modrobert @modrobert@qoto.org

Happy Crowdstrike outage day to all who celebrate

Heads up new OpenSSH (sshd) security bug only exists in RHEL 9 and friends. OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable https://www.theregister.com/2024/07/11/openssh_bug_in_rhel_9/ #linux

I permanently switched away from #intel CPUs back when I had a C2000 board self-destruct due to CPU degradation fault (*) - now 13900K/14900K CPUs are developing issues en masse. Intel has acknowledged the issue but has been unable to give proper explanation for it. So far these issues has mostly been raised by individual end users but it seems this is likely to change as it appears that large hosting companies using these CPUs appear to be affected as well. #Level1Techs and #GamersNexus are hinting on the issue being far more widespread than initially believed and not a result of running the chips near or over the recommended power limits. GN video: https://www.youtube.com/watch?v=oAE4NWoyMZk

*) https://www.anandtech.com/show/11110/semi-critical-intel-atom-c2000-flaw-discovered

CVE-2024-5535 is an #OpenSSL problem that cannot be triggered by #curl

OpenSSL calls it it a low severity flaw. https://www.openssl.org/news/vulnerabilities.html

GitHub lists is as "critical" at 9.1 out of 10: https://github.com/advisories/GHSA-4fc7-mvrr-wv2c

At Sommarhack this weekend we somehow managed to win the zero bitplane competition with this contribution: https://youtu.be/QlbSEDq6Cno?si=sdocBAN_f3ZRj5fV

We just barely managed to get a higher score than SMFX with this demo, which in my opinion is more technically impressive: https://youtu.be/z2Ke-Irp7U8?si=fiBT7UXIl24bpIsa

The rules for the competition was that the demo should run on an Atari ST and should never display any graphics on the bitmap, and the only way you are allowed to display anything on the screen is by changing the background colour at precise times.

#atari #atarist #retrocomputing #demoscene

📚The r2book is getting updated with new contents and better organization. Check out the new chapters on r2con, r2wars, r2frida, r2pipe, r2js scripting and the revamped project introduction and help us by following the new contribution guidelines! https://book.rada.re

The death of public jailbreaks and the inability for Apple to let go of their control over their customers’s devices is an ongoing vulnerability that will be (or has been, even) getting people killed. I’m sure the ‘DMA bad’ peeps will find ways to spin or flat out ignore this.
https://infosec.exchange/@lorenzofb/112752391329610950

Lock up your computers and hide your software. A new version of SERV has been seen roaming the streets. https://blog.award-winning.me/2024/07/serv-13.html

Just received the #rabbitr1 today and with the last update it feels so useless and buggy. Can’t even use it to tell time because the timezone and the rabbithole thing feels so unsafe and scary to login any service there. At least the device looks cool

On some tracks I layer floppy drive sounds behind the drums. Here's a short video showing how it's done :)

🎵: https://fanlink.tv/199

tiny-gpu: Minimal #GPU design in Verilog #FPGA

https://www.pcgamer.com/hardware/graphics-cards/self-taught-hardware-engineer-discovers-that-gpus-really-are-ridiculously-complex-and-hard-to-design-after-all/

So there's a "novel" #VPN attack with a fancy name "#TunnelVision". I argue that this is not novel at all. It is quite well known that these routes bypass routes set up by a VPN. Case example: Here is the TunnelVision attack described in September 2023: https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic #infosec #cybersecurity

Great, another crapball OS we have to deal with

https://github.com/microsoft/MS-DOS