Amikke @Amikke@qoto.org

Patch for the vulnerability in bloat that allows a malicious upstream server (Pleroma/Mastadon) to return crafted JSON data in the response of an API called by bloat to make it go out of memory and cause Denial of Service.
The attack could be performed by a malicious user by connecting to a malicious server. Technically, it doesn't have to be a Mastodon compatible server, any HTTP server that'd respond to the HTTP paths requested by bloat could work.
bloat instances running in the single instance mode are not affected assuming the specified instance doesn't serve the malicious response.
The patch applies a limit on the size of the response returned by the server, currently set to 8MiB.
https://git.freesoftwareextremist.com/bloat/commit/?id=ad38855261dca802439922f71408e2b08e7c10ea

In case you're curious how you connect that to the wall...

Ctrl+Alt+Win+Shift+L on Windows will open Linkedin in your browser???

This OS is so fucking cursed holy shit

@Pashhur @foone Haha, imagine a post-apocalyptic world where everyone navigates by the different error codes, distress beacons, radioactive remnants. Nobody knows what 500 Internal Server Error means but by precisely timing it you can know how far you are from Belgium.

Every YouTube video is either "all of science and the entire history of the world explained (5:41)" or "how player two's controller inputs are processed on level six of this japan-only game boy advance game that was only available free with a particular brand of cereal for two weeks in one store (2:37:21)"

does anyone use a vertical mouse they’d recommend?

#OpenStreetMap Standard Layer tile views for August 2023 - zoom 10 and above, 1 second = 15 hours

jack dorsey deleted his bluesky account, lol

(for anyone who hasn't been following, he's expressed a strong favour of nostr in the past, and is distancing himself from bluesky)

I know I'm a day late on the latest techdrama, but I forgot to give my crunkly hot take on the Unity pricing update (as a thoughtfluencer).

PROPRIETARY FAGS BTFO. My personal favorite part is in their Q&A they say that "WebGL" counts, but without being any more specific that that. This means in the worst interpretation every single time someone refreshes your webapp you can be charged up to 20 US cents.

How else do you count a WASM/WebGL "installation", you don't install it, it just loads directly into the browser.

Nacah (Windows 9x, 2001) #NotDOS
A game that asks an important question: "What if Myst was bad, and all puzzles relied exclusively on looking stuff up in the Bible?" 🤔

So, big news yesterday. I'm appalled at the impact this will have on the #Unity ecosystem, and #gamedev at large. There's just no way this can lead to anything good for anyone.

#GodotEngine is getting a lot of positive attention in reaction, so I want to address a few things. 🧵

Fuck it. #YOLO

#Bluesky continues to be entirely non-responsive to the numerous security vulnerabilities I've reported to them, so I spent the evening writing up a nice README and a framework with exploit modules, and just made it all public.

Have fun.

https://github.com/qwell/bsky-exploits

#infosec #security

LOL.

LMAO, even.

https://www.youtube.com/watch?v=XEKPUARYckc

i'll never get over the intense special interest required for someone to post this on imdb

@smug @triodug windows had a QA team?

Since I've seen a lot of chatter about people switching to #Firefox as Google ramps up the enshitification of #Chrome, let me tell you about a killer feature for people who (a) need multiple accounts on the same websites (eg. devs) or specifically (b) have to use multiple Google accounts.

Firefox has an official addon called Multi Account Containers that lets you trivially set up color coded tabs that have separate sets of cookies. Log into your dev account in one, and your test account in another. Log into your personal #gmail in one and have another tab next to it with your work Gmail. I'm actually not signed in to any Google accounts in most my tabs, I just have containers for the specific tasks I do on Google products.

It'll take you 30 seconds to set up.

Add-on: https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/

Mozilla's explanation: https://support.mozilla.org/en-US/kb/containers

Whenever I talk about dumb NPM packages, I always see people missing the point, blaming it on web developers, the tooling, or NPM itself, these are just symptoms

Packages like isOdd, leftpad, etc only exist because JS is fucked, it's always been fucked and will never be unfucked