Project: python/cpython https://github.com/python/cpython
File: Lib/ntpath.py:343 https://github.com/python/cpython/blob/2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd/Lib/ntpath.py#L343

def expanduser(path):

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fntpath.py%23L343&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fntpath.py%23L343&colors=light

Progress security advisory: WhatsUp Gold Security Bulletin December 2024
@cR0w Progress allegedly published this advisory 12 December 2024, but the page wasn't available from Google search results (thank Gemini AI ✨ for being useless) and Progress doesn't maintain a dedicated security advisories section on their website. Anyway, this page hasn't been updated with new information since 12 December so it's also useless. Here are the three vulnerabilities:

• CVE-2024-12105 (6.5 medium) authenticated information disclosure via specially crafted HTTP request
• CVE-2024-12106 (9.4 critical) unauthenticated attacker can configure LDAP settings
• CVE-2024-12108 (9.6 critical) an attacker can gain access to the WhatsUp Gold server via the public API

No mention of exploitation. Patched in WhatsUp Gold version 24.0.2

#infosec #progress #whatsupgold #cve #vulnerability #cybersecurity

“This button vaporises the finger of anybody who presses it!”

“Why do you always focus on the negative? You critics should talk about the benefits of the Vaporiser2000™. Every press mints $100K USD. That’s an amazing societal benefit.”

“It mints it in the offices of those who make the button! The presser doesn’t get any. They’re using bribes and pressure to force the finger vaporisation onto others!”

“There you go again, focusing on the negative. This is why nobody takes critics seriously”

I think everyone who has an opinion, positive or negative, about LLMs, should read how @simon summed up what’s happened in the space this year. He’s the most credible, most independent, most honest, and most technically fluent person watching the space. https://simonwillison.net/2024/Dec/31/llms-in-2024/

@buherator Fedi version, as requested - https://mastodon.social/@cfgbot

Cost of false positives | Kellan Elliott-McCrea: Blog
https://alecmuffett.com/article/110781
#OnlineHarms #OnlineSafetyAct #classifiers #ofcom

Uhhh, I have a strange request. If you own a bread knife with a flat-sided handle in your kitchen, and calipers or something else that will measure to the nearest millimetre or so, and want something to do for 30 seconds, could you tell me how thick the handle is?

Yes, I'd like to collect some random samples of bread knife handle widths. Doesn't matter what brand, what it looks like, how long the blade is or where in the world you are.

I will explain later. Boosts appreciated.

#AskFedi

I wanted to correct something, because I know the archive's actions/function can encourage tea-leaf reading, but:

There is no throttling on the upload speed/bandwidth. There's no actual "well, only give this person X amount of speed, ha ha, tally ho" in effect.

What IS in effect, post-hack, are re-factoring of the security and networking aspects of the Archive's internals, with a focus on security before speed, and getting speed back to full is taking some time.

So there you go.

me neither, solaris

I made a 🦋Bluesky bot that posts hourly control-flow-graphs.
Because why not.

https://bsky.app/profile/cfgbot.bsky.social

Currently taking random functions from CPython's source code.

#python #bluesky #bot