@bagder I'm dying to know
- what the problem was
- how did this person end up emailing you (are gasoline sensors queried with curl in Opel Astra??)

@buherator No, fel is huztam! Rogton 3 cimen is, mert nem tudtam donteni.

Ha lenne hajam, akkor most csinalnek magamnak jofajta punk frizurat.

yyzkevin.ca has been working on making #BlueSCSI the first #SCSI emulator to work with the odd IBM AS/400 drive standard. Here's his AS/400 booting IPL'ing with a BlueSCSI!

Still a lot to do but now even AS/400 users can have a modern, fully opensource, storage solution.

https://youtu.be/J8GztrUvox8?si=mpY88vrSCqVwUFvs&t=608

@algernon ...bár belegondolva (meg megnézve a kódot) ez lényegében egy elosztott cache az EMMA elé, szóval még segíthet is szegény MÁV-os szervereknek!

@algernon Arra célszerű vigyázni h nehogy tényleg DoS legyen belőle amikor már 100 példány fut itt-ott :)

As they say, Hungarian Railways have 5 enemies: the four seasons and the passengers.

This summer started off esp. bad, while official online services allowing the tracking of delays suspiciously started to disappear.

Train enthusiasts however built an unofficial website that showed accurate info about the position and delays of the trains based on scraped data.

Then the Minister of Transportation accused these guys of phishing (he pbbly doesn't know what that means), DoS and of course conspiring the opposition party, so the site was voluntarily taken down...

...but the code is open source, so now we have multiple sites with the same functionality :D

https://github.com/iben12/holavonat

#Hungary #StreisandEffect

Pre-auth RCE in CentOS Web Panel (CVE-2025-48703) found by the friends at Fenrisk. This is beyond madness that Shodan finds 200k of these exposed publicly.

(this post is sponsored by strace®, because no one cares about ionCube)

https://fenrisk.com/rce-centos-webpanel

Finally published today the second blog I'd promised for the #OracleSolaris 11.4.81 CBE release last month:
https://blogs.oracle.com/solaris/post/whats-new-in-the-solaris-modular-debugger-mdb-in-the-oracle-solaris-11481-cbe

A very deep dive into a narrow topic - what's changed in the Solaris Modular Debugger (mdb) since the previous CBE release in 2022. @cgerhard and others have put an impressive amount of work into making debugging easier and better for the users of this tool.

Hat tip to thegrugq for featuring this in his newsletter, a 1991 video of Italian hackers purporting to show them hacking a U.S. military system over x25. Has a real gonzo Max Headroom broadcast signal intrusion vibe with the masks & just general weird vibes, love it.
https://www.youtube.com/watch?v=43FyQlaA6YY

Dear Fedi,

For 3 years, I've been working with friends from the #FOSS world as a team of freelancers and it's been great: we love what we do and our clients are happy and stay with us for years.

But the terrible state of the world has badly affected our clients financially, and we find ourselves suddenly in need of more #work

We focus on systems design, development, and administration. We offer SRE-level quality and processes for companies that cannot afford a whole #SRE team

Boosts welcomed

@FuzzyAleks life is too short for me to drink leftover coffee

@Canageek This is a documentary, it should be enjoyable with English subs:

https://www.youtube.com/watch?v=Z-keHkcTZD4

Also, lots of samples.

[RSS] You have to tell Get- and Set-Security-Info the object type, you can't make it guess

https://devblogs.microsoft.com/oldnewthing/20250618-00/?p=111281

The trick with making your morning coffee is that you have to manage to make your morning coffee before having your morning coffee

@azonenberg Afaik bottle caps are more valuable than the bottles, there are even dedicated collection campaigns for them around here

Misfile essential documents.

Project Vicigol - Reverse-engineering a 28-bit RISC CPU has been released on media.ccc.de and YouTube #gpn23 #HardwareandMaking #ZKMKubus #gpn23eng https://media.ccc.de/v/gpn23-144-project-vicigol-reverse-engineering-a-28-bit-risc-cpu https://www.youtube.com/watch?v=5I1OIrXnM1Q https://cfp.gulas.ch/gpn23/talk/KBQBE7/

@InfoCon Is Off-by-One Conf on your radar already?

https://www.youtube.com/@offbyoneconf

Insecure defaults can lead to surprises. When creating FIFO sockets with systemd, be sure to note that SocketMode defaults to 0666 - that is world readable and writable. That is: any local user can communicate with the FIFO. If your FIFO is used to perform privileged operations you must ensure that either the FIFO file itself is located in secured location or set SocketMode to stricter value.

I spotted one such insecure use in cloud-init: the hotplug FIFO was world writable. This is CVE-2024-11584 and fixed in cloud-init 25.1.3.

The commit fixing this is in https://github.com/canonical/cloud-init/pull/6265

#CVE_2024_11584 #ubuntu #systemd #infosec #cybersecurity

Project: pypy/pypy https://github.com/pypy/pypy
File: rpython/rlib/parsing/deterministic.py:217 https://github.com/pypy/pypy/blob/9abbb4f358a5c308aefb85652a229cc98f899e13/rpython/rlib/parsing/deterministic.py#L217

def make_code(self):

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpypy%2Fpypy%2Fblob%2F9abbb4f358a5c308aefb85652a229cc98f899e13%2Frpython%2Frlib%2Fparsing%2Fdeterministic.py%23L217&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpypy%2Fpypy%2Fblob%2F9abbb4f358a5c308aefb85652a229cc98f899e13%2Frpython%2Frlib%2Fparsing%2Fdeterministic.py%23L217&colors=light