Show newer

Guacamole is the interface I deploy to let folks interact with the range easily. It is not easy to configure automatically... There's a simple user config file, but it is intentionally extremely simple. If you want to deploy Guacamole via configuration as code, you need something more powerful. I created this to do that:
github.com/kc0bfv/guacamoleRES

Show thread

Jetty is kinda vulnerable... It doesn't use log4j logging by default, but it does come with a drop-in logging replacement module that uses log4j. By default... Even the current versions of Jetty for download will, when enabling this module, download vulnerable log4j. The people making Jetty don't seem to realize this yet. I have no idea if anyone uses the replacement module. But I did!

Show thread

Solr is vulnerable if you grab the right version from Docker Hub (8.8.0 works nicely). But - the Java executable in there is from within the last few years, and those all disallow remote code includes via JNDI... So by default it's not going to give you RCE - at least not with the method commonly cited.

Show thread

I35 in Kansas miles 40-60 always fly past. In either direction you come out of hours of placid plains into comparably dazzling suburbia of Wichita. I can't help but look around almost in wonder, my mind soaking in the distraction. By the time I catch my bearings we're out the other side driving through the fields again.

This party monster massacred the other decor...

I spent way too long on Elastic given that their docs say it isn't exploitable due to mitigations... Oh well.

Show thread

Spent a few hours last night trying to get RCE on fresh ElasticSearch, Jetty, and Solr (not enough time on this one) installs. But no luck.

"Can you find the optimal route for the trolly?"

submitted by mstjepan

US Pol (Roe v Wade) 

Supreme court might eliminate RvW? Make it a law. That's the right way to do these things anyway. (I understand the complication around this, but if it's ever gonna happen this is the best time I've seen so far)

CQ CQ CQ Want to learn CW. I do have a straight key and want to use it on Linux.

How can I physically connect it ? Do I just treat it as a switch and implement hardware debounce ? Or use a GPIO on a pi(w), or hacking a old mouse to replace right click, a ESPxx with a HID interface ?

Advice on this would be appreciated ?

@ken_fallon this answer recommends the mouse hack because then it'll work easily with existing software.

ham.stackexchange.com/question

I was gonna recommend something like the Sega Genesis joypad driver, or DB9 joystick driver. I messed with that years ago and the electrical connections are simple and translate easily to the driver, and the driver was easy to modify to have the button behavior be different. I'm not sure that type of setup would work with whatever software you want to use though.

Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.