I’m contemplating the idea of switching my activity pub instance from Gootosocial to a Pleroma one. While GTS is kinda cute (lightweight and easy to manage) of a software, the inability to fetch/scroll through people’s past toots when visiting a profile or having access to a federated timeline and a proper search functionality …etc felt like handicap for the past N months.

@movq@www.uninformativ.de Lots of things stop me 🤣 crappy wifi, no international roaming, no remote access (by design) just to name a few 😆

@prologic@twtxt.net yeah, I’ve had even requested access to it in order to give it a try and report whatever I can but, Sorry I never got to do any of it. 2025 slam dunked a massive pile of 💩 over my life (hence the disappearance, trying to avoid talking about any of it) and I’m just starting to recover (or at least trying to).

@prologic@twtxt.net I’ll create one manually and send you the creds so you can change them as soon as you log in (my instance isn’t set up to send emails). Not sure how you could get access to logs, not even my admin account has that on the admin panel. I just snoop trough the /var/log/* when needed.

@aelaraji@aelaraji.com Ahh that would be awesome!!! I’d also somehow need read access to logs so i can figure shit out on my own 🧐

The last few days I’ve been converting some charts to grayscale and adding letters to them in order to improve accessibility. Inskscape’s “Replace Colour” extension made things much easier.

I wonder if I could one day try my hand at making an improved variation of that extension that could save and reload a dictionary of replacements to help apply them to multiple files…
Another idea would be to allow replacement color fills with patterns and vice versa!

Let me save this on vault of ideas for the future :)

#a11y #Inkscape #FLOSS

@bender@twtxt.net Hmm, didn’t find anything. But you mean a giant bucketload of access_log /home/$USER/logs/access.log if=… where the condition matches the requested path for said user? Yeah, that gets annoying very quickly. :-D

@bender@twtxt.net Sounds about right.

I had a brainfart yesterday, though. For whatever reason I thought of subdomains, which are modeled with server entries in nginx. So, each could define its own access_log location. However, there are no subdomains in place! Searching around, I didn’t find any solution to give each user their own access log file.

One way would be a cronjob, aeh, systemd timer as I learned the other day, that greps the main access log and writes all user access log files with only the relevant stuff.

I mean, granting everyone read access, maybe?

@movq@www.uninformativ.de Actually, @threatcat@tilde.club popped up in my own access log first. That’s how I discovered the feed. :-) So I figured that this feed author actually sees my reply. The hope is that with the next mention of my feed in threatcat’s feed, the other tilde users, who are following threatcat, are then also informed of my existence. :-)

I don’t know how tilde.club is set up. But it should be relatively easy to give all users access to their nginx access logs. Not sure if somebody already requested that or not. But I’d encourage tilde users to ask for that. Maybe also just for twtxt.txt and/or in a custom, reduced log format.

@lyse@lyse.isobeef.org There’s a couple of new users on https://tilde.club, but since this is a shared host, I doubt that they have access to their access.log files. Hence they’ll never see followers, unless we notify them out of band. 🫤

Account Takeover via IDOR: From UserID to Full Access ⌘ Read more

@movq@www.uninformativ.de Gemini liked your opinion very much. Here is how it countered:

The criticism of AI as untrustworthy is a problem of misapplication, not capability.

• AI as a Force Multiplier: AI should be treated as a high-speed drafting and brainstorming tool, not an authority. For experts, it offers an immense speed gain, shifting the work from slow manual creation to fast critical editing and verification.
  
• The Rise of AI Literacy: Users must develop a new skill—AI literacy—to critically evaluate and verify AI’s probabilistic output. This skill, along with improving citation features in AI tools, mitigates the “gaslighting” effect.
  

The fear of skill loss is based on a misunderstanding of how technology changes the nature of work; it’s skill evolution, not erosion.

• Shifting Focus to High-Level Skills: Just as the calculator shifted focus from manual math to complex problem-solving, AI shifts the focus from writing boilerplate code to architectural design and prompt engineering. It handles repetitive tasks, freeing humans for creative and complex challenges.
  
• Accessibility and Empowerment: AI serves as a powerful democratizing tool, offering personalized tutoring and automation to people who lack deep expertise. While dependency is a risk, this accessibility empowers a wider segment of the population previously limited by skill barriers.
  

The legal and technical flaws are issues of governance and ethical practice, not reasons to reject the core technology.

• Need for Better Bot Governance: Destructive scraping is a failure of ethical web behavior and can be solved with better bot identification, rate limits, and protocols (like enhanced robots.txt). The solution is to demand digital citizenship from AI companies, not to stop AI development.

Design trends I think will take off in 2026
but tierlist

S - move from flat design to more detailed, 3D, more complex logos.

A - glass, not just liquid, Windows Vista, 7, 11,… accessibility concerns, but I like to see it.

B-/C+ - black and white icons, favicons. I did it before it was cool, but it’s getting overused.

E - gradientslop, barely started, already all blends together.

Trump ends Canada access at shared border library ⌘ Read more

Salesforce defends security practices after Qantas hack
Hackers used AI-powered voice phishing to trick employees into granting database access. ⌘ Read more

How I was able to discover Broken Access Control ⌘ Read more

Sniffer dogs tested in real-world scenarios reveal need for wider access to explosives
Dogs aren’t just our best friends, they’re also key allies in the fight against terrorism. Thousands of teams of explosive detection dogs and their handlers work 24/7 at airports, transit systems, cargo facilities, and public events around the globe to keep us safe. But canine detection is an art as well as a science: success depends not only on the skill of both dog and human, but also on their bond, and may vary … ⌘ Read more

Poorer health linked to more votes for Reform UK, 2024 voting patterns suggest
Poorer health is linked to a higher proportion of votes for the populist right wing political party, Reform UK, indicates an analysis of the 2024 general election voting patterns in England, published online in the open access journal BMJ Open Respiratory Research. ⌘ Read more

Bypass 403 Response Code by Adding Creative String | IRSYADSEC

Image

HTTP 403 is a response code indicating that access to the requested resource is forbidden. This can happen due to various reasons, such as…

[Continue reading on Inf … ⌘ Read more

Docker Model Runner on the new NVIDIA DGX Spark: a new paradigm for developing AI locally
We’re thrilled to bring NVIDIA DGX™ Spark support to Docker Model Runner. The new NVIDIA DGX Spark delivers incredible performance, and Docker Model Runner makes it accessible. With Model Runner, you can easily run and iterate on larger models right on your local machine, using the same intuitive Docker experience you already trust. In this… ⌘ Read more

** The Access Control Apocalypse: How Broken Permissions Gave Me Keys to Every Digital Door**

Image

Hey there😁

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th … ⌘ Read more

The European Accessibility Act will make the Web Better for Everyone
Comments ⌘ Read more

Rubygems.org AWS Root Access Event – September 2025
Comments ⌘ Read more

Memory access is O(N^[1/3])
Comments ⌘ Read more

Unlocking Local AI on Any GPU: Docker Model Runner Now with Vulkan Support
Running large language models (LLMs) on your local machine is one of the most exciting frontiers in AI development. At Docker, our goal is to make this process as simple and accessible as possible. That’s why we built Docker Model Runner, a tool to help you download and run LLMs with a single command. Until… ⌘ Read more

Stealing Part of a Production Language Model (2024)
We introduce the first model-stealing attack that extracts precise, nontrivial information from black-box production language models like OpenAI’s ChatGPT or Google’s PaLM-2. Specifically, our attack recovers the embedding projection layer (up to symmetries) of a transformer model, given typical API access. For under $20 USD, our attack extracts the entire projection matrix of OpenAI’s ada and babbage language models. We thereby confirm, for the first time, that these black-box … ⌘ Read more

iOS 26: See Your Full Call History With Any iPhone Contact
Buried within iOS 26 is a hidden history that lets you see every call you’ve ever exchanged with a specific contact, potentially going back years. You might not know it, but you can access this detailed call history on your iPhone in seconds.

Image

Viewing the new extended history screen can come in handy when you need to recall when you last spoke with someone. … ⌘ Read more

How GitHub Copilot enabled accessibility governance process improvements in record time
See how we turned weekly accessibility grade signals into an automated, accountable remediation workflow—powered by GitHub Copilot and cross‑functional collaboration.

The post [How GitHub Copilot enabled accessibility governance process improvements in record time](https://github.blog/ai-and-ml/github-copilot/how-we-automated-accessibility-compliance-in-five-h … ⌘ Read more

Qualcomm to Acquire Arduino
Comments ⌘ Read more

One iPhone led police to gang suspected of sending up to 40,000 stolen UK phones to China
BBC News is given access to what the Met Police says is the UK’s largest operation against mobile phone thefts. ⌘ Read more

My open letter, to the European Commission digital markets act team:

Hello,

I am joining other developers, concerned about Googles new plan, to approve every app and effectively destroy most of the competing 3rd party stores this way. The biggest one of these alternative stores, most known for their focus on user and developer privacy, already states, this would make it impossible for them to operate: https://f-droid.org/cs/2025/09/29/google-developer-registration-decree.html
Even communities like the XDA forum, where new developers are often introduced to the world of Android development, would likely be strongly impacted, as making, publishing and installing Android apps is made less accessible.

I am not just writing on their behalf, I run a small website myself (https://thecanine.ueuo.com/), that both provides legal modifications, for some android apps - for example adding an amoled dark theme, to the most popular XMPP chat client for Android, or increasing one of Androids keyboard apps height. This all comes after Googles previous changes to the Android operating system, that prevent users from installing old apps (old to Google, can mean only a couple of months, without an update - https://developer.android.com/google/play/requirements/target-sdk and the target version gets increased every year). I rely on apps developed by a single developer, even for things like making the pixel art presented on my website and sideloading as a way to make these apps work, before developers can catch up to Google’s new requirements - if Google is allowed to slowly kill these options, us digital artists will soon lose the tools we need to create digital art.

Unlimited access to Docker Hardened Images: Because security should be affordable, always
Every organization we speak with shares the same goal: to deliver software that is secure and free of CVEs. Near-zero CVEs is the ideal state. But achieving that ideal is harder than it sounds, because paradoxes exist at every step. Developers patch quickly, yet new CVEs appear faster than fixes can ship. Organizations standardize on… ⌘ Read more

One iPhone led police to gang suspected of sending up to 40,000 stolen UK phones to China
BBC News is given access to what the Met Police says is the UK’s largest operation against mobile phone thefts. ⌘ Read more

Australian acitivists allege physical, verbal abuse by Israeli authorities
The Israeli government is facing accusations of mistreatment, including allegations that some activists were denied access to their lawyers. ⌘ Read more

wafer.space Launches GF180MCU Run 1 for Custom Silicon Fabrication
wafer.space has launched its first pooled silicon fabrication run on Crowd Supply, known as GF180MCU Run 1. The campaign offers designers the opportunity to fabricate 1,000 chips of their own design using GlobalFoundries’ 180 nm mixed-signal process. The initiative is aimed at providing accessible, structured access to custom silicon, with dies expected to ship in […] ⌘ Read more

Watch on iPlayer: Access All Areas - When Country Comes to Town
Go behind the scenes as country music takes over the Royal Albert Hall. ⌘ Read more

Fine-Tuning Local Models with Docker Offload and Unsloth
I’ve been experimenting with local models for a while now, and the progress in making them accessible has been exciting. Initial experiences are often fantastic, many models, like Gemma 3 270M, are lightweight enough to run on common hardware. This potential for broad deployment is a major draw. However, as I’ve tried to build meaningful,… ⌘ Read more

Docker MCP Toolkit: MCP Servers That Just Work
Today, we want to highlight Docker MCP Toolkit, a free feature in Docker Desktop that gives you access to more than 200 MCP servers. It’s the easiest and most secure way to run MCP servers locally for your AI agents and workflows. The MCP toolkit allows you to isolate MCP servers in containers, securely configure… ⌘ Read more

Tiny RISC-V Development Board with WCH CH32V317WCU6 Available from $6.80
The nanoCH32V317 is a compact development board created by MuseLab to simplify prototyping and embedded system development. It integrates USB connectivity, Ethernet support, and a straightforward programming interface through USB Type-C, providing an accessible platform for engineers and hobbyists working with RISC-V microcontrollers. The board is powered by the WCH CH32V317WCU6, a RISC-V microcontro … ⌘ Read more

DietPi September 2025 Update Brings Faster Backups and Roon Server Early Access
The September 20th release of DietPi v9.17 introduces smaller and more efficient system images, faster backups with reduced disk usage, and a new toggle for Roon Server’s early access builds. The update also addresses SPI bootloader flashing issues on Rockchip devices, improves Raspberry Pi sound card handling, and includes multiple bug fixes across tools and […] ⌘ Read more

Pretty happy with my zs-blog-template starter kit for creating and maintaining your own blog using zs 👌 Demo of what the starter kit looks like here – Basic features include:

• Clean layout & typography
  
• Chroma code highlighting (aligned to your site palette)
  
• Accessible copy-code button
  
• “On this page” collapsible TOC
  
• RSS, sitemap, robots
  
• Archives, tags, tag cloud
  
• Draft support (hidden from lists/feeds)
  
• Open Graph (OG) & Twitter card meta (default image + per-post overrides)
  
• Ready-to-use 404 page
  

As well as custom routes (redirects, rewrites, etc) to support canonical URLs or redirecting old URLs as well as new zs external command capability itself that now lets you do things like:

$ zs newpost

to help kick-start the creation of a new post with all the right “stuff”™ ready to go and then pop open your $EEDITOR 🤞

#awesome #zs

«Welcome to the #AutomatingGIS processes course! Through interactive lessons and hands-on exercises, this course introduces you to #GeographicDataAnalysis using the #Python programming language. If you are new to Python, we recommend you first start with the Geo-Python course (geo-python.readthedocs.io) before diving into using it for GIS analyses in this course.

Geo-Python and Automating GIS Processes (‘#AutoGIS’) have been developed by the Department of Geosciences and Geography at the University of Helsinki, Finland. The course has been planned and organized by the #DigitalGeographyLab. The teaching materials are openly accessible for anyone interested in learning.»

https://autogis-site.readthedocs.io/en/latest/

#GIS #geoPython #geopandas #shapely #osmnx #networkx

«Welcome to the #AutomatingGIS processes course! Through interactive lessons and hands-on exercises, this course introduces you to #GeographicDataAnalysis using the #Python programming language. If you are new to Python, we recommend you first start with the Geo-Python course (geo-python.readthedocs.io) before diving into using it for GIS analyses in this course.

Geo-Python and Automating GIS Processes (‘#AutoGIS’) have been developed by the Department of Geosciences and Geography at the University of Helsinki, Finland. The course has been planned and organized by the #DigitalGeographyLab. The teaching materials are openly accessible for anyone interested in learning.»

https://autogis-site.readthedocs.io/en/latest/

(via Paul Walter no linkedin)

#GIS #geoPython #geopandas #shapely #osmnx #networkx

Hello everyone! 👋

After a long while away, I’m back on twtxt with this new feed.

Some of you might remember me as justamoment@twtxt.net, that was a test account I made for trying things out, but I ended up keeping it more than planned.

I also tried other social platforms in search of a place that felt right for me.

In the end twtxt was the one that ticked all of my boxes:

• Slow social: it act more like a feed reader and I really appreciate that there’s no flood of content that I can’t keep up with.
  
• No server needed: I absolutely love to have total control over my content, I tend to avoid having moving parts that might break, plus you can put your feed under version control and it’s all backed up.
  
• Ownership: I can put my feed anywhere I want and nobody can decide if I can access it or not.
  
• For hackers: a single .txt file allows me to join a community, how cool is that!
  

This is why I decided to build my own twtxt client, one that allows you to decide how the feed is presented on your “instance”.

It’s still in the making but I’ll try to share a bit of it once I defined how things should work.

Coincidentally, I discovered that @itsericwoodward@itsericwoodward.com and @zvava@twtxt.net were also building a twtxt client, seems like twtxt is set to grow!

This probably means that I can no longer host my own website. I don’t want to deploy something like Anubis, because that ruins the whole thing: I want it to be accessible from ancient browsers, like OS/2 or Windows 3.11.

I’ll keep an eye on it for a while. Maybe try to block some IPs.

Sooner or later, I’ll take the website down and shift everything to Gopher.

The bots have begun to access my website way more often. I’m getting about 120k hits on https://www.uninformativ.de/git/ now in a couple of hours.

They don’t cache anything, probably on purpose.

It comes in waves. I get about 100 hits (all at once) on that /git endpoint, all from different IPs. Then it takes a moment until I get another wave of about 500-1000 requests (all at once) where they do HEAD requests on some of the paths below /git. I assume they did a GET earlier and are now checking if something has changed.

We use all the Microsoft programs at work - Teams and Outlook especially.

After all kinds of technical problems with Teams, that sometimes go unresolved for over a year, Microsoft shifted their priorities away from fixing things and towards adding an annoying AI Copilot button, that just takes up space and all it does, is loads the website in Teams, so I disabled it. Soon they just add it back, but in a different row of icons, therefore it’s now a different button, you have to disable (I think they added yet another one, to the Teams, on my work phone and I had to disabled that too). Not too long after, the desktop one just enabled itself, because of “an error” and I can disable it, but doing so activates a popup, that begs you to turn it back on, every once in a while. You can’t disable the popup and can only click “Yes” or “Not now” on it. I still keep it disabled, out of principle, but yesterday I noticed yet another Copilot button, this time in the top right corner of my Outlook and this one cannot be disabled, on the business version of Outlook and even on the personal one, it’s only possible to do it through hidden privacy settings, by prohibiting the program from connecting to Microsoft servers, for extra “features”.

There’s people complaining about it online, so it’s clear nobody really wants it, but at this point Microsofts position is that you will have at least one useless AI button on your screen, at any given time, and you will be happy. And yes, their AI sucks and if I absolutely have to use AI for something, there’s already 2 better options, we have access to, at work.

I just saw that these motherfuckers also query my twtxt feed. I have to enable access logs for everything again and see who else wants some napalm response. :-(

In 1996, they came up with the X11 “SECURITY” extension:

https://www.reddit.com/r/linux/comments/4w548u/what_is_up_with_the_x11_security_extension/

This is what could have (eventually) solved the security issues that we’re currently seeing with X11. Those issues are cited as one of the reasons for switching to Wayland.

That extension never took off. The person on reddit wonders why – I think it’s simple: Containers and sandboxes weren’t a thing in 1996. It hardly mattered if X11 was “insecure”. If you could run an X11 client, you probably already had access to the machine and could just do all kinds of other nasty things.

Today, sandboxing is a thing. Today, this matters.

I’ve heard so many times that “X11 is beyond fixable, it’s hopeless.” I don’t believe that. I believe that these problems are solveable with X11 and some devs have said “yeah, we could have kept working on it”. It’s that people don’t want to do it:

Why not extend the X server?

Because for the first time we have a realistic chance of not having to do that.

https://wayland.freedesktop.org/faq.html

I’m not in a position to judge the devs. Maybe the X.Org code really is so bad that you want to run away, screaming in horror. I don’t know.

But all this was a choice. I don’t buy the argument that we never would have gotten rid of things like core fonts.

All the toolkits and programs had to be ported to Wayland. A huge, still unfinished effort. If that was an acceptable thing to do, then it would have been acceptable to make an “X12” that keeps all the good things about X11, remains compatible where feasible, eliminates the problems, and requires some clients to be adjusted. (You could have still made “X11X12” like “XWayland” for actual legacy programs.)

Maybe someone can explain this to me.

An #EU citizen trying to access Facebook today faces the following choices (see screenshots).

In there, they say that they are asking this again to comply with #EU rules, and yet the question - and the options to choose from - are the same they had in the past.

So, hm, how does this make them comply with something they weren’t complying before? What’s the detail I’m missing?

#Meta #Facebook #GDPR

Image

Image

Another example:

$ setpriv \
    --landlock-access fs \
    --landlock-rule path-beneath:execute,read-file:/bin/ls-static \
    --landlock-rule path-beneath:read-dir:/tmp \
    /bin/ls-static /tmp/tmp/xorg.atom

The first argument --landlock-access fs says that nothing is allowed.

--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).

--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.

The output of the ls-static program is this line:

─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

It was able to read the directory, see the file, do stat() on it and everything, the little x indicates that getting xattrs also worked.

3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.

Adding --landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:

─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

hey! i asked this a while ago but i have to ask again – is anyone willing to offer space on their yarn pod to my friend? i would love to invite her to my own but she’s unable to access my site for personal reasons. she’s really interested in seeing what yarn is about so if anyone is willing and able, let me know!

Okay, here’s a thing I like about Rust: Returning things as Option and error handling. (Or the more complex Result, but it’s easier to explain with Option.)

fn mydiv(num: f64, denom: f64) -> Option<f64> {
    // (Let’s ignore precision issues for a second.)
    if denom == 0.0 {
        return None;
    } else {
        return Some(num / denom);
    }
}

fn main() {
    // Explicit, verbose version:
    let num: f64 = 123.0;
    let denom: f64 = 456.0;
    let wrapped_res = mydiv(num, denom);
    if wrapped_res.is_some() {
        println!("Unwrapped result: {}", wrapped_res.unwrap());
    }

    // Shorter version using "if let":
    if let Some(res) = mydiv(123.0, 456.0) {
        println!("Here’s a result: {}", res);
    }

    if let Some(res) = mydiv(123.0, 0.0) {
        println!("Huh, we divided by zero? This never happens. {}", res);
    }
}

You can’t divide by zero, so the function returns an “error” in that case. (Option isn’t really used for errors, IIUC, but the basic idea is the same for Result.)

Option is an enum. It can have the value Some or None. In the case of Some, you can attach additional data to the enum. In this case, we are attaching a floating point value.

The caller then has to decide: Is the value None or Some? Did the function succeed or not? If it is Some, the caller can do .unwrap() on this enum to get the inner value (the floating point value). If you do .unwrap() on a None value, the program will panic and die.

The if let version using destructuring is much shorter and, once you got used to it, actually quite nice.

Now the trick is that you must somehow handle these two cases. You must either call something like .unwrap() or do destructuring or something, otherwise you can’t access the attached value at all. As I understand it, it is impossible to just completely ignore error cases. And the compiler enforces it.

(In case of Result, the compiler would warn you if you ignore the return value entirely. So something like doing write() and then ignoring the return value would be caught as well.)

@bender@twtxt.net Yeah, well, it’s a bit like twtxt. There is a Gopher community, but it’s small. I actually don’t like that HTTP is so easily accessible. I don’t like it that much when people post links to my site on HackerNews or something like that. Too much exposure.

Gopher is a small world. It’s slow and cozy.

And much like twtxt, the protocol is simple®, so it’s easier to tinker with it.

Radxa UFS/eMMC Module Reader and Storage Solution Enables Fast Flashing and Scalable Embedded Storage
Radxa’s UFS/eMMC Module Reader is a compact USB 3.0 adapter for flashing OS images, accessing firmware, and transferring large files. It supports both eMMC v5.0 and UFS 2.1 modules with speeds up to 5 Gbps The adapter is compatible with eMMC and UFS modules from Radxa, and also works with modules from platforms like PINE64 and […] ⌘ Read more

Restrictions frustrate residents reliant on flood-wrecked road
Residents in a small north Queensland community say they are struggling with a system that only allows access to their main road in daylight hours. ⌘ Read more

‘Hermit’ with sexual interest in children had eisteddfod times on fridge
A man who had been accessing child exploitation material since before the birth of the internet had a spreadsheet on his fridge detailing children’s events, a court has heard. ⌘ Read more

Woman forced to become a ‘reproductive refugee’ to legally undergo IVF
Four years after freezing her eggs for the future option of motherhood, Jane was shocked to find she could not use them to access IVF in WA — sending her on an expensive and lonely interstate mission. ⌘ Read more

@lyse@lyse.isobeef.org Only 10% of the German population had Internet access in 1998: https://de.wikipedia.org/wiki/Internet_in_Deutschland#/media/Datei:Diagramm_Internetnutzer_in_Deutschland.svg I guess I was lucky in that regard.

(If today’s tech wasn’t constantly trying to track and scam you, I might still be an early adopter.)

Unsere Grüne Glasfaser: UGG äußert sich zu Rückzugsgerüchten
Unsere Grüne Glasfaser, das Telefonica und der Allianz gehört, sieht sich nicht in der Krise. Doch es gab Entlassungen. ( Telefónica, Open Access)

Image

[$] Fending off unwanted file descriptors
One of the more obscure features provided by Unix-domain sockets is the
ability to pass a file descriptor from one process to another. This
feature is often used to provide access to a specific file or network
connection to a process running in a relatively unprivileged context. But
what if the recipient doesn’t want a new file descriptor? A feature
added for the 6.16 release makes it possible to refuse that offer. ⌘ Read more

How ‘traveller-friendly’ is your credit or debit card?
When it comes to planning an overseas trip, deciding how you’re going to access your money can seem overwhelming. Experts outline your options. ⌘ Read more

Streams as web resources with access controls
Comments ⌘ Read more

Settings Management for Docker Desktop now generally available in the Admin Console
We’re excited to announce that Settings Management for Docker Desktop is now Generally Available!  Settings Management can be configured in the Admin Console for customers with a Docker Business subscription.  After a successful Early Access period, this powerful administrative solution has been enhanced with new compliance reporting capabilities, completing our vision for … ⌘ Read more

Settings Management for Docker Desktop now generally available in the Admin Console
We’re excited to announce that Settings Management for Docker Desktop is now Generally Available!  Settings Management can be configured in the Admin Console for customers with a Docker Business subscription.  After a successful Early Access period, this powerful administrative solution has been enhanced with new compliance reporting capabilities, completing our vision for … ⌘ Read more

When I chose the MIT license for all of my software, I thought:

“Should I use GPL, which I don’t really understand? Is that worth it? Yeah, there is a theoretical possibility that some company might use my code in their proprietary product … and then what? Should I sue them to enforce the GPL? I’m not going to do that anyway, so I’ll just use the MIT license.”

And now we have those LLM scrapers and now it’s suddenly a reality that these companies (ab)use my code. I can see it in my logs. I didn’t expect that back then.

GPL wouldn’t help, either, of course. (Regardless, I now think that GPL would have been the better choice anyway.)

I’m honestly considering taking my code and website offline. Maybe make it accessible through some obscure protocol like Gopher or Gemini, but no more HTTP.

(Yes, Anubis might help. Temporarily.)

I’m just tired.

CSRF: How I gained unauthorized access to Cart

Image

Read Free

Continue reading on InfoSec Write-ups » ⌘ Read more

Aisla finds ‘freedom’ under water. Now the NDIS is pulling the plug
Research on injured ex-service personnel before and after scuba diving exercise show improvements, but NDIS clients are no longer able to access funding for similar therapies. ⌘ Read more

Settings Management for Docker Desktop now generally available in the Admin Console
We’re excited to announce that Settings Management for Docker Desktop is now Generally Available!  Settings Management can be configured in the Admin Console for customers with a Docker Business subscription.  After a successful Early Access period, this powerful administrative solution has been enhanced with new compliance reporting capabilities, completing our vision for … ⌘ Read more

Would you accept seven weeks without bank access? Why is super different?
Australia’s superannuation pool is worth nearly $4.2 trillion — the funds are undoubtedly extremely adept at taking members’ money. But when it comes helping members to access it, they are falling short. ⌘ Read more

$540 Bounty: How a Misconfigured Warning Endpoint in Apache Airflow Exposed DAG Secrets

Image

CVE-2023–42780: An Improper Access Control Bug That Let Low-Privileged Users View DAG Impo … ⌘ Read more

Banana Pi Previews BPI-R4 Pro Router Board with MediaTek MT7988A and Wi-Fi 7 Support
Banana Pi has revealed early details about the BPI-R4 Pro, an upcoming router board powered by the MediaTek MT7988A (Filogic 880). Designed as a successor to the BPI-R4, it targets high-speed wireless and wired networking for applications such as Wi-Fi 7 access points and multi-gigabit gateways. The BPI-R4 Pro features a quad-core Arm Cortex-A73 CPU […] ⌘ Read more

Types and other techniques as an accessibility tool for the ADHD brain
Comments ⌘ Read more

Memory Analysis Introduction | TryHackMe Write-Up | FarrosFR

Image

Non-members are welcome to access the full story here.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/memory-analysis-introduction-tryhackme-write-up-farrosfr-32e … ⌘ Read more

Access Denied to Hall-of-Fame

Image

Proof that even “Access Denied” can open doors

Continue reading on InfoSec Write-ups » ⌘ Read more

Logic Flaw: Deleting HackerOne Team Reports Without Access Rights

Image

How a GraphQL Mutation Allowed Unauthorized Report Deletion Across Teams

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/logic-flaw … ⌘ Read more

This One Hacker Trick Got Me Access to an Admin Dashboard ️

Image

Sometimes, it’s not about brute force. It’s about finesse. One header. One oversight. One open door.
— A Hacker’s Mindset 🧠

[Continue reading on InfoSec … ⌘ Read more

[$] LWN.net Weekly Edition for May 29, 2025
Inside this week’s LWN.net Weekly Edition:

• Front: Glibc security; How we lost the Internet; Encrypted DNS; 6.15 Development statistics; Filesystem stress-testing; BPF verifier; Network access from BPF; OSPM 2025.

• Briefs: AlmaLinux 10.0; FESCo decision overturned; NixOS 25.05; Pocket, Launchpad retired; Quotes; …

• Announcements: Newsletters, conferences, security updates, … ⌘ Read more

[$] Allowing BPF programs more access to the network
Mahé Tardy led two sessions about some of the challenges that he, Kornilios Kourtis,
and John Fastabend have run into in their work on
Tetragon (Apache-licensed BPF-based security monitoring software)
at the Linux Storage, Filesystem, Memory Management, and BPF Summit. The session
prompted discussion about the feasibility of letting BPF programs
send data over the network, as well as potential new kfuncs to let BPF firewalls
send TCP reset packets. Tardy pre … ⌘ Read more

$500 Bounty: Shopify Referrer Leak: Hijacking Storefront Access with a Single Token

Image

Referrer Header Leaks + Iframe Injection = Storefront Password Bypass

[Continue reading on InfoSec Writ … ⌘ Read more

Hacking Insights: Gaining Access to University of Hyderabad Ganglia Dashboard ⌘ Read more

GitHub MCP Exploited: Accessing private repositories via MCP
Comments ⌘ Read more

GitHub MCP Exploited: Accessing private repositories via MCP
Comments ⌘ Read more

Access Control Syntax
Comments ⌘ Read more

Maybe you’ll enjoy this as well:

I still have one of my first modems, a Creatix LC 144 VF:

Image

I think this was the modem that I used when I first connected to the internet, but I’m not sure.

I plugged it in again and it still works:

Image

Image

The firmware appears to be from 1994, which sounds about right. I don’t think we had internet access before that. We certainly did use local mailboxes, though. (Or BBS’s, as you might call them.)

I now want to actually use that modem again. For the moment, I can only use a phone to dial into it, I lack a second modem to actually establish a connection. Here’s a video:

Image

Not spectacular, but the modem does answer after me entering ATA.

I bought another cheap old modem on eBay and am now waiting for it to arrive. Once it’s here, I want to simulate an actual dial-up session, hopefully from OS/2 or Windows 3.x.

High-Level Group on Access to Data for Effective Law Enforcement
Comments ⌘ Read more

NanoKVM Pro Delivers 4K IP-KVM Capabilities with Dual-System Support and Enhanced Remote Management
The NanoKVM Pro is a compact IP-KVM device designed for remote access, system control, and local display monitoring. Building on the earlier NanoKVM, this version introduces 4K resolution support, improved connectivity, and broader compatibility with open-source platforms. This device enables real-time remote desktop access at up to 4K at 30 fram … ⌘ Read more

Writing Pentest Reports | TryHackMe Write-Up | FarrosFR

Image

Non-members are welcome to access the full story here. Write-Up by FarrosFR | Cybersecurity

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/writing-pentest-reports-tryhackme-wri … ⌘ Read more

I Broke Rate Limits and Accessed 1000+ User Records — Responsibly

Image

👉Free Article Link

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/i-broke-rate-limits-and-accessed-1000-user-records-responsibly-8c45f … ⌘ Read more

How I Gained Root Access on a Vulnerable Web Server: From Reconnaissance to Privilege Escalation

Image

Web Server Exploitation & Privilege Escalation - Full Walkthr … ⌘ Read more

Top Stories: CarPlay Ultra Debuts, iOS 18.5 Released, and More
Apple surprised us this week with the official launch of its more advanced “CarPlay Ultra” feature to provide greatly expanded functionality in cars, while the company also released iOS 18.5 and related operating system updates.

Image

This week also saw Apple’s annual announcement of upcoming accessibility features for its products while we looked ahead to wha … ⌘ Read more

M0SS-101 Synth with BL616 RISC-V Delivers Classic Controls in a Compact DIY Kit
The M0SS-101 is a compact virtual analog monosynth designed for hands-on subtractive synthesis. It features 42 editable parameters accessible through 26 buttons and a rotary encoder, with RGB LEDs providing visual feedback for signal flow and modulation. The synth includes dual oscillators, a multi-mode filter, envelope and LFO control, delay effects, and 17 preset slots […] ⌘ Read more

Flawed Federal Programs Maroon Rural Americans in Telehealth Blackouts
arah Jane Tribble and Holly K. Hacker,    -  Med Page Today | Kaiser Family Foundation

_Stephan: I live on a rural island, and depend on telehealth sessions with doctors, because if telehealth ends, as the Republicans are trying to do, a 15-minute call would become a daylong trip to the mainland.  Sadly, even worse plans to extend internet access have not proceeded under Trump and th … ⌘ Read more

In Memoriam: John L. Young (EFF)
The Electronic Frontier Foundation has posted a somewhat belated memorial\
for John Young, the founder of Cryptome.

John was one of the early, under-recognized heroes of the digital
age. He not only saw the promise of digital technology to help
democratize access to information, he brought that idea into being
and nurtured it for many years. We will miss him and his
unswerving commitment to the public’s r … ⌘ Read more

Touch Bar Not Working After MacOS Update? Troubleshooting Black Touch Bar on MacBook Pro
A fair number of MacBook Pro users with Touch Bar equipped Macs have discovered the Touch Bar stops working or goes black after installing a MacOS update. Given that the Touch Bar serves as Function keys, F1, F2, F3 etc keys, as well as toggles for adjusting brightness, system audio, and accessing many MacOS and … Read More ⌘ Read more

Oniux: kernel-level Tor isolation for Linux applications
The Tor project has announced
the oniux utility which provides Tor network isolation, using Linux
namespaces, for third-party applications.

Namespaces are a powerful feature that gives us the ability to
isolate Tor network access of an arbitrary application. We put each
application in a network namespace that doesn’t provide access … ⌘ Read more

Our pledge to help improve the accessibility of open source software at scale
GitHub takes the Global Accessibility Awareness Day (GAAD) pledge.

The post Our pledge to help improve the accessibility of open source software at scale appeared first on The GitHub Blog. ⌘ Read more

@prologic@twtxt.net that will not be a problem; as long as it doesn’t affect authenticated users it wouldn’t make a difference. But we are comparing apples and eggs here. I don’t access GitHub while unauthenticated, but I can see how others might. It comes across as anti-web in general.

@movq@www.uninformativ.de, “60 requests per hour”, eh? Was that a thing (that is, unauthenticated access to GitHub)?! I know I am on the minority, perhaps, as I rarely (or never) access GitHub unauthenticated.