r000t @r000t@infosec.exchange

A complete dumpster fire from start to finish, and WD has absolutely no plans to put it out.

But you can always buy a new dumpster. From us, please.

Never change, Hollywood*

DO NOT USE eval()
DO NOT USE exec()

For the use case mentioned here ("you don't know what the variable name could be"/"you need to dynamically change the name) use getattr() instead.

DO NOT USE eval()
DO NOT USE exec()

If you use eval() and/or exec() in your code, you are literally begging your application to get hacked. You've taken out a billboard saying "please RCE my face"

If you're ever wondering "How the hell does my company find customers", remember that there's a place that says...

"Our company specializes in the design of a variety of equipment to thicken the ice on lakes and rivers for commercial and industrial purposes," Rossington noted. "We undertake contracts to build ice all across Canada."

If the ice thickeners found a market, you can, too.

https://www.thedrive.com/news/39914/saving-this-frozen-chevy-silverado-from-a-canadian-river-took-skill-money-and-weeks-of-planning

Billions every day...

Please compare: The "harassment" Molly White claims to have received (no screens tho 🤔)

And the real actual threats of physical violence I've received.

Cry me a fucking river, Molly. #fsf #rms

BIG-IP? More like GAPING-IP

Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10.

https://arstechnica.com/gadgets/2021/03/to-security-pros-dread-another-critical-server-vulnerability-is-under-exploit/

I think it's awful that Eugene's piss-poor code potentially exposed the personal information of thousands.

It's entirely possible that the vulnerability I kept trying to tell Eugene about was used to pop gab but that's none of my business

maybe don't suspend security researchers, you'll receive more (and better) bug reports :/

Everyone wants to stand out, but please do not do something like this in place of a one-page resume.

Zero recruiters will be grilling your "resume chatbot" to get the information they need.

This is spectacular. "How will we convey to people x years from now to stay the fuck away from here?" in regards to buried nuclear waste was a big news story just a few months ago

And people are flocking to random markers in the middle of fuck off nowhere to see what's inside.

Subwindows now show context/timelines for statuses/actors respectively, they update cleanly the first time, and they correctly deduplicate.

and they make long threads incredibly easy to read

no. bad marketing team. i'm getting the spray bottle.

Hey, forgot who posted the cheap ARM boards, I got three of them.

They're a complete IoT "security" device, that they're trying to get *any* investment back on. The whole kit. Including instructions.

So you get a screen, power accessories, an SD card preloaded with the IoT s3curity OS, for $15. The product itself is still being sold for $100, supposedly.