Zum Inhalt der Seite gehen

Had a productive weekend. Could release PrivateBin 1.7.2, which includes a new template, as well as convert2json 0.8.4. And I had a nice bike tour around the nearby Greifensee. :-D

MadMike77 hat dies geteilt.

One does not simply
telnet into Mordor.


One ssh-es in,
using an exploit in a compression library,
shipped to them by their trusted distro in a supply chain attack.

Gerade @Malte 's exzellente Einführung in SSRF (server side request forgery) genossen am #Winterkongress und fleissig Notizen gemacht. Habe da noch ein paar Punkte am PrivateBin directory nachzubessern. Gopher-URLs via (lib)curl zu nutzen um ganz andere Protokolle zu sprechen (das gezeigte Beispiel war SMTP) ist echt kreativ, aber wenigstens recht einfach zu unterbinden.
#winterkongress @Malte

Experimentieren mit den Wertmodellen der KI: https://www.biastest.ch/ #Winterkongress

Biastest

Eine Bias-Testing-Station der Turingagency
www.biastest.ch
#winterkongress

teilten dies erneut

A classic bug for a leap day: At work, colleagues discovered and fixed a bug in a lesser used tool that only occurs on February 29th. It did trip up the tests, so no one got to merge until it got identified and resolved.

The source file in question hadn't been touched in over 4 years. Last leap year, the 29th was on a Saturday, so likely no one noticed.

What was annoying is that the logic had been clearly written with the intent of handling leap years. A leap year check condition was present, validated only on a February > 28th, but had to get inverted.

You may wonder why we wouldn't have used the languages' standard library date functions to validate the date - unfortunately the language in question doesn't have such a sophisticated standard library (language omitted to protect the innocent).

Best #37C3 quote so far:

[...] to observe the international compressor holiday [...]

Context: Newag's train "DRM"

#37c3

#37c3

Congratulations to Sergio Benitez on releasing rocket.rs 0.5.0! Thank you for this great framework. 👏

I got to follow rocket's journey to async and stable #rust with the PrivateBin directory service. Coming from Python flask apps, it is really easy to pick up and get going with your webservice, offering static & templated content, easy to create web forms and JSON APIs.

Thanks to rust's strict type system I could focus on the logic and didn't have to waste time double checking and casting data received by clients. If my API accepts an integer in a certain parameter, Rocket will ensure I only receive valid requests in my logic.

#rust

teilten dies erneut

Holiday in Peru

I like CSS-animations, clocks and dials for making metrics easier to digest (we are quicker at detecting angular changes than reading and parsing digits). So I'm in awe with this creative use of a watch-dial to visualize a 32-bit hexadecimal number:

https://retr0.id/stuff/2038/

s32 unix clock

retr0.id

#PrivateBin v1.6.0 released - adding translations for Japanese & Arabic, configuration option to disable email button and increases the minimal required PHP version to 7.3.
#privatebin

The letters below were discovered in September 1993 in a reverse time-capsule apparently sent from 2023.

The first of those emails dates from this morning. Note the author of the RFC and the publication date. :-)

RFC 1607

#privatebin


GitHub - Nessex/yaml2json-rs: Command line utility (+libraries) to convert YAML to JSON.

Command line utility (+libraries) to convert YAML to JSON. - GitHub - Nessex/yaml2json-rs: Command line utility (+libraries) to convert YAML to JSON.
GitHub

Schade das zu erfahren und vielen Dank an Herrn Dornier für die jahrzehnte-lange gute Betreuung und die ausgezeichneten Produkte!

Habe beruflich und privat seit Ende der 2000er Jahre immer wieder auf PC Engines für m0n0wall- und später OPNsense-basierte Router gesetzt. Diese Nachricht wurde über eine apu4d4 ins Internet geschickt und von einem Server hinter einer apu2e4 gehostet.

PC Engines apu platform EOL

www.pcengines.ch

#TIL:

prompt injection, which is a form of cyberattack that exploits [an AI's] natural language processing abilities.

Bing: “I will not harm you unless you harm me first”

Last week, Microsoft announced the new AI-powered Bing: a search interface that incorporates a language model powered chatbot that can run searches for you and summarize the results, plus do …
simonwillison.net
#TIL

PrivateBin 1.5.1 released - Filesystem purge lookup change & administration script

Release v1.5.1 - Filesystem purge lookup change & administration script - PrivateBin

This release reverts a filesystem purge lookup change and adds a script for administrative tasks.
privatebin.info

PrivateBin 1.5.0 released - Adding S3 Storage backend, storage migration script & 4 new translations

https://privatebin.info/news/v1.5.0-release.html

Error | OPNsense

This minor release adds support for Simple Storage Service (S3), a storage migration script, adds four new languages to the translations and includes updated libraries.
privatebin.info

PrivateBin 1.4.0 released - Hardening the attachment preview, Google Cloud Storage and Oracle database support & adding new translations

Error | OPNsense

This release improves the safety of the SVG attachment preview, adds Google Cloud Storage and Oracle database support, and new translations.
privatebin.info

My team at LzLabs GmbH in Wallisellen, Switzerland, is looking for a 4th DevOps Engineer. You'd be working primarily with a CloudBees (Jenkins) cluster of around 90 blades for build & testing, for several software stacks that targets RHEL, but hopefully soon™ also other platforms. And of course there are also a lot of build and deployment related projects to be spice things up on the side, like maintaining and developing a test statistics database, code coverage reporting, change log and other automation projects, all in a mostly ansible-ized environment. The companies main language is English, living in or moving to the vicinity of Zürich would certainly be advantageous.

#followerpower #Stellenangebote #jobs #jeRecrute


DevOps Engineer

As one of our DevOps engineers you will join a team who lead the way for our CI/CD environment. The ideal engineer will bring experience, best practices, and a collaborative attitude to help drive Linux based CI/CD initiatives.
lzlabs.peoplehr.net
#followerpower #jobs #jeRecrute #stellenangebote
Als Antwort auf elrido

elrido
elrido
Next week a new hire starts in our team. To help them find their way in our environment, we created this map. Let's hope it wont scare them away. :-D

Yeah, das Friendica Update war wieder einmal ein voller Erfolg! Ich freue mich immer darauf nach dem Update die Netzwerkstatistiken zu durchstöbern und zu sehen wie das Fediverse wächst und gedeiht. Aktuell sehe ich da bei mir:
Momentan kennt dieser Knoten 2065 Knoten mit insgesamt 1238363700 registrierten Nutzern, die die folgenden Plattformen verwenden:
- Friendica (234/14306)
- BirdsiteLIVE (3/9295)
- Diaspora (104/745029)
- [...]
- Lemmy (4/15876)
- Mastodon (1195/2801105)
- Misskey (33/1234575069)
[...]
Hm, die Misskey stats bedürfen wohl noch etwas der Interpretation... 🤔

Oh, wow: Nachdem ich von den beiden Druckwellen des Vulkanausbruches in der Nähe von Tonga hörte, habe ich in den Messungen von meiner kleinen Wetterstation nachgeguckt und die sind dort klar zu erkennen!

Als ich 1997 meine erste Reise in die USA machte, hatte ich einen Psion Siena dabei und darauf Tagebuch geführt. Leider konnte ich mir damals das Datenkabel nicht leisten und es irgendwann verpasst die leeren Batterien zu tauschen und die Dokumente gingen so verloren.

Vor einigen Wochen habe ich mir aus Neugier dessen grossen Bruder angeschafft, den Psion Series 3a. Und diesmal auch ein serielles Kabel dazu, damit ich Programme hoch- und Daten davon runter laden kann. Hab mal ein paar Notizen dazu gemacht:

Pastebin » Psion Series 3a data transfer over serial interface to modern Linux

mindloot.net

Field report on upgrading a rocket v0.4 application to v0.5
Als Antwort auf elrido

elrido
elrido

My employer is looking for a Junior and a Senior Web Developer in Wallisellen, Switzerland. Please feel free to share and/or message me privately or publicly, if you want to know more about the company.

https://lzlabs.peoplehr.net/Pages/JobBoard/Opening.aspx?v=286d1604-0dd9-4068-9ca4-4927773aea80
https://lzlabs.peoplehr.net/Pages/JobBoard/Opening.aspx?v=d74084e2-926b-4863-bf1c-505043c0f111

#hiring #jobs #JeRecrute (pas moi)
#jobs #jeRecrute #hiring

Not entirely serious question: Why does the Gnome Terminal icon represent an IBM PC DOS prompt instead of UNIX shell prompt? Is that what folks think of first, when they think of a command prompt?

Bild/Foto looks more like

Bild/Foto as opposed to

Good morning, currently reading a book called:

10 PRINT CHR$(205.5+RND(1)); : GOTO 10

The book's title and subject is the one liner that produces a maze on the Commodore 64 BASIC V2. In one of the chapters the books authors consider ports to other 8 bit systems, as well as modern scripting languages, using unicode characters. Here is their port to perl:

perl -e 'binmode STDOUT,"utf8";{print chr(9585.5+rand);redo}'

Got me inspired, here are my attempts for python (the second one cheats a bit, as it uses POSIX shell to format the script):

python3 -c 'import random;exec("while True:\n\tprint(chr(int(9585.5+random.random())),end=\"\");")'
printf "import random\nwhile True:\n\tprint(chr(int(9585.5+random.random())),end='')" | python3 -


and php (still no native unicode support, so have to build the 3 bytes for the utf-8 symbol one by one):

php -r 'while(1){echo chr(226),chr(149),chr(177.5+rand(0,1));}'
Als Antwort auf elrido

elrido
elrido
bash:

bash -c 'while true;do printf %b "\U$(printf %08x $((9585 + $RANDOM % 2)))";done'

Shell parsing is hard.

Yes, shell parsing is non-obvious - it does help enormously to understand that the shell takes what you type on the command line after you hit enter, parses it, replacing variables, expanding globs (wildcards) and other language constructs in the process and only then issues a system call, passing the resulting argv structure to the kernel for execution.

Exhibit A (source of the above quote): How the local shell ssh and the remote shell interact, in unexpected ways

Exhibit B: skarnet's introduction to the execline language design and grammar goes into further details of the argv structure

Exhibit C: How to use execlineb for nginx to wait for up to 10s on the startup of php-fpm, avoiding involvment of a shell process

Programmieren (x) Open Source (x)

PrivateBin 1.3.5 released - Fixing several smaller issues, adding new translations https://privatebin.info/news/v1.3.5-release.html
Programmieren (x) Open Source (x)

Many folks don't know that the Unicode standard is actually much older then they think. Here's the spec as of 1889 ;-)
Fun (x) Programmieren (x)

Hach, das war damals das erste Meme dem ich im Web über den Weg gelaufen bin. Schön, dass Archive.org daran arbeitet Flash-Animationen auch für künftige Generationen zu erhalten! #MakeTheWebWeirdAgain
#MakeTheWebWeirdAgain Fun (x)

Started looking into gemini space. Love how it feels - it's like the web ca. mid-90s. UI is back under your control and you can focus on reading the content instead of getting the site to work (because either you have issues with noscript turned on and sites requiring JS to display text or you have it disabled and have to click through modal windows informing you of cookie settings, sign up for that newsletter, etc. to get to the content).

I'm using Castor and wanted to merry it to my Gnome desktop, so clicking links in Firefox/Chromium opens them in Castor. Oh, and I got a gopher client for free with it as well. Was bummed when Firefox dropped gopher support. Here's how to register the gemini protocol in Gnome (and build castor):

Programmieren (x) Open Source (x)

While grep and sed are commoly used, awk fills a valuable niche when processing structured text, avoiding multiple pipes or more complicated regex extractions. Here is a handy flowchart to pick the ideal tool for your text processing task:

4


A plaintext chart and a simple example making use of several awk features can be found here:

Programmieren (x) Open Source (x)

Craig Maloney ☕

2020-11-06 20:01:07


https://www.jwz.org/blog/2020/11/working-desktop-stargate-and-dhd/
space (x) Fun (x)

Small tools to use as (non-sharable) sketchpads - if you need a quick spreadsheet calculation or text editor and are to lazy to open a terminal. Good example of #minimalism and very #privacy minded.
#privacy #minimalism Programmieren (x) Open Source (x)

Maybe a concept we could evaluate for use in our fediverse software as well:

This forms a relative reputation system. As uncomfortable as it may be, one man’s terrorist is another man’s freedom fighter, and different jurisdictions have different laws - and it’s not up to the Matrix.org Foundation to play God and adjudicate. Each user/moderator/admin should be free to make up their own mind and decide which reputation feeds to align themselves with.
Programmieren (x) Open Source (x)

@Retrocomputing Forum

Wolfgang Stief

2020-10-08 19:31:19


Liebe Freunde des gepflegten Alteisens! Kommendes Wochenende ist Vintage Computing Festival Berlin 2020 https://vcfb.de/2020/), und ihr könnt das alle besuchen, ohne auch nur einen einzigen Fuß vor die Tür zu tun. Ich bin dieses Jahr leider nur passiv dabei. Schade finde ich insbesondere, dass dieses Jahr die Fotografiererei auf der Strecke bleiben wird: https://www.flickr.com/search/?user_id=52924836%40N00&text=vcfb&view_all=1 # # # #
#retrocomputing #vintagecomputing #vcfb #vcfberlin @Retrocomputing Forum Fun (x)

Everything you always wanted to know about punch card data encoding, but were afraid to ask:

@Retrocomputing Forum #RetroComputing

#retrocomputing @Retrocomputing Forum Programmieren (x)