FxTwitter / FixupX
Simone Margaritelli (@evilsocket)
* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.…
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.…
https://fxtwitter.com/evilsocket/status/1838169889330135132
Sarà colpa di gnome; emphasis mine
* Devs are still arguing about whether or not some of the issues have a security impact.
I've spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can't accept that their code is crap - responsible disclosure: no more.
The writeup is gonna be fun, not just for the technical details of it, not just because this RCE was there for more than a decade, but as a freaking example on how NOT to handle disclosures.
Sarà colpa di gnome; emphasis mine
journalctl -u micro
È tempo di usare questa libreria per leggere i JSON dei repository FDroid alla velocità della luce
Altre librerie interessanti per spremere bene le vostre CPU
https://github.com/ashvardanian/SimSIMD
https://github.com/ashvardanian/StringZilla
https://github.com/unum-cloud/UCall
https://github.com/unum-cloud/USearch
https://github.com/unum-cloud/UForm
https://github.com/unum-cloud/ustore
https://github.com/ashvardanian/SimSIMD
https://github.com/ashvardanian/StringZilla
https://github.com/unum-cloud/UCall
https://github.com/unum-cloud/USearch
https://github.com/unum-cloud/UForm
https://github.com/unum-cloud/ustore
GitHub
GitHub - ashvardanian/SimSIMD: Up to 200x Faster Dot Products & Similarity Metrics — for Python, Rust, C, JS, and Swift, supporting…
Up to 200x Faster Dot Products & Similarity Metrics — for Python, Rust, C, JS, and Swift, supporting f64, f32, f16 real & complex, i8, and bit vectors using SIMD for both AVX2, AVX-...
journalctl -u micro
https://fxtwitter.com/evilsocket/status/1838169889330135132 * Devs are still arguing about whether or not some of the issues have a security impact. I've spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination…
E invece no, il premio va a CUPS
https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Gist
CUPS disclosure leaked online. Not my report. The original author is @evilsocket
CUPS disclosure leaked online. Not my report. The original author is @evilsocket - cups-browsed.md
🥰1
Sembra che la VPN di lavoro quando attiva, impedisca a Windows di spegnersi o riavviarsi 🏆
🤯1
Stanno per rilasciare Thunderbird per Android!
https://blog.thunderbird.net/2024/09/contribute-to-thunderbird-for-android/
https://blog.thunderbird.net/2024/09/contribute-to-thunderbird-for-android/
The Thunderbird Blog
Contribute to Thunderbird for Android - The Thunderbird Blog
Thunderbird for Android is coming soon! Discover all the ways to contribute and to make a difference from day one!
🔥1
> compilo il modello F24 da pc
> mi rimanda alla home
———
Ok ce l'ho fatta
> mi rimanda alla home
———
Ok ce l'ho fatta
😭1
Bene, se da app PostePay si possono pagare solo i bollettini, pagopa e poco altro, per fortuna da web si può pagare letteralmente tutto.
È sufficiente un account Poste (o PostePay ma non per forza), poi è possibile usare una qualsiasi carta mastercard o visa.
È sufficiente un account Poste (o PostePay ma non per forza), poi è possibile usare una qualsiasi carta mastercard o visa.
VSCode, bug del 2021 chiuso per "as-designed", grazie 🙏🏻
https://github.com/microsoft/vscode/issues/121106
Effetto: se per sbaglio rinominate un file Dart con maiuscole, l'LSP si lamenterà sempre dell'errore anche se lo risolvete
https://github.com/microsoft/vscode/issues/121106
Effetto: se per sbaglio rinominate un file Dart con maiuscole, l'LSP si lamenterà sempre dell'errore anche se lo risolvete
GitHub
Changing the case of a file then reloading VS Code provides the old casing in the API · Issue #121106 · microsoft/vscode
This seems similar to #102627, but I can't tell if it's intended to have been fixed or not by the last few entries on that issue. I made a VS Code extension that just logs the open files li...
Per far riconoscere le scorciatoie Ctrl-freccie su PuTTY + tmux + bash, consentendo di spostarsi tra le parole:
PuTTY
Connection / Data / terminale =
Poi è necessario chiudere completamente tmux
PuTTY
Connection / Data / terminale =
xterm-256color~/.inputrc (+ambiguous)set meta-flag on
set input-meta on
set convert-meta off
set output-meta on
"\e[1~": beginning-of-line # Home key
"\e[4~": end-of-line # End key
"\e[5~": beginning-of-history # PageUp key
"\e[6~": end-of-history # PageDown key
"\e[3~": delete-char # Delete key
"\e[2~": quoted-insert # Insert key
"\eOD": backward-word # Ctrl + Left Arrow key
"\eOC": forward-word # Ctrl + Right Arrow key
~/.tmux.conf (+mouse)set -g default-terminal "xterm-256color"
setw -g xterm-keys on
set -g terminal-overrides ""
set -ga terminal-overrides "xterm*:kLFT5=\eOD:kRIT5=\eOC:kUP5=\eOA:kDN5=\eOB:smkx@:rmkx@"
set -ga terminal-overrides ",xterm-256color:Tc"
Poi è necessario chiudere completamente tmux
journalctl -u micro
🚨 Repo Archlinux con pacchetti ottimizzati x86-64 [non tutti] https://somegit.dev/ALHP/ALHP.GO (Grazie M.)
Per avere i simboli di debug dei vari binari nativi, esistono dei server debuginfo —
Fortunatamente esistono anche per queste repository ottimizzate
Oppure come indicato nel README
gdb se li scaricherà automaticamente (suggerisco comunque di impostare set debuginfod enabled on in ~/.gdbinit)Fortunatamente esistono anche per queste repository ottimizzate
DEBUGINFOD_URLS="https://debuginfod.alhp.dev https://debuginfod.archlinux.org https://debuginfod.elfutils.org"
Oppure come indicato nel README
echo "https://debuginfod.alhp.dev" > /etc/debuginfod/alhp.urls
Forwarded from Note di Matteo
I dati sui sondaggi politici nazionali sono pubblicati come testo non strutturato su un portale del governo.
Eccoli finalmente estratti (con scraping e gpt-4o) in CSV e JSON:
Dati: https://github.com/ondata/liberiamoli-tutti/tree/main/italian_polls
Scraper: https://github.com/ruggsea/llm_italian_poll_scraper
Fonte: https://datibenecomune.substack.com/p/liberiamoli-tutti-numero-8
Eccoli finalmente estratti (con scraping e gpt-4o) in CSV e JSON:
Dati: https://github.com/ondata/liberiamoli-tutti/tree/main/italian_polls
Scraper: https://github.com/ruggsea/llm_italian_poll_scraper
Fonte: https://datibenecomune.substack.com/p/liberiamoli-tutti-numero-8
👍1
Le recenti versioni di PHP Intelephense per VSCode hanno un bug sulla risoluzione dei tipi, facendo un downgrade torna a funzionare
https://marketplace.visualstudio.com/_apis/public/gallery/publishers/bmewburn/vsextensions/vscode-intelephense-client/1.10.4/vspackage
https://marketplace.visualstudio.com/_apis/public/gallery/publishers/bmewburn/vsextensions/vscode-intelephense-client/1.10.4/vspackage
GitHub
Expected type 'object'. Found 'unset'.intelephense(P1006) (but but object is set.) · Issue #2981 · bmewburn/vscode-intelephense
Describe the bug My app has the index.php file with the creation of the $app object. I include in routes.php and when using $app, intelephense returns: Expected type 'object'. Found 'un...
😭1