infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@adamshostack @bert_hubert @tasket Those problems don't seem to be dependent on running on a cloud platform though? We implemented most of these things on-prem - admittedly with the help of software that was inspired/made by cloud platforms.
this post | permalink
@sassdawe https://hvg.hu/itthon/20250315_orban-viktor-poloska-marcius-15-unnepi-beszed-magyar-peter-tavaszi-nagytakaritas-ebx

(I have no idea how effinbirds got into this thread, sry)
this post | permalink
The prime minister of #Hungary just called judges, journalists and NGO's "bedbugs" in his 1848 memorial speech.
this post | permalink
@effinbirds thanks, I also had trouble finding it!
this post | permalink
Recursion kills: The story behind CVE-2024-8176 / Expat 2.7.0 released, includes security fixes

https://blog.hartwork.org/posts/expat-2-7-0-released/

@hanno asks for expert xdev review on oss-security:

https://www.openwall.com/lists/oss-security/2025/03/14/7
this post | permalink
This is the out-of-bands read, that didn't get a CVE apparently:

https://github.com/php/php-src/security/advisories/GHSA-wg4p-4hqh-c3g9

#PHP #NoCVE
this post | permalink
PHP security releases 8.4.5, 8.3.19, 8.2.28, 8.1.32

https://www.openwall.com/lists/oss-security/2025/03/14/6

CVE data collected by Alan Coopersmith:

"Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes
Use-After-Free). (CVE-2024-11235)
https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477

Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when
requesting a redirected resource). (CVE-2025-1219)
https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc

Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic
auth header). (CVE-2025-1736)
https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528

Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to
1024 bytes). (CVE-2025-1861)
https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff

Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers
without colon). (CVE-2025-1734)
https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44

Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not
handle folded headers). (CVE-2025-1217)
https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g "

#PHP
this post | permalink
@joern
this post | permalink
@revng I don't think external links are a problem, but without an algorithm and low number of followers posts can easily get buried in peoples timelines (so reposting can be a good idea). Hashtags can help a lot, because people can follow those.

Anything I missed @shellsharks ?
this post | permalink
@effinbirds Damn I need this!
this post | permalink
Next Page