Panderito 

@alfabravoteam@linuxrocks.online
62 Followers
14 Following
1.9K Posts
Ran away from twitter before it was cool. Still have a blog. Freely ranting in EN, ES
Panderito 1d ago
Darius Kazemi1d ago

So ARPANET had a famous "Flag Day" where they switched over to TCP/IP in 1983; it required a simultaneous switchover of all host machines to the new protocol. And I know that "flag day" has since referred to big changes like that in networked systems. I assumed the name referred to some bitwise flags set in packet headers. Turns out, the term comes from Multics, when similar coordination was required for an encoding change. It happened on actual US Flag Day 1966!

https://en.wikipedia.org/wiki/Flag_day_(computing)

Flag day (computing) - Wikipedia

Panderito 1d ago
Kevin Beaumont1d ago
Wake up bae, new attack surface just dropped. Works outside UNC paths too, and MS don’t appear to own the domain 🤣
https://chaos.social/@karotte/114875319621020657
Lukas (@karotte@chaos.social)

Mildly cursed factoid about UNC paths: - UNC Paths can contain IP addresses such as \\192.168.1.1\share - IPv6 addresses are supported as well - IPv6 addresses contain colons - can't have colons in Windows paths since colons are reserved for drive letters So Microsoft came up with the the ipv6-literal.net domain that's special-cased by Windows so you can to write IPv6 addresses in UNC paths as 2a0e-3c0--21.ipv6-literal.net without it hitting any resolvers.

chaos.social
Panderito 1d ago
Arch Linux 1d ago

[aur-general] - [SECURITY] firefox-patch-bin, librewolf-fix-bin and zen-browser-patched-bin AUR packages contained malware

https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/7EZTJXLIAQLARQNTMEW2HBWZYE626IFJ/

#security #linux #ArchLinux

[SECURITY] firefox-patch-bin, librewolf-fix-bin and zen-browser-patched-bin AUR packages contain malware - Aur-general - lists.archlinux.org

Panderito 2d ago
志摩リン2d ago
#retrogaming #Virtua_Fighter_4
Panderito 2d ago
@gabriel hola, buenas, bloquearon este servidor en col.social? GGGracias :D
Panderito 2d ago

Recuerdo aleatorio: que un vuelo perdido hubiese terminado con una noche de cerveza y muchos besos.

Recuerdos bonitos de personas que ya no están.

Panderito 2d ago
ity [unit X-69] - VIOLENT FUCK2d ago
Dev team: We need to ship and we still haven't tracked down the memory leak!
Manager: I don't care, fix it! We ship today!
Dev team:
Panderito 3d ago
志摩リン5d ago
#retrogaming #Donkey_Kong_Land_III
Panderito 4d ago
Michael Lucas 5d ago

WeTransfer just changed their ToS to allow them to train AI on any files you transfer through them.

Don't use there service, especially for work that you don't have the right to relicense to them (e.g., commercial work that's exactly the most likely to create the huge files WeTransfer specializes in).

(ETA: this is already going boom so I'm muting it.)

https://wetransfer.com/explore/legal/terms

WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free

WeTransfer is the simplest way to send your files around the world

WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free
Panderito 4d ago
Jamez Barrett 🜃 ॐ Ⓐ4d ago

Deep in a New Zealand swamp, scientists discovered an ancient kauri tree that had been entombed for more than 40,000 years—its trunk preserved like a wooden time capsule. But this wasn’t just any prehistoric tree. Its rings revealed something extraordinary: it had lived through the Laschamp Excursion, a rare moment when Earth’s magnetic poles reversed. More alarming, however, was the period just before the flip—known as the Adams Event—when the planet’s magnetic field all but vanished, exposing the Earth to an onslaught of cosmic radiation.

With Earth’s magnetic shield weakened to as little as 0–6% of its normal strength, solar and cosmic radiation surged in, triggering global climate chaos. Ice sheets expanded dramatically, storm systems rerouted, and once-verdant lands like parts of Australia were swallowed by desert. Some researchers believe the event contributed to the extinction of the Neanderthals and forced early humans into caves for protection—where they began creating the earliest known symbolic art. These dramatic shifts suggest the Adams Event wasn’t just a magnetic anomaly—it was a turning point in human history.

Now, the ancient kauri stands as both relic and warning. Its rings carry the silent testimony of a world on the edge, a reminder that our magnetic field is not permanent. If such a collapse were to happen today, the consequences could be dire—satellite failure, communication breakdowns, grid collapses, and rapid shifts in climate. This tree, long dead, still speaks—whispering across the ages about the fragility of the invisible forces that shield our modern world.

×
Kevin Beaumont5d ago
If you’re wondering why half the internet broke tonight for a short period, TCS accidentally hijacked Cloudflare.HT @ssamulczyk
Show threadAndrew  5d ago
@GossiTheDog well, that explains why my traceroutes to 1.1.1.1 were ending up in Singapore.
Show threadgreem5d ago

@GossiTheDog @ssamulczyk

TCS? Is that the same...

Yes, it is.

Their contract renewals will be interesting in the next year.

Show threadAthos5d ago
@GossiTheDog @ssamulczyk every Tata company is independent, they don't really relate to each other that well
Show threadKevin Beaumont5d ago
@athos @ssamulczyk tell Tata 🤣 https://www.tatacommunications.com/strategic-alliances/tcs-alliance/
TCS Alliance | Tata Communications

Tata Communications
Show threadAthos5d ago

@GossiTheDog @ssamulczyk "alliance" does not mean that they are the same company, Tata Communications and TCS have separate CEOs, separate boards, their employees don't interface with each other

(and to be honest, most that is on their public pages is pure marketing)

Show threadMark Bryant5d ago

@athos @GossiTheDog @ssamulczyk

Or to anyone else for that matter. 😑

Show threadFennix5d ago

@GossiTheDog @ssamulczyk

Lately it seems we need that "It was DNS" meme to come with subscript that reads "probably due to BGP".

Show threadHugo Slabbert ⚠️5d ago
@fennix @GossiTheDog @ssamulczyk Don't forget MTU!
Show threadGrumpSec Spottycat5d ago
@GossiTheDog @ssamulczyk oh what notification site/tool do you use?
Show threadSebastian 5d ago
@kyhwana I used 1.1.1.1 as a dns canary on my router. It stated it is offline but the connection was alive. Started digging out of curiosity on bgp.tools and cloudflare sites… @GossiTheDog
Show threadaburka 🫣5d ago
@GossiTheDog @ssamulczyk
Show threadSimon5d ago
@GossiTheDog @ssamulczyk so I rebooted my laptop for no reason then. Naturally assumed it was something I broke
Show threadJP5d ago
@GossiTheDog TCS or a bunch of teenagers who convinced TCS help desk to change some passwords.
Show threadEric Goodwin5d ago
@GossiTheDog @ssamulczyk I was, in fact, wondering!
Show threadRootWyrm 🇺🇦5d ago
@GossiTheDog @ssamulczyk but but but Cloudflare "invented" RPKI so that nobody could ever BGP hijack them ever! And Tata is the finest professionals money can buy and nothing but!
Show threadLeak5d ago
Whenever I hear "Tata", I'm reminded of their landmark 2014 crash test fail: www.theguardian.com/global-devel...

Tata Nano safety under scrutin...
Tata Nano safety under scrutiny after dire crash test results

Philip Oltermann and Paige McClanahan: India's low-cost answer to the VW Beetle fails live up to 'frugal engineering' hype after receiving no stars for adult protection

The Guardian
Show threadDJGummikuh5d ago
@GossiTheDog @ssamulczyk how is this even possible? How can some "random" BGP provider claim routing for ranges that are not their own?
Show threadKevin Beaumont5d ago
@DJGummikuh @ssamulczyk that’s how BGP works
Show threadGeneralX ⏳5d ago
@GossiTheDog @DJGummikuh @ssamulczyk
BGP is a "trust me bro" protocol.
Show threadDaniel ☀5d ago
@generalx @GossiTheDog @DJGummikuh @ssamulczyk So, a malicious actor could purposely bring down a big part of the internet? If they really wanted to?
Show threadKarsten Johansson5d ago
@danielmunoz @generalx @GossiTheDog @DJGummikuh @ssamulczyk This just showed they can do that without even intending on it.
Show threadMax Resing5d ago
@generalx @GossiTheDog @DJGummikuh @ssamulczyk - That is not so much the case anymore. There is RPKI which solves the problem of route hijacks. It requires the owner of a prefix to sign it, and BGP-capable third-party networks have a way to validate or invalidate announcements, based on the route origin.
Show threadBig Kumera Energy5d ago

@DJGummikuh @GossiTheDog @ssamulczyk BGP has no real validation mechanisms for who can advertise which prefixes. There's some stuff bolted on top to help with that but none of it is mandatory, so none of it really protects those IP ranges.

It's all cooperative, basically. Runs on goodwill.

Show threadHey Gus5d ago
@depereo @DJGummikuh @GossiTheDog @ssamulczyk DNS to a lesser extent than BGP, but yeah. The internet used to be a peaceful utopia at least compared with modern times.
Show threadNicolas SAPA 5d ago
Because #RPKI still is a dream in a lot of network...
Nico's μBlog

Show threadSam Bowne 5d ago
@GossiTheDog @ssamulczyk Cloudflare DNS outage: Multiple websites on 1.1.1.1 server down, company reacts | World News - Hindustan Times https://www.hindustantimes.com/world-news/cloudflare-dns-outage-multiple-websites-on-1-1-1-1-server-down-company-reacts-101752533050143.html
Show threadStéphane Bortzmeyer4d ago

@sambowne @GossiTheDog @ssamulczyk "Cloudflare said that there is an issue with the 1.1.1.1 public resolver, which resulted in many websites hosted on its server being down"

Websites hosted on a DNS resolver... (In the traditional media, anyone can write anything, even without knowing the subject.)

Show threadslash5d ago

@GossiTheDog I used to follow the BGP sites which list changes. The funniest event was seeing China steal routes to a US business, and seeing the US military steal it back within minutes.

The cyber war is real, fierce, and a spectator sport.

Show threadVictor Oxyrhynchus5d ago
@GossiTheDog @ssamulczyk I saw ping 1.1.1.1 fail due to exceeded TTL which you don't see too often.
Show threadMax Resing5d ago
@Victorsigmoid @GossiTheDog @ssamulczyk - That might be a routing loop, which occasionally appears. Especially with those anomalies as discussed in here.
Show threadVictor Oxyrhynchus4d ago
@resingm @GossiTheDog @ssamulczyk when I saw this ping I immediately wondered, BGP? For I am knowledgeable but not skillful or hands-on experienced with this. I defer to those who are, and am grateful for the fediverse to cut thru the noise.
Show threadJay Thoden van Velzen ☁️​🛡️​5d ago
@GossiTheDog that's pretty funny 😂 @ssamulczyk
Show threadVicente ⁂5d ago
@GossiTheDog @ssamulczyk what time was this EST? i need to check something
Show threadKarl Auerbach5d ago

@GossiTheDog @ssamulczyk Ah, the bodacious Tata's are at it again.

(ICANN had to deal with them in the domain name context when they got ticked off at the adjective I used in the prior paragraph.)

Show threadScio5d ago
@karlauerbach thank you for bringing up this hilarity from before my time. Just read up about it!
Show thread🌱 Alyssa 🏳️‍🌈5d ago
@GossiTheDog @ssamulczyk Is someone please able to give a short explanation of what has happened here assuming reader is familiar with basic DNS, but not what BGP is or how you can "accidentally" hijack it?
Show threadPauliehedron ✅  5d ago

@aly @GossiTheDog @ssamulczyk

UPDATE: 2024-07-16 - Cloudflare puts the cause on themselves, not Tata! Their report on the outage here: https://blog.cloudflare.com/cloudflare-1-1-1-1-incident-on-july-14-2025/

Prior post of inaccuracy, but keeping for the record:

Sure! So Tata (insert reason X) decided to tell the world they were the way to get to 1.1.1.0/24 network, which includes the host 1.1.1.1, Cloudflare's DNS IP. And so the internet listened to Tata and starting updating everyone that they should start sending all the requests for 1.1.1.1 via Tata's network INSTEAD of Cloudflare who is the owner of that "network prefix". There are nerd knobs to turn and encryption which can prevent this, but after literal decades still hasn't been done.

This kind of thing happens much less than the past, but the effects are much larger as the internet is much larger now. Malicious actors like to do it for profit.

For more technical details, this article does a good job explaining: https://www.kentik.com/kentipedia/bgp-hijacking/

Cloudflare 1.1.1.1 Incident on July 14, 2025

On July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, resulting in downtime for 62 minutes for customers using the 1.1.1.1 public DNS Resolver as well as intermittent degradation of service for Gateway DNS. We’re deeply sorry for this outage. This outage was the result of an internal configuration error and not the result of an attack or a BGP hijack. In this blog post, we’re going to talk about what the failure was, why it occurred, and what we’re doing to make sure this doesn’t happen again.

The Cloudflare Blog
Show thread🌱 Alyssa 🏳️‍🌈5d ago
@pauliehedron Thank you :)
Show thread🌱 Alyssa 🏳️‍🌈5d ago
@pauliehedron @GossiTheDog @ssamulczyk Well this wasn't a very comforting read. 😅
Show threadSebastian 5d ago
@aly I’m still puzzled how you can do that by accident (at least so they claim)…🤣 @pauliehedron @GossiTheDog
Show thread🌱 Alyssa 🏳️‍🌈4d ago
@ssamulczyk @pauliehedron @GossiTheDog ooo Cloudflare says it was their own fault and not a BGP hijack:
https://blog.cloudflare.com/cloudflare-1-1-1-1-incident-on-july-14-2025/
Cloudflare 1.1.1.1 Incident on July 14, 2025

On July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, resulting in downtime for 62 minutes for customers using the 1.1.1.1 public DNS Resolver as well as intermittent degradation of service for Gateway DNS. We’re deeply sorry for this outage. This outage was the result of an internal configuration error and not the result of an attack or a BGP hijack. In this blog post, we’re going to talk about what the failure was, why it occurred, and what we’re doing to make sure this doesn’t happen again.

The Cloudflare Blog
Show thread▓▒▒░░ ʝσɳω ░░▒▒▓5d ago

@GossiTheDog @ssamulczyk

The irony behind this Cloudflare site is too much: https://isbgpsafeyet.com/

Is BGP safe yet? · Cloudflare

On the Internet, network devices exchange routes via a protocol called BGP (Border Gateway Protocol). Unfortunately, issues with BGP have led to malicious actors being able to hijack and misconfigure devices leading to security problems which have the potential to cause widespread problems. BGP security can be greatly improved by using technologies such as RPKI to sign Internet routes. This page attempts to track the progress of major Internet players (ISPs, transit operators, and content providers) in their progress to adopt RPKI and other technologies.

Show threadSecret Squirrel4d ago

@jonw @GossiTheDog @ssamulczyk "Your ISP implements BGP safely. It correctly drops invalid prefixes."

Yay!

Show threadOffbeatmammal4d ago
@jonw @GossiTheDog @ssamulczyk have to laugh, they say Tata is "safe" but the point the finger at them for this outage...
Show thread▓▒▒░░ ʝσɳω ░░▒▒▓4d ago
@Offbeatmammal @GossiTheDog @ssamulczyk Tata could not have done this if everyone was dropping invalid prefixes. So while Tata caused this, it only succeeded because so many other providers don't use RPKI. A provider can be totally safe and still hijack traffic because doing so has very little to do with itself.
Show threadMerospit5d ago
@GossiTheDog @ssamulczyk My AppleTV uses 1.1.1.1 as an "internet health check", but then works anyway even if it fails, it just shows a message on the screen.
Show threadSunil5d ago
@GossiTheDog @ssamulczyk TCS (TATA Consultancy Services) is different from TATA Communications!!
Different company, different business but same brand just like TATA Steel.
Show threadDreaming of dad jazz.5d ago

@GossiTheDog
@ssamulczyk

Just kidding..

Show threadShrirang Kahale4d ago

@GossiTheDog @ssamulczyk 1. TATA COMM and TCS are separate companies.
2. Cloudflare withdrew both 1.1.1.0/24 and 1.0.0.0/24 announcements due to an unknown reason. So its THEIR fault.

3. The BGP hijack you see is most likely due to a downstream customer of AS4755. Again the outage **isn't caused by TATA** it is caused by Cloudflare themselves.

4. TATA's Tier1 ASN AS6453 filters invalid ROAs but their domestic AS4755 doesn't.

Show threadShrirang Kahale4d ago
@GossiTheDog @ssamulczyk This is like blaming TCS if you get poor quality TATA salt.
Show threadShrirang Kahale4d ago
@GossiTheDog @ssamulczyk Also take a look at that screenshot, "peers observed: 2%" the leak didn't propagate far.
Show threadKevin Beaumont4d ago
@albonycal @ssamulczyk if Tata announced the prefix, it’s on them.
Show threadShrirang Kahale4d ago
@GossiTheDog @ssamulczyk The outage was caused by Cloudflare WITHDRAWING the announcement. Read that correctly.
Show threadKevin Beaumont4d ago
@albonycal @ssamulczyk Tata hijacking the Cloudflare prefix matters. You might disagree, and that’s okay.
Show threadShrirang Kahale4d ago
@GossiTheDog @ssamulczyk Your post says the outage was BECAUSE of TATA, which is blatantly incorrect. I agree that TATA"s domestic ASN should implement proper filtering like their AS6453, not disagreeing with that. But get your facts right.
Show threadShrirang Kahale4d ago
@GossiTheDog @ssamulczyk Either delete your post or edit it with correct facts.
Show threadFritz Adalis4d ago
@albonycal
Lol good luck with that.
Show threadShrirang Kahale4d ago
@FritzAdalis He has spread misinformation about BGP hijacks before this aswell, I forgot when exactly. Is it that hard to not talk about things you don't understand.