Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, mysql:8.0, and openssh), Debian (libcommons-lang-java, libcommons-lang3-java, libcpanel-json-xs-perl, libjson-xs-perl, libxml2, open-vm-tools, and u-boot), Fedora (bird, dnsdist, mapserver, ntpd-rs, python-nh3, and rust-ammonia), Oracle (kernel and mysql:8.0), Red Hat (cups, postgresql:12, and postgresql:13), SUSE (cJSON-devel, gimp, kernel-devel, kubecolor, open-vm-tools, openssl-1_1, openssl-3, and ruby3.4-ruby … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (python-internetarchive and tiff), Fedora (nextcloud), Oracle (kernel, openssh, and squid), Red Hat (kernel, kernel-rt, and ncurses), SUSE (afterburn and chromium), and Ubuntu (open-vm-tools, ruby-rack, and tiff). ⌘ Read more
Oi @claromes@claromes, acredito que você manja desses paranauês, dei umas buscas e não encontrei…
Queria saber se as fotos que as pessoas mandam pro Instagram mantém os metadados, se podem conter localização e tal… (desconfio que a Meta guarda a sua localização no momento da postagem e os metadados das fotos para os fins nefastos deles mas publicam uma foto com os metadados removidos, mas não consegui confirmar essa informação)
Se tivesse uma tabela pra eu mostrar pros meus alunos sobre quais serviços fazem o quê com os metadados das fotos ia ser lindo…
** Make awk rawk **
A friend online recently replied to something I wrote about awk by saying:
[…] it’s a danged shame [awk] didn’t continue to evolve the way Ruby, Python, PHP have evolved over the decades.
I had exactly this thought while working on my slightly unhinged“lets see if I can implement a basic scheme using awk by writing an assembler and VM in awk,” skwak. Which eventually lead me to start noodling on how to layer in some modern niceties into awk, without breaking awk’s portability.
… ⌘ Read more
↳
In-reply-to
»
Xfce does one thing very right: It stores its settings in plain-text XML files. This allows me to easily read, track, and maybe even distribute these settings to other machines.
⤋ Read More
@lyse@lyse.isobeef.org @kat@yarn.girlonthemoon.xyz I spent so much time in the past figuring out if something is a dict or a list in YAML, for example.
What are the types in this example?
items:
- part_no: A4786
descrip: Water Bucket (Filled)
price: 1.47
quantity: 4
- part_no: E1628
descrip: High Heeled "Ruby" Slippers
size: 8
price: 133.7
quantity: 1
items is a dict containing … a list of two other dicts? Right?
It is quite hard for me to grasp the structure of YAML docs. 😢
The big advantage of YAML (and JSON and TOML) is that it’s much easier to write code for those formats, than it is with XML. json.loads() and you’re done.
Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, firefox, ghostscript, gstreamer1-plugins-bad-free, libsoup3, mingw-freetype, perl, ruby, sqlite, thunderbird, unbound, valkey, and xz), Debian (chromium, firefox-esr, libavif, linux-6.1, modsecurity-apache, mydumper, systemd, and thunderbird), Fedora (coreutils, dnsdist, docker-buildx, maturin, mingw-python-flask, mingw-python-flit-core, ruff, rust-hashlink, rust-rusqlite, and thunderbird), Red Hat (pcs), SUSE (augeas, … ⌘ Read more
↳
In-reply-to
»
@kat I don’t like Golang much either, but I am not a programmer. This little site, Go by example might explain a thing or two.
⤋ Read More
@prologic@twtxt.net interesting that ruby is so low on the list, i find it the easiest to learn! hell i struggle with python more than ruby and i’ve been told that python is like ruby but better lol. maybe it’s just my weird brain!
↳
In-reply-to
»
i wish it was realistic for me to learn golang but every single time i try to comprehend any go code i'm like What the fuck am i looking at. why is all of this so short and condensed GIVE ME VERBOSE CODE
⤋ Read More
@movq@www.uninformativ.de help yeah i struggle so hard with this stuff! it’s why wordier languages like ruby come easier to me
↳
In-reply-to
»
@kat I don’t like Golang much either, but I am not a programmer. This little site, Go by example might explain a thing or two.
⤋ Read More
One of the nicest things about Go is the language itself, comparing Go to other popular languages in terms of the complexity to learn to be proficient in:
- Go:
25keywords (Stack Overflow); CSP-style concurrency (goroutines & channels)
- Python 2:
30keywords (TutorialsPoint); GIL-bound threads & multiprocessing (Wikipedia)
- Python 3:
35keywords (Initial Commit); GIL-bound threads,asyncio& multiprocessing (Wikipedia, DEV Community)
- Java:
50keywords (Stack Overflow); threads +java.util.concurrent(Wikipedia)
- C++:
82keywords (Stack Overflow);std::thread, atomics & futures (en.cppreference.com)
- JavaScript:
38keywords (Stack Overflow); single-threaded event loop &async/await, Web Workers (Wikipedia)
- Ruby:
42keywords (Stack Overflow); GIL-bound threads (MRI), fibers & processes (Wikipedia)
Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and webkit2gtk3), Fedora (mozilla-ublock-origin and sudo-rs), Oracle (.NET 8.0, compat-openssl10, grafana, osbuild-composer, redis:6, ruby:2.5, and webkit2gtk3), SUSE (dante, firefox-esr, gnuplot, govulncheck-vulndb, grype, postgresql13, postgresql14, postgresql15, postgresql16, postgresql17, python-tornado6, python314, thunderbird, ucode-intel, and xen), and Ubuntu (bind9, libfcgi-perl, linux-ibm-5.4, linux-oracle-5.4 … ⌘ Read more
↳
In-reply-to
»
i recorded and posted another vlog yesterday :] https://memoria.sayitditto.net/view?m=UNwsVI9yp
⤋ Read More
@lyse@lyse.isobeef.org that’s alright haha! i don’t expect anyone to listen/watch in full or with full attention bc it’s so long lmao
the thing with PHP for me is that i… feel like it hits a kind of simplicity that i can understand? it’s so plain but can be very powerful. i quite like that. as much as i can learn something infinitely more powerful, PHP hits a comfortable thing where i can handle things like backend sqlite DBs AND how a page is rendered, without requiring a complex frontend with its own quirks (like ruby on rails, which as much as i know and love it, can be heavy).
but i totally get you! PHP security is very scary. i’m always worried that i’m messing something up. it’s why the PHP application i’m working on i have dockerized by default for a small but extra layer of protection
i’ll try to not get discouraged tysm for your advice
Security updates for Thursday
Security updates have been issued by Debian (open-vm-tools), Fedora (dnsdist), Gentoo (Node.js and Tracker miners), Red Hat (kernel and xdg-utils), SUSE (audiofile, go1.22-openssl, go1.24, grub2, kernel-devel, openssl-1_1, openssl-3, and python311-Django), and Ubuntu (ruby-rack). ⌘ Read more
↳
In-reply-to
»
Nobody want to be a shitty programmer. The question is: Do you do anything not to not be one?
Reading blogs or social media and watching YouTube videos is fun. After them, your code may be a little better, of course. But you need a lot. You need to study! Read good books and study the code of other programmers, for example. Maybe work with a new language, architectures and paradigms. You need break the routine.
⤋ Read More
@andros@twtxt.andros.dev@andros@twtxt.andros.dev i know MVC but i don’t know model view view model what does this mean…. i am learning PHP (and a tiny bit of perl scripting) as a mainly ruby girl so mayhaps i am improving but my focus is SERVERS
Nobody want to be a shitty programmer. The question is: Do you do anything not to not be one?
Reading blogs or social media and watching YouTube videos is fun. After them, your code may be a little better, of course. But you need a lot. You need to study! Read good books and study the code of other programmers, for example. Maybe work with a new language, architectures and paradigms. You need break the routine.
If you know Object-oriented programming, you learn functional programming.
If you know Model-View-Controller, you learn Model-View-ViewModel.
If you don’t know anything about architectures, you learn Clean Architecture, Hexagonal Architecture, etc.
If you know Python, you learn Ruby or Go.
If you know Clojure or Lisp… you don’t need to learn anything else. You are already a good programmer. Just kidding. You can learn Elixir or Scala.
Be a good programmer my friend.
Security updates for Monday
Security updates have been issued by AlmaLinux (thunderbird), Debian (distro-info-data, imagemagick, kernel, libsoup2.4, and poppler), Fedora (chromium, java-1.8.0-openjdk, java-1.8.0-openjdk-portable, java-17-openjdk, java-17-openjdk-portable, java-latest-openjdk, pgadmin4, thunderbird, and xz), Mageia (haproxy and libxml2), Oracle (bluez, firefox, gnutls, libtasn1, libxslt, mod_auth_openidc:2.3, ruby:3.1, thunderbird, and xmlrpc-c), Red Hat (delve and golang, glibc, mod_auth_o … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (bluez, expat, and postgresql:12), Fedora (chromium, golang, LibRaw, moodle, openiked, ruby, and trafficserver), Red Hat (bluez, expat, gnutls, libtasn1, libxslt, mod_auth_openidc, mod_auth_openidc:2.3, ruby:3.1, thunderbird, and xmlrpc-c), and Ubuntu (linux, linux-aws, linux-gcp, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oem-6.11, linux-oracle, linux-raspi, linux-realtime, linux-azure, linux-azure-6.11, linux-gc … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, kernel, libxslt, mod_auth_openidc:2.3, and webkit2gtk3), Fedora (c-ares, giflib, jupyterlab, perl, perl-Devel-Cover, perl-PAR-Packer, prometheus-podman-exporter, python-notebook, python-pydantic-core, rpki-client, ruby, rust-adblock, rust-cookie_store, rust-gitui, rust-gstreamer, rust-icu_collections, rust-icu_locid, rust-icu_locid_transform, rust-icu_locid_transform_data, rust-icu_normalizer, rust-icu_normalizer_data … ⌘ Read more
Security updates for Monday
Security updates have been issued by Debian (abseil, atop, jetty9, ruby-saml, tomcat10, trafficserver, xz-utils, and zfs-linux), Fedora (chromium, condor, containernetworking-plugins, cri-tools1.29, crosswords-puzzle-sets-xword-dl, exim, ghostscript, matrix-synapse, upx, varnish, and yarnpkg), Gentoo (XZ Utils), Mageia (augeas, corosync, nss & firefox, and thunderbird), Oracle (container-tools:ol8, firefox, freetype, and kernel), Red Hat (firefox), SUSE (chromium, gn, firefox-es … ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (firefox), Debian (atop and thunderbird), Fedora (webkitgtk), Mageia (microcode), Oracle (expat), SUSE (apparmor, assimp-devel, aws-efs-utils, expat, firefox, ghostscript, go1.23, gotosocial, govulncheck-vulndb, GraphicsMagick, headscale, libmozjs-128-0, libsaml-devel, openvpn, perl-Data-Entropy, and xz), and Ubuntu (gnupg2, kernel, linux-azure-fips, linux-iot, openvpn, ruby-saml, and xz-utils). ⌘ Read more
Security updates for Wednesday
Security updates have been issued by Debian (nginx and ruby-rack), Fedora (expat and libxslt), Mageia (bluez, dcmtk, ffmpeg, and radare2), Red Hat (container-tools:rhel8, gvisor-tap-vsock, kernel, kernel-rt, libreoffice, and podman), SUSE (buildah, forgejo, gitleaks, google-guest-agent, google-osconfig-agent, govulncheck-vulndb, grafana, helm, libxslt, php8, python-gunicorn, and python-Jinja2), and Ubuntu (freerdp2 and varnish). ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (ruby-rack), Fedora (chromium, golang-github-openprinting-ipp-usb, OpenIPMI, and python-jinja2), Mageia (kernel, kernel-linus, and wpa_supplicant, hostapd), Red Hat (fence-agents, kernel, kernel-rt, libxml2, libxslt, and pcs), SUSE (cadvisor, docker, freetype2, nodejs-electron, php8, rsync, u-boot, warewulf4, webkit2gtk3, and zvbi), and Ubuntu (elfutils, python3.5, python3.8, ruby-rack, smartdns, and zvbi). ⌘ Read more
↳
In-reply-to
»
there should be a yarn posting TUI. tbh
⤋ Read More
@kat@yarn.girlonthemoon.xyz i could build that myself but also i can’t because i don’t know code!!!!!!!!! her ass only knows ruby on rails!!!!!!!!!
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered.
The post [Sign in as anyone: Bypassing SAML SSO authentication with parser differentials](https://github.blog/security/sign-in-as-anyone- … ⌘ Read more
[WTS] [$200] Monero Ruby /25 Currency TCG by Cardsmiths
Link: https://farside.link/libreddit/r/Monero/comments/1immtkv/
u/SerMac (Reddit) ⌘ Read more
↳
In-reply-to
»
My take on the discussion to introduce an
⤋ Read More
? operator in Go 👈 No. For so many reasons.
@lyse@lyse.isobeef.org one time i saw that operator when working with ruby on rails and i was so confused by it that i got stuck on the same code involving it for 9 hours straight
Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects.
The post [Execute c … ⌘ Read more
Closing vulnerabilities in Decidim, a Ruby-based citizen participation platform
This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023. ⌘ Read more
↳
In-reply-to
»
@prologic is gonna be so mad at me for this but
⤋ Read More
@shreyan@twtxt.net my condolences for the pain you no doubt will inflict upon others that will have to maintain whatever you write in Ruby.
@prologic@twtxt.net is gonna be so mad at me for this but
Ruby is my favorite language
Building GitHub with Ruby and Rails
Since the beginning, GitHub.com has been a Ruby on Rails monolith. Today, the application is nearly two million lines of code and more than 1,000 engineers collaborate on it daily. We deploy as often as 20 times a day, and nearly every week one of those deploys is a Rails upgrade. Upgrading Rails weekly Every […] ⌘ Read more
Basecamp Details ‘Obscene’ $3.2 Million Bill That Prompted It To Quit the Cloud
An anonymous reader shares a report: David Heinemeier Hansson, CTO of 37Signals – which operates project management platform Basecamp and other products – has detailed the colossal cloud bills that saw the outfit quit the cloud in October 2022. The CTO and creator of Ruby On Rails did all the sums and came up with an e … ⌘ Read more
↳
In-reply-to
»
I've started playing with Go today, just understood the basics and still a bit confused about the module and goroutine parts.
⤋ Read More
ahh this is useful https://go.dev/doc/modules/managing-dependencies. the go culture doesn’t typically have large dependency graphs like Ruby or JS.
Introducing Trilogy: a new database adapter for Ruby on Rails
We’ve open sourced Trilogy, the database adapter we use to connect Ruby on Rails to MySQL-compatible database servers. ⌘ Read more
Writing and Running a BBS on a Macintosh Plus
In 2015, I wrote a custom BBS server in Ruby and had been using it to run the Kludge BBS on a small OpenBSD server in my home office since then. ⌘ Read more
Debugging an ioctl Problem on OpenBSD
I was trying to use a V4L2 Ruby module for a project on my OpenBSD laptop but ran into a problem where sending the V4L2 ioctls from this module would fail, while other V4L2 programs on OpenBSD worked fine. ⌘ Read more
Code scanning and Ruby: turning source code into a queryable database
A deep dive into how GitHub adds support for new languages to CodeQL. ⌘ Read more
他来了,他来了,GopherChina 2022 带着邀请走来了
一年一度的 GopherChina 大会 is coming~
GopherChina 2022 今年举办地依旧选在了我们的首都北京,大会现场还是那个熟悉的地方
,作为 Gopher China 即将举办的第八届大会,我们希望以更有趣好玩的形式呈现给大家,当然内容依然是大会的重重中之重,所以快把你所心仪的选题分享给我们吧,我们已经做好了一个准备住的大动作了 ~时间:北京市海淀区丰智东路 13 号 (朗丽兹西山花园酒店)
地点:2022.06.11 - 2022.06.12
选址虽然还是那个老地方,但是近几年,Go … ⌘ Read more
「央视新闻」求真正有实力的导师带回血《手机搜狐网》
求真正有实力的导师带回血
央视新闻《一分大发邀请码多少》手机搜狐网
一分大发邀请码多少
一个好的� … ⌘ Read more
央视新闻《快三三期必中口诀》手机搜狐网
快三三期必中口诀
一个好的平台� … ⌘ Read more
央视新闻《快三实力导师带赚回本》手机搜狐网
快三实力导师带赚回本
一个� … ⌘ Read more
央视新闻《一分快三导师计划》手机搜狐网
一分快三导师计划
(央视网评论员)来源:央视� … ⌘ Read more
央视新闻《加导师一对一带赚》手机搜狐网
加导师一对一带赚
(央视网评论员)来源:央视� … ⌘ Read more
央视新闻《一分快 3 玩法必中技巧》手机搜狐网
一分快 3 玩法必中技巧
(央视网评论员)来� … ⌘ Read more
央视新闻《一分快 3 单双大小必中方法》手机搜狐网
一分快 3 单双大小必中方法
(央视网评� … ⌘ Read more
央视新闻《大发邀请码是多少》手机搜狐网
大发邀请码是多少
(央视网评论员)来源:央视� … ⌘ Read more
央视新闻《加导师 QQ 一天赚 500》手机搜狐网
加导师 QQ 一天赚 500
(央视网评论员)来源:央 … ⌘ Read more
央视新闻《金牌团队导师计划赚钱》手机搜狐网
金牌团队导师计划赚钱
(央视网评论员)来� … ⌘ Read more
曹大实战营二期大家收获到吗?
曹大实战营二期,已接近尾声了,各位感觉收获到吗?
我个人初学者听下来,收获不大,可能属于高级工程师课程吧;
有些后悔购买课程,还不便宜呢;不过成年人只能为自己的选择负责了。。。。
「央视新闻」在线一对一单带回血成功上岸「央视网」
在线一对一单带回血成功上岸
「新闻联播」大发内部最高赔率邀请码「手机搜狐网」
大发内部最高赔率邀请码
最好妙招《有没有真正带你回血的《手机搜狐网
有没有真正带你回血的 (叶凡)
「新闻联播」微信导师一对一带你回血上岸「手机搜狐网」
微信导师一对一带你回血上岸
「重大爆料」玩大发 888 输的几十万「央视网」
玩大发 888 输的几十万
『新闻联播』大发最新 app「手机搜狐网」
央视新闻《大发平台注册最高邀请码是多少《手机搜狐网
大发平台注册最高邀请码是多少 (叶凡)
「新闻联播」真正能够带人回血的导师「手机搜狐网」
真正能够带人回血的导师
最好妙招《大发最高邀请码怎么注册《手机搜狐网
大发最高邀请码怎么注册 (叶凡)
『新闻联播』加导师微信一对一赚钱《手机搜狐网》
加导师微信一对一赚钱
「人民日报」实力带人回血导师「手机环球网
实力带人回血导师
『央视新闻』大发平台官网移动彩票「手机搜狐网」
「新闻联播」大发代理直属最高邀请码「手机搜狐网」
大发代理直属最高邀请码
「新闻联播」大发专业带人回血最精准导师「手机搜狐网」
大发专业带人回血最精准导师
『新闻联播』大发注册代理邀请码《手机搜狐网》
大发注册代理邀请码
『新闻联播』大发棋牌最靠谱的邀请码《手机搜狐网》
大发棋牌最靠谱的邀请码
「新闻联播」大发注册的邀请码「手机搜狐网」
大发注册的邀请码
『央视新闻』正规的大小单双平台「手机搜狐网」
「重要通知」回血上岸计划导师「手机腾讯网」
回血上岸计划导师
「新闻联播」大小单双最简单的回血导师「手机搜狐网」
大小单双最简单的回血导师
『新闻联播』大发云官方彩票平台《手机搜狐网》
大发云官方彩票平台
「新闻联播」大发最有实力带人回血的金牌导师「手机搜狐网」
大发最有实力带人回血的金牌导师
「今日财经」终于找到单带回血上岸「央视网」
终于找到单带回血上岸
『新闻联播』分享大发官方最高邀请码《手机搜狐网》
分享大发官方最高邀请码
「新闻联播」玩大发哪个平台靠谱「手机搜狐网」
玩大发哪个平台靠谱
『央视新闻』彩神全新邀请码是什么『手机搜狐网』
彩神全新邀请码是什么信 - 誉
我也算是老采民一个了,研究这玩意儿 5 年多,自�� … ⌘ Read more
「新闻联播」大发导师带回血精准技巧「手机搜狐网」
大发导师带回血精准技巧
『新闻联播』彩神官网最高注册邀请码《手机搜狐网》
彩神官网最高注册邀请码
「2021 攻略」大发最强的回血导师「央视网」
大发最强的回血导师
「新闻联播」快三平台「手机搜狐网」
快三平台
『新闻联播』带人回血很厉害的是谁蔻《手机搜狐网》
带人回血很厉害的是谁蔻
「探讨发现」回血上岸的个人经历「手机腾讯网」
回血上岸的个人经历
「新闻联播」大发导师专业经验计划回血「手机搜狐网」
大发导师专业经验计划回血
『新闻联播』彩票代理下级开户返点「手机搜狐网」
「新闻联播」2000 本金如何一天赢 5000「手机搜狐网」
2000 本金如何一天赢 5000
『央视新闻』彩神 I 邀请码网址「手机搜狐网」
「新闻联播」大发最佳的回血导师是谁「手机搜狐网」
大发最佳的回血导师是谁
『新闻联播』导师单带回血《手机搜狐网》
导师单带回血
「2021 攻略」最稳回血计划老师「央视网」
最稳回血计划老师
「新闻联播」真正能带回血上岸的导师「手机搜狐网」
真正能带回血上岸的导师
「新闻联播」大发人工精准全天计划「手机搜狐网」
大发人工精准全天计划
「重要通知」带人回血很厉害的是谁「手机搜狐网」
带人回血很厉害的是谁
『新闻联播』大发台子总代理邀请码《手机搜狐网》
大发台子总代理邀请码
「新闻联播」最新教学回血上岸导师 QQ「手机搜狐网」
最新教学回血上岸导师 QQ
『新闻联播』高倍彩票代理﹝双城之战﹞
「2021 攻略」大发最佳的回血导师是谁「手机腾讯网」
大发最佳的回血导师是谁
「新闻联播」网上有没有靠谱的回血老师单带「手机搜狐网」
网上有没有靠谱的回血老师单带
『央视新闻』一分快三官方邀请码﹝双城之战﹞
「新闻联播」大发代理邀请码「手机搜狐网」
大发代理邀请码
『新闻联播』微信导师一带一赚钱《手机搜狐网》
微信导师一带一赚钱
「新闻联播」一分快 3 玩法必中「手机搜狐网」
一分快 3 玩法必中