#lispyGopherClimate Tuesday-night-in-the-Americas

https://toobnix.org/w/88ZPfUcso2HNSKX6gNYShW #archive <- should have full audio

- This brave new world's #AI #vulns
+ #climateCrisis with e.g. oil

- The #commonLisp #conditionSystem #programming thread (& #shell ) https://gamerplus.org/@screwlisp/116390562771940285
Featuing @kentpitman @dougmerritt @vnikolov and more

- Also a note from @JohnMashey #unix when I tagged him (mostly, "haven't touched #lisp since the 70s").

- Live chat on #lambdaMOO !

@sdf can someone validate @artemis .

Maybe I'll go apply to #TikTok, and secure the american app and fix it. TikTok's current #algorithm is #insidious, I think designed to create #division and #radicalize people. Soon TikTok will tell me its #secrets, but I have to work on some #vulns system for a few weeks. Designing some brains for other important non-hobby smtask lol

My initial #scans for #TikTok are #worrying and I was concerned after my initial scans. My #AI systems were flagging everything. The #content never scored high like other #socialmedia platforms. The content is worrying not just from #radical left or right. There is something non-biased about how it tries to #radicalize. Like it is learning based off #heuristics, like time spent hovering over a #videotile. This triggers an #alert, where you didn't interact but it detected the most likely #video. Then provided more #content. It also gives a heavy weight to #interactions. Which then changes the #algorithm and how it provides #content. None of this is really bad, it is trying to be helpfulful. What I find concerning is the videos it provides. Like a stream of #bothsides #content. Trying to figure you out and provide more content. There isn't even #educational poop on TikTok. So most of the content is #madness Lol

Airoha Chip Vulns Put Sony, Bose Earbuds & Headphones at Risk
https://www.darkreading.com/vulnerabilities-threats/airoha-chip-vulns-sony-bose-earbuds-headphones

#Infosec #Security #Cybersecurity #CeptBiro #AirohaChip #Vulns #Sony #Bose #EarbudsAndHeadphones #Risk

My keynote from CypherCon 7 is now online: 25 Years of Years of Vulnerability. Thanks again to Michael Goetzman and the whole @CypherCon crew for a warm welcome and an amazing event!

https://www.youtube.com/watch?v=qcyIyLrQGLg

#infosec #conference #vulns

Others have already provided good criticism of the #cups #vulns, so i'll just add this:

unless it's in the kernel, systemd or openssh, I don't think you can claim a vuln will affect "all GNU/Linux systems". even stuff like coreutils, bash, etc aren't installed by default on a lot of the lightweight distros that get used for containers or k8s clusters these days.

CUPS in particular is ancient shit that isn't anywhere near our prod infra, and isn't even installed on desktop distros any more AFAIK.

The more nothingburger vuln disclosures we see making the rounds, the less seriously everyone will take #infosec, which makes all of our lives harder.

Watch @becojo's #NorthSec talk at 10:45 EDT on YouTube!
https://www.youtube.com/watch?v=YUJu8qkkz-o

https://mastodon.social/@becojo/112447336397151405

#nsec #foss #GitHubActions #vulns

I wrote a blog about ongoing exploitation of CVE-2023-22527, an Atlassian Confluence vulnerability from January of this year. What the attacker's up to, what their payload does, etc. (TL;DR: it's crypto.. it seems like it's always crypto these days)

https://www.labs.greynoise.io/grimoire/2024-03-confluence-where-are-they-now/

#vulns #vulnerabilities #atlassian #confluence #poc #greynoise

The latest release of my favourite downstream consumer of OSV.dev, OSV-Scanner, just dropped and includes "guided remediation" for npm: https://google.github.io/osv-scanner/experimental/guided-remediation/

This uses the amazing insights available from deps.dev to resolve dependency graphs, suggest fixes and to help prioritise upgrades based on #vulns fixed, dependency depth etc.

Check it out!

#osv