Load site modules...
lade...
random avatar

dgl - Network

Posts Subscribe

🍋‍🟩 The ChatGPT app can happily render a lime, but it insists it doesn't exist.

https://infosec.exchange/@dgl/11...

🍋‍🟩 The ChatGPT app can happily render a lime, but it insists it doesn't exist.

29.1.2025 02:39🍋‍🟩 The ChatGPT app can happily render a lime, but it insists it doesn't exist.
https://infosec.exchange/@dgl/11...

If only solving my problem was this simple.

https://infosec.exchange/@dgl/11...

If only solving my problem was this simple.

16.1.2025 23:19If only solving my problem was this simple.
https://infosec.exchange/@dgl/11...

New blog post: Ghostty 1.0.0 terminal security; https://dgl.cx/2024/12/ghostty-terminal-title (CVE-2024-56803)

https://infosec.exchange/@dgl/11...

New blog post: Ghostty 1.0.0 terminal security; dgl.cx/2024/12/ghostty-termina (CVE-2024-56803)

31.12.2024 23:35New blog post: Ghostty 1.0.0 terminal security; https://dgl.cx/2024/12/ghostty-terminal-title (CVE-2024-56803)
https://infosec.exchange/@dgl/11...

New blog post: restricting SFTP access with Linux user namespaces. Wherein I pass off a pretty awful shell script as a good...

https://infosec.exchange/@dgl/11...

New blog post: restricting SFTP access with Linux user namespaces. Wherein I pass off a pretty awful shell script as a good idea.

dgl.cx/2024/10/restricted-sftp

26.10.2024 06:16New blog post: restricting SFTP access with Linux user namespaces. Wherein I pass off a pretty awful shell script as a good...
https://infosec.exchange/@dgl/11...

also, locale specific escaping, thanks Windows.

https://infosec.exchange/@dgl/11...

also, locale specific escaping, thanks Windows.

25.6.2024 16:02also, locale specific escaping, thanks Windows.
https://infosec.exchange/@dgl/11...

I do like bugs that involve Unicode rehashes of 10 year old bugs: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

https://infosec.exchange/@dgl/11...

I do like bugs that involve Unicode rehashes of 10 year old bugs: labs.watchtowr.com/no-way-php-

25.6.2024 16:02I do like bugs that involve Unicode rehashes of 10 year old bugs: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
https://infosec.exchange/@dgl/11...

Saw xxd in colour in a FOSDEM talk (James Bottomley's one on TPMs). I know there's plenty of hex editors, but cool to have it built...

https://infosec.exchange/@dgl/11...

Saw xxd in colour in a FOSDEM talk (James Bottomley's one on TPMs). I know there's plenty of hex editors, but cool to have it built in to a standard tool. (Needs a pretty recent xxd, it's from github.com/vim/vim/pull/12131)

5.2.2024 03:05Saw xxd in colour in a FOSDEM talk (James Bottomley's one on TPMs). I know there's plenty of hex editors, but cool to have it built...
https://infosec.exchange/@dgl/11...

Open source licences are one of those cans of worms I mostly try to avoid. Except it really annoys me when I want to borrow some code and I...

https://infosec.exchange/@dgl/11...

Open source licences are one of those cans of worms I mostly try to avoid. Except it really annoys me when I want to borrow some code and I can't work out what the licence is.

If you're writing sample code or something small, you should include a . However which to use? One of the *BSD or MIT licences is usually a good choice (but be careful which version!), they place minimal requirements on you. However the requirement to include a copyright notice is just annoying for everyone involved (when the code is small). Android Toybox (en.wikipedia.org/wiki/Toybox) solved this with the Zero-clause BSD licence (aka ); it is a modification of the ISC license, not a BSD one, but the name doesn't matter really.

My attempt to make this easier to use is now available at ©.st (think copyright street? © can be obtained with Option+G on a Mac, Ctrl+Atl+C on Windows, Compose o c on X11 or use the emoji selector). It's really just a way to make it easier to apply 0BSD, as it gives you some very short copy pastable comment lines. Consider 0BSD next time you write some small piece of code.

Also you can use it to test your support.

While 0BSD may not be perfect, I believe it (or MIT-0, which is nearly identical) achieves the best balance of all the "do what you want" licences. I'm mainly talking about "small" pieces of code here; for larger projects it's understandable the licence choice is more nuanced and you may want Apache, , etc. This is not legal advice. Talk to a lawyer if in doubt.

3.11.2023 23:55Open source licences are one of those cans of worms I mostly try to avoid. Except it really annoys me when I want to borrow some code and I...
https://infosec.exchange/@dgl/11...

At least fast.com lets you know when the local Netflix cache is really broken. Images show fast.com vs speedtest.net....

https://infosec.exchange/@dgl/11...

At least fast.com lets you know when the local Netflix cache is really broken. Images show fast.com vs speedtest.net. ("ipv4-c003-hba001-launtel-isp.1" seems sad, in case anyone I know can have a look.)

23.10.2023 00:03At least fast.com lets you know when the local Netflix cache is really broken. Images show fast.com vs speedtest.net....
https://infosec.exchange/@dgl/11...

Escape character injection on Hacker News: https://news.ycombinator.com/item?id=37963815

https://infosec.exchange/@dgl/11...

Escape character injection on Hacker News: news.ycombinator.com/item?id=3

21.10.2023 03:23Escape character injection on Hacker News: https://news.ycombinator.com/item?id=37963815
https://infosec.exchange/@dgl/11...

curl https://infosec.exchange/@dgl/111185347141152699

https://infosec.exchange/@dgl/11...

curl infosec.exchange/@dgl/11118534

6.10.2023 00:56curl https://infosec.exchange/@dgl/111185347141152699
https://infosec.exchange/@dgl/11...

[31mred

https://infosec.exchange/@dgl/11...

[31mred

6.10.2023 00:55[31mred
https://infosec.exchange/@dgl/11...

I've posted a write up on my terminal security research on the G-Research site:...

https://infosec.exchange/@dgl/11...

I've posted a write up on my terminal security research on the G-Research site: gresearch.com/blog/article/g-r -- this has been nearly a year of research (although not full time) and 4 talks! There is also a more technical write-up at dgl.cx/2023/09/ansi-terminal-s that goes into all the details and some so-far-unpublished things!

4.10.2023 21:52I've posted a write up on my terminal security research on the G-Research site:...
https://infosec.exchange/@dgl/11...

RFC 9413 was published back in June; https://datatracker.ietf.org/doc/html/rfc9413 -- it makes the argument that modern protocol development...

https://infosec.exchange/@dgl/11...

RFC 9413 was published back in June; datatracker.ietf.org/doc/html/ -- it makes the argument that modern protocol development should think carefully about how to interpret the robustness principle. More interesting is the draft name at one point was "draft-thomson-postel-was-wrong" which seems to have been toned down for the final RFC.

6.9.2023 01:08RFC 9413 was published back in June; https://datatracker.ietf.org/doc/html/rfc9413 -- it makes the argument that modern protocol development...
https://infosec.exchange/@dgl/11...

https://infosec.exchange/@dgl/11...

31.8.2023 05:30
https://infosec.exchange/@dgl/11...

Does anyone know how macOS's malware scanning works or how to report issues? They appear to have a signature for something like...

https://infosec.exchange/@dgl/11...

Does anyone know how macOS's malware scanning works or how to report issues? They appear to have a signature for something like 'eval "exec ..."' in a shell script... which github.com/dgl/paste.sh/blob/m triggers (minimal repo: paste.sh/p7KKqMU2m, chmod +x that and ./script and it will trigger).

31.8.2023 05:09Does anyone know how macOS's malware scanning works or how to report issues? They appear to have a signature for something like...
https://infosec.exchange/@dgl/11...

For once a non-security terminal thing. I'm sure someone else has written this but I couldn't find it; here's a simple script...

https://infosec.exchange/@dgl/11...

For once a non-security terminal thing. I'm sure someone else has written this but I couldn't find it; here's a simple script that makes commit IDs in "git log" clickable (in many terminals): gist.github.com/dgl/ef848e75c0

31.7.2023 06:27For once a non-security terminal thing. I'm sure someone else has written this but I couldn't find it; here's a simple script...
https://infosec.exchange/@dgl/11...

Thank you to everyone who attended my @everythingopen talk. I've published the Docker image that I demoed which can be used to test...

https://infosec.exchange/@dgl/11...

Thank you to everyone who attended my @everythingopen talk. I've published the Docker image that I demoed which can be used to test whether you're vulnerable to the kubectl issue (CVE-2021-25743). It includes a selection of terminal exploits so can achieve cross platform code execution on several vulnerable terminals -- all patched now, so make sure you update your terminals!

github.com/dgl/houdini-kubectl

14.3.2023 04:37Thank you to everyone who attended my @everythingopen talk. I've published the Docker image that I demoed which can be used to test...
https://infosec.exchange/@dgl/11...

Just used ChatGPT to write some OpenBSD pf rules. It's not perfect, but it's far quicker than either carefully reading the manpage...

https://infosec.exchange/@dgl/10...

Just used ChatGPT to write some OpenBSD pf rules. It's not perfect, but it's far quicker than either carefully reading the manpage or searching for roughly the right example and then modifying it. The main issue right now is it sometimes is too sure of the answer it gives, but provided you're able to apply a filter to the answer, it points you in the right direction faster than anything else.

It's amazing how it can handle not just common programming languages but many configuration formats too (it's okay at Prometheus rules, needs some training in places). I can see with a bit more training this could speed up the usual work of an SRE, as it can not just point you at the right search terms to find more information, but the right syntax.

So many applications, e.g. I wonder what would happen if you trained this on a companies internal documentation -- it could help new starters get up to speed so much quicker.

8.12.2022 00:29Just used ChatGPT to write some OpenBSD pf rules. It's not perfect, but it's far quicker than either carefully reading the manpage...
https://infosec.exchange/@dgl/10...

Content warning:DNS and GitHubThe new integrated GitHub code search is nice, it properly supports regexps (mostly, it's still beta).I...

https://infosec.exchange/@dgl/10...

Content warning:DNS and GitHub


The new integrated GitHub code search is nice, it properly supports regexps (mostly, it's still beta).

I was wondering why monkeys are such a popular query[1] in Wikipedia over DNS (dgl.cx/wikipedia-dns). The answer is.... camel is unit testing me: github.com/search?q=%22monkey. (may need to be in code search beta to see the full results there).

To be clear this isn't high enough usage to really care or complain, more amusing than anything. Please do consider not calling services in unit tests, someone somewhere is probably running it.

[1]: I don't actually keep logs before someone asks what the log retention policy is, I was just running it in a terminal to debug something.

22.11.2022 01:42Content warning:DNS and GitHubThe new integrated GitHub code search is nice, it properly supports regexps (mostly, it's still beta).I...
https://infosec.exchange/@dgl/10...
Subscribe
To add news/posts to your profile here, you must add a link to a RSS-Feed to your webfinger. One example how you can do this is to join Fediverse City.
         
Webfan Website Badge
Nutzungsbedingungen   Datenschutzerklärung  Impressum
Webfan | @Web pages | Fediverse Members

⬆️

⬇️