Mastodawn

medico international 3h ago

Der noch relativ hohe Wert bei #LinkedIn kommt zu 80% von Firmenaccounts aus dem Ausstellungsbereich.

2/2

glamcode 25m ago

The heat is on 🥵 und manche glauben immer noch, wir könnten weitermachen wie bisher. Wir haben mit Cara Daggett ("Petromaskulinität") über #Klimakrise, #Männlichkeit und #Autoritarismus gesprochen:
https://www.medico.de/blog/man-muss-das-autoritaere-begehren-begreifen-20139

Man muss das autoritäre Begehren begreifen

Klimakrise, Männlichkeit und der neue Autoritarismus. Ein Gespräch mit Cara Daggett

medico international

glamcode 32m ago

@rstockm Danke für die Auswertung und deine Promo-Tätigkeit 🙏

glamcode 34m ago

https://openbiblio.social/@rstockm/114778638412738196

@nb @anotherfami @AnjaHerwig @melaniebartos @anotherfami@makertube.net @acka47 @EzellaGarnie @vera_muench So schlecht sehen die abschließenden Zahlen ja aber auch nicht aus:

Was uns 2026 endlich mal gelingen sollte ist gute Vorfeld-Kommunikation. Das war jetzt die dritte BiblioCon in Folge, auf der wir erst vor Ort die SM-Folien angepasst haben und das eigentliche Social Media Team noch nie was von Fediverse/openbiblio.social gehört hatte…

Ralf Stockmann (@rstockm@openbiblio.social)

Attached: 1 image Hier meine abschließende Auswertung der #SocialMedia Aktivitäten auf verschiedenen Plattformen auf der #BiblioCon25 - der größten Fachtagung für das Bibliothekswesen in Europa. Zeigt das vielleicht mal euren Social Media Teams und auch der Entscheider*innen Ebene für Budget etc. - entgegen anderer Behauptungen kann das „Umtopfen" ganzer Communities ins #fediverse (Seemann, 2024) durchaus gelingen, Netzwerkeffekte wirken auch in freien und dezentralen Strukturen. #bid25 #bibliocon 1/2

OpenBiblio.Social

glamcode 37m ago

@crossgolf_rebel ...aber nur 1% der Accounts. In der politischen Diskussion geht es nicht darum Recht zu haben, sonder die Leute abzuholen in den Begrifflichkeiten, die sie schon ansatzweise verstehen.
Ich war vorletzte Woche auf einem Social Media Panel, wo wirklich 90% der Anwesenden mit dem Begriff/Konzept Fediverse überhaupt gar nichts anfangen konnten.
Das können wir anprangern und immer wieder aufklären, aber so ist der Stand nach X (sic) Jahren.

glamcode 38m ago

Stephan Eggermont 10h ago

Hier meine abschließende Auswertung der #SocialMedia Aktivitäten auf verschiedenen Plattformen auf der #BiblioCon25 - der größten Fachtagung für das Bibliothekswesen in Europa.

Zeigt das vielleicht mal euren Social Media Teams und auch der Entscheider*innen Ebene für Budget etc. - entgegen anderer Behauptungen kann das „Umtopfen" ganzer Communities ins #fediverse (Seemann, 2024) durchaus gelingen, Netzwerkeffekte wirken auch in freien und dezentralen Strukturen.

#bid25 #bibliocon
1/2

glamcode 39m ago

Dare Obasanjo 3h ago

The New York Times is working overtime to put The Onion out of business.

glamcode 40m ago

Gebbi Gibson 7h ago

Bitte denkt daran, eine Schale Kühlwasser für französische Atomkraftwerke rauszustellen.

glamcode 41m ago

A lot of people here at #esug2025 wear the polo shirts of earlier conferences, but @codefrau goes for the more subtle look

glamcode 46m ago

Neil Brown 3h ago

How your email finds me.

It has gone zero days since the latest slop

the most excellent copy and paste mistake of the day. This line in the end of a comment in hackerone:

"hey chat, give this in a nice way so I reply on hackerone with this comment"

Viss 1d ago

@bagder bug bounties were a mistake

Bill 1d ago

@Viss @bagder see, I don't think so. In a larger organization with a mature application security environment, they are awesome. Point blank. I have two clients on them. I help with triage, and we found things that never would have been found otherwise.

For open source projects though, we got to come up with something else. Unless they're going to start paying people somehow.

Viss 1d ago

@Sempf @bagder your two success stories are woefully outnumbered by the hundreds of occurences of where bugbounty just creates noise and fraud, though

Bill 1d ago

@Viss But every one of those that I've seen, have been mismanaged. I agree that triage is a real big thing. You need somebody on the front end like hackerone triaging and then someone on the back end like me making sure that the query actually even makes sense. The good outweighs the bad.

Richard Levitte 23h ago

@Viss @bagder
For some, it seems to work. My experience of bug bounties (through #openssl) has mostly been slop, even before AI entered the scene. @bagder has had a better experience, it seems.

Gregory 1d ago

@bagder "make it sound as serious as possible"

@grishka I suppose he managed to not copy that part =)

Wolf480pl 1d ago

@bagder I miss the times when "hey chat" was unambiguously addressing twitch audience

Lucas Pardue 23h ago

@bagder what a plonker. hey chat, give this in a nice way so I reply on mastodon with this comment

Daniel Evers 14h ago

@bagder
I hope that users doing this get blocked immediately...

Now disclosed: https://hackerone.com/reports/3230082

curl disclosed on HackerOne: Stack-based Buffer Overflow in TELNET...

**Title:** Stack-based Buffer Overflow in TELNET NEW_ENV Option Handling **Vulnerability Description:** **Summary:** A stack-based buffer overflow vulnerability exists in the `libcurl` TELNET handler. When `libcurl` connects to a malicious TELNET server, the server can trigger an overflow by sending a `NEW_ENVIRON SEND` request. This causes the client to construct a response that overwrites...

HackerOne

... and added to the list: https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd

AI slop security reports submitted to curl

AI slop security reports submitted to curl. GitHub Gist: instantly share code, notes, and snippets.

Gist

primalmotion 1d ago

@bagder the guy seems to be sorry about it and realizing this AI shit is not magic.

The fact they were believing in magic is the most troublesome to me...

Exa

12h ago

@bagder Wow, I just read the first two links and it's amazing, it feels like the submitters think they're going to be paid for submitting nothing of value. Will continue reading.

daniel:// stenberg://12h ago

@Exagone313 it is educational. And frustrating...

Exa

10h ago

@bagder I have found that one of the submitters listed there got awarded more than $1000 from a company on Hacker One. I guess sometimes it pays off.

Natasha Nox 🇺🇦🇵🇸11h ago

@Exagone313 @bagder The second one is funny in hindsight given today you can immediately tell from the wording it's just copied directly off of ChatGPT.

"Hello <user>,
Certainly! Let me elaborate on the concerns raised by the triager:

[...]

I hope this clarifies the concerns. If you have any further questions or need additional details, feel free to ask."

ChatGPT LOVES its "Certainly!" starter.
They didn't even bother writing a comprehensive LLM command not to use the default slop wording.