"As a general rule, avoid running npm in production environments." - nodejs.org/en/blog/vulnerabili

That sums up my feelings nicely!

Whois entries for the pttn.com are obfuscated by the registrar based in the UK. Smells like a scam to me FWIW.

A young pretty girl just showed up at my doorstep collecting donations to SOS KINDERDORF via a tablet logged into the frontend.pttn.com. Insisted on making a small donation on the spot, but I told her that I'd like to do my own research. Was it a scam?

2000s hackers: My dream is to connect all of my devices to the internet.
2020s hackers: My dream is to disconnect all of my devices from the internet.

RT @AuschwitzMuseum
Selling "Christmas ornaments" with images of Auschwitz does not seem appropriate. Auschwitz on a bottle opener is rather disturbing and disrespectful. We ask @amazon to remove the items of those suppliers. amazon.com/s?k=Fcheng+poland&r

Nice impression with my new X395 under #OpenBSD. Too bad that suspend/resume is broken with amdgpu for now.
It would have been handy for the conference I'm heading to.
But otherwise, iwm(4) works, X works (with SWcursor as for all amdgpu devices I've tried so far), video works. and it feels good to have a trackpad with 3 real buttons back after 5 years with softbuttons onlly.
And no intel CPU bugs.

This work has been committed! #OpenBSD now requires that system calls be in pre-registered regions (by the kernel or ld.so), in addition to the pre-existing check that syscalls be in un-writable memory. :flan_thumbs:


Great talk on systems programming in and parity with by Josh Triplett (Published Oct 3 2019 so it might be old news for some of you): youtube.com/watch?v=l9hM0h6IQD

deraadt@ changed lib/libc/sys: Document msyscall(2): ld.so can use this (once only) to tell the kernel where libc.so's text segment is, thereby allowing invocation of system calls from that region. An upcoming change will kill the process if a system call is invoked from addresses not explicitly permitted.
ok guenther kettenis mortimer


Very cool. :flan_cool:

#OpenBSD #security


Using #OpenSSH's new builtin U2F support is such a joy. Just generate a new key-pair, press once your U2F token (I have the cheapest one from Yubico), distribute the pubkey and be done with it.

Thanks a lot to all involved developers!

Show more

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!