I feel like the Internet Archive debate hits differently in countries like the US and UK, and countries like Hungary.

I do tons of academic research. The volumes needed to keep up with academia often run $100+ each. And unless I order them from overseas (delivery $30-50 each) there is no access to them. Several don't have a copy *on the entire continent* (few Hungarian libraries do international loan but it takes large amounts of money and months.)

I imagine many countries are even worse off.

Popular opinion seems to be that #GNOME and #KDE are "fighting/competing."

Sure we have our differences in philosophies and design, but it's way more akin to siblings having small spats. But in the end we are siblings in #FOSS family and I like GNOME folks a lot. And if anyone attacks my siblings, I'm there to defend them.

We can and we should work together as much as possible, not just GNOME or KDE but all other DE's too like #Budgie and #XFCE to be the best computing experience possible.

It's not perfect and it's never gonna be because perfection is unattainable, but perfect is also enemy of good.

Let's keep doing our best. Together.

#linux

Edit: happy pride! And trans rights are human rights.

NEW: U.S. government bans sale of Kaspersky software in the country — both consumers and businesses — due to security and privacy risks from Russian government.

“First of its kind” sales ban starts on July 20. After Sept. 29 Kaspersky can't send updates to U.S. customers.

“Russia has shown it has the capacity, and even more than that, the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans. And that’s why we are compelled to take the action that we’re taking today,” U.S. Commerce Secretary Gina Raimondo said in a call with reporters.

https://techcrunch.com/2024/06/20/us-bans-kaspersky-software-security-risk-russia/

Can LLMs find vulns? Here’s what Project Zero found

https://googleprojectzero.blogspot.com/2024/06/project-naptime.html

Interested in decompiler design? You'll love our latest blog post! https://binary.ninja/2024/06/19/restructuring-the-decompiler.html

Not interested? You'll still love the massive improvements the latest update brings to control flow recovery! Simpler conditionals, flatter code depth, more accurate transformations, easier to read and understand. Everything is better.

CVE-2022-24834: exploiting an integer overflow in Lua cjson module in Redis servers

https://research.nccgroup.com/2024/06/11/pumping-iron-on-the-musl-heap-real-world-cve-2022-24834-exploitation-on-an-alpine-mallocng-heap/

#infosec

☢️ Systemd 256.1 Fixes "systemd-tmpfiles" Unexpectedly Deleting Your /home Directory - Phoronix

https://www.phoronix.com/news/systemd-tmpfiles-purge-drama

#systemd #Linux #Opensource

Anyone know if RIFF chunks with id "\0\0\0\0" (4 zero bytes) with zero size is valid and a thing? I've seen WAV files multiples times with these in between other chunks or last in a file. Can't find anything in specs about it, most players and decoders seem to ignore them.

#riff #wav

I heard someone complaining "Why did they have to put pixel art on the Museum of Ethnography?!"

Reader, they are traditional cross stitch patterns.

#folklore #tradition #museums #image

Man, I just spent two hours ricing tmux instead of writing my article that's due next week. #Linux really is the ultimate procrastination tool.

My talk for https://nsss.se/

Title: CVEMITRECVSSNVDCNAOSS WTF

Abstract:

Bogus CVEs, know-better organizations, conflicting databases, AI hallucinations, inflated severity scoring, security scanners, Jia Tan. As the lead developer in the curl project, Daniel describes some of the challenges involved and what you need to do to stay on top of security when working in a high profile Open Source project running in some twenty billion instances. Involving many examples from real life.

Last year European Parliament and national parliaments rejected the “EU child porn scanner” that was set to be installed on every phone. Apparently this week we’re going to ignore all that parliamentary action and mandate such a scanner once more. Here’s what I wrote earlier on how this super scary thing would work in practice: https://berthub.eu/articles/posts/client-side-scanning-dutch-parliament/

Analysis of CVE-2024-2738 Apache HugeGraph https://blog.securelayer7.net/remote-code-execution-in-apache-hugegraph/

🐮Re-moo-te Code Execution in mailcow!

Dive into our analysis of two vulnerabilities we found in the mail suite mailcow. Learn how attackers can go from XSS to RCE, and why it's important to sanitize your error messages:

https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages/?utm_medium=social&utm_source=mastodon&utm_campaign=blog&utm_content=blog-mailcow-rce-240618-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=mastodon

#appsec #security #vulnerability

I watched the new Practical Engineering video on the bridge collapse, and Grady said words to the effect of "all the work was partitioned out. nobody had a complete view of the situation. the people who really saw the problems had no autonomy to do anything about them, and the people with the authority to do something never saw the full picture - all they got was a piece of paper with action items", and I've never nodded along to something so hard. This happens aaaaalllllll the time in security.

Hey you fine people: Our agenda for the birthday party is public now: https://troopers.de/troopers24/agenda/ #TROOPERS24 See you next week! 🥳

Last year in "How I choose a security research topic", I used two unnamed attack concepts as case-studies for fast failure. I can now reveal both unnamed techniques were timing attacks. I'm happy to say my third attempt went better!
https://portswigger.net/research/how-i-choose-a-security-research-topic

Enjoy this month’s nasty VMWare vulns, including a CVSS 9.8 potential RCE: https://www.theregister.com/2024/06/18/vmware_criticial_vcenter_flaws/

Direct advisory link: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

#ThreatIntel #CVE_2024_37079 #CVE_2024_37080 #CVE_2024_37081

somebody asked how people who have historically been anti-copyright could be against AI content theft, so let me give this a shot:

Information wants to be free to enrich human knowledge. It does not want to be free to make human knowledge worse to enrich the pockets of assholes

Our tl;dr from @RealWorldCrypto
https://buff.ly/4c3J70h