I promise this is not AI.

This is the sitting US president trying to convince the press, that he is doing important work, because he is renovating the pool in the local park, and that pool is longer than some skyscrapers.

This is what the US president is doing for his people, while the US economy is in tatters, Putin is waging war against Europe and and the Hormuz Strait is blocked.

A pool length measuring contest.

Insane.

A friend of a friend is missing - please boost 💔

#twitch #twitchcon #Netherlands

Happy Pride Month!

Rainbow Railroad is an organization which helps LGBTQ+ people flee dangerous regimes.

They’ve had a surge in requests from Americans looking to escape Trump.

No one is “safe” under fascism.

The tyrants start with the most marginalized.

They don’t stop there.

The Potatoes Quest

Sources and bonus timelapse: https://www.peppercarrot.com/en/miniFantasyTheater/055.html

#webcomic #krita #miniFantasyTheater

I found that crafted #MeshCore node names could compromise #HomeAssistant instances running meshcore-card, with an XSS leading to remote root access on the HA host. An attacker could then access anything controlled or visible through Home Assistant. The attacker doesn't need to be near the target, as MeshCore advertisements are repeated over the mesh, which is dense in NL.

This also affects around 20 public MeshCore analyzer websites. Some of those run CoreScope, where it looks like a vibecoding bot broke the XSS filter while hallucinating a bugfix. The analyzers are mostly public data though. In addition, the less popular MeshCore-Home-Assistant-Panel-v2 is likely also affected, but I was unable to make contact with the maintainer.

MeshCore node names are only 32 bytes, and each rendered in a different place in the page, so I had to be creative to run a more substantial payload. I found a way with three node names using an iframe feature I never heard of before.

https://mxsasha.eu/posts/meshcore-xss-home-assistant/