This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.
Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.
Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.
@christopherkunz AFAIK Linux kernel CVE’s are being assigned to old vulns as a result of recently becoming a CNA.
Also CC @thezdi about the Foxit case.
This latest writeup by @joern mentions the #documentation of Go’s filepath.Clean is “not really obvious” when dealing with relative paths.
I think this is something all #golang devs should be aware of to avoid similar vulnerabilities.
The language is kind of amazing:
This makes the docs technically correct (“the best kind of correct!”), but even with the solution at hand it took some head scratching to figure out the true meaning.