Uh, is it normal for an automated #security scanner to be unaware of #debian patched packages?
Like how OpenSSH 9.2p1 is vulnerable to CVE-2023-38408 but the Debian version 1:9.2p1-2+deb12u5 is patched. But the security scanner sees the "9.2p1" string and sounds the alarm.
It's been a while since I've been involved in vuln mgmt, but yes, used to see this all the time on Redhat, because Redhat also backports security patches like that.
Weβve outsourced our confirmation biases to search engines Forcing the use of general search terms can help people change their minds. arstechnica.com/science/2025/0β¦
The mesmerizing video above lets you visualize the ocean currents around the world. Using data from spacecraft, buoys, and other measurements, the visualization shows the ocean in motion, with the currents creating Van Gogh-like swirls around the gloβ¦
This week, Elecia( @logicalelegance ) and Chris( @stoneymonster ) host Kwabena Agyeman, CEO of OpenMV. They chat about more powerful (and smaller!) programmable cameras.
The "federated" service that isn't federated. Which is owned by one company. π€ (I know folks like it, hi all of you through the bridge... but it is not owned by the people, it is owned by one single company).
Like, shit, there's stuff to actually praise about Bluesky! But it's not transforming the web, it's not taking shit back, it's not yet decentralized. It's another VC-backed corporate service, even if by most accounts a pretty decent one by that standard. I disagree vehemently with them endorsing Jesse Singal, but that's really my biggest complaint with them.
The problem that I'll call out here is that tech media is lionizing Bluesky well past what they actually are.
All the while, the same tech media, on seeing a decade-old flourishing social media *network* that can and *has* transformed the web, falls back to shit like the Verge's infamous and transphobic "boys only club" sneer, the same old tired tropes about how the fediverse is "too complicated" as though depending wholly on a single corporate service was somehow simpler, and so forth.
Egal, wie man zur Letzten Generation steht: Diese Anklage ist ein Angriff auf die ganze engagierte Zivilgeschafft. Weltweit werden Klimaaktivist*innen kriminalisiert, eingeschΓΌchtert, eingeschrΓ€nkt. Wir sind alle gefragt, uns dem entgegenzustellen.
I'm curious: is there anyone in the first batch of #CentauriCarbon pre-orders that can tell me if their printer arrived on time, early, or late? (See linked chart for reference.) I'm in the second batch. π us.elegoo.com/blogs/news/shippβ¦
Thank you for your order of Centauri series! To ensure a smooth shopping experience, weβve outlined our estimated shipping times based on your order placement. All times are in Eastern Standard Time (EST).
@Sahil_n05 Guilty as charged. π I only have one other printer, my MK3S, and my wife was supportive of my decision... maybe because she saw how excited I was. π
Indeed! It makes it difficult to learn from historical mistakes if you're illiterate and possess a limited vocabulary and understanding of the wider world..
Did said in a different thread that MAGA loves uneducated sheeps. Easy to control and manage and they will believe anything. This is why they want the department of Education off. They need more sheeps and the younger and stupid the better.
Fredrick Douglas Jr. learned the alphabet from his owner, then learned to read by town white youths in exchange for food. Education is the way out of oppression, out of poverty, out of slavery.
Employees often gravitate toward co-workers their own age, but relationships with colleagues at other stages of life have personal and professional benefits.
I'm trying to create a simple #script in #homeassistant . What I want to achieve is having a button to smash when a #cat enter the #litter box that turns on the #airpurifier full blast. I can control the speed of the air purifier, as shown in the first screenshot. When I'm editing the script I can switch on and off the air purifier, but there's no mention about the speed (second screenshot). I'm definitely doing something dumb, but what?
Once you select the turn-on action, it usually exposes additional parameters in the UI, eg. brightness for lights, speed for fans, etc. If you don't see this, you may need to specify them in the data section of the service call. Developer Tools is a great way to test things out.
@davidlsparks It didn't expose any additional parameter in this case. But your suggestion to check the dev tools set me on the right path: there I found an action "Set fan speed" and could apply it to the device, and try it. Seeing it worked, I copied the YAML from the dev tools to the script and it works perfectly. Now it is shown correctly as an action, so the issue here is I was searching the action starting from the device, and it didn't show up, but if I searched the action and the applied to the device, it would probably work. It seems like Home Assistant doesn't know that the device supports actions other than "turn on" and so doesn't suggest them...
In case you missed this Reuters story from a few days ago....
"Several U.S. national security agencies have halted work on a coordinated effort to counter Russian sabotage, disinformation and cyberattacks, easing pressure on Moscow as the Trump Administration pushes Russia to end its war in Ukraine."
"Former President Joe Biden last year ordered his national security team to establish working groups to monitor the issue amid warnings from U.S. intelligence that Russia was escalating a shadow war against Western nations."
"The plan was led by the president's National Security Council (NSC) and involved at least seven national security agencies working with European allies to disrupt plots targeting Europe and the United States, seven former officials who participated in the working groups told Reuters."
Before President Donald Trump was inaugurated, his incoming administration was briefed by Biden officials about the efforts and urged to continue monitoring Russia's hybrid warfare campaign, the former U.S. officials said.
"However, since Trump took off
... show more
In case you missed this Reuters story from a few days ago....
"Several U.S. national security agencies have halted work on a coordinated effort to counter Russian sabotage, disinformation and cyberattacks, easing pressure on Moscow as the Trump Administration pushes Russia to end its war in Ukraine."
"Former President Joe Biden last year ordered his national security team to establish working groups to monitor the issue amid warnings from U.S. intelligence that Russia was escalating a shadow war against Western nations."
"The plan was led by the president's National Security Council (NSC) and involved at least seven national security agencies working with European allies to disrupt plots targeting Europe and the United States, seven former officials who participated in the working groups told Reuters."
Before President Donald Trump was inaugurated, his incoming administration was briefed by Biden officials about the efforts and urged to continue monitoring Russia's hybrid warfare campaign, the former U.S. officials said.
"However, since Trump took office on Jan. 20 much of the work has come to a standstill, according to eleven current and former officials, all of whom requested anonymity to discuss classified matters. Reuters is the first to report on the full extent of the Biden administration effort and how multiple different U.S. agencies have since paused their work on the issue."
"Regular meetings between the National Security Council and European national security officials have gone unscheduled, and the NSC has also stopped formally coordinating efforts across U.S. agencies, including with the FBI, the Department of Homeland Security and the State Department, the current and former officials said."
"Some officials involved in the working groups said they are concerned that the Trump administration is de-prioritizing the issue despite intelligence warnings. The change follows the unwinding of other Russia-focused projects launched by Bidenβs administration."
"The FBI last month ended an effort to counter interference in U.S. elections by foreign adversaries including Russia and put on leave staff working on the issue at the Department of Homeland Security. The Department of Justice also disbanded a team that seized the assets of Russian oligarchs."
Several U.S. national security agencies have halted work on a coordinated effort to counter Russian sabotage, disinformation and cyberattacks, easing...
Belarusian President Alyaksandr Lukashenko was sworn in for a seventh time on March 25 as human rights groups said the authoritarian leaderβs rule was unlawful.
Oh cool. I mean, I have this turned off for all users in my gapps domain and Iβm not using an admin account here and have no idea how this would even be on my screen but cool, cool cool.
Well letβs click βturn onβ and see if it works. I feel like it probably shouldnβt but every day some KPI at the big G depends on little things like βuser consentβ or βwords meaning thingsβ is an adventure so letβs buckle up.
Itβs easy, all you need to do is open your Gmail settings, scroll past the βsmart featuresβ options that are all set to off, find the Data Privacy menu, scroll past the βsmart featuresβ options that are all set to off, then go into the Google Workplace smart features menu where the smart features that should all be forced off per domain policy set in the admin panel are turned on because what does βpermissionβ really mean really if you think about it, and turn them off, then choose βdoneβ.
Organizing the worldβs information and make it universally accessible and useful unless itβs a choice you might make that we donβt like, in that case weβre going to organize that shit five levels deep in the interface and ignore the choice you made and the settings your admin picked and what words mean because our line is going up and fuck your settings thatβs why.
Nothing I can see in the admin console even admits that any of this nonsense happened, and ...I mean, what do you even say.
Options force-pushed to the user that override org policy settings? In a way that is completely invisible to an admin? And hidden four layers down in the user settings? What sort of evening-at-the-infosec-improv amateur hour is this?
If an endpoint can override policy invisibly you don't have a perimeter, you have a wishlist. WTF is going on at the big G these days?
why are you opposed to sombody getting their promotion and their bonus payout?
Think of the poor engineer that wil have to fix that mess at one point and will be skipped promotion because "one doesn't fix problem at Google. They invent them".
A new bill introduced by Angela Paxton, wife of Texas AG Ken Paxton, would impose privacy-invading age verification requirements on online sex toy retailers.
As someone who once sent a pack of condoms to the Queensland Premier to protest against idiotic laws I highly recommend ensuring the legality of any dildos etc by sending images of the devices to the AG for approval.
We've added 45 new Flock Safety and Axon camera registries to the Atlas of Surveillance from police departments all over the country. atlasofsurveillance.org/searchβ¦
This is surprisingly true. Even if one of the twins has 1 blue eye and 1 green eye you'll find the the other twin has the same colours but in the opposite eyes.
β¦but he does miss: ββ¦and the other half of the problem is that you wonβt have good OPSEC with good *tools* but lacking competent *users*β End-to-end secure stupidity is a thing.β¦
FBI probes arson of Tesla cars and facilities, says βthis is domestic terrorismβ FBI director: Agency "investigating increase in violent activity toward Tesla." arstechnica.com/tech-policy/20β¦
One of Ireland's very best genre-fluid experimentalists Meljoann walks us through Status - a bristling, truth-telling odyssey through queerness, class, digital resistance and emotional survival.
Ambassador Rasool's expulsion: A new low in US - South Africa relations
South Africa's diplomat Ebrahim Rasool was welcomed as a hero in his home in Cape Town. But his departure marked an unusually big step in deteriorating ties between Washington and Pretoria.
South Africa's diplomat Ebrahim Rasool was welcomed as a hero in his home in Cape Town. But his departure marked an unusually steep decline in ties between Washington and Pretoria.
π¦ We welcome the green light of the European Parliament and the Council to modernise EU driving licence rules, including:
π EU driving licences on digital devices. π A minimum two-year probation period for novice drivers. π An EU-wide accompanied driving scheme from age 17. π Better training and testing to help drivers navigate safely around vulnerable road users. π Easier licence exchanges for citizens from non-EU countries.
The European Commission welcomes the provisional agreement reached yesterday between the European Parliament and the Council on its initiative to modernising EU driving licence rules.
π¨ Letβs Encrypt at risk from Trump cuts to OTF: βLetβs Encrypt received around $800,000 in funding from the OTFβ
Dear @EUCommission, get your heads out of your arses and letβs find @letsencrypt β¬1M/year (a rounding error in EU finances) and have them move to the EU.
If Letβs Encrypt is fucked, the web is fucked, and the Small Web is fucked too. So how about we donβt let that happen, yeah?
(In the meanwhile, if the Letβs Encrypt folks want to make a point about how essential they are, it might be an idea to refuse certificates to republican politicians. See how they like their donation systems breaking in real timeβ¦)
Wenn Letβs Encrypt plΓΆtzlich nicht mehr klappt, wird das halbe Internet aus Zertifikatsfehlern bestehen. https://www.heise.de/news/Nach-Trump-Dekret-Kampf-um-US-Foerdermittel-fuer-Tor-F-Droid-und-Let-s-Encrypt-10328226.html
Fundamentaly, the design is flawed because DNS is not decentralized.
Who told you that DNS is not decentralized? There are more and more root servers all the time and many different organizations and countries have these root servers setup.
https://www.example.com
this URI has the schema (protocol) https:// the the host www.example.com that breaks down into the the subdomain wwwdomain name example that .com the root domain server(s) knows the address of the host(s) domain example and it is up to example to have the rest of its domain information.
This was designed as a decentralized way to do domain lookup to be scale-able. It is not like there is one centralized location that knows every domain.
There is a difference between logical and physical servers. Your DNS lookups are not decentralized, and usually can be seen over the wire.
Unless you run your own recursive resolver, you will be revealing a lot of information about your traffic even if it is encrypted. Even if you run your own recursive resolver, you will reveal metadata, albeit, at a possibly lower rate.
they can't. that'd completely go against their values. this is like asking them to refuse letsencrypt in Russia, they can't. it's an automated certificate system, they can't just prevent the issuing certificates simply because of their party.
even big websites, like the national security agency, and even whitehouse.gov use letsencrypt as well, so it wouldn't be a good sign for anyone.
@adisonverlice If "following your values" prevents you from taking material action to impede the advance of nazis, you need to reevaluate or reprioritize your values.
@dalias I see where you're going with this. but again, let's put out the hypothetical senarios that the letsencrypt foundation stopped the (nazi's) stopped issuing certificates for them. again, this will not slow them down, as again, they can turn to other paid providers who will gladly do it to them. again, take digicert. they issue certs for almost all of the government sites becides the NSA and few others. for example, defense.gov uses digicert. so if the (nazi's) wanted to, they could simply use digicert, it's not out of their budget. also, don't forget about GTS (google trust services) and also cloud flare. so it would slow them down at best, do nothing at worst
@dalias also keep in mind they issue certificates to, everyone, who requests them. it could be a small web dev like myself, it could be the ritch politition in America, they will issue certs for literally anyone.
"Let's Encrypt is a global Certificate Authority (CA). We let people and organizations around the world obtain, renew, and manage SSL/TLS certificates."
This FAQ is divided into the following sections:
General Questions Technical Questions General Questions What services does Letβs Encrypt offer? Letβs Encrypt is a global Certificate Authority (CA).
I will agree letsencrypt absolutely needs money to keep the lights on. and if worst comes to worst, hopefully they will move to EU. what I don't agree with is removing certificates from politicians that are in a different party
The main problem is the bureaucracy associated for this. Another issue is the ownership control of the organisation (DEP Cybersecurity), the organisation needs to be controlled by EU citizen and located in EU.
Momentum seems to be building for Jared Isaacman to become NASA administrator "We believe that Jared Isaacman is uniquely qualified to lead NASA." arstechnica.com/space/2025/03/β¦
oh! This administration thinks heβs uniquely qualified? Is he a criminal of some kind? A rapist? Foreign agent? Has a private company that directly competes with the agency heβs hired to destroy, I mean, lead?
A new 'Parental Insights' feature at Character.AI will send parents a weekly email summarizing their teensβ activity, though it does not include a transcript of the kids' discussions. pcmag.com/news/following-teen-β¦
A new 'Parental Insights' feature will send parents or guardians a weekly email summarizing their teensβ activity, though it does not include a transcript of the kids' discussions.
Awww. Our chonky boi was about three when he first started hanging around and decided he wanted to be ours.
He had a full set of appendages back then including the biggest bollocks you've ever seen (that photo came in useful when someone put out a notice to see if anyone could identify him).
A couple of months later after the police, RSPCA and vets got involved we were his.
One day he was hanging around and he was limping. A couple of weeks later he turned up with a farmer's bodge bandage on. A couple of weeks later the RSPCA wanted to know whose cat it was because they wanted to prosecute them for neglect as he was in a bad state with the leg.
We got in contact as we knew the cat and had an idea where he came from.
They were going to put him down but we said we'd give him a home. The RSPCA paid for the amputation, we paid for the neutering and he's been a happy chappy ever since.
They never did manage to pin it on and prosecute the old owners.
@jamesb Yea, Lettuce is off doing whatever it is that she does. She came in for breakfast this morning and is gone again. She'll come back next time she's hungry. She would also hate birthdays if she understood the concept
ducksauz π¦
in reply to Olivier Forget • • •