Show newer

Here's the WPEngine vs Automattic preliminary judgement.
storage.courtlistener.com/reca

Looks like WPEngine get everything they ask for (restored access, SCF back, etc.)

And, yes, Matt's intemperate social media posts were used against him

#WPDrama #WordPress

Show thread

#curl 8.11.1 has been released. It includes a fix to #CVE_2024_11053 - a #vulnerability I discovered.

It is a logic flaw in the way curl parses .netrc file. In certain situations, the configured password can be sent to a incorrect host. Luckily the affected configurations should be quite rare and thus the situation is unlikely to occur often.

The issue has existed in the curl source code for almost twenty-five years.

curl.se/docs/CVE-2024-11053.ht
hackerone.com/reports/2829063

No AI tools were used in discovering or reporting the vulnerability.

#noai #handcrafted #infosec #cybersecurity

Round one goes to WP Engine. Automattic is slapped with a preliminary injunction and must restore the status quo right away while the case continues toward trial. theregister.com/2024/12/11/wp_

Although we are not fully sure yet, there is a suspicious activity pattern from Russian IP addresses that currently brings Codeberg to a halt.

If confirmed, it is the first #IPv6 #DDoS attack in our history. Previously, we were only dealing with IPv4 so far.

@chort @wdormann i'm a software engineer. if i were considering at every point how any of my designs could be used to produce malicious behavior, then i would cease to be a software engineer and instead work in infosec.

Very insightful article on the American ‘healthcare’ system and #UnitedDeathCare

#Pluralistic: Predicting the present (09 Dec 2024)

“UHC leads the nation in claims denials, with a denial rate of 32% (!!). If you want to understand how the US can spend 20% of its GDP and get the worst health outcomes in the world, just connect the dots between those two facts: the largest health insurer in human history charges the government a 183,300% markup on covid tests and also denies a third of its claims.”

#UnitedHeathCare @pluralistic
pluralistic.net/2024/12/09/rad

"Thompson made his millions and made his company his billions by running a very profitable machine that creates human suffering called a health insurance company. This sort of human-suffering machine creates wealth by putting itself between health care and patients, and then by denying that health care, or at least denying to pay for most of it. This forces sick human beings to make the gut-wrenching decision of whether to be financially ruined or to just die"

the-reframe.com/peaceful-solut

Well the 'reset' hasn't started well; Rachel Reeves in Brussels has called for the EU to drop 'unnecessary' trade barriers with the UK:

'these unnecessary barriers to trade are one of the things that will contribute to the deterioration of living standards & making it harder for British businesses to be competitive on the global stage'!

Errr....The EU didn't just restrict trade on a whim; we left the EU; Reeves is just back on the EU-owes-the-UK-a-living tone; No it doesn't!

#Brexit
h/t FT

“A failed Conservative plan to send people seeking asylum to Rwanda spent £50m on flights that never took off, new figures disclose.

The Home Office has also revealed that the scheme – which ran under Boris Johnson, Liz Truss and Rishi Sunak’s administrations – spent £715m over two years on the plan – £15m more than previously claimed.”

“‘In the two years the partnership was in place, just four volunteers were sent to Rwanda at a cost of £700m’, Cooper told MPs.”

Another example of the expense associated with regressive politics 😒

theguardian.com/politics/2024/

1133/ 🧵

#OrganisedAffiliatedFuckers #DontPayTheGuardian #UKpol

Show thread

Good people of the fediverse!

I put it to you that it is not possible for someone to do age verification for website access*, which meets all the following:

it is privacy-respecting, such that users would trust it
it is not expensive, either to the user or the content creator
it is not unduly complex to host and operate securely by small indie content creators
it is to a standard that would be accepted by regulators responsible for enforcing "online safety" laws

(* i.e. a technique for verifying the age of the person actually accessing content of your website)

Please, prove me wrong with workable approaches that someone could actually implement. Say, by early next year...

Please don't rant here about how flawed the legislation is, how politicians don't understand tech, etc. Not the place for that :)

(CC @pandorablake)

#AgeVerification #OnlineSafety

If Play Integrity existed for security rather enforcing an anti-competitive, illegal business model then Google would use the hardware attestation API to permit GrapheneOS. Each day they allow a device with no patches for 8 years but not GrapheneOS makes it more of a joke.

Show thread

The late Clive James wrote this poem some years ago.

#Syria

"Wherever her main residence is now,
Asma unpacks her pretty clothes.
It takes forever: so much silk and cashmere
To be unpeeled from clinging leaves of tissue
By her ladies. With her perfect hands, she helps.

Out there in Syria, the torturers
Arrive by bus at every change of shift
While victims dangle from their cracking wrists

.....continued in this link and below.

archive.clivejames.com/poetry/

Star Trek: Section 31 (TV movie, January 31, Paramount+): New trailer

"Section 31 stars Michelle Yeoh as Emperor Philippa Georgiou who joins a secret division of Starfleet. Tasked with protecting the United Federation of Planets, she also must face the sins of her past."

youtube.com/watch?v=5yyQsFwjNv

Intel launched the Pentium processor in 1993. Unfortunately, dividing sometimes gave a slightly wrong answer, the famous FDIV bug. Replacing the faulty chips cost Intel $475 million. I reverse-engineered the circuitry and can explain the bug. 1/9

"A politics based on social media is instead anti-ideological; rather than leaders, it rewards reactionary vibe-surfers attuned to the arbitrary whims of users amplified by platform architectures. The longer the social media whirlpool spins, the more people become alienated from the entire self-reinforcing enterprise—and the more vertiginous the gyre for those that remain. "

kevinmunger.substack.com/p/vid

Star Trek: The Motion Picture was released 45 years ago today.

Rarely has a sci-fi movie been so horny.

youtube.com/watch?v=cXPEeGV8Mo

Your $12-15 payment every month to Spotify disappears into a blackhole and is noticed and appreciated by exactly NO ONE. By contrast, you could spend that same amount today at Bandcamp, OWN three albums because of it, AND make the day of each of those artists.

Seriously, a $5 sale can change a life.

Show thread

He continued: “They’re doing this with Excel spreadsheets, or ancient mainframes, or in many cases still using pen and paper processes [this was the early 00s], and those processes are just wildly labor-intensive and error-ridden. They lose unimaginable amounts of money to this. For them to pay us a measly few million to get software that takes 18 months to get deployed and just barely working? That is a •huge• improvement for them.”

In short: our product sucked, but it wasn’t a hoax.

3/

Show thread

The time has come again for my favorite Christmas meme.

"they *used to* laugh and call him names"

(won't be playing anymore reindeer games now, will they?)

Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.