I'm old enough to remember when the "Back" buttons in web browsers used to work reliably. You'd get exactly one page transition back in history for every press of the button.
Can we bring that back, please?
I think it's a sign of ageing when you go to #FOSDEM and just sit in 1 room for the whole day
I remember I used to plan a crazy day and jump between rooms and buildings 😃
Many times you don't make it to the room and just sit outside listening to the live stream 😃
On Dec. 15, a researcher disclosed a weakness in the way many companies have implemented Google OAuth that potentially allows former employees to retain access to SaaS providers like Slack and other platforms. According to the researcher, Google paid a bug bounty for the vulnerability report in October 2023, but still hasn't changed anything to address the issue.
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
Today, Nudge Security published a writeup about the issue, noting how their SaaS platform was affected. Nudge's Jaime Blasco provides a helpful tl;dr on the weakness:
"It’s a well-known work email hack: add “+string” to your work email address (e.g., [email protected]) and you can easily filter any unwanted marketing emails or create multiple different signups for a single app using your work email address."
"However, this same trick can be used to create an entirely new Google account—one that looks like a corporate email address and forwards messages to it, but isn’t actually managed or even visible within your corporate Google organization.
This creates a big problem when it comes to offboarding employees. If a given “shadow Google account” were used to sign up for corporate SaaS accounts like Slack or Zoom using Google OAuth (i.e., “Sign in with Google”), that access could persist even after suspending the employee’s corporate Google account. Effectively, there’s no way for a Google administrator to see or suspend the shadow Google account from their admin console. This could leave a back door for unauthorized access by a former employee or threat actor by compromising the shadow account."
https://www.nudgesecurity.com/post/google-oauth-vulnerability
Bezos and Musk have it deeply wrong.
The problem isn't that we need a trillion people to have more Einsteins or Mozarts.
The problem is we don't nurture and protect the ones we have.
Stephen Jay Gould wrote: "I am, somehow, less interested in the weight and convolutions of Einstein's brain than in the near certainty that people of equal talent have lived and died in cotton fields and sweatshops".
The Voyager team at NASA sends a patch to Voyager 2 and later to the Voyager 1. The code is "shipped" to Voyager 2 on a Friday (October 20, 2023), and will be activated on a Saturday: Oct 28, 2023. The signal needs approx. 18hrs from earth to Voyager 2.
And you're afraid of deploying your PWA on a Friday when you can roll everything back in minutes?
Attached: 1 image NASA is sending a software update to the Voyager 2 spacecraft today! The patch contains logic to auto-recover from glitches similar to one in May 2022, when the AACS system on Voyager 1 started sending garbled data. The root cause was not fully diagnosed. The patch will be activated/tested on Oct 28. Voyager 1 will be next. Data will be sent at 16 bps with a 19 kW transmitter using the 70-m dish at @[email protected]. Distance: 20 billion km; 18:40 light hours https://www.jpl.nasa.gov/news/nasas-voyager-team-focuses-on-software-patch-thrusters #Voyager 1/n
Paul Evans
!JDA HAS MOVED!
nixCraft 🐧
Coach Pāṇini ®
BeyondMachines 
BrianKrebs
Peter Gleick
Arnd Issler
David Bisset