31.01.2026 17:06
👍 1
🔁 1
💬 0
📌 0
Every year @mpf.hackerific.net builds a badge for our Secret Santa gift exchange, and he’s written about this year’s design at hackerific.net/2024/12/17/c.... It’s one of the best bits of the Christmas run-up!
One comment with cropped author: As per the discussion at #20094 - this is NOT a vulnerability in this library. It is just a poorly documented callback API that has a POTENTIAL for misuse by users who do not understand how SSH key exchange works. Now everyone that uses x/crypto has a nice 9.1 CVE that they have to "patch", even if they're not using x/crypto/ssh, or use the callback properly. My response: I invite you to take the opportunity to ask your vendor scanner why they report such obvious false positives, when the public vulnerability database includes package and symbol information. govulncheck is an example of a scanner that won't repost that false positive.
We've gotten to the point that people get angry at projects that fix potential vulnerabilities, because the security scanner they use reports it as a false positive when not even using the affected package.
Yell at your vendor! Or, govulncheck is RIGHT THERE.
This is a fascinating case study of real operational use of cryptography by non-technical people, of OPSEC, of anonymity tech, and of web security.
cw: drugs
As if you needed any more reasons not to go back on Twitter, projects like @kubernetes.bsky.social, @cilium.bsky.social, @containerd.dev, @prometheusio.bsky.social and no doubt many more from @cncf.bsky.social are here on Bluesky
Reading the timeline of the pressure campaign to convince the xz maintainer to hand over control is… awful. Merciless guilt-tripping.
One lesson I’m taking from this is to be even more ruthless with blocks. Whining about maintenance? Blocked. Zero chances.
research.swtch.com/xz-timeline
It looks like those are messages from Signal groups with disappearing messages turned on. Do we know who screenshotted the chats before they disappeared?
Going live at 4:30pm UK / 8:30am PT - see you there! #ebpfsummit isogo.to/ebpf-summit #opensource
This is the single most incredible thing you'll read today and I'm not going to give you any clues I just want you to click. https://12ft.io/proxy?q=https%3A%2F%2Fwww.telegraph.co.uk%2Fmoney%2Fkatie-investigates%2Fpartner-scammed-me-dark-secret-investment-action-fraud%2F
I've opened a PR to change the behaviour here: https://github.com/bluesky-social/atproto/pull/1299 so it may not be an issue for long!
Setting up a custom domain handle here using the .well-known file method? It doesn't like Unix EOL characters (it tries to parse the EOL character as part of the `did`). You'll get an error saying 'The server gave an invalid response and may be out of date' – remove the EOL and you're good to go.