[-] rotopenguin@infosec.pub 65 points 2 months ago

Avoid prion diseases, mulch the rich.

[-] rotopenguin@infosec.pub 65 points 7 months ago* (last edited 7 months ago)

I can kinda see "shot an old horse or two" as being a positive thing, okay you got over the squeamishness of it and did a sick animal a mercy.

Winging a goat and gosh I gotta go get more ammo to finish this one off, well that's starting to get a little peculiar.

LIKING IT SO MUCH THAT YOU WENT OUT AND GOT A NEW PUPPY SO YOU COULD DO IT AGAIN, well hoooly fuck we are getting into something entirely else now aren't we?

[-] rotopenguin@infosec.pub 68 points 7 months ago* (last edited 7 months ago)

How do you know there isn't a logic bug that spills server secrets through an uninitialized buffer? How do you know there isn't an enterprise login token signing key that accidentally works for any account in-or-out of that enterprise (hard mode: logging costs more than your org makes all year)? How do you know that your processor doesn't leak information across security contexts? How do you know that your NAS appliance doesn't have a master login?

This was a really, really close one that was averted by two things. A total fucking nerd looked way too hard into a trivial performance problem, and saw something a bit hinky. And, just as importantly, the systemd devs had no idea that anything was going on, but somebody got an itchy feeling about the size of systemd's dependencies and decided to clean it up. This completely blew up the attacker's timetable. Jia Tan had to ship too fast, with code that wasn't quite bulletproof (5.6.0 is what was detected, 5.6.1 would have gotten away with it).

[-] rotopenguin@infosec.pub 78 points 10 months ago* (last edited 10 months ago)

Patch notes: clause unnecessary. Refactored to cover the general case.

[-] rotopenguin@infosec.pub 76 points 10 months ago

It's an ".avi.exe".

[-] rotopenguin@infosec.pub 62 points 11 months ago

Thanks, but I only take advice from the Arch Wiki.

[-] rotopenguin@infosec.pub 71 points 1 year ago

It's kinda wild that GTK's grandpappy is now the last thing to get updated to the current GTK.

[-] rotopenguin@infosec.pub 65 points 1 year ago* (last edited 1 year ago)

An AAAA cell has 200-350 mohms internal resistance. A 9v battery has 6 of them in series (many of them are literally that, others have their cells as a stack of plastic buckets). The nose ring is a short run of wire, it's idunno a 0.2 ohm heater?

I think the septum is going to get pretty toasty.

https://data.energizer.com/pdfs/e96.pdf

[-] rotopenguin@infosec.pub 152 points 1 year ago

I use Ubuntu, which is apparently the least popular distro around.

[-] rotopenguin@infosec.pub 166 points 1 year ago

It's a shame that Valve couldn't get Steam to issue them a new AppID, so they had to delete CSGO in order to put CS2 on the store. It was the only way.

[-] rotopenguin@infosec.pub 86 points 1 year ago

But I might need 99 of every potion for the last boss!

[-] rotopenguin@infosec.pub 76 points 1 year ago

Has anybody mentioned yet that tar isn't even a "compression format"?

view more: next ›

rotopenguin

joined 1 year ago