FR/EN
Account dedicated to #Offsec/#Infosec/digital stuff
Involved in
#UnifiedPush #MollyIm
| Github | https://github.com/p1gp1g |
| Codeberg | https://codeberg.org/s1m/ |
| Liberapay | https://liberapay.com/S1m/ |
| Blog | https://s1m.fr |
I was wondering why I was seeing so many "Co-authored-by: Copilot" commits recently. It turns out VS Code added a "feature" that inserts that into your commits automatically, even if you're not using Copilot.
It looks like people complained about this, which went nowhere until this hit the front page of HN. After this was the top HN story Saturday, an MS engineer submitted a PR to switch this feature to default off an hour ago (midnight Redmond time).
What will they think of next?
Le sigh. Every time we go around and have to do this again and manually figure out wtf each of the ten thousand linux distributions provides their security updates and current status.
Spending my Saturday morning searching for CVE-2026-31431 and "copyfail" patch status is just π.
Anyway, here's what I have so far:
This is epic, first time camera is working in #Waydroid π€© Thanks to @supechicken and the WayDroid-ATV project!
Nextcloud talk just merged UnifiedPush support! It will be available with Nextcloud 34
I'm currently testing Signal's new incremental local backup with my daily data - because I uninstalled Molly by mistake 
It takes time, but seems to work well
Iβm a bit surprised they did not wait till a patch was available for the major distros. Smells like an IPO or the next round of funding is coming soon.
You probably want to keep a close eye on any system you maintain where unprivileged users have shell access and update as soon as possible.
https://security-tracker.debian.org/tracker/CVE-2026-31431
https://ubuntu.com/security/CVE-2026-31431
Signal is working on a standalone version for Signal Desktop that does not require a smartphone π€©
Also more adjustable options when using Desktop as a linked device
#signal #signalapp #signalmessenger #news #windows #linux #macOS #desktop #tech #aboutsignal
RE: https://mastodon.social/@pid_eins/116459585811044061
Someone wrote a postmortem on the security issues uncovered in uutils, "the Rust reimplementation of GNU coreutils"
https://corrode.dev/blog/bugs-rust-wont-catch/
It is an interesting read on its own. The author praises Rust for managing to entirely eliminate memory safety issues in uutils. My view here is unfortunately closer to that of Lennart: the remaining class of bugs are to a large part the fault of the Rust stdlib, and entirely avoidable.
(see also my last blog post https://hachyderm.io/@swick/116455985982945725)
A response to recent reporting in Germany, in service of clarity and accountability:
First, itβs important to be precise when it comes to critical infrastructure like Signal. Signal was not βhackedβ β in that our encryption, infrastructure, and the integrity of the appβs code was not compromised. 1/
hrbrmstr πΊπ¦ π¬π± π¨π¦
Dan Luu
Jan Schaumann
Project Insanity
Molly
Signal News & Tips
Sebastian Wick
Signal