I thought funkwhale is dead

Edit: last time I checked, the funkwhale.audio website was offline and I could not find a maintained Git repo, but now the site is online and the Git repo has had recent updates. I don’t know what happened

I don’t know about other homeserver implementations but synapse kinda sucks. It used to randomly eat 100% of 1 or 2 CPU cores (including the database) until I tracked it down to 3 rooms having a messed up state which caused costly SQL queries. I removed the rooms from my server (using a third party admin panel because there’s no proper admin GUI built in, the documentation just mentions curl commands to hit the admin API, with placeholders to manually replace). It has been fine since I did it, but I’m the only user on my server. And I expect other issues to come up at any time…

It also eats a lot of storage, mostly the database. It grew very large quickly, but it’s more stable now

I found out about it while making a Jekyll plugin, the speed improvement is really noticeable

ImageMagick does the job but can be slow. libvips is à faster alternative

Reading the parts of the original report that are shown in the article, it gives me “AI-generated” vibes. Especially the part at the end, where they list other subreddits the user engaged with : this section feels so unnatural and irrelevant to the broader report

Knowing how much this administration loves AI, this seems plausible to me that these reports are auto generated, either from a human flagging specific posts, or from an automatic flagging system

What I mean by “lower level” is that it has less abstractions built in

Systemd abstracts so much stuff away that it does not feel like learning Linux “from scratch” :/

(I like having it in my daily driver, but it’s sad LFS had to drop support for a “lower level” init system)

This thread was a fun read. The part where the author tries covering up their BS with force pushes is so messed up…

Looks interesting, but after reading through the readme, I still clueless about the gameplay. Why does it need a container ? Is this some kind of security CTF with a story ?

This is neat. I’ve intercepted trafic from a few apps in the past, and whenever cert pinning was enabled it was a massive pain to deal with

Blocking or allowing domains should not mess up SSL. Is there anything else filtering or intercepting the trafic ?

I believe Signal has already fixed it, while meta said they won’t fix this in WhatsApp.

This side channel can be used to infer more than a rough timezone, specifically, an attacker could continuously monitor :

• the number of devices linked to the target’s account, along with fingerprints that allow differentiation between operating systems and browsers
• the locked or unlocked state of the target’s phone
• whether the phone is connected via Wi-Fi or a mobile network
• whether the WhatsApp application or browser tab is running in the foreground or background.

In addition, an attacker could deliberately drain the target’s phone battery and consume their mobile data allowance

I’ve tested this on myself and can confirm all of this can be done reliably

https://lemmy.pierre-couy.fr/comment/2733652

This is not high effort. Starting from an open source WhatsApp client library, reproducing the attacks described in the research paper is trivial. There are even a few public github repos implementing PoCs of this.

Whether the reward should be considered high or low is ultimately subjective. What is objectively verifiable, however, is that an attacker can continuously (and silently) monitor several aspects of a target’s environment, including:

• the number of devices linked to the target’s account, along with fingerprints that allow differentiation between operating systems and browsers
• the locked or unlocked state of the target’s phone
• whether the phone is connected via Wi-Fi or a mobile network
• whether the WhatsApp application or browser tab is running in the foreground or background.

In addition, an attacker could deliberately drain the target’s phone battery and consume their mobile data allowance.

This would have been a (if not the only) good point to make in the article considering the title. But I guess this would have taken space away from ads

The headline is vert clickbaity : it does not affect VPN users (the law forbids age-gated websites from promoting VPNs as a circumvention), and the whole article is just an ad for VPNs

Here is a link to the adjust.h GitHub in case you don’t feel like watching a video

Here is a link to the adjust.h GitHub in case you don’t feel like watching a video

I’m using the latest firefox on the latest android (just tried it on chrome from the same phone and it loads fine)

It looks really interesting but the link is giving me an SSL error :/