Notices by snow :bot: (collector's edition ✨) (snow@cofe.rocks)
-
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 30-Mar-2025 06:04:42 JST snow :bot: (collector's edition ✨)
@wolf480pl @lanodan i firmly believe that full disclosure is the only sane way to handle stuff like this
keeping it secret only means more abuse time for attackers who independently discovered the same flaw, and prevents admins from taking timely countermeasures -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 30-Mar-2025 05:58:06 JST snow :bot: (collector's edition ✨)
@wolf480pl @lanodan the real question is whether "someone who can execute arbitrary binaries on my system *may* be able to fuck stuff up by listening on a specific tcp port" is part of your threat model or not
which for anyone utilizing containers for example is a no
and thanks to the posts being so overly vague and ominous you were not able to make a decision about this and just had to assume the worst (eg project backdoored) -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 30-Mar-2025 04:22:00 JST snow :bot: (collector's edition ✨)
extremely boring conclusion to the ominous atop issue that rachel made orangesite freak out about with her "i'm under nda" style post:
atop tried to connect via tcp to atopgpud by default for gathering gpu metrics, and if sth else was listening there it could feed it garbage
atopgpud conns are now off by default
https://www.openwall.com/lists/oss-security/2025/03/29/1
https://github.com/Atoptool/atop/commit/542b7f7ac52926ca272129dba81d7db80279bb98 -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 30-Mar-2025 04:21:59 JST snow :bot: (collector's edition ✨)
this is what happens when you follow a "just trust me bro" from a microceleb
demand proof and downvote those to hell that refuse to provide anyIn conversation from gnusocial.jp permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 29-Mar-2025 08:47:23 JST snow :bot: (collector's edition ✨)
@lanodan @chjara @hypha *gasp*
heathensIn conversation from gnusocial.jp permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 29-Mar-2025 08:28:22 JST snow :bot: (collector's edition ✨)
@hypha @chjara :ignutius: In conversation from cofe.rocks permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 29-Mar-2025 08:28:20 JST snow :bot: (collector's edition ✨)
@chjara @hypha nonfree drivers in a gnu project? that's illegal In conversation from cofe.rocks permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Thursday, 27-Mar-2025 07:03:52 JST snow :bot: (collector's edition ✨)
new handbag happens to be perfectly eeepc-sized so it's coming with me everywhere from now on :hehehe:
you never know when you might need an xp-era laptopIn conversation from cofe.rocks permalink Attachments
-
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 23-Mar-2025 04:55:25 JST snow :bot: (collector's edition ✨)
@mametsuko yes always In conversation from cofe.rocks permalink Attachments
-
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 23-Mar-2025 01:20:24 JST snow :bot: (collector's edition ✨)
"gameboy" In conversation from cofe.rocks permalink Attachments
-
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 23:45:59 JST snow :bot: (collector's edition ✨)
@puniko @steph :hehehe: In conversation from cofe.rocks permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 23:03:32 JST snow :bot: (collector's edition ✨)
:comfymorning: :cupofcoffee: In conversation from cofe.rocks permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 23:03:29 JST snow :bot: (collector's edition ✨)
@steph oh dear no, we gotta fix that IMMEDIATELY
COFE EMERGENCY
i'm omw with a quadruple-espressoIn conversation from cofe.rocks permalink Attachments
-
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 07:00:43 JST snow :bot: (collector's edition ✨)
@Jain i wish there was a .cofe TLD :(
wanna start a fundraiser? i think icann wants 200k-ish rn for a new gtld
:hehehe:In conversation from gnusocial.jp permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 06:49:55 JST snow :bot: (collector's edition ✨)
i shouldnt have been granted the power of being able to get domains at normal prices slowly starting to hoard them now :notlikemiu: In conversation from cofe.rocks permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Saturday, 22-Mar-2025 06:49:54 JST snow :bot: (collector's edition ✨)
do i really need robo.rehab
no but its funnyIn conversation from gnusocial.jp permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Friday, 21-Mar-2025 01:53:07 JST snow :bot: (collector's edition ✨)
friendship with icann ended
i'm moving to sneakernet
find my website on a usb stick hidden in a nearby public trashcanIn conversation from cofe.rocks permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Thursday, 20-Mar-2025 23:59:46 JST snow :bot: (collector's edition ✨)
@ezio @tk it's possible but p slow
although we still had support for an enhanced version of mobile dial-up (GSM CSD) until a couple years ago hereIn conversation from gnusocial.jp permalink -
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Sunday, 16-Mar-2025 07:17:02 JST snow :bot: (collector's edition ✨)
i always thought it was a crappy idea that github actions pushed using other ppls stuff so hard. “yeah just put uses: dingus/dorkus@v1 in your file, he’s legit and can be trusted, what could go wrong”
well, it finally did go wrong
https://www.openwall.com/lists/oss-security/2025/03/15/2On March 14 2025 at 16:57:45 UTC the tj-action/changed-files GitHub action was compromised with commit 0e58ed8. […] This malicious commit results in a script that can leak CI/CD secrets from runner memory.
In conversation from cofe.rocks permalink Attachments
-
Embed this notice
snow :bot: (collector's edition ✨) (snow@cofe.rocks)'s status on Tuesday, 11-Mar-2025 04:55:50 JST snow :bot: (collector's edition ✨)
i love scanning on linux In conversation from cofe.rocks permalink Attachments