[RSS] Making sure that a DLL loads only from your application directory

https://devblogs.microsoft.com/oldnewthing/20250313-00/?p=110963

[RSS] Buffer Overflow Vulnerability in Astrolog v7.70 (CVE-2025-29625)

https://blog.reodus.com/posts/cve-2025-29625/

New Project Zero issue:

Linux 6.4: UAF race between mbind() and VMA-locked page fault

https://project-zero.issues.chromium.org/issues/42451620

CVE-2023-4611

[RSS] Jailbreaking is (mostly) simpler than you think

https://msrc.microsoft.com/blog/2025/03/jailbreaking-is-mostly-simpler-than-you-think/

In which Microsoft gives you guidance about how to find bomb or drug recepies online. We truly live in the future! #LLM #GenAI

Skype is shutting down in May. I've been using it to speak with my grandmother, and I am looking for an alternative, with the following features:
* can do live subtitles (in French)
* works without a phone number/sim card
* can call your contacts and be dialed (i.e. not only invite by email/calendar/url…)
* simple UI/UX (with big buttons) is far more important than feature rich.

I know various things that do some of the above, but I'm not sure what (other than Skype) does all of it.

Any help?

@bob_zim @tasket I've never heard "cloud" used in the context of the techniques you mentioned, but OK. In my world these practices - that have obvious security benefits - are more on the "pet-cattle" axis that apparently (but not surprisingly) also comes from AWS, but not strictly tied to cloud providers:

https://cloudscaling.com/blog/cloud-computing/the-history-of-pets-vs-cattle/

Circling back to security boundaries brought up by @adamshostack, my point here is that modern security and ops paradigms up to level 4. on @bert_hubert's scale are doable on-prem where you don't have to deal with the threats arising from e.g. shared hosting in the first place. IMO from that level any security benefits are less about the mentioned paradigms and more about how security investment scales (e.g. can you afford world-class talent and custom tooling for your 10 rack system), while introducing the problems that triggered this whole discussion about the need for an EU cloud.

@bob_zim @sanityinc If you are responsible for delivering a working product on time and costs don't come out of your own pocket expensive clouds that just work* are an obvious choice.

*<insert edge cases here>

@SheHacksPurple Let's not forget about 7xx! https://github.com/joho/7XX-rfc

500,000 protesters against Vucic out of a population of 6.6 million!
That's like 25 million Americans marching against Trump.
https://piaille.fr/@le_pere_peinard/114167795401286362

EA just open sourced Command & Conquer, Red Alert, Renegade and Generals (2025.02.27)

https://www.gamingonlinux.com/2025/02/ea-just-open-sourced-command-conquer-red-alert-renegade-and-generals/

😍

Qualys on the exploitability of stack clashes in 2025:

https://www.openwall.com/lists/oss-security/2025/03/15/1

(recursion joke included)

Fedi, who do you know who's the vintage MP3 player expert?

I'm asking Fedi because I have certain expectations and requirements that only Fedi can fill. I'm looking specifically to hear from That One MP3 Player Person, here.

There's definitely an era of Peak MP3 Player, the same way e-ink ereaders peaked in 2007-2008 in the Just Before Touchscreens Ruined Everything era - there's definitely an aluminium-body clicky-buttoned MP3 player that Just Plays MP3s and is tactiley perfect and beautiful in every way and probably unobtainum except with eBay and patience, and I want to know about it from The MP3 Player Expert.

I want the person with a display shelf full of MP3 players to infodump at me about when the buttons disappeared and everything carcinized into a phone and made them sad. I expect this person will tell me to look for something in the late aughts to early teens and know the part number for a replacement battery. If this is you, please give me a link to your website, and feel free to show me your socks as well because I expect they're cool as hell.

No need to tell me you use your phone for music or tell me the MP3 player that you already own is good, I don't care. I want to find The Vintage MP3 Player Person With Heavily Considered Opinions, and ask them questions that only they will be able to answer. I need the MP3 Player Librarian. I feel in my heart that this person is here on the Fediverse somewhere.

UPDATE: it's only been 5 minutes haha, alright here's what I want:
* no apple or apple-wannabe
* plug it in and it shows up as a USB drive, I won't install software
* takes SD or MicroSD
* just plays MP3s
* no touchscreen
* no capacitive controls
* preference: steel or aluminium

UPDATE: ipods are apple, I specifically don't want apple, I already know about ipods thx

UPDATE UPDATE: editing the question to make it more obvious that I'm looking for a person not a thing here, I don't want to know about your MP3 player, I want to know where the Vintage MP3 Player Wizard dwells

@adamshostack @bert_hubert @tasket Those problems don't seem to be dependent on running on a cloud platform though? We implemented most of these things on-prem - admittedly with the help of software that was inspired/made by cloud platforms.

No matter how much you want it, you can't use a clever definition of "cloud native" to pretend that you compete with the AWS/Azure/Google stack. And please don't try to fool people with a wonky definition, it will backfire eventually. "There is no cloud just other people's computers" means you don't understand what modern developers are doing with clouds. https://berthub.eu/articles/posts/the-european-cloud-ladder/

@sassdawe https://hvg.hu/itthon/20250315_orban-viktor-poloska-marcius-15-unnepi-beszed-magyar-peter-tavaszi-nagytakaritas-ebx

(I have no idea how effinbirds got into this thread, sry)

Activity spinning up on GitHub for people playing with the bug, but also at least a few possibly vulnerable code bases:

https://github.com/search?q=%3Cparam-name%3Ereadonly%3C%2Fparam-name%3E+%3Cparam-value%3Efalse%3C%2Fparam-value%3E++&type=code

The author of the blog post mentioned in my previous post initially predicted KEV but then reconsidered. I suspect they're right but it will it will depend on if any big commercial J2EE is vulnerable as deployed on TomCat. To that end, the following from the VMware folks looked interesting:

https://github.com/vmware/dod-compliance-and-automation/blob/e080d523461ade1dadca12c8f7622bd60fcbe920/vsphere/8.0/v1r1-srg/vcsa/inspec/vmware-vcsa-8.0-stig-baseline/eam/controls/VCEM-80-000130.rb#L35

The prime minister of #Hungary just called judges, journalists and NGO's "bedbugs" in his 1848 memorial speech.

"Record labels attempt to bankrupt Internet Archive over grandpa's dusty old 78s"

https://www.msn.com/en-us/news/technology/record-labels-attempt-to-bankrupt-internet-archive-over-grandpa-s-dusty-old-78s/ar-AA1AMiM8

We hope that the inter-relations between Huawei's lobby office in Brussels and the offices in key EU member states like Germany are taken into account in the ongoing corruption and bribery investigations, too. For market access in Europe, Berlin is a key lobby hot spot for chinese tech. #HuaweiGate