Proxmox would help. It's great for running VMs and managing hardware
towerful
joined 1 year ago
I was expecting a package and an SMS "sorry we missed you" scam caught me off guard.
Luckily the 2nd field in the form was date of birth, which was an immediate red flag.
If it was an age restricted delivery (alcohol, chemicals, kitchen knives or something) I might have gone further.
since companies technically "are" people
This wording is some legal loophole bullshit.
I have tried to word something that disagrees with this for 30m. I can't figure it out.
This is bullshit.
But this "company is person" tries to re-humanise corporations. I think. Or something.
Have some ranting....
A company is a group of people working in the interest of themselves.
A person is generally working in the interest of themselves.
A group of people always has more power than a single person, and thus should be held to a higher standard.
It seems like Google is taking this seriously... now (assigning a 10.0. The next highest is an 8.8 for $15k). But it seems like the cve is still assigned to chrome, as opposed to libwebp (where the actual vulnerability is)
And while I appreciate the publication - the fact its a 0-day publication (as opposed to "we patched this 6 months ago") means Google hasn't taken it seriously previously (or it's be found exploited in the wild)
Nah, this bullshit is progress.
The root of this problem has always existed. Exploits have always been there, mistakes have always been there. These things are fundamentally unavoidable.
Acknowledging then, documenting them is new. Sensible disclosure is new. Companies paying for these bug bounties before they are publicly disclosed (so they can be fixed) is new.
And it's awesome. It's security. It's people working together for the betterment of everyone.
It would be amazing if people didn't make mistakes. But that isn't possible.
Openess, honesty and quickly remedying of issues is possible, and it's laudable.
So yeh, next time you get an annoying update that interrupts you're workflow. Please understand the work and reason behind the update. You can still be pissed at the interruption, but please appreciate the human reason for it.
Edit: I read "good" as "god". Idk if that changes anything
Citizen Lab said Blastpass was discovered on the device of an employee with "a Washington DC-based civil society organization" and that it could be mitigated by Apple's Lockdown Mode. An investigation into the exploit chain continues, but researchers said it involved "PassKit attachments containing malicious images sent from an attacker iMessage account to the victim."
Edit:
Fuck my reading skill (or fuck articles listing multiple high profile CVEs)...
Blastpass is not the same libwebp CVE (blastpass, the iMessage thing, is CVE-2023-41064. libwebp is CVE-2023-4863 - although that is the chrome one, despite this affecting libwebp not chrome).
I think the whole situation is very rapidly being researched and it's all developing.
So, no idea if lockdown mode would have any effect
I've read elsewhere it's actually a problem with libwebp not just chrome.
Basically, anything that relies on libwebp (ie can play libwebp) is vulnerable.
https://snyk.io/blog/critical-webp-0-day-cve-2023-4863/
I guess the obvious one is "holding spacebar for control key"
ISO8601 all day, every day
That PR might be a while....
https://github.com/bitwarden/mobile/pull/2629#issuecomment-1731457466
Considering that android is going to prevent users from importing a CA
Edit:
Wait, I think I have my wires crossed.
I think android is removing the ability for apps to install certs.
The user has to manually install a cert, and then select it in the app
Edit again:
Yeh, this is what I was thinking of:
https://httptoolkit.com/blog/android-14-breaks-system-certificate-installation/
But, thinking about it now, I doubt it will actually affect the feature
I know what you mean.
The problem is, actual POE powered computers end up being commercial display drivers or embedded/industrial systems. And that means a significant increase in price.
These devices are often plugged into things that require power. At which point, you can just power it locally. So the added cost and complication of POE isn't worth it.
Chances are, a lot of the things you are trying to do don't need a full SBC and Linux. But I don't know your situation.
Something like this: https://www.dfrobot.com/product-1286.html
Or this.
https://www.robotpark.com/Arduino-Ethernet-Microcontroller-With-PoE-Power-over-Ethernet-V3
If it's something like a screen/touchscreen interface, theres already power there...
But you could use an android TV, there are some that are POE powered, but most displays have a power source these days.
Things like Bluetooth or whatever, you can probably get off-the-shelf extenders or repeaters.
I'd love it if it was more common, gives an easy way to remotely power cycle devices. But the ridiculous extra cost that PoE enabled general purpose devices come with just isn't worth it for me.
Americans confused at what month "27" is
How long ago?
Seems like a write up here about how to do it:
https://forum.proxmox.com/threads/igpu-pci-passthrough-with-pve-7-3-actually-working-with-kernel-6-1.123720/