Notices by Rebane (rebane2001@infosec.exchange)

i made a new game called js crossword where you have to solve it by literally writing javascript code that eval()'s into the correct values!

check it out if you're into ctfs or wanna challenge your javascript skills

https://lyra.horse/fun/jscrossword/ <3

even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!

all from just visiting a single website once !!

OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS 💀💀

back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member

in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser

today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121

135tb ram bitches

"gotcha"ing an autistic person into eating something with an ingredient they don't like to prove they can't tell is like me spitting in your drink to prove you can't tell that you've just drank my spit

the linkedin fingerprinting you and scanning your extensions thing is a pretty good example of just how much js leaks about your browser
https://browsergate.eu/how-it-works/

in linux you can use the evil bird emoticon (:>) to destroy files, eg `:> important_document.txt`

the bird will eat the file and leave it completely empty!

Discord is now cracking down on tools such as DiscordChatExporter that can be used to export your Discord chats.

Some users are reporting getting logged out with a community guidelines violation as soon as they run an export with their token.

While this has never been ToS compliant, it has not been enforced in the past like this. I'm guessing the reason for the change is motivated either by AI scrapers, or lots of people leaving Discord and exporting their old chats.

https://github.com/Tyrrrz/DiscordChatExporter/issues/1497

did you know that SSH has a little-known secret menu?

i wrote a post about this on cohost a while back, but since that site shut down i'm posting it here too

i just got a notification for my own project?

i built an entire x86 CPU emulator in CSS (no javascript)

you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS

https://lyra.horse/x86css/

self-hosting my S3 bucket the right way

the joke of "cool feature, can't wait to be able to use it in 5 years" is now baseline widely available

Xikipedia, the Wikipedia doomscrolling "app", is now available as an actual app (PWA)!

Also:
- fully available offline
- algorithm saving/persistence (optional)
- multiple profiles
- light theme (optional)
- full english wikipedia links (optional)
- statistics screen

have fun!!

https://xikipedia.org/?2

@SuperDicq please give me a free software recommendation that can open up my after effects project from 5 years ago

did you know? if you're a paying adobe user, you can message the support and ask for offline installers for the software you pay for

why would you do that? if they ever were to discontinue one of their products (*cough* animate), you could still install and activate it

and while i do not publicly endorse piracy (for obvious reasons), i do want to note that installations made with these offline installers have way safer methods of patching them than downloading a pirated copy that's potentially malicious

all i'm saying is, those installers are kind of annoying to get these days. if you pay for the software, ask for the installers and make backups of them.

oh and last - you can ask for older versions too! even older than what the CC app shows you

i made a version of wikipedia you can doomscroll
https://xikipedia.org/

Men eating female

sort of a spiritual successor to foldy bird, i wanted to make a game people without a folding phone could play too :p

i was inspired by defend your castle and bowmaster prelude (although my game is very basic)

source code: right-click -> view source
https://lyra.horse/fun/charchery/