www.partywave.site/show/research/CVE-2024-44825%20-%20Invesalius%20Arbitrary%20File%20Write%20and%20Directory%20Traversal

It's official.

The US is totally nuts: 🇺🇸 🥜

"BITCOIN Act of 2024"
https://www.congress.gov/bill/118th-congress/senate-bill/4912/all-info

Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks
https://www.yahoo.com/news/kidnapping-assassination-and-a-london-shoot-out-inside-the-ci-as-secret-war-plans-against-wiki-leaks-090057786.html

#frombsky

Wonderfully elegant term for exploit development from 1980: "Synthetic Programming"

https://literature.hpcalc.org/items/1718

Wow, a fairly serious auth bypass in Next.js, a super popular frontend framework:

If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.

https://securityonline.info/cve-2024-51479-next-js-authorization-bypass-vulnerability-affects-millions-of-developers/

Unveiling Hidden Transformers in Windows ANSI! https://worst.fit/assets/EU-24-Tsai-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf

@masek In 40 years my Lenovo will literally disintegrate

Don't fix what isn't broken: https://www.tomshardware.com/desktops/indiana-bakery-still-using-commodore-64s-originally-released-in-1982-as-point-of-sale-terminals

In my professional opinion this is the best malware protected setup I have seen for years.

Dependency injection is the art of converting rude compile errors telling you detailed information about the mistakes you made into runtime exceptions from the depths of Khazad-dûm.