```
permissions-policy: interest-cohort=()
```
is the new
```
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
```

A fucking header you have to put on every single resource just to compensate for dumb af browser decisions with insane default behaviors.

According to you, what is the maximum acceptable average delay for a candidate to reply to emails, during a job application procedure?
Additional detail: the job is 100% remote.

mathstodon.xyz/@JordiGH/106069

I am reading "Let's unite and be inclusive, by splitting the community." Also, fuck logic.

If I could ditch GNU like I ditched Signal this week, I would have, over this move.

X_Cli boosted
X_Cli boosted

#Signal turning into a crypto-ponzi currency scheme?

stephendiehl.com/blog/signal.h

Surprise!

That Signal:
- isn't really free/libre software (as Moxie denied freedom to redistribute modified version)
- would *never* federate (political choice of centralization)
- updated server software wasn't published
- invaded people's phonebooks
- runs on Amazon+NSA's infrastructure
- is virtually impossible to use out of Google's infrastructure -
- etc.

...didn't seem to be enough to alarm Signal users.

X_Cli boosted

The #Signal messenger has become very problematic lately, and most of its problems come from it being centralised.

You may want to follow and support a decentralised messenger project instead, there are many of them on the Fediverse:

➡️ @snikket_im - New initiative giving XMPP servers & clients a newbie-friendly unified look and feel

➡️ @xmpp - The XMPP standards foundation

➡️ @matrix - Matrix is best known for its Element client

➡️ @delta - Messaging through email

➡️ @briar - P2P messaging

docs.python.org/3/library/os.p

```
>>> pathlib.Path('/titi') / '/toto'
PosixPath('/toto')
```

> If a component is an absolute path, all previous components are thrown away and joining continues from the absolute path component.

I wonder how many path transversal injections are enabled by this behavior.

Apparently, someone thought that was a good idea. To that person, I say "fuck you".

is a horrible language. Just don't.

social.nah.re/@alex/1060114483

People ranting about OpenPGP integration (or lack thereof) in Thunderbird always make me laugh. The issue is not integration. OpenPGP as a format should die. Now.

X_Cli boosted
X_Cli boosted

Debian Python maintainer is refusing to compile Python with PIE. This has been the case for years and years and in bullseye, PIE is explicitly disabled because the default flags (rightfully) enable it by default.

bugs.debian.org/cgi-bin/bugrep

So sad to see such a distro undermined by that kind of maintainers.

I have production networks where Suricata (all versions, old old stable, old stable and stable) is returning false negative reports on 25% of suspicious files. I filled a bug report 9 months ago, with a pcap sample to reproduce the bug, and an analysis. The devs and community could not care less. I am baffled. It seems to me you have to takedown bugs by yourself if you want something fixed. Sad.

X_Cli boosted

Petit fil en guise de #mémo pour le #téléenseignement (au cas où on ne soit pas les seul‧e‧s confronté‧e‧s au problème un an après tout le monde...):

Tout d'abord, un peu de lecture:

framablog.org/2020/08/27/quelq

If you are a junior developer, please don't write that you are a full stack developer. Understand that people with years of experience don't dare write that. You are either showing that you don't know what you want to do, or that you are delusioned and full of yourself and need to learn about the Dunning Kruger syndrom.

X_Cli boosted

Do you have a hard time recruting a system developer? It's been six months and I am still searching and found noone. I'm not saying we can't interest them with a good package and they choose to go elsewhere. I'm not even having good resume in my inbox. Do you share that experience?

Je suis toujours à la recherche d'un dev système Python/Go. Télétravail OK en France. Boite de sécurité informatique, création de poste, ASAP. welcometothejungle.com/fr/comp

X_Cli boosted

Je me demande s'ils sont débiles et négligeants ou malveillants. Je vois pas de troisième voie.

Show thread
Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.