def code(bugs): yield from code(bugs)
#Python Software Foundation supporter
#cpython steering council member & core dev
#bicyclist #bikecommutercabal
Use #Python at all? I would like to do a silly thing, which I hope will bring amusement to others as well as me (if it works out).
If you wouldn't mind, please fill out this form, and boost for reach:
https://docs.google.com/forms/d/e/1FAIpQLSfRgC-YWEriHW_rbcBY9jWJf35w3bPxP01Mg5EAu25lOyPAeg/viewform
@chrisjrn
Indeed, all I really wanted was a conversation about a cat.
I bought a box of 500 envelopes decades ago and still have nearly that many left... Feels. #PyConUS
Lightning talk about lightning talks! #PyConUS
super sad to hear that @osuosl is facing a funding crisis. If you or someone you know has deep pockets and cares about open source infrastructure... it's time to act! https://osuosl.org/blog/osl-future/
@treyhunner *cough* #ExcavaCon *cough* #NBPy
The biggest risk in any Snake game is the players' own tail when done right. #NBPy
Consider your phrasing and words carefully; for example, calling a task "easy" can make people feel judged if it's not for them, while "straightforward" instead tells them it's intended to be clearly outlined, so they can suggest improvements to the process instead of feeling like they've failed if it's not. - @kattni at #nbpy
Thank you to our sponsors! Meta, Python Software Foundation, Sonic, Netflix, and Brian Wu. Y'all make this possible.
Huge thanks also to White Coat Captioning and Next Day Video ๐
#NorthBayPython 2025 starts ๐ฑ ๐ #Caturday #NBPy
Last night in #HomeLab :
* Dang it, this proxmox server isn't booting after I removed the GPU.
* & I don't have inputs on left on my monitor or display cables on other machines in convenient to move places.
* ... Oh right! My crowdfunded #JetKVM arrived last month, I should open one and try it out.
Success! That new little Ethernet connected h264 streaming https://jetkvm.com/ is literal magic. A joy to use. Also a potential Security Nightmare, so I'm treating it as a crash-cart and won't leave it attached, at least with USB connected.
Original problem: Motherboard BIOS device numbering combined with Linux stupidity. enp3s0 turned itself into enp2s0 upon removal of the PCIe GPU (why?!?) which didn't match the setup in /etc/network/interfaces.
This is partially systemd's fault. But also Linux's in general. A friend ironically pointed out that the https://systemd.io/PREDICTABLE_INTERFACE_NAMES/ is properly in YELLING CASE even though it is the wrong solution to this decades old problem in the face of non-server hardware UEFI BIOS that renumbers IO bus ports based on device presence. The rotten cheese was merely moved, not thrown out.
I'd call my (likely hand edits) to /etc/network/interfaces and the concept of that file listing actual interfaces the problem. None of the above configuration methods really do what we _want_ to express.
"The only network interface with the active Ethernet connection? yeah use that one."
"The interface that gets an address showing X as its default gateway"
"The faster interface"
"Don't believe this interface's lies - it's an untrusted network."
There are ways to express some configuration desires in a more robust to changes manner, but they tend to be hacks instead of the first thing you reach for. Thus problems.
@slightlyoff I think about this quote from https://tailscale.com/blog/new-internet a lot:
> I read a post recently where someone bragged about using kubernetes to scale all the way up to 500,000 page views per month. But thatโs 0.2 requests per second. I could serve that from my phone, on battery power, and it would spend most of its time asleep.
While not that exciting from a vuln disclosure perspective (it's a stack OOB read), the Wallbleed paper is wild for so many other reasons.
Like, not only did the authors exploit a bug in the Chinese government's censorship systems for several years (???), but even after the initial bug they were exploiting was caught and patched, they chose to variant analysis themselves another equivalent bug so they could keep going. They only stopped after the bug was fully dead.
https://gfw.report/publications/ndss25/data/paper/wallbleed.pdf
@mjg59 wholly intentional because the clowns running the show also run companies who will charge the government for repeated shoddy work while adding no meaningful value to the world. Lifting their megayachts higher instead of being a prosperity tide under everyone's boats. Standard tax-and-steal party antics.
I wrote an article outlining why the directive to stop tracking Russian cyber threat actors is impractical and frankly dangerous, outlining some second order effects of the directive. Enjoy.
https://www.linkedin.com/pulse/stop-tracking-russian-cyber-thats-how-anything-works-jacob-williams-ixdkc/
@ekse @lcamtuf real, but apparently old and unused per their response in https://simonwillison.net/2025/Feb/25/leaked-windsurf-prompt/
In our new report today, we detail the exploit chains in Linux kernel USB drivers that forensic traces show were likely used by Cellebrite to unlock Android phones in Serbia. We collaborated with Benoรฎt Sevens @ Google TAG, who found and patched 3 kernel vulnerabilities.
This highlights the large attack surface presented by rogue USB devices to Android and other Linux devices. Some of the vulnerable code paths were introduced almost 15 years ago!
