Okay so "mastochist" got hacked that exposed keys to post to my account

The person who was kind enough not to mis use my account, thank you  

"tl;dr a 3rd-party site called mastochist got hacked, so if youve ever used it you should revoke its access :) -rw672"

So please, remove access for "mastochist" if you have allowed this in the past

This can be done from account settings on the web UI (browser)

In more lovely #digipres #scholcomm news...

#Medknow was bought by #WoltersKluwer and now some 10 % of the 10.4103 #DOI's are broken, pointing to a default lww.com or journals.lww.com frontpage.

That's without counting the minority cases which give you either a #Thieme 404, a broken OJS install or a #CLOCKSS copy through chooser.crossref.org, etc.

We were just informed that due to a new Florida law we should no longer recruit grad students or postdocs from a number of "countries of concern" including China. We also "might have to withdraw existing offers".

I've benefited from many interactions with amazing Chinese students & postdocs in my career. This is a huge loss for everyone.

While there is an exception for students & postdocs already living outside of their home country, that will be a small & shrinking fraction of folks.

Security researchers are tracking what they say is the “mass exploitation” of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open-source filesharing server app.

The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL, ownCloud officials warned last week. Within four days of the November 21 disclosure, researchers at security firm Greynoise said, they began observing “mass exploitation” in their honeypot servers, which masqueraded as vulnerable ownCloud servers to track attempts to exploit the vulnerability. The number of IP addresses sending the web requests has slowly risen since then. At the time this post went live on Ars, it had reached 13.

“We're seeing hits to the specific endpoint that exposes sensitive information, which would be considered exploitation,” Glenn Thorpe, senior director of security research & detection engineering at Greynoise, said in an interview on Mastodon. “At the moment, we've seen 13 IPs that are hitting our unadvertised sensors, which indicates that they are pretty much spraying it across the internet to see what hits.”

https://arstechnica.com/security/2023/11/owncloud-vulnerability-with-a-maximum-10-severity-rating-comes-under-mass-exploitation/

So, turns out the website openwashing.org has gone offline ... good thing that the @internetarchive has got a backup available 🤗

https://web.archive.org/web/20231030214518/https://openwashing.org/