HackerTrans
TopNewTrendsCommentsPastAskShowJobs

johnnyapol

no profile record

Submissions

Boeing urges 737 Max inspections for possible loose bolt

reuters.com
4 points·by johnnyapol·3 tahun yang lalu·1 comments

Google to pay $700M to US consumers, states in Play Store settlement

reuters.com
3 points·by johnnyapol·3 tahun yang lalu·0 comments

NameCheap's email hacked to send Metamask, DHL phishing emails

bleepingcomputer.com
250 points·by johnnyapol·3 tahun yang lalu·106 comments

Raising the bar for software security: next steps for GitHub.com 2FA

github.blog
27 points·by johnnyapol·4 tahun yang lalu·4 comments

Open to a fault: On the passive compromise of TLS keys via transient errors [pdf]

usenix.org
56 points·by johnnyapol·4 tahun yang lalu·10 comments

Pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

qualys.com
7 points·by johnnyapol·4 tahun yang lalu·3 comments

comments

johnnyapol
·2 tahun yang lalu·discuss
Is anyone else getting a redirect loop when trying the link? At first I was thinking it had to do with my Firefox settings to force HTTPS but even just:

curl -L lukedeniston.com/memory-leak-mystery

> curl: (47) Maximum (50) redirects followed

isn't working.
johnnyapol
·2 tahun yang lalu·discuss
The biggest reason I flew Southwest was just because with the $20-$25 for early bird check-in each way, I could pretty much guarantee I wouldn't be stuck with a middle seat and would be likely to have control of where on the plane I was (e.g. if I had a tight connection, could be closer to the front).

If being able to pick an acceptable seat ends up costing more than this, I'll be firmly in the territory of just price shopping between the other US airlines and picking whoever has the best price for the route. Admittedly, as someone who flies alone the vast majority of the time, this system worked well for me without much overhead. I can understand how families might be relieved at being able to reserve seats all next to each other as the cost of early bird for say 4 people would really add up. I guess I'll just be enjoying my current setup while I can and then move forward without any sort of loyalty.
johnnyapol
·2 tahun yang lalu·discuss
I love RSS. I take a bit of an unconventional approach and use Discord as my RSS reader. I run a self hosted instance of MonitoRSS (https://github.com/synzen/MonitoRSS). I have a server with just me and my bot instance and I tend to group my feeds into categories and channels (effectively creating a tab system per subscription or group of subscriptions). I have Discord installed on my laptop, phone, and desktop so this means that I can easily look at all my subscribed feeds wherever it's convenient for me. When I'm not set to "do not disturb", I even get push notifications on my devices when content is posted to feeds that go to channels I haven't muted. I think the only real downside of the setup is some days I am very busy and don't check the server that often, so I'll come back to a large backlog of things to read and I'll end up missing or under-appreciating some gems.
johnnyapol
·3 tahun yang lalu·discuss
Something worth noting: unless I'm missing something, this isn't Beeper Mini (the Android app) but the iMessage-Matrix bridge Beeper created. However, this is still handy if you have a Mac or jailbroken iPhone (edit: for registration, seems like it's not required after the initial setup) as you can self-host it.
johnnyapol
·3 tahun yang lalu·discuss
IPv6 not having NAT doesn’t make it incompatible with stateful firewalls. You can still have routers doing drop inbound by default.
johnnyapol
·4 tahun yang lalu·discuss
https://www.bleepingcomputer.com/news/technology/ftc-fines-t...
johnnyapol
·4 tahun yang lalu·discuss
MiB refers to mebibyte, which is in base-2 (2^20 bytes).

MB is canonically base 10 (10^6 bytes).
johnnyapol
·4 tahun yang lalu·discuss
Key excerpt/context from the advisory:

We discovered a Local Privilege Escalation (from any user to root) in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution:

"Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. [...] It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission)." (Wikipedia)

This vulnerability is an attacker's dream come true:

- pkexec is installed by default on all major Linux distributions (we exploited Ubuntu, Debian, Fedora, CentOS, and other distributions are probably also exploitable);

- pkexec is vulnerable since its creation, in May 2009 (commit c8c3d83, "Add a pkexec(1) command");

- any unprivileged local user can exploit this vulnerability to obtain full root privileges;

- although this vulnerability is technically a memory corruption, it is exploitable instantly, reliably, in an architecture-independent way;

- and it is exploitable even if the polkit daemon itself is not running.
johnnyapol
·5 tahun yang lalu·discuss
Unfortunately, certain applications are gimped if you don't use the electron version. A notable example of this for me is Discord where push-to-talk doesn't function in the web version due to API limitations.

Another app I use that has this problem is Spotify. While it isn't electron, it is using CEF (chromium embedded framework) and can be dynamically linked to a distro one with some effort. Using the web version means I dont have my music available offline for listening.
johnnyapol
·5 tahun yang lalu·discuss
My major annoyance with Electron is every app shipping its own version of it, particularly on Linux where most distros tend to ship electron in the repositories. I'd really rather not have 5 different chromium versions - that are lacking security updates - on my system. I wish packagers were more aggressive about not bundling them.
johnnyapol
·5 tahun yang lalu·discuss
Are you running an antimalware program with real-time scanning enabled on Windows? I've found that typically causes a lot of the slowdowns on builds if you don't have your worktree excluded from it. Linux still ends up faster for me even without the anti-malware on Windows but its not as dramatic.
johnnyapol
·5 tahun yang lalu·discuss
The DMCA notice can be found here https://lumendatabase.org/notices/25498447 which includes an IP address (along with some tweets).