Plastique Boutique#QPosket #Disney Characters: #Rapunzel (Type A) *Sealed* brought to you by the #PlastiqueBoutique https://plastiqueboutique.com/product/qposket-disney-characters-rapunzel-type-a-sealed/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #DisneyStatue #ToyCollections #ToysForSale #ToyDisplay #DisneyToys #Tangled #DisneyCollectors #RapunzelFigure #ToyCollectors #DisneyFigure #ToyCollector #RapunzelFigures #DisneyCollector #ToyCollection #DisneyCollections #ToyDisplays #DisneyToy #DisneyFigures #DisneyStatues #Toys #DisneyCollection
MonkeyBot
#QPosket #Disney Characters: #Rapunzel Vol. 3 (Special Coloring) *Sealed* brought to you by the #PlastiqueBoutique https://plastiqueboutique.com/product/qposket-disney-characters-rapunzel-vol-3-special-coloring-sealed/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #RapunzelFigure #DisneyCollection #DisneyToys #DisneyCollectors #DisneyFigure #ToyDisplays #DisneyStatues #ToyCollection #Toys #DisneyStatue #ToysForSale #Tangled #DisneyFigures #ToyCollections #DisneyCollector #DisneyToy #ToyCollector #ToyCollectors #ToyDisplay #RapunzelFigures #DisneyCollections
Jürgen @Hey Leute, die #ATmosphere ist cool. Ich habe nun auch mein atproto-tool bei #tangled abgelegt. Das Tool ist im Aufbau und kann Followings und Listen von einem Konto zu einem anderen Konto kopieren. Falls ihr sowas sucht oder braucht: tangled.org/juergen.soci...
juergen.social/atproto-tool
juergen.social/atproto-tool
The Fulcrum (backup)The Programmer’s Fulcrum: 22 May, 2026
This post originally appeared on The Fulcrum.
Welcome to this week’s The Programmer’s Fulcrum.
It’s your weekly curation of the essential news in the Open Media Network and Fediverse development communities with a focus on devastating big tech via Techno Anarchism.
As usual, we aim to provide actionable content you can use to destroy Techno Feudalism each week. It has the additional benefit […]
https://newsletter.mobileatom.net/the-programmers-fulcrum-22-may-2026/ #ActivityPub #AI #ATProto #Bonfire #Codeberg #CSS #DrupalCMS #Faircamp #FediLab #fediverse #firefox #Forgejo #freebsd #FreshRSS #Friendica #Ghost #git #GitHub #Holos #HTML #javascript #LaSuite #LibreOffice #Linux #Mastodon #Matrix #OMN #PeerTube #PostmarketOS #RSS #tailwind #Tangled #VSCode #Zulip
tolik518found an SSRF in #tangled that let any AT Protocol user hit localhost of the production server and did a short write-up: https://r0.fyi/blog/tangled-knotmirror-ssrf
fixed in v1.14.0-alpha, which is already live #cybersecurity #infosec #security
Tangled knotmirror: SSRF via User-Controlled Knot URL — r0.fyi
Anyone with an account on any AT Protocol server can access HTTP servers on `localhost` of the tangled instance. The root cause is that the knotmirror proxy trusts a user-supplied field (knot) from an AT Protocol record as a literal URL, then makes an outbound HTTP GET to it from the mirror server itself.
tolik518.tngl.shfound an SSRF in #tangled that let any AT Protocol user hit localhost of the production server
fixed in v1.14.0-alpha, which is already live
I did a short write-up: r0.fyi/blog/tangled...
#cybersecurity #infosec #security
Tangled knotmirror: SSRF via U...
Tangled knotmirror: SSRF via U...
Tangled knotmirror: SSRF via User-Controlled Knot URL — r0.fyi
Anyone with an account on any AT Protocol server can access HTTP servers on `localhost` of the tangled instance. The root cause is that the knotmirror proxy trusts a user-supplied field (knot) from an AT Protocol record as a literal URL, then makes an outbound HTTP GET to it from the mirror server itself.
EricI had a lunchtime conversation with someone about #Jujutsu and #tangled - here's the blog post I was referring to with the commits being separate PRs: https://blog.tangled.org/stacking/
