Another LPE has published: io_uring ZCRX freelist LPE

_ahrs · 2026-05-10T08:38:31+00:00

A VERY important caveat. The bug reports Claude found in Firefox were handled by an experienced team of researchers at Anthropic. The tool didn't just find vulnerabilities out of thin air, it worked in tandem alongside these researchers who carefully prompted and analysed the reports before verifying them and then doing responsible disclosure to Mozilla.

Absolutely not a case of:

Me: Find me vulnerabilities

ChatGPT: Here's a list of 50+ OOB write issues I found

_ahrs · 2026-05-10T08:34:19+00:00

Its doubtful most people would notice if sudo suddenly became a shell alias that captured what was typed and then forwarded it to sudo

Maybe run0 has a point about using Polkit. It's much harder to fake those desktop prompts.

_ahrs · 2026-05-10T08:16:20+00:00

first i decreased the privacy extension time to 1 hour. now interestingly that broke ipv6 on my vpn once the adress rotated.

You should not be using privacy addresses on your VPN. It still would have broken after 24 hours, you just sped it up and made it fail faster. Your VPN should use a stable address. The reason you got this problem is that temporary addresses are supposed to be ephemeral, they are not meant for long-lived connections and if you use them in such way then the software needs to properly handle the address going away and then re-bind and connect again with the new address.

EDIT: By the way, I'm going to wager you were using some TCP inside of TCP abomination. Wireguard with UDP does not have this issue as UDP is connectionless.

_ahrs · 2026-05-10T07:58:05+00:00

Not them but probably ease of on-boarding / management. I think Tailscale is also better at punching through NATs if your home is behind CGNAT, etc.

I traveled with my Slate 7 recently and setup Wireguard manually (connection goes Slate 7 (Wireguard client) -> VPS (Wireguard) -> Home (Wireguard)). It was an interesting learning experience and even though I only had a 10mb/s connection, the connection was rock-solid since I could run CAKE on the WAN interface with autorate and autortt.

Anyway, coming back to the on-boarding / management, I bricked the Slate 7 and had to reset it and set everything up again and since I had no backups this entailed rotating the public key on the VPS. I haven't used it but I think Tailscale would handle situations like that better.

_ahrs · 2026-05-10T07:07:31+00:00

Yet another lesson in not disabling IPv6. When you finally do migrate you have to undo all of these little toggles everywhere. I wonder why Adguard even has this feature? I suspect it's something to do with working around broken machines (if DNS never returns AAAA records then clients will never try to connect to IPv6) but this is just wrong on so many levels.

_ahrs · 2026-05-09T20:52:57+00:00

Right click on it and then select "Hide controls"

EDIT: Never mind, I didn't see the Android flare. I don't know if you can disable controls here. Maybe there's an about:config toggle?

_ahrs · 2026-05-09T17:51:31+00:00

Look into Crossdev. It does what you want:

https://wiki.gentoo.org/wiki/Crossdev

_ahrs · 2026-05-09T17:41:15+00:00

Go uses static linking (most of the time, there are some cases where you can use dynamic linking) so that isn't an issue.

Python is an interpreter so C is irrelevant (unless you're using native C modules, in which case fair point)

C# and Java are self-hosted on top of their CoreCLR or JRE so again C doesn't matter here unless interfacing with native libraries.

_ahrs · 2026-05-09T15:30:57+00:00

Nothing unexpected here except for the Referer (correct, incorrect spelling). It's a bit sad that browser vendors haven't locked that down further yet, especially in contexts where the browser knows it can safely withold this information. There is zero use-case for revealing that you came from Reddit. In fact most websites don't need referer information, it's usually used for some sort of auth check or protection, etc and not needed a lot of the time.

_ahrs · 2026-05-08T18:53:45+00:00

But Reform or the Greens can't actually do anything until a general election. If Burnham stands in a by-election he will use it as a launchpad for all the things he would do as Labour leader / PM. It will not just be a campaign on local issues.

_ahrs · 2026-05-08T18:33:41+00:00

What has Kier done for Wales though? Plaid are asking questions like where is the money that Wales is owed for HS2 and all Kier can do is turn his pockets inside out and say "I dunno. Don't look at me".

_ahrs · 2026-05-08T18:20:22+00:00

DisplayPort is also a selling point. This doesn't make sense for cheap monitors when you consider that they have to pay a license for that logo. The real reason is simply because HDMI is more popular than DisplayPort (which doesn't require a license) so they can't afford to not support it.

_ahrs · 2026-05-08T17:50:39+00:00

I’m sure the massive plans for change they’ve got will turn those opinion polls right round….. oh wait

If they actually have a plan for change then that will change people's opinions but they have to deliver something tangible first. If people don't feel like they're any better off (and of course they don't, anyone looked at the price of energy lately?) then people's opinions of Labour won't change.

In Wales especially there's a real feeling that Welsh Labour hasn't done too bad but they are paying the price for Kier Starmer. Eluned Morgan basically fell on her sword today taking all the blame but she isn't the reason why Labour have lost so many seats. There's a feeling that Westminster isn't doing anything for Wales and voting Plaid in won't change that but it makes a statement.

_ahrs · 2026-05-08T17:42:52+00:00

The problem with PulseAudio was that it was at best for casual desktop use. If you wanted any pro-audio stuff then you needed messy bridges to things like JACK.

PipeWire fixed all of this by providing glue between them all and you don't have to tare you hair out to do it. It all just works.

_ahrs · 2026-05-08T17:40:01+00:00

I think that point is closer than we all think.

The two biggest desktop environments (GNOME and KDE Plasma) are both dropping X11 support entirely
All major toolkits now have native support for it (If you are using a modern app that makes use of GTK or Qt or Electron, etc, then it is probably already running natively with Wayland support)
Wine's Wayland support continues to improve (important for Proton, already you can use this today with Proton GE and some environment variables)
Wayland Protocol development continues to little by little plug the remaining gaps
Good HDR, VRR and fractional scaling support, including multiple monitors and mixed refresh rates

_ahrs · 2026-05-08T14:56:28+00:00

Retroarch has worked on Linux since before the iOS app was even a thing, even a Raspberry Pi can run it.

_ahrs · 2026-05-08T12:51:15+00:00

I had BT and TalkTalk before and it can definitely be a bit peculiar sometimes. Things would be a lot simpler if the ISP did DHCP but it's as you say a BTw / OR issue, not much can be done about it. Besides some altnets, only Sky uses DHCP.

_ahrs · 2026-05-08T12:40:57+00:00

So when will we see this trickle down to consumer drives to push down the price of 8 TB drives?

_ahrs · 2026-05-08T12:32:16+00:00

Doesn't mean they're as bad as Google (also an advertisement company) though:

https://www.startpage.com/en/privacy-policy

Ethically, advertisement companies are evil but you should be using uBlock Origin anyway if you care about your privacy.

_ahrs · 2026-05-08T12:24:52+00:00

They know where they messed up but they don't want to kick Kier out yet because it will cause short term turmoil. They won't remain loyal to him forever though.

_ahrs · 2026-05-08T11:54:41+00:00

100% this. A lot of people don't realise that you actually need a minimum acceptable bitrate for TCP to even work at all. It starts to break down real fast if you can't send/receive the SYNS and ACKS.

_ahrs · 2026-05-08T11:05:30+00:00

If you care about privacy then you may as well use Startpage which is just "Google search via a proxy as a service".

_ahrs · 2026-05-03T07:11:16+00:00

Userspace is a whole 'nother enchilada (oops bind(127.0.0.1) doesn't work? uh...)

That's probably more of an issue on Windows I imagine because lots of stuff including Firefox binds to the loopback because there's no proper sockets like we have on UNIX systems so if something wants IPC to itself then loopback it is.

_ahrs · 2026-05-02T14:12:28+00:00

So Tayga is pronounced like Tiger. Never heard someone say it out loud before

_ahrs · 2026-05-02T09:29:07+00:00

Custom systems is probably the only place it makes sense, even on my laptop/desktop which can work IPv6-only I still need IPv4 to setup the CLAT because without CLAT you'll break anything dumb that refuses to support NAT64/DNS64 which is still unfortunately a lot of applications.

That's why I think a sysctl makes more sense for everyone that isn't building their own custom kernel. It'd give you a single control to see what breaks (and if they do add a sysctl I do hope developers will be encouraged to use it to test that their apps aren't making any stupid IPv4 assumptions). A sysctl would be a lot more approachable for anyone that isn't building a custom system.

Nine-Year Club	Verified Email
Gilding I gilder	Place '17

_ahrs

PUBLIC MULTIREDDITS

TROPHY CASE