SL
@samleh.bsky.social
Today I've developed a Proof of Concept #PoC for a Denial of Service #DoS #vulnerability discovered during an investigation into a service issue earlier today. The PoC can reliably trigger either a process crash or an infinite loop leading to resource exhaustion.
October 27, 2025 at 4:49 PM
Today I've developed a Proof of Concept #PoC for a Denial of Service #DoS #vulnerability discovered during an investigation into a service issue earlier today. The PoC can reliably trigger either a process crash or an infinite loop leading to resource exhaustion.
#GIMP #crash #bug - Denial of service attack - pleroma.envs.net/notice/AytbO... - Just drop the file in directory and it crashes GIMP when directory is accessed. - Duh!
Sami Lehtinen (@sl@pleroma.envs.net)
Why #GIMP #AppImage #crashes on #Linux then trying to export / #save files to #tmpfs?A #bug ? /tmp/.mount_GIMP-3ChpMMA/usr/lib/x86_64-linux-gnu/gimp/3.0/plug-ins/script-fu/script-fu: fatal error: G...
pleroma.envs.net
October 5, 2025 at 10:50 AM
#GIMP #crash #bug - Denial of service attack - pleroma.envs.net/notice/AytbO... - Just drop the file in directory and it crashes GIMP when directory is accessed. - Duh!
I've updated my public keys. In future #minisign will be used to #sign important information, instead of #OpenPGP.
sami-lehtinen.net/public-keys
Sami Lehtinen minisign key: RWRzsYlYTs5IJRJqnEoFRpSbhJBaeym9zb2bs7hMbj9rOZrNYC+HYmrY
sami-lehtinen.net/public-keys
Sami Lehtinen minisign key: RWRzsYlYTs5IJRJqnEoFRpSbhJBaeym9zb2bs7hMbj9rOZrNYC+HYmrY
Sami Lehtinen - Public keys
My Public Keys
sami-lehtinen.net
September 20, 2025 at 3:46 PM
I've updated my public keys. In future #minisign will be used to #sign important information, instead of #OpenPGP.
sami-lehtinen.net/public-keys
Sami Lehtinen minisign key: RWRzsYlYTs5IJRJqnEoFRpSbhJBaeym9zb2bs7hMbj9rOZrNYC+HYmrY
sami-lehtinen.net/public-keys
Sami Lehtinen minisign key: RWRzsYlYTs5IJRJqnEoFRpSbhJBaeym9zb2bs7hMbj9rOZrNYC+HYmrY
Reposted by SL
Many EU member states are arguing for forcing WhatsApp to inspect all our photos w/AI. If the AI is in any “doubt” if it might be child pornography, your photo, location & other details get reported to Europol and a local police force. This is a terrible plan: berthub.eu/articles/pos... #chatcontrol
Chatcontrol 2025 edition in Brief - Bert Hubert
In short, led by Denmark, many EU member states are arguing for forcing WhatsApp/Signal/etc to inspect all our photos and links, using AI. If the AI is in any “doubt” if this might be child pornograph...
berthub.eu
August 17, 2025 at 12:35 PM
Many EU member states are arguing for forcing WhatsApp to inspect all our photos w/AI. If the AI is in any “doubt” if it might be child pornography, your photo, location & other details get reported to Europol and a local police force. This is a terrible plan: berthub.eu/articles/pos... #chatcontrol
The renewed push for "Chat Control" legislation has convinced me to renew everything related to dnskv.com. - No data can be subpoenaed from the server, except active data blobs. These reveal neither source nor destination. #privacy #dnskv #security #anonymity
dnskv.com - DNS Key Value Storage
Store and retrieve data over raw DNS protocol and test for DNS leaks
dnskv.com
August 16, 2025 at 7:18 PM
The renewed push for "Chat Control" legislation has convinced me to renew everything related to dnskv.com. - No data can be subpoenaed from the server, except active data blobs. These reveal neither source nor destination. #privacy #dnskv #security #anonymity
Remember #Zero #Trust principles when using #cloud #services. The conclusions in the "lessons learned" section are logical, but they should not be a surprise; they ought to be obvious to everyone.
www.seuros.com/blog/aws-del...
www.seuros.com/blog/aws-del...
AWS deleted my 10-year account and all data without warning
After 10 years as an AWS customer and open-source contributor, they deleted my account and all data with zero warning. Here's how AWS's 'verification' process became a digital execution, and why you s...
www.seuros.com
August 6, 2025 at 1:45 PM
Remember #Zero #Trust principles when using #cloud #services. The conclusions in the "lessons learned" section are logical, but they should not be a surprise; they ought to be obvious to everyone.
www.seuros.com/blog/aws-del...
www.seuros.com/blog/aws-del...
Reposted by SL
The new NIST SP 800-63-4 is here! 🤩
If you have ANY interest in passwords and digital authentication, this is mandatory reading!
#PasswordsCon
www.nist.gov/blogs/cybers...
If you have ANY interest in passwords and digital authentication, this is mandatory reading!
#PasswordsCon
www.nist.gov/blogs/cybers...
Let’s get Digital! Updated Digital Identity Guidelines are Here!
www.nist.gov
August 1, 2025 at 8:36 PM
The new NIST SP 800-63-4 is here! 🤩
If you have ANY interest in passwords and digital authentication, this is mandatory reading!
#PasswordsCon
www.nist.gov/blogs/cybers...
If you have ANY interest in passwords and digital authentication, this is mandatory reading!
#PasswordsCon
www.nist.gov/blogs/cybers...
Good battle story from DBA / sysadmin.
matrix.org/blog/2025/07...
matrix.org/blog/2025/07...
How we discovered, and recovered from, Postgres corruption on the matrix.org homeserver
Matrix, the open protocol for secure decentralised communications
matrix.org
July 23, 2025 at 5:05 PM
Good battle story from DBA / sysadmin.
matrix.org/blog/2025/07...
matrix.org/blog/2025/07...
Why is the GRUB 2 menu so slow on a UHD display with an Nvidia graphics card? This, combined with the input lag, creates a maddening effect. After every key press, you have to wait for several seconds, maybe hit backspace, and then wait again... #GRUB #Nvidia #UHD #bootmenu #linux #joy #lag
Sami Lehtinen (@sl@pleroma.envs.net)
Why is the GRUB 2 menu so slow on a UHD display with an Nvidia graphics card? There is a lag of about one second on every action, and the screen drawing is incredibly slow. It also seems to be usin...
pleroma.envs.net
July 15, 2025 at 5:23 AM
Bert has written another excellent analysis on: European Cloud Modules. His argument that this modular approach is what the EU cloud requires will resonate with anyone familiar with the limitations of the current providers.
berthub.eu/articles/pos...
#EU #Cloud #European
berthub.eu/articles/pos...
#EU #Cloud #European
European Cloud Modules - Bert Hubert
Advanced cloud services are based on good hardware, decent software, and surrounding infrastructure that combines these both into solid solutions that can be provided as a business activity.
Europe is...
berthub.eu
July 6, 2025 at 5:17 AM
Bert has written another excellent analysis on: European Cloud Modules. His argument that this modular approach is what the EU cloud requires will resonate with anyone familiar with the limitations of the current providers.
berthub.eu/articles/pos...
#EU #Cloud #European
berthub.eu/articles/pos...
#EU #Cloud #European
Reposted by SL
Is "sovereign washing" the new "privacy washing"?
Microsoft, Google, AWS published “sovereign clouds”.
❌ BUT digital sovereignty doesn’t come from shiny new product names.
✅ Digital sovereignty comes from full European legal and technical control.
👉 tuta.com/blog/soverei...
Microsoft, Google, AWS published “sovereign clouds”.
❌ BUT digital sovereignty doesn’t come from shiny new product names.
✅ Digital sovereignty comes from full European legal and technical control.
👉 tuta.com/blog/soverei...
June 30, 2025 at 10:56 AM
Is "sovereign washing" the new "privacy washing"?
Microsoft, Google, AWS published “sovereign clouds”.
❌ BUT digital sovereignty doesn’t come from shiny new product names.
✅ Digital sovereignty comes from full European legal and technical control.
👉 tuta.com/blog/soverei...
Microsoft, Google, AWS published “sovereign clouds”.
❌ BUT digital sovereignty doesn’t come from shiny new product names.
✅ Digital sovereignty comes from full European legal and technical control.
👉 tuta.com/blog/soverei...
A GitHub binary download rate throttled? Has anyone noticed if GitHub implements some kind of download speed limit? And do downloads frequently seem to be restricted to around 100 KiB/s ~1Mbit/s. The speed then constantly fluctuates around that level. #github #download #speed #throttling
June 15, 2025 at 5:13 AM
A GitHub binary download rate throttled? Has anyone noticed if GitHub implements some kind of download speed limit? And do downloads frequently seem to be restricted to around 100 KiB/s ~1Mbit/s. The speed then constantly fluctuates around that level. #github #download #speed #throttling
MoU between SSSCIP and NCSC-FI - #Finland and #Ukraine strengthen collaboration in promoting #Cyber #Security
www.kyberturvallisuuskeskus.fi/en/news/mou-...
www.kyberturvallisuuskeskus.fi/en/news/mou-...
MoU between SSSCIP and NCSC-FI - Finland and Ukraine strengthen collaboration in promoting Cyber Security | NCSC-FI
Finland and Ukraine are strengthening their cooperation in promoting cyber security and cyber protection. The countries signed a Memorandum of Understanding (MoU) agreement, which aims to reinforce co...
www.kyberturvallisuuskeskus.fi
June 12, 2025 at 2:21 PM
MoU between SSSCIP and NCSC-FI - #Finland and #Ukraine strengthen collaboration in promoting #Cyber #Security
www.kyberturvallisuuskeskus.fi/en/news/mou-...
www.kyberturvallisuuskeskus.fi/en/news/mou-...
Reposted by SL
Spy agencies will use the web portal not just to search through reams of private data, but also run them through AI tools for further analysis. buff.ly/vas4kNs
May 22, 2025 at 9:31 PM
Spy agencies will use the web portal not just to search through reams of private data, but also run them through AI tools for further analysis. buff.ly/vas4kNs
Reposted by SL
ChatGPT's new dossier-from-your-chats feature is a huge change to how it works, and as a power user who tries to control all of the model's input I don't like it at all
“30 messages are good interaction quality (25%); 9 messages are bad interaction quality (7%)” […]
“30 messages are good interaction quality (25%); 9 messages are bad interaction quality (7%)” […]
Original post on fedi.simonwillison.net
fedi.simonwillison.net
May 21, 2025 at 2:51 PM
ChatGPT's new dossier-from-your-chats feature is a huge change to how it works, and as a power user who tries to control all of the model's input I don't like it at all
“30 messages are good interaction quality (25%); 9 messages are bad interaction quality (7%)” […]
“30 messages are good interaction quality (25%); 9 messages are bad interaction quality (7%)” […]
Reposted by SL
We're ready for Microsoft Recall and the automatic screenshots it takes of everything on your desktop.
Signal Desktop on Windows now includes support for a new "Screen security" feature designed to block screenshots of your Signal chats.
signal.org/blog/signal-...
Signal Desktop on Windows now includes support for a new "Screen security" feature designed to block screenshots of your Signal chats.
signal.org/blog/signal-...
By Default, Signal Doesn't Recall
Signal Desktop now includes support for a new “Screen security” setting that is designed to help prevent your own computer from capturing screenshots of your Signal chats on Windows. This setting is a...
signal.org
May 21, 2025 at 4:46 PM
We're ready for Microsoft Recall and the automatic screenshots it takes of everything on your desktop.
Signal Desktop on Windows now includes support for a new "Screen security" feature designed to block screenshots of your Signal chats.
signal.org/blog/signal-...
Signal Desktop on Windows now includes support for a new "Screen security" feature designed to block screenshots of your Signal chats.
signal.org/blog/signal-...
Reposted by SL
If your library doesn't have any documentation, it can't have any bugs simonwillison.net/2025/May/22/...
May 22, 2025 at 1:59 AM
If your library doesn't have any documentation, it can't have any bugs simonwillison.net/2025/May/22/...
Reposted by SL
Our societies and governments now largely run on American proprietary big-tech platforms. Many of us want to decrease this dependency, or even end it altogether. Here I wrote up a bunch of things we are doing wrong, and what the open world could do better: berthub.eu/articles/pos...
What we in the open world are messing up in trying to compete with big tech - Bert Hubert
Our societies and governments now largely run on American proprietary big-tech platforms. Many of us want to decrease this dependency, or even end it altogether.
Everyone in the open tech scene is ful...
berthub.eu
May 18, 2025 at 1:17 PM
Our societies and governments now largely run on American proprietary big-tech platforms. Many of us want to decrease this dependency, or even end it altogether. Here I wrote up a bunch of things we are doing wrong, and what the open world could do better: berthub.eu/articles/pos...
Reposted by SL
Microsoft was supposed to deliver a special version of Azure for EU cloud providers. Missing that deadline means the possibility of legal action against the tech org if it can't get a "commercially equivalent solution" ready for them in less than 2 months' time. Tick tick...
reg.cx/4gNa
reg.cx/4gNa
Microsoft blows deadline for special Azure for EU hosters
: Lawyers prepare to get suited and booted if 'Plan B' to address unfair competition claims is a no show
reg.cx
May 16, 2025 at 10:55 AM
Microsoft was supposed to deliver a special version of Azure for EU cloud providers. Missing that deadline means the possibility of legal action against the tech org if it can't get a "commercially equivalent solution" ready for them in less than 2 months' time. Tick tick...
reg.cx/4gNa
reg.cx/4gNa
Reposted by SL
Introducing oniux: Kernel-level Tor isolation for any Linux app. This torsocks alternative uses namespaces to isolate Linux applications over the Tor network and eliminate data leaks.
blog.torproject.org/introducing-...
blog.torproject.org/introducing-...
Introducing oniux: Kernel-level Tor isolation for any Linux app | Tor Project
Introducing oniux: Kernel-level Tor isolation for any Linux app. This torsocks alternative uses namespaces to isolate Linux applications over the Tor network and eliminate data leaks.
blog.torproject.org
May 14, 2025 at 7:31 PM
Introducing oniux: Kernel-level Tor isolation for any Linux app. This torsocks alternative uses namespaces to isolate Linux applications over the Tor network and eliminate data leaks.
blog.torproject.org/introducing-...
blog.torproject.org/introducing-...
Reposted by SL
Gemini 2.5 now applies the 75% cached token discount automatically - previously you had to manually configure it
Potentially big cost savings here for applications that run prompts against the same long context, or continue existing conversations […]
Potentially big cost savings here for applications that run prompts against the same long context, or continue existing conversations […]
Original post on fedi.simonwillison.net
fedi.simonwillison.net
May 9, 2025 at 3:45 PM
Gemini 2.5 now applies the 75% cached token discount automatically - previously you had to manually configure it
Potentially big cost savings here for applications that run prompts against the same long context, or continue existing conversations […]
Potentially big cost savings here for applications that run prompts against the same long context, or continue existing conversations […]
Reposted by SL
I've written lots of words on "the cloud" and specifically Europe's woes. In the post below I tie many articles together into a hopefully useful overview. It may be good to know that nothing I write on the cloud is original, I mostly hope to report things as they are: berthub.eu/articles/pos...
Cloud Overview - Bert Hubert
Over the past few years I’ve written a lot about the cloud, and what it means for Europe. Here I want to pull the various articles together into a coherent story. Note, nothing what follows is in any ...
berthub.eu
May 8, 2025 at 11:19 AM
I've written lots of words on "the cloud" and specifically Europe's woes. In the post below I tie many articles together into a hopefully useful overview. It may be good to know that nothing I write on the cloud is original, I mostly hope to report things as they are: berthub.eu/articles/pos...
A great post by Bert about European cloud strategy - berthub.eu/articles/pos...
A coherent European/non-US cloud strategy: building railroads for the cloud economy - Bert Hubert
In the earlier post ‘But how to get to that European cloud?’ I alluded to a coherent strategy that might get us to such a non-US cloud. In the present article I hope to clarify what this could mean, a...
berthub.eu
May 7, 2025 at 4:22 PM
A great post by Bert about European cloud strategy - berthub.eu/articles/pos...