Forwarded from 🐱 Ch. | 挪瓦咖啡配苕皮套餐 TV (webRTCCat | Present Day, Present Time)
百度笑传之虫虫bug
省流:百度云本地监听10000端口提供网页拉起客户端服务,OpenSafeBox接口直接把传入内容作为参数传给netdisk.exe,直接参数注入拿到远程任意代码执行
sounds familiar(百度android sdk 15年worm hole)
scenes like this are happening all over the galaxy right now(WPS命令注入)
省流:百度云本地监听10000端口提供网页拉起客户端服务,OpenSafeBox接口直接把传入内容作为参数传给netdisk.exe,直接参数注入拿到远程任意代码执行
sounds familiar(百度android sdk 15年worm hole)
scenes like this are happening all over the galaxy right now(WPS命令注入)
Welivesecurity
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
ESET research uncovers a vulnerability in WPS Office for Windows (CVE-2024-7262), as it was being exploited by South Korea-aligned cyberespionage group APT-C-60 to target East Asian countries. Analysis of the vendor’s silently released patch led to the discovery…
👏3
Forwarded from &'a ::rynco::UntitledChannel (Rynco Maekawa)
Jujutsu 是一个基于 rebase 设计的代码版本管理系统,支持和 git 在同一仓库混合使用,且对其他 git 协作者透明。
https://jj-vcs.github.io/jj/latest/
如果你:
- 仓库里没有大文件
- 使用 git rebase workflow
- 感觉每次都要 git rebase -i、git push -f、拆 commit 以及解决冲突很烦
那么你可能会喜欢它的一些设计。(试用了一段时间的人如是说)
https://jj-vcs.github.io/jj/latest/
如果你:
- 仓库里没有大文件
- 使用 git rebase workflow
- 感觉每次都要 git rebase -i、git push -f、拆 commit 以及解决冲突很烦
那么你可能会喜欢它的一些设计。(试用了一段时间的人如是说)
🤔2
Forwarded from Milkice's 我是高仿号我根本不懂中文
FixupX
羅小黑CAT (@lxhcat)
寒露~
TimeAxis
让 AI 给我写集成测试,然后它用了个这玩意 我:居然还有这种东西存在? https://testcontainers.com/getting-started/
虽然但是,这玩意也太好用了🫡
* GZCTF 一直卡在核心数据代码需要 postgres 才能正常运行,先前只有 In Memory DB,不支持事务,所以测试框架一直卡着没做成
* GZCTF 一直卡在核心数据代码需要 postgres 才能正常运行,先前只有 In Memory DB,不支持事务,所以测试框架一直卡着没做成
👍3
Forwarded from &'a ::rynco::UntitledChannel (Rynco Maekawa)
GitHub
Experiment proposal: `Move` trait · Issue #354 · rust-lang/lang-team
Experiment: Move auto-trait We’d like to propose an experiment for a new trait auto-trait Move that determines whether a type can be freely moved around or must keep a stable memory location. This ...
🤯2🔥1
Forwarded from 搞机日记
Telegram 居然准备在Android实现液态玻璃,而且效果很接近iOS 26.1 beta4 那个版本……https://fxtwitter.com/SSOUIC/status/1982683171666936034
FxTwitter
SOUIC ᯅ (@SSOUIC)
Telegram Beta for Android now has LIQUID GLASS 🔥
Supported on Android 13+
Try it here http://t.me/TAndroidBeta
Supported on Android 13+
Try it here http://t.me/TAndroidBeta
🤯3❤2🤮1
🎉 GZCTF v1.7.0 is now available!
This milestone release brings two highly-requested features:
🏆 Enhanced Division System
- Fine-grained permission control per division
- Fully independent scoring and ranking systems
- Different challenge sets and rules for each division
- Perfect for multi-region or multi-tier competitions
⏰ Challenge Deadline Management
- Set individual submission deadlines for each challenge
- Control competition pacing with staged challenge releases
- Prevent last-minute score farming on easy challenges
- Ideal for long-running events (e.g., week-long CTFs)
📖 Docs: https://gzctf.gzti.me
📦 Release Notes: https://github.com/GZTimeWalker/GZCTF/releases/tag/v1.7.0
💬 Join the group: https://t.me/gzctf
#GZCTF
This milestone release brings two highly-requested features:
🏆 Enhanced Division System
- Fine-grained permission control per division
- Fully independent scoring and ranking systems
- Different challenge sets and rules for each division
- Perfect for multi-region or multi-tier competitions
⏰ Challenge Deadline Management
- Set individual submission deadlines for each challenge
- Control competition pacing with staged challenge releases
- Prevent last-minute score farming on easy challenges
- Ideal for long-running events (e.g., week-long CTFs)
📖 Docs: https://gzctf.gzti.me
📦 Release Notes: https://github.com/GZTimeWalker/GZCTF/releases/tag/v1.7.0
💬 Join the group: https://t.me/gzctf
#GZCTF
gzctf.gzti.me
GZ::CTF - GZ::CTF Docs
GZ::CTF Project Documentation
❤6
Forwarded from 禁止摸鱼见闻(返工限定)
喜报
Ubuntu 的新 ⚡️ memory safe 🦀 blazing fast 🚀 sudo-rs 出 CVE 了:
https://www.phoronix.com/news/sudo-rs-security-ubuntu-25.10
近期一同出锅的还有:
* 「uutils (rust coreutils) 看到不认识的参数居然是 silently ignore... 这太糟糕了,这 Ubuntu 怎么敢发出来的?」
* 「TMD ubuntu 的 uutils 的 chroot 在 bin/chroot coreutils 的 chroot 在 sbin/chroot 这样导致 sbuild 内部有一些硬编码 sbin/chroot 路径当场 GG」
再放送:
* Ubuntu 25.10's Rust Coreutils Transition Has Uncovered Performance Shortcomings
* Ubuntu 25.10's Move To Rust Coreutils Is Causing Major Breakage For Some Executables
* Ubuntu 25.10 Unattended Upgrades Broken Due To Rust Coreutils Bug
Ubuntu 的新 ⚡️ memory safe 🦀 blazing fast 🚀 sudo-rs 出 CVE 了:
https://www.phoronix.com/news/sudo-rs-security-ubuntu-25.10
近期一同出锅的还有:
* 「uutils (rust coreutils) 看到不认识的参数居然是 silently ignore... 这太糟糕了,这 Ubuntu 怎么敢发出来的?」
* 「TMD ubuntu 的 uutils 的 chroot 在 bin/chroot coreutils 的 chroot 在 sbin/chroot 这样导致 sbuild 内部有一些硬编码 sbin/chroot 路径当场 GG」
再放送:
* Ubuntu 25.10's Rust Coreutils Transition Has Uncovered Performance Shortcomings
* Ubuntu 25.10's Move To Rust Coreutils Is Causing Major Breakage For Some Executables
* Ubuntu 25.10 Unattended Upgrades Broken Due To Rust Coreutils Bug
👏5