Just a lvl 27 guy from 🇫🇮 Finland. Full-stack web developer and Scrum Master by trade, but more into server-side programming, networking, and sysadmin stuff.
During the summer, I love trekking, camping, and going on long hiking adventures. Also somewhat of an avgeek and a huge Lego fanatic.
It has access to /sdcard as a shared folder.
How does this work? The app doesn’t seem to have any settings related to it yet. Under /mnt in the VM I noticed folder shared that seems to match the downloads folder on my phone, which seems odd
Tested this on my Pixel 8a. Works as you would expect. Personally I have a little hard time coming up with use cases for this but I guess it’s kinda cool.
Yeah, kinda sounds this was designed by someone who has never actually attended a LAN party
Sadly Thinkpads no longer are what they used to be. I got the X1 Extreme Gen 5 couple of years back and have had all kinds of problems with it. Blue screens, problem with fans sometimes getting stuck at 100%, constant problems connecting to the dock, not to mention bad battery life… My coworker had to get a warranty replacement when the usb-c port stopped working without any apparent reason only after a month of use. And other coworkers with newer models are also reporting issues.
The website (Telegram in this case, but can be any website) adds a specifically crafted text to the clipboard and then tricks the user into pasting that text into the Windows Run dialog, which can be used to execute any command(s), basically like a command prompt.
The text the attacker places in the clipboard is actually a command to download and execute an executable file from the internet, giving the attacker remote access to the system or whatever the payload happens to be.
It’s a pretty clever trick. Perhaps MS should consider adding a warning before allowing pasting into the Run dialog or cmd for the first time. They already have this in the Edge browser console.
Yeah I get that, but why return that information in the HTTP response?
Interesting read. One thing I don’t fully get is why does Cloudflare have the airport code in the response headers anyway? I cannot think of a single reason to have it in the response.
the malicious package was added to PyPi last year in June and has been downloaded 885 times so far.
That’s a pretty long time to go undetected. Makes you wonder how many other similar packages there currently are, yet to be discovered, in PyPi, npm and others.
I would imagine the flight recorders keep recording as long as there’s any power left in the aircraft. So if there was a bird strike as they suspect, and if that caused a dual engine failure, the recorders should still work, right? So there has to be more to the story than a simple bird strike.
I think this time the manufacturers will be pretty quick at adopting the new branding; if there’s two competing devices next to each other, one marked with “USB 3.2 Gen 2x2”, which no one understands, and other one with “USB 20Gbps” I think the latter will sell more.
I do it if I’ll be away more than just couple of days. Some of my hardware is pretty old at this point and I’m just a little paranoid about the possible fire hazard. I’m sure it would be fine to leave everything running but no real harm in shutting it down either.
Sure. I’m not recommending anything, just stating what has worked for me. For simple use cases, I think most of the DDNS services are pretty much the same anyway and it’s easy to switch to an another one if one stops working for some reason.
I’ve been using No-IP free plan for years without issues. Inputted the credentials to my routers DDNS client and then basically forgot about it. Free users need to confirm their account once a month via email but that’s just one click.
If your domain registrar happens to have an API to update DNS entries, you could implement DDNS yourself by writing a simple automated script to check the external IP (e.g. via ipify.org) and if it’s changed from the last check then call the API to update the DNS entries.
My main issue with CVEs nowadays is that it seems one gets generated even when 99% of the use cases for the software in question are not vulnerable as the vulnerability requires a very specific configuration/circumstances/etc. to be exploitable. In large projects with lots of dependencies this adds a lot of noice and there’s a risk that actual important CVEs go unnoticed.
Well, just by looking at responses in this thread, the controversy most definitely still exists. Some seem to like it and others hate it fiercely.
Cool, thanks for the explanation.
a single application that gets bundled with all necessary dependencies including versioning
Does that mean that if I were to install Application A and Application B that both have dependency to package C version 1.2.3 I then would have package C (and all of its possible sub dependencies) twice on my disk? I don’t know how much external dependencies applications on Linux usually have but doesn’t that have the potential to waste huge amounts of disk space?
Sorry to ask, I’m not really familiar with Linux desktop nowadays: I’ve seen Flatpak and Flathub talked about a lot lately and it seems to be kinda a controversial topic. Anyone wanna fill me in what’s all the noice about? It’s some kind of cross-distro “app store” thingy?
I think it would be useful with updates when setting up a new phone or after a factory reset when basically every app needs an update
Google Tasks. Does not have all the features of other apps but does everything I need and was preinstalled
Nope. But as mentioned in the article, some support for display servers might be coming in Android 16.
Networking does work. I was able to install packages using apt and also ping machines on my local network. Could be useful.
I guess in a pinch it could be used to ssh into other machines. However, I’m sure there are plenty of SSH clients available for Android, which are much more lightweight solution than running a whole VM.