Is anyone else getting a redirect loop when trying the link? At first I was thinking it had to do with my Firefox settings to force HTTPS but even just:
The biggest reason I flew Southwest was just because with the $20-$25 for early bird check-in each way, I could pretty much guarantee I wouldn't be stuck with a middle seat and would be likely to have control of where on the plane I was (e.g. if I had a tight connection, could be closer to the front).
If being able to pick an acceptable seat ends up costing more than this, I'll be firmly in the territory of just price shopping between the other US airlines and picking whoever has the best price for the route. Admittedly, as someone who flies alone the vast majority of the time, this system worked well for me without much overhead. I can understand how families might be relieved at being able to reserve seats all next to each other as the cost of early bird for say 4 people would really add up. I guess I'll just be enjoying my current setup while I can and then move forward without any sort of loyalty.
I love RSS. I take a bit of an unconventional approach and use Discord as my RSS reader. I run a self hosted instance of MonitoRSS (https://github.com/synzen/MonitoRSS). I have a server with just me and my bot instance and I tend to group my feeds into categories and channels (effectively creating a tab system per subscription or group of subscriptions). I have Discord installed on my laptop, phone, and desktop so this means that I can easily look at all my subscribed feeds wherever it's convenient for me. When I'm not set to "do not disturb", I even get push notifications on my devices when content is posted to feeds that go to channels I haven't muted. I think the only real downside of the setup is some days I am very busy and don't check the server that often, so I'll come back to a large backlog of things to read and I'll end up missing or under-appreciating some gems.
Something worth noting: unless I'm missing something, this isn't Beeper Mini (the Android app) but the iMessage-Matrix bridge Beeper created. However, this is still handy if you have a Mac or jailbroken iPhone (edit: for registration, seems like it's not required after the initial setup) as you can self-host it.
We discovered a Local Privilege Escalation (from any user to root) in
polkit's pkexec, a SUID-root program that is installed by default on
every major Linux distribution:
"Polkit (formerly PolicyKit) is a component for controlling system-wide
privileges in Unix-like operating systems. It provides an organized way
for non-privileged processes to communicate with privileged ones. [...]
It is also possible to use polkit to execute commands with elevated
privileges using the command pkexec followed by the command intended to
be executed (with root permission)." (Wikipedia)
This vulnerability is an attacker's dream come true:
- pkexec is installed by default on all major Linux distributions (we
exploited Ubuntu, Debian, Fedora, CentOS, and other distributions are
probably also exploitable);
- pkexec is vulnerable since its creation, in May 2009 (commit c8c3d83,
"Add a pkexec(1) command");
- any unprivileged local user can exploit this vulnerability to obtain
full root privileges;
- although this vulnerability is technically a memory corruption, it is
exploitable instantly, reliably, in an architecture-independent way;
- and it is exploitable even if the polkit daemon itself is not running.
Unfortunately, certain applications are gimped if you don't use the electron version. A notable example of this for me is Discord where push-to-talk doesn't function in the web version due to API limitations.
Another app I use that has this problem is Spotify. While it isn't electron, it is using CEF (chromium embedded framework) and can be dynamically linked to a distro one with some effort. Using the web version means I dont have my music available offline for listening.
My major annoyance with Electron is every app shipping its own version of it, particularly on Linux where most distros tend to ship electron in the repositories. I'd really rather not have 5 different chromium versions - that are lacking security updates - on my system. I wish packagers were more aggressive about not bundling them.
curl -L lukedeniston.com/memory-leak-mystery
> curl: (47) Maximum (50) redirects followed
isn't working.