ghosted @ghost@fairground.moe

爆睡

xz backdoor by https://turnoff.us

subscribing to oss-security@ be like "Excessive time spent checking invalid RSA public keys", "Reflected XSS except it does not execute due to CSP", and then you become seeing "backdoor in upstream xz/liblzma leading to ssh server compromise" notification

(if this is how you learned, https://openwall.com/lists/oss-security/2024/03/29/4)

This ancient Rage Comic is still an all-time classic.

McDonald? More like McDOWNald.

不过是早上打开Teams的时候觉得启动有点慢，就去上了个网，回过神来怎么就三点半了

DoorDash 的网页卡得一塌糊涂，加载订单状态页面要整整五秒，Resize 浏览器窗口会导致对话框消失不得不重新填写，面向加拿大用户的信用卡信息框里 Zip code 却不能写字母 ...

但打开 F12 可以看到里面塞满了 1.2k 个被 uBlock Origin Block 掉的数据收集请求，而这个数字每分每秒都在增加，我发现只要是点击网页中的任何按钮、输入文字、切换窗口，都会不断地给两三个不同的统计服务商发送请求，每次按下键盘都会发送好几个。

这就是当代互联网，用最烂的前端写出最浪费 CPU Cycle 和流量的垃圾，不光软件做得很烂，还就知道在里面塞各种各样的数据收集。

So

(1) Google turned an open standard that is RCS into their proprietary thing; and
(2) Google intentionally confused users between the open RCS standard and their proprietary extensions; and
(3) Now Google blocks legitimate users who just want to have more control over their devices from even using their supposedly "open" messaging standard

So much for "open". Stop pretending to be the good guy.

https://9to5google.com/2024/02/29/google-messages-rcs-rooted/

@FiveYellowMice@social.fym.moe ​:bocchibreakdown:​​:bocchi_dying2:​​:bocchi_glitch:​​:bocchi_shock:​

Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀

https://github.com/Speykious/cve-rs


wow the Rust devs really thought of everything