Ry*
@minitech.bsky.social
Reposted by Ry*
my new blogpost is out!!
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
SVG Filters - Clickjacking 2.0
A novel and powerful twist on an old classic.
lyra.horse
December 4, 2025 at 2:03 PM
my new blogpost is out!!
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
Reposted by Ry*
When your ambassador is SO deranged that Time Magazine says, "Yeah, that quote sounds real".
November 27, 2025 at 9:12 PM
When your ambassador is SO deranged that Time Magazine says, "Yeah, that quote sounds real".
Text and files are terrible interfaces for things, so naturally there are entire systems designed around “everything is a file” and “everything is text”
October 31, 2025 at 10:07 PM
Text and files are terrible interfaces for things, so naturally there are entire systems designed around “everything is a file” and “everything is text”
Reposted by Ry*
In an old ad for board game Scattergories in Spain a player was shown flouncing out while anothet said “OK, we’ll accept ‘octopus’ as a pet”.
“Aceptamos pulpo” has now entered the language in the meaning of “that’s a bit of a stretch but let’s go with it just for the sake of argument”.
“Aceptamos pulpo” has now entered the language in the meaning of “that’s a bit of a stretch but let’s go with it just for the sake of argument”.
October 8, 2025 at 10:55 AM
In an old ad for board game Scattergories in Spain a player was shown flouncing out while anothet said “OK, we’ll accept ‘octopus’ as a pet”.
“Aceptamos pulpo” has now entered the language in the meaning of “that’s a bit of a stretch but let’s go with it just for the sake of argument”.
“Aceptamos pulpo” has now entered the language in the meaning of “that’s a bit of a stretch but let’s go with it just for the sake of argument”.
Reposted by Ry*
Reposted by Ry*
We're now finding out that as many as 70,000 people had their government IDs provided to prove their ages leaked by Discord. Like I wrote last week, this is an inherent risk (and made greater by a rushed process) of getting platforms to do age checks
Discord says 70,000 users may have had their government IDs leaked in breach
The ID pics had been submitted as part of age-related appeals.
www.theverge.com
October 8, 2025 at 11:20 PM
We're now finding out that as many as 70,000 people had their government IDs provided to prove their ages leaked by Discord. Like I wrote last week, this is an inherent risk (and made greater by a rushed process) of getting platforms to do age checks
Reposted by Ry*
Feeling depressed and anxious about the state of the world? Try working on a 375 year-old math problem from the Platonic realm, which should be completely psychologically safe . . .
youtu.be/QH4MviUE0_s
youtu.be/QH4MviUE0_s
Rupert's Snub Cube and other Math Holes
YouTube video by suckerpinch
youtu.be
September 16, 2025 at 2:23 PM
Feeling depressed and anxious about the state of the world? Try working on a 375 year-old math problem from the Platonic realm, which should be completely psychologically safe . . .
youtu.be/QH4MviUE0_s
youtu.be/QH4MviUE0_s
Reposted by Ry*
Until now, if you lost or broke your phone, your Signal message history was *gone,* a real challenge for everyone whose most important conversations happen in Signal. So, with careful design and development, we’re rolling out opt-in secure backups.
signal.org/blog/introducing-secure-backups
signal.org/blog/introducing-secure-backups
Introducing Signal Secure Backups
In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal. Think family photos, sweet...
signal.org
September 8, 2025 at 4:03 PM
Until now, if you lost or broke your phone, your Signal message history was *gone,* a real challenge for everyone whose most important conversations happen in Signal. So, with careful design and development, we’re rolling out opt-in secure backups.
signal.org/blog/introducing-secure-backups
signal.org/blog/introducing-secure-backups
Reposted by Ry*
Biodiversity is bad, actually. I think there should be one big bug that rules everything.
September 1, 2025 at 8:00 PM
Biodiversity is bad, actually. I think there should be one big bug that rules everything.
I like the “* but it never starts” genre of music, but a lot of them loop too early. Going to have to learn to make my own
July 13, 2025 at 3:53 PM
I like the “* but it never starts” genre of music, but a lot of them loop too early. Going to have to learn to make my own
Reposted by Ry*
Yuck. Meta apps listen on localhost on Android so that tracking scripts can talk to apps, and Meta can monitor your browsing and tie it to identity. Why is that allowed? www.theregister.com/2025/06/03/m...
Meta Pixel halts Android localhost tracking after disclosure
: Zuckercorp and Yandex used localhost loophole to tie browser data to app users, say boffins
www.theregister.com
June 4, 2025 at 1:47 AM
Yuck. Meta apps listen on localhost on Android so that tracking scripts can talk to apps, and Meta can monitor your browsing and tie it to identity. Why is that allowed? www.theregister.com/2025/06/03/m...
Reposted by Ry*
Apple announces that TLS client connections in version 26+ will be using hybrid PQ X25519MLKEM768 by default
support.apple.com/en-us/122756
support.apple.com/en-us/122756
Prepare your network for quantum-secure encryption in TLS - Apple Support
Learn about quantum-secure encryption in TLS and how to check if your organization's web servers are ready.
support.apple.com
June 9, 2025 at 10:34 PM
Apple announces that TLS client connections in version 26+ will be using hybrid PQ X25519MLKEM768 by default
support.apple.com/en-us/122756
support.apple.com/en-us/122756
Are you like me, always double-checking `git status` before doing a `git reset --hard` to set a branch to some state when starting from a working tree that’s *supposed* to be clean?
`git reset --keep` exists and does the same thing in that situation, but safer! 🎉
I’ve somehow just never seen it.
`git reset --keep` exists and does the same thing in that situation, but safer! 🎉
I’ve somehow just never seen it.
June 9, 2025 at 8:10 AM
Are you like me, always double-checking `git status` before doing a `git reset --hard` to set a branch to some state when starting from a working tree that’s *supposed* to be clean?
`git reset --keep` exists and does the same thing in that situation, but safer! 🎉
I’ve somehow just never seen it.
`git reset --keep` exists and does the same thing in that situation, but safer! 🎉
I’ve somehow just never seen it.
Reposted by Ry*
wife: how was guarding the two paths today, honey?
guard: [looking away] fine
wife: did something happen?
guard: [tearing up] no
wife: would the other guard tell me something happened?
guard: [looking away] fine
wife: did something happen?
guard: [tearing up] no
wife: would the other guard tell me something happened?
May 18, 2025 at 9:13 PM
wife: how was guarding the two paths today, honey?
guard: [looking away] fine
wife: did something happen?
guard: [tearing up] no
wife: would the other guard tell me something happened?
guard: [looking away] fine
wife: did something happen?
guard: [tearing up] no
wife: would the other guard tell me something happened?
Reposted by Ry*
A growing number of apps are using the Play Integrity API to enforce installation from the Play Store. This is clearly highly illegal anti-competitive behavior. It doesn't impact GrapheneOS users installing apps with the sandboxed Play Store but does impact other install sources.
May 23, 2025 at 12:52 AM
A growing number of apps are using the Play Integrity API to enforce installation from the Play Store. This is clearly highly illegal anti-competitive behavior. It doesn't impact GrapheneOS users installing apps with the sandboxed Play Store but does impact other install sources.
dread, as I mistakenly try to paste into a terminal-based neovim instance running as a separate user with "+p and it works (it’s not supposed to work)
May 22, 2025 at 10:08 PM
dread, as I mistakenly try to paste into a terminal-based neovim instance running as a separate user with "+p and it works (it’s not supposed to work)
Reposted by Ry*
🦀 Hello World!
The Rust project now has an official presence on Bluesky! ✨
We'll be posting the same on our Mastodon and Bluesky accounts, so you won't miss anything on either platform.
The Rust project now has an official presence on Bluesky! ✨
We'll be posting the same on our Mastodon and Bluesky accounts, so you won't miss anything on either platform.
April 5, 2025 at 10:51 AM
🦀 Hello World!
The Rust project now has an official presence on Bluesky! ✨
We'll be posting the same on our Mastodon and Bluesky accounts, so you won't miss anything on either platform.
The Rust project now has an official presence on Bluesky! ✨
We'll be posting the same on our Mastodon and Bluesky accounts, so you won't miss anything on either platform.
All this time, I was frustrated at YouTube for removing the option to report comments as spam, thinking it was for the usual corporate convenience reasons or whatever
… it scrolls.
… it scrolls.
April 1, 2025 at 7:41 AM
All this time, I was frustrated at YouTube for removing the option to report comments as spam, thinking it was for the usual corporate convenience reasons or whatever
… it scrolls.
… it scrolls.
Aw, pam_u2f.so uses the precise and descriptive message “Please touch the FIDO authenticator” as of some recent version. I miss my vaguely ominous “Please touch the device”.
March 29, 2025 at 5:45 AM
Aw, pam_u2f.so uses the precise and descriptive message “Please touch the FIDO authenticator” as of some recent version. I miss my vaguely ominous “Please touch the device”.
Reposted by Ry*
As a preview of what's going to be possible in the upcoming release of GrapheneOS, here's a screenshot from a Pixel Tablet running desktop Chrome in a virtual machine with basic GPU acceleration via ANGLE on the host. The infrastructure is a lot more robust than the Terminal app.
March 12, 2025 at 3:30 AM
As a preview of what's going to be possible in the upcoming release of GrapheneOS, here's a screenshot from a Pixel Tablet running desktop Chrome in a virtual machine with basic GPU acceleration via ANGLE on the host. The infrastructure is a lot more robust than the Terminal app.
Reposted by Ry*
Reposted by Ry*
REVEALED: we identified the operator of an overtly racist X account, "GlomarResponder," as ICE Assistant Chief Counsel James Rodden, based on an overwhelming number of biographical details matched through publicly available documents, other social media activity, and courtroom observation.
ICE Prosecutor in Dallas Runs White Supremacist X Account
The Observer has identified the operator of “GlomarResponder,” an overtly racist social media account, as ICE Assistant Chief Counsel James Rodden, based on an overwhelming number of biographical details matched through publicly available documents, other social media activity, and courtroom observation.
www.texasobserver.org
February 19, 2025 at 10:04 PM
REVEALED: we identified the operator of an overtly racist X account, "GlomarResponder," as ICE Assistant Chief Counsel James Rodden, based on an overwhelming number of biographical details matched through publicly available documents, other social media activity, and courtroom observation.
Reposted by Ry*
you hear Crouching Tiger and you're thinking, well that's gotta be the most fearsome and best camouflaged creature in this title,
January 15, 2025 at 7:55 AM
you hear Crouching Tiger and you're thinking, well that's gotta be the most fearsome and best camouflaged creature in this title,
Reposted by Ry*
love how google ai goes into detail for all the men, and then for the women, it just goes "eh, some broad"
January 6, 2025 at 1:16 AM
love how google ai goes into detail for all the men, and then for the women, it just goes "eh, some broad"