Do not travel to the US. Under any circumstance. Think you're safe because your paperwork is in order? Fuck you, it does not matter.

https://www.theguardian.com/us-news/2025/mar/19/canadian-detained-us-immigration-jasmine-mooney

@catc0n If by single source you mean Wallarm, that one is factually incorrect at multiple points so IMO it's best to dismiss as FUD:

https://infosec.place/notice/As2Q4VaBioZNySoR6m

Has anyone actually confirmed real-world compromises from the supposed Apache Tomcat exploitation (CVE-2025-24813) going on? Breathless headlines seem to be quoting a single vague source, and this bug isn't exploitable in anywhere close to a default config https://attackerkb.com/assessments/1a24556d-24fb-4017-be67-e4ab39c76566

one thing I've learned about teaching over the years is that if I make a negative statement (like “git commits aren't stored as diffs"), it doesn't really work -- often people will just ignore it, especially if it contradicts their current mental model

so I always have to figure out how to make a positive statement, and make it in a way that will convince people whose mental model is different right now

convincing people to adjust their mental models is really hard!

Windows SMB client is basically quantum computing: sometimes it works, but if you look at it the wrong way it isn't.

@swapgs @1ns0mn1h4ck wow...

Last year, I had a few weeks between jobs and decided to look at the infrastructure security of random Linux distributions with the good friends at Fenrisk.

We ended up getting code execution on the Fedora Git forge hosting all package sources and on the Open Build Service instance of openSUSE. Nothing technically fancy (the usual silly argument injection bugs), but we could have effectively backdoored all their packages :°)

We finally presented the details last week at @1ns0mn1h4ck: https://fenrisk.com/assets/media/Don't%20let%20Jia%20Tan%20have%20all%20the%20fun_%20hacking%20into%20Fedora%20and%20OpenSUSE.pdf.

Also now available on the blog:
- Our approach: https://fenrisk.com/supply-chain-attacks
- Pagure: https://fenrisk.com/pagure
- OBS: https://fenrisk.com/open-build-service

Big kudos to distro maintainers, this was one of the most efficient disclosures of my life!

(now let's do kernel.org?)

The EFF has shit the bed again. This is a stirring cry to encourage startups ... specifically, AI startups. This ain't it chief.

https://www.eff.org/deeplinks/2025/03/californias-ab-412-bill-could-crush-startups-and-cement-big-tech-ai-monopoly

occasionally the EFF reminds us it was founded by a republican libertarian and funded by SV tech cos

This project by @recantha reminded me that old (IBM) ThinkPad keyboards should be remade into external USB keyboards. Found this /r/ thread with some great links:

https://www.reddit.com/r/thinkpad/comments/fgyh0q/transform_internal_keyboard_to_external_usb/

This build seems especially nice:

https://www.thingiverse.com/thing:4169964

RE: https://mastodon.social/@recantha/114184031395472987

“I’ve just closed the forum of a small classic car club because we don’t have the time or capacity to ensure compliance with only volunteers. Meta will benefit, because we will, reluctantly, move to using a Facebook page”
https://alecmuffett.com/article/112834
#OnlineSafetyAct #ofcom

@Proteas yea can't sleep with all those fans spinning like crazy :)

This is great news not in the least for our American friends where the weather service is being sabotaged. Weather models are oddly enough always global - you can't predict the weather in Berlin a week ahead without also predicting the weather in Austin, Texas. ECMWF has excellent hurricane forecasts also for the US for that reason, and these are also being used in the US already. Wonderful stuff: https://www.ecmwf.int/en/about/media-centre/news/2025/ecmwf-achieve-fully-open-data-status-2025

I guess vulnerability research means job security now.

Also: none of this will happen.

@TarkabarkaHolgy More precisely, the ruling party of #Hungary in a typical fascist move just seriously restricted the right of assembly, and made an example with Pride so they can attack any opponents with homophobic propaganda (that sadly many people still buy). Looks like journalists and opposition politicians are falling to the trap.

Coincidentally at the same time we learned how the central bank gambled away at least a billion EUR(!), but that is somehow not a priority now...

“There is something deeply wrong when a law passed with cross-party consensus & endorsed by Britain’s most trusted charities has made it impossible to run an internet forum for hamster owners”
https://alecmuffett.com/article/112832
#OnlineSafetyAct #hamsters #ofcom

@tychotithonus this is a genius pattern to comply with corp pw policy (unique passwords, 3 classes) for FTP sites without having to remember them!

Please stop externalizing your costs directly into my face

https://drewdevault.com/2025/03/17/2025-03-17-Stop-externalizing-your-costs-on-me.html

"Whether it’s cryptocurrency scammers mining with FOSS compute resources or Google engineers too lazy to design their software properly or Silicon Valley ripping off all the data they can get their hands on at everyone else’s expense… I am sick and tired of having all of these costs externalized directly into my fucking face. Do something productive for society or get the hell away from my servers"

layerone cfp is open
https://www.layerone.org/call-for-papers/

Massive result in Dutch parliament just now. They passed 10 separate motions to enhance digital resilience, run more of our own servers & reduce dependency on US cloud technology.
https://www.reuters.com/world/europe/dutch-parliament-calls-end-reliance-us-software-2025-03-18/

Today, March 18, in 1982, Seattle high schooler David Lightman teaches his friend Jennifer Mack about war dialing, hacking, phreaking, and the importance of infosec (WarGames, 1983)

#Movies #Film #Cinemastodon #Letterboxd #WarGames #TheOnlyWinningMoveIsNotToPlay