Show more
℉ⅈℕℹℸℽ

Solr is vulnerable if you grab the right version from Docker Hub (8.8.0 works nicely). But - the Java executable in there is from within the last few years, and those all disallow remote code includes via JNDI... So by default it's not going to give you RCE - at least not with the method commonly cited.

Show thread
1
℉ⅈℕℹℸℽ

I learned some things.

Show thread
1
℉ⅈℕℹℸℽ

Mostly done with my range - Terraform and Ansible deploy it to AWS so you can play around with log4shell.

github.com/kc0bfv/log4j_range

1
℉ⅈℕℹℸℽ

youtu.be/jTM9-nudFBA

Great little short.

0
℉ⅈℕℹℸℽ

Rough morning for somebody.

0
℉ⅈℕℹℸℽ

I35 in Kansas miles 40-60 always fly past. In either direction you come out of hours of placid plains into comparably dazzling suburbia of Wichita. I can't help but look around almost in wonder, my mind soaking in the distraction. By the time I catch my bearings we're out the other side driving through the fields again.

0
℉ⅈℕℹℸℽ boosted
⚛️Revertron :straight:

How not to learn #Rust

dystroy.org/blog/how-not-to-le

1
℉ⅈℕℹℸℽ

This party monster massacred the other decor...

0
℉ⅈℕℹℸℽ boosted
𝕾𝖕𝖎𝖓𝖆𝖟𝖎𝖊
1
℉ⅈℕℹℸℽ

Thanks Reddit

1
℉ⅈℕℹℸℽ boosted
Kingu Platypus :verified_paw:
0
℉ⅈℕℹℸℽ

I spent way too long on Elastic given that their docs say it isn't exploitable due to mitigations... Oh well.

Show thread
0
℉ⅈℕℹℸℽ

Spent a few hours last night trying to get RCE on fresh ElasticSearch, Jetty, and Solr (not enough time on this one) installs. But no luck.

1
℉ⅈℕℹℸℽ boosted
Developer Memes

"Can you find the optimal route for the trolly?"

submitted by mstjepan

0
℉ⅈℕℹℸℽ

Morning leaving Colorado

0
℉ⅈℕℹℸℽ

Support this week, and your donation will pack double the punch with an automatic 2X match... eff.org/power-up

0
℉ⅈℕℹℸℽ

US Pol (Roe v Wade) 

Supreme court might eliminate RvW? Make it a law. That's the right way to do these things anyway. (I understand the complication around this, but if it's ever gonna happen this is the best time I've seen so far)

0
℉ⅈℕℹℸℽ boosted
Ken Fallon (PA7KEN, G5KEN)

CQ CQ CQ Want to learn CW. I do have a straight key and want to use it on Linux.

How can I physically connect it ? Do I just treat it as a switch and implement hardware debounce ? Or use a GPIO on a pi(w), or hacking a old mouse to replace right click, a ESPxx with a HID interface ?

Advice on this would be appreciated ?

1+
℉ⅈℕℹℸℽ

lobste.rs/s/waahpl/jumping_air

ESET looks at that jumps the air gap - how the samples they know about work, and general measures.

0
℉ⅈℕℹℸℽ boosted
Moved to @alilly@solarpunk.moe

I wonder how hard it would be for each of the major cloud service providers to cold start from a complete shutdown. Do their internal management systems even work if the auth subsystem has zero running instances?

0
Show more
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…