Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Notices by snow :bot: (collector's edition ✨) (snow@cofe.rocks)

Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 30-Mar-2025 06:04:42 JST snow :bot: (collector's edition ✨)
in reply to
- Haelwenn /элвэн/ :triskell:
- Wolf480pl
@wolf480pl @lanodan i firmly believe that full disclosure is the only sane way to handle stuff like this
keeping it secret only means more abuse time for attackers who independently discovered the same flaw, and prevents admins from taking timely countermeasures

In conversation about 2 days ago from cofe.rocks permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 30-Mar-2025 05:58:06 JST snow :bot: (collector's edition ✨)
in reply to
- Haelwenn /элвэн/ :triskell:
- Wolf480pl
@wolf480pl @lanodan the real question is whether "someone who can execute arbitrary binaries on my system *may* be able to fuck stuff up by listening on a specific tcp port" is part of your threat model or not
which for anyone utilizing containers for example is a no
and thanks to the posts being so overly vague and ominous you were not able to make a decision about this and just had to assume the worst (eg project backdoored)

In conversation about 2 days ago from gnusocial.jp permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 30-Mar-2025 04:22:00 JST snow :bot: (collector's edition ✨)

extremely boring conclusion to the ominous atop issue that rachel made orangesite freak out about with her "i'm under nda" style post:

atop tried to connect via tcp to atopgpud by default for gathering gpu metrics, and if sth else was listening there it could feed it garbage
atopgpud conns are now off by default

https://www.openwall.com/lists/oss-security/2025/03/29/1
https://github.com/Atoptool/atop/commit/542b7f7ac52926ca272129dba81d7db80279bb98
In conversation about 2 days ago from cofe.rocks permalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.openwall.com
  
  oss-security - CVE-2025-31160 Atop 2.11 heap problems
2. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  
  Fix security vulnerability CVE-2025-31160 (#334) · Atoptool/atop@542b7f7
  
  Atop will not connect to the TCP port of 'atopgpud' daemon any more by default. The flag -k can be used explicitly when 'atopgpud' is active. Also the code to parse the received st...
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 30-Mar-2025 04:21:59 JST snow :bot: (collector's edition ✨)
in reply to
- snow :bot: (collector's edition ✨)
this is what happens when you follow a "just trust me bro" from a microceleb
demand proof and downvote those to hell that refuse to provide any

In conversation about 2 days ago from gnusocial.jp permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 29-Mar-2025 08:47:23 JST snow :bot: (collector's edition ✨)
in reply to
- Haelwenn /элвэн/ :triskell:
- chjara
@lanodan @chjara @hypha *gasp*
heathens

In conversation about 3 days ago from gnusocial.jp permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 29-Mar-2025 08:28:22 JST snow :bot: (collector's edition ✨)
- chjara
@hypha @chjara :ignutius:

In conversation about 3 days ago from cofe.rocks permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 29-Mar-2025 08:28:20 JST snow :bot: (collector's edition ✨)
in reply to
- chjara
@chjara @hypha nonfree drivers in a gnu project? that's illegal

In conversation about 3 days ago from cofe.rocks permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Thursday, 27-Mar-2025 07:03:52 JST snow :bot: (collector's edition ✨)

new handbag happens to be perfectly eeepc-sized so it's coming with me everywhere from now on :hehehe:
you never know when you might need an xp-era laptop
In conversation about 5 days ago from cofe.rocks permalink
Attachments
1. Untitled attachment
  https://uploads.cofe.rocks/media/79517072109562fdd22cce79daa9a6e80a826bdfe1c4b44297c9ccac5ebccc0d.jpg
2. Untitled attachment
  https://uploads.cofe.rocks/media/5ad7a87689a4574a1bfd2787a814e44a20f0e891c0fb5f267c140d097d1f16f8.jpg
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 23-Mar-2025 04:55:25 JST snow :bot: (collector's edition ✨)
in reply to
- mametschko
@mametsuko yes always
In conversation about 9 days ago from cofe.rocks permalink
Attachments
1. Untitled attachment
  https://uploads.cofe.rocks/media/6f95f70af948ee957ea075a98d3e792c34dc3e417da5820ee53312335ee0ae5e.png
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 23-Mar-2025 01:20:24 JST snow :bot: (collector's edition ✨)

"gameboy"
In conversation about 9 days ago from cofe.rocks permalink
Attachments
1. Untitled attachment
  https://uploads.cofe.rocks/media/5824be7452f5c13d76629caa3530d750c6ff6b979d4a9c62b21672f2f33069eb.png
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 23:45:59 JST snow :bot: (collector's edition ✨)
- Puniko ?
- Steph :|>
@puniko @steph :hehehe:

In conversation about 9 days ago from cofe.rocks permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 23:03:32 JST snow :bot: (collector's edition ✨)

:comfymorning: :cupofcoffee:

In conversation about 9 days ago from cofe.rocks permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 23:03:29 JST snow :bot: (collector's edition ✨)
in reply to
- Steph :|>
@steph oh dear no, we gotta fix that IMMEDIATELY
COFE EMERGENCY
i'm omw with a quadruple-espresso
In conversation about 9 days ago from cofe.rocks permalink
Attachments
1. Untitled attachment
  https://uploads.cofe.rocks/media/1af1928a7e7d63d930b970d0b8c4c163d1757e426b2b4be056ac7f5250e0d215.png
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 07:00:43 JST snow :bot: (collector's edition ✨)
in reply to
- :blobcathug:
@Jain i wish there was a .cofe TLD :(
wanna start a fundraiser? i think icann wants 200k-ish rn for a new gtld
:hehehe:

In conversation about 10 days ago from gnusocial.jp permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 06:49:55 JST snow :bot: (collector's edition ✨)

i shouldnt have been granted the power of being able to get domains at normal prices slowly starting to hoard them now :notlikemiu:

In conversation about 10 days ago from cofe.rocks permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 06:49:54 JST snow :bot: (collector's edition ✨)
in reply to
- snow :bot: (collector's edition ✨)
do i really need robo.rehab
no but its funny

In conversation about 10 days ago from gnusocial.jp permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Friday, 21-Mar-2025 01:53:07 JST snow :bot: (collector's edition ✨)

friendship with icann ended
i'm moving to sneakernet
find my website on a usb stick hidden in a nearby public trashcan

In conversation about 11 days ago from cofe.rocks permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Thursday, 20-Mar-2025 23:59:46 JST snow :bot: (collector's edition ✨)
in reply to
- Doughnut Lollipop 【記録係】:blobfoxgooglymlem:
- Palm Top Alyssa :yuyueat: :american_megatrans:
@ezio @tk it's possible but p slow
although we still had support for an enhanced version of mobile dial-up (GSM CSD) until a couple years ago here

In conversation about 11 days ago from gnusocial.jp permalink
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 16-Mar-2025 07:17:02 JST snow :bot: (collector's edition ✨)

i always thought it was a crappy idea that github actions pushed using other ppls stuff so hard. “yeah just put uses: dingus/dorkus@v1 in your file, he’s legit and can be trusted, what could go wrong”
well, it finally did go wrong
https://www.openwall.com/lists/oss-security/2025/03/15/2
On March 14 2025 at 16:57:45 UTC the tj-action/changed-files GitHub action was compromised with commit 0e58ed8. […] This malicious commit results in a script that can leak CI/CD secrets from runner memory.
In conversation about 16 days ago from cofe.rocks permalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.openwall.com
  
  oss-security - tj-action/changed-files GitHub action was compromised
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Tuesday, 11-Mar-2025 04:55:50 JST snow :bot: (collector's edition ✨)

i love scanning on linux
In conversation about 21 days ago from cofe.rocks permalink
Attachments
1. Untitled attachment
  https://uploads.cofe.rocks/media/8b94abdd56098a3357af9515cf2e9710edd209dbc1697b62b5b55377a38f2931.png

Before

User actions

your favorite clueless robo catgirlyes it happened i actually made a private altthis will contain tons of posts on absolutely any topic, no rulesbe prepared for everything from mental health posts to selfies / cookingwill only accept your FR if we have interacted enough beforei need some confidence you won't just leak what you see herereceiving a follow-first from this acc is an invite to join the fun :potatopurpleheart: content safe-for-work as usualwill CW if it gets too disturbing

Tags