Mastodawn

The danger with these kinds of laws is that it is very easy to make them sound reasonable.

To fix that, please imagine these restrictions and requirements applied to book publishers and authors and libraries.

It would be absurd to require age verification/checking before being able to read something. We allow parents to decide what is suitable for their own children, but we do not require librarians or bookstores to do age checks, nor hold authors liable for precocious reading.

regnil Sep 3, 2025

rands Sep 3, 2025

https://randsinrepose.com/archives/check-your-context/

Check Your Context

I didn't much like Wally from the first time I met him. We worked in the same circles, but not on the same projects. I was aware of his work, but not involved or dependent on it. My initial reaction to Wally, "Complains. Nitpicks. Doesn't act." I made this judgment in a moment. Months passed, and n

Rands in Repose

regnil Feb 10, 2025

Michael Dwyer Feb 10, 2025

Do I have this right: the venerable UNIX 'cal' command, member of util-linux since the dark ages, which was seemingly recently rediscovered in posts from @quad and @b0rk ... has been REMOVED from Ubuntu 24??

I understand wanting to offer up alternatives, since cal can be spiky and surprising, but you don't just remove a util-linux command from my machines, Ubuntu.

Not okay. Not helping. Not building trust. What else did they remove?

regnil May 12, 2024

hanno May 12, 2024

Today, 16 years ago, Debian published a security advisory announcing CVE-2008-0166, a severe bug in their OpenSSL package that effectively broke the random number generator and limited the key space to a few ten thousand keys. The vulnerability affected Debian+Ubuntu between 2006 and 2008. In 2007, an email signature system called DKIM was introduced. Is it possible that people configured DKIM in 2007, never changed their key, and are still vulnerable to CVE-2008-0166? https://16years.secvuln.info/

16 years of CVE-2008-0166 - Debian OpenSSL Bug

Many DKIM setups used cryptographic keys vulnerable to the 2008 Debian OpenSSL Bug (CVE-2008-0166) in 2024.

regnil Jan 19, 2024

Lukasz Olejnik Jan 19, 2024

Inserting backdoors into AI/LLM models. Challenge: how to determine if the model implemented in a company, a government institution or the army does not have a backdoor and is safe? Not known for 100%. The beauty of artificial intelligence.
"we believe that our results demonstrate two key conclusions: both of
our threat models are possible and they could be very difficult to deal with if they did occur"
#ai #cybersecurity #artificialintelligence
https://arxiv.org/pdf/2401.05566.pdf

regnil Dec 3, 2023

@GossiTheDog fyi - doublepulsar.com ssl certificate expired today

regnil Oct 16, 2023

Dave Aitel Oct 16, 2023

Let's put out rumors of 0day in all the overly risky features of various apps we use until the defaults are more sane ! :)

regnil Dec 22, 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability.

https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

#threatintel #vulnintel

ZDI-22-1690

Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability