@bob_zim @sanityinc If you are responsible for delivering a working product on time and costs don't come out of your own pocket expensive clouds that just work* are an obvious choice.

*<insert edge cases here>

@SheHacksPurple Let's not forget about 7xx! https://github.com/joho/7XX-rfc

500,000 protesters against Vucic out of a population of 6.6 million!
That's like 25 million Americans marching against Trump.
https://piaille.fr/@le_pere_peinard/114167795401286362

EA just open sourced Command & Conquer, Red Alert, Renegade and Generals (2025.02.27)

https://www.gamingonlinux.com/2025/02/ea-just-open-sourced-command-conquer-red-alert-renegade-and-generals/

😍

Qualys on the exploitability of stack clashes in 2025:

https://www.openwall.com/lists/oss-security/2025/03/15/1

(recursion joke included)

Fedi, who do you know who's the vintage MP3 player expert?

I'm asking Fedi because I have certain expectations and requirements that only Fedi can fill. I'm looking specifically to hear from That One MP3 Player Person, here.

There's definitely an era of Peak MP3 Player, the same way e-ink ereaders peaked in 2007-2008 in the Just Before Touchscreens Ruined Everything era - there's definitely an aluminium-body clicky-buttoned MP3 player that Just Plays MP3s and is tactiley perfect and beautiful in every way and probably unobtainum except with eBay and patience, and I want to know about it from The MP3 Player Expert.

I want the person with a display shelf full of MP3 players to infodump at me about when the buttons disappeared and everything carcinized into a phone and made them sad. I expect this person will tell me to look for something in the late aughts to early teens and know the part number for a replacement battery. If this is you, please give me a link to your website, and feel free to show me your socks as well because I expect they're cool as hell.

No need to tell me you use your phone for music or tell me the MP3 player that you already own is good, I don't care. I want to find The Vintage MP3 Player Person With Heavily Considered Opinions, and ask them questions that only they will be able to answer. I need the MP3 Player Librarian. I feel in my heart that this person is here on the Fediverse somewhere.

UPDATE: it's only been 5 minutes haha, alright here's what I want:
* no apple or apple-wannabe
* plug it in and it shows up as a USB drive, I won't install software
* takes SD or MicroSD
* just plays MP3s
* no touchscreen
* no capacitive controls
* preference: steel or aluminium

UPDATE: ipods are apple, I specifically don't want apple, I already know about ipods thx

UPDATE UPDATE: editing the question to make it more obvious that I'm looking for a person not a thing here, I don't want to know about your MP3 player, I want to know where the Vintage MP3 Player Wizard dwells

@adamshostack @bert_hubert @tasket Those problems don't seem to be dependent on running on a cloud platform though? We implemented most of these things on-prem - admittedly with the help of software that was inspired/made by cloud platforms.

No matter how much you want it, you can't use a clever definition of "cloud native" to pretend that you compete with the AWS/Azure/Google stack. And please don't try to fool people with a wonky definition, it will backfire eventually. "There is no cloud just other people's computers" means you don't understand what modern developers are doing with clouds. https://berthub.eu/articles/posts/the-european-cloud-ladder/

@sassdawe https://hvg.hu/itthon/20250315_orban-viktor-poloska-marcius-15-unnepi-beszed-magyar-peter-tavaszi-nagytakaritas-ebx

(I have no idea how effinbirds got into this thread, sry)

Activity spinning up on GitHub for people playing with the bug, but also at least a few possibly vulnerable code bases:

https://github.com/search?q=%3Cparam-name%3Ereadonly%3C%2Fparam-name%3E+%3Cparam-value%3Efalse%3C%2Fparam-value%3E++&type=code

The author of the blog post mentioned in my previous post initially predicted KEV but then reconsidered. I suspect they're right but it will it will depend on if any big commercial J2EE is vulnerable as deployed on TomCat. To that end, the following from the VMware folks looked interesting:

https://github.com/vmware/dod-compliance-and-automation/blob/e080d523461ade1dadca12c8f7622bd60fcbe920/vsphere/8.0/v1r1-srg/vcsa/inspec/vmware-vcsa-8.0-stig-baseline/eam/controls/VCEM-80-000130.rb#L35

The prime minister of #Hungary just called judges, journalists and NGO's "bedbugs" in his 1848 memorial speech.

"Record labels attempt to bankrupt Internet Archive over grandpa's dusty old 78s"

https://www.msn.com/en-us/news/technology/record-labels-attempt-to-bankrupt-internet-archive-over-grandpa-s-dusty-old-78s/ar-AA1AMiM8

We hope that the inter-relations between Huawei's lobby office in Brussels and the offices in key EU member states like Germany are taken into account in the ongoing corruption and bribery investigations, too. For market access in Europe, Berlin is a key lobby hot spot for chinese tech. #HuaweiGate

honggfuzz alive and kicking. stack based buffer overflow in libxml2 - https://issues.oss-fuzz.com/issues/392687022

I remember in the mid ‘90s, Bill Gates said something like ‘if the car industry had improved at the same rate as the computer industry, cars would go at a thousand miles per hour and get thousands of miles per gallon’ and someone at a car manufacturer replied that their customers are quite glad that the cars don’t crash several times a day.

I am starting to wonder if Tesla is an elaborate piece of performance art in support of this joke.

"the real question is if we can convince European governments and Europeans to innovate for their continued survival as a free and (climate) safe continent" - no pressure people.

My slides from today's talk about Static Program Analysis. I go into how data flow analysis (like taint propagation in CodeQL) works from first principles - should be digestible with some first-year university maths knowledge

https://zeyu2001.github.io/cam-ib-tech-talk/

@effinbirds thanks, I also had trouble finding it!

Recursion kills: The story behind CVE-2024-8176 / Expat 2.7.0 released, includes security fixes

https://blog.hartwork.org/posts/expat-2-7-0-released/

@hanno asks for expert xdev review on oss-security:

https://www.openwall.com/lists/oss-security/2025/03/14/7