Bug Bounties May Sound Great, But Aren’t Always Handled Well
Bug bounty programs setup by large corporations to reward and recognize security researchers for properly reporting new bugs and security vulnerabilities is a great concept, but in practice isn’t always handled well. Security researcher Adam Zabrocki recently shared the troubles he encountered in the bug bounty handling at Google for Chrome OS and in turn for Intel with it having been an i915 Linux kernel graphics driver vulnerability… ⌘ Read more
Siphon
⌘ Read more
↳
In-reply-to
»
git-bug
⤋ Read More
Ah git-bug! Ive chatted with the creator when he was working on the graphql parts. Its working with git objects directly sorta like how git-repo does code reviews. Its a pretty neat idea for storing data along side the branches. I believe they don’t add a disconnected branch to avoid data getting corrupted by merging branches or something like that.
↳
In-reply-to
»
@movq yeah.. i rewrote it a few times because i thought there was something breaking.. but was mistaken
though now i am seeing a weird cache corruption.. that seems to come and go.
Media
⤋ Read More
I have found the issue with this very subtle bug.. the cache was returning a slice that would be mutated. The mutation involved appending an item and then sorting. because the returned slice is just a pointer+length the sort would modify the same memory.
CACHE Returned slice
original: [A B C D] [A B C D]
add: [A B C D] E [A B C D E]
sort: [E A B C] D [A B C D E]
fix found here:
https://git.mills.io/yarnsocial/yarn/pulls/1072
↳
In-reply-to
»
Hmmm, after fixing my feeds to move the
⤋ Read More
<author> from <entry>s to <feed>, Newsboat marked all old affected articles as unread. IDs were untouched, of course. Need to investigate that. Had something similar happen with another feed change I did some time ago. Can't remember what that was, though.
Great, last system update broke something, building from current master I get:
/usr/bin/ld: /lib/x86_64-linux-gnu/libm.so.6: unknown type [0x13] section `.relr.dyn'
What the heck!?
And it also appears that I’m not really able to reproduce this unread bug. It only kind of works a single time. And it has something to do with my config. Not sure what it is yet. I also noticed that the <updated> timestamps in the entries somehow shifted between the old and new feed. Da fuq!?
Astronomer Hotline
⌘ Read more
@eldersnake@yarn.andrewjvpowell.com Is there still an issue (sortt was out for most of the day) with the We 💚 Privacy Club pod? 🤔 I hope no weird bug has been introduced 😢 AFIK none of the auth/session handling code has been touched in quite some time.
#BUG (or feature?) when I hit reply twtxt.net no longer fill in the @mention of the persons who’s post I’m replying to…
Oof! I found a bug on Yarn’s Markdown rendering, @prologic@twtxt.net. See OP.
@quark@ferengi.one Pinging @movq@www.uninformativ.de, in case it is a bug.
↳
In-reply-to
»
My kid just uncovered a bug in a program I wrote by grabbing my laptop and smacking the keyboard a bunch. Biological input fuzzing; a real-life chaos monkey.
⤋ Read More
It did! And I fixed the bug last night. And now I’m curious how your pod deals with spam. 👆🏼
My kid just uncovered a bug in a program I wrote by grabbing my laptop and smacking the keyboard a bunch. Biological input fuzzing; a real-life chaos monkey.
Fixed another bug in my finger client: rfc1288 says lines have to end with crlf, but I was just sending lf.
Fixed a bug. Found a new bug in yesterday’s work. Fixed that bug.
@prologic@twtxt.net @jlj@twt.nfld.uk @movq@www.uninformativ.de
/p/tmp > git clone https://www.uninformativ.de/git/lariza.git Mon May 24 23:48:18 2021
Cloning into 'lariza'...
/p/tmp > tree lariza/ 12.5s Mon May 24 23:48:32 2021
lariza/
├── BUGS
├── CHANGES
├── LICENSE
├── Makefile
├── PATCHES
├── README
├── browser.c
├── man1
│ ├── lariza.1
│ └── lariza.usage.1
├── user-scripts
│ └── hints.js
└── we_adblock.c
2 directories, 11 files
↳
In-reply-to
»
I just timed it: 59 seconds for my Raspberry Pi to boot, 33 of which is waiting for my keyboard firmware to initialize. That's just absurd.
⤋ Read More
Unrelated: my first response shows a rendering bug on your site: it’s dropping a backslash. Hard to mix markdown and genuine plain text.
@prologic@twtxt.net Bug in your profile links: it’s repeating a segment. For example, your face tries to get to https://twtxt.net/user/https://twtxt.net/user/prologic/twtxt.txt
@xuu@txt.sour.is @prologic@twtxt.net @thewismit@twtxt.psynergy.io ah.. probably a bug with the re parser. looks like i can do it without the <>’s with lex
Printer bug + Exchange https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin/