Lmst

Illustration by Giovanni Battista Bracelli, from Bizzarie di Varie Figure (1624).

Source: US National Gallery of Art

https://pdimagearchive.org/images/4e9c89a4-c376-4ba2-a897-2b32db352d58

#proto-cubism #abstract #shapes #diamonds #art #publicdomain

https://www.unexplained.ie/article/1416-ancient-wicklow-hillfort-reveals-signs-of-a-lost-proto-town/ #hillfort #history #ancient #dig #wicklow #ireland #proto #uncovered #prehistoric #unexplainedie #unexplained

I cavalieri di Brooklyn https://www.isiciliani.it/i-cavalieri-di-brooklyn/ #massimoponzellini #salvatorepalella #palellaholding #villascammacca #mariobarresi #rosspelligra #ponzellini #antimafia #discarica #LaSicilia #Apertura #acireale #oikosspa #pelligra #Catania #palella #Sicilia #-rete- #helbiz #report #mafia #proto

Il y a déjà un peu plus d'un an sortait "Maintenance" de Proto. Super groupe franchement, ça me semble fou qu'il me reste des cassettes.

https://hiddenbayrecords.bandcamp.com/album/maintenance

#Proto #Grenoble #cassette

Mockup cassette, visuel marron, fond vert

Ganz offenbar gibt's im Hause #NeuerDeutscherStandard / #NDS von Kai #Proto Naggert schon wieder Ärger:
Julian 'Makss Damage' Fritsch hat vorhin auf Instagram verkündet, dass sein neues Album nur noch exklusiv bei ihm persönlich (bei Interesse PM) erhältlich ist.
#WennNazisStreiten

Screenshot. Ausschnitt Instagram-Story, weiße Schrift auf rotem Grund: "Mein neues Album '88' nur noch exklusiv bei mir erhältlich!" Unten rechts mein eingefügtes Wasserzeichen #rechtsrocktnicht

It didn’t take long: CVE-2025-55182 is now under active exploitation

On December 4, 2025, researchers published details on the critical vulnerability CVE-2025-55182, which received a CVSS score of 10.0. It has been unofficially dubbed React4Shell, as it affects React Server Components (RSC) functionality used in web applications built with the React library. RSC speeds up UI rendering by distributing tasks between the client and the server. The flaw is categorized as CWE-502 (Deserialization of Untrusted Data). It allows an attacker to execute commands, as well as read and write files in directories accessible to the web application, with the server process privileges.

Almost immediately after the exploit was published, our honeypots began registering attempts to leverage CVE-2025-55182. This post analyzes the attack patterns, the malware that threat actors are attempting to deliver to vulnerable devices, and shares recommendations for risk mitigation.

A brief technical analysis of the vulnerability

React applications are built on a component-based model. This means each part of the application or framework should operate independently and offer other components clear, simple methods for interaction. While this approach allows for flexible development and feature addition, it can require users to download large amounts of data, leading to inconsistent performance across devices. This is the challenge React Server Components were designed to address.

The vulnerability was found within the Server Actions component of RSC. To reach the vulnerable function, the attacker just needs to send a POST request to the server containing a serialized data payload for execution. Part of the functionality of the handler that allows for unsafe deserialization is illustrated below:

A comparison of the vulnerable (left) and patched (right) functions

CVE-2025-55182 on Kaspersky honeypots

As the vulnerability is rather simple to exploit, the attackers quickly added it to their arsenal. The initial exploitation attempts were registered by Kaspersky honeypots on December 5. By Monday, December 8, the number of attempts had increased significantly and continues to rise.

The number of CVE-2025-55182 attacks targeting Kaspersky honeypots, by day (download)

Attackers first probe their target to ensure it is not a honeypot: they run whoami, perform multiplication in bash, or compute MD5 or Base64 hashes of random strings to verify their code can execute on the targeted machine.

In most cases, they then attempt to download malicious files using command-line web clients like wget or curl. Additionally, some attackers deliver a PowerShell-based Windows payload that installs XMRig, a popular Monero crypto miner.

CVE-2025-55182 was quickly weaponized by numerous malware campaigns, ranging from classic Mirai/Gafgyt variants to crypto miners and the RondoDox botnet. Upon infecting a system, RondoDox wastes no time, its loader script immediately moving to eliminate competitors:

Beyond checking hardcoded paths, RondoDox also neutralizes AppArmor and SELinux security modules and employs more sophisticated methods to find and terminate processes with ELF files removed for disguise.

Only after completing these steps does the script download and execute the main payload by sequentially trying three different loaders: wget, curl, and wget from BusyBox. It also iterates through 18 different malware builds for various CPU architectures, enabling it to infect both IoT devices and standard x86_64 Linux servers.

In some attacks, instead of deploying malware, the adversary attempted to steal credentials for Git and cloud environments. A successful breach could lead to cloud infrastructure compromise, software supply chain attacks, and other severe consequences.

Risk mitigation measures

We strongly recommend updating the relevant packages by applying patches released by the developers of the corresponding modules and bundles.
Vulnerable versions of React Server Components:

react-server-dom-webpack (19.0.0, 19.1.0, 19.1.1, 19.2.0)
react-server-dom-parcel (19.0.0, 19.1.0, 19.1.1, 19.2.0)
react-server-dom-turbopack (19.0.0, 19.1.0, 19.1.1, 19.2.0)

Bundles and modules confirmed as using React Server Components:

next
react-router
waku
@parcel/rsc
@vitejs/plugin-rsc
rwsdk

To prevent exploitation while patches are being deployed, consider blocking all POST requests containing the following keywords in parameters or the request body:

#constructor
# proto
#prototype
vm#runInThisContext
vm#runInNewContext
child_process#execSync
child_process#execFileSync
child_process#spawnSync
module#_load
module#createRequire
fs#readFileSync
fs#writeFileSync
s#appendFileSync

Conclusion

Due to the ease of exploitation and the public availability of a working PoC, threat actors have rapidly adopted CVE-2025-55182. It is highly likely that attacks will continue to grow in the near term.

We recommend immediately updating React to the latest patched version, scanning vulnerable hosts for signs of malware, and changing any credentials stored on them.

Indicators of compromise

MD5 hashes
0450fe19cfb91660e9874c0ce7a121e0
3ba4d5e0cf0557f03ee5a97a2de56511
622f904bb82c8118da2966a957526a2b
791f123b3aaff1b92873bd4b7a969387
c6381ebf8f0349b8d47c5e623bbcef6b
e82057e481a2d07b177d9d94463a7441

securelist.com/cve-2025-55182-…

A comparison of the vulnerable (left) and patched (right) functions

https://www.fogolf.com/1107951/december-raffle-just-dropped-win-taylormade-rors-proto-irons/ December raffle just dropped. Win TaylorMade RORS Proto irons #December #Dropped #GolfClubs #GolfClubsVideos #GolfClubsVlog #GolfClubsWedges #GolfClubsWedgesVideos #GolfClubsWedgesVlog #GolfClubsWedgesYouTube #GolfClubsYouTube #GolfEquipment #GolfEquipmentVideos #GolfEquipmentVlog #GolfEquipmentYouTube #GolfWedges #GolfWedgesVideos #GolfWedgesVlog #GolfWedgesYouTube #irons #PROTO #raffle #RORS #Taylormade #win

To select stories for the anthology of classic Japanese sci-fi I'm editing for MIT Press, I started reading this 1971 collection of pre-WWII short stories.

I began with The Man Traveling With the Brocade Portrait (押絵と旅する男) by Edogawa Ranpo (1894-1965). It's about an old man who travels around Japan with a brocade portrait in which, due to strange events, his brother is trapped along with his brother's true love.

#editing #Japanese #classic #proto #preWWII #scifi #short story #anthology

Proto, by Laura Spinney

I interrupted the sequence of novels I’ve been reading recently to absorb a non-fiction book, Proto by Laura Spinney (left). I find linguistics a fascinating subject and when I saw a review of this recently and couldn’t resist. I’m glad I bought it because it’s absolutely fascinating. It is the story – or at least a very plausible account of the story of the lost ancestor of the Indo-European languages, the methods that have been used to reconstruct “Proto”, and why it was the spark that generated so many other languages across Europe, Eurasia and India.

The topic is very complex and I won’t attempt to describe it all in depth here; each chapter could be a book in itself because each family of languages within the Indo-European group – including lost ones such as Tocharian – has its own fascinating story. There are chapters focussing on the origins of language itself, the possibilities surround Proto (a language that was never written and probably exists in many dialects), Anatolian, Tocharian, Celtic, Germanic and Italic, the Indo-Iranian group (based on Sanskrit), Baltic and Slavic, and Albanian, Armenian and Greek. The last of these is fascinating because it used a method of writing borrowed from a non-Indo-European source that became the origin of the European alphabet.

The story of which all these are subplots begins around the Black Sea shortly after end of the last Ice Age. In this area there lived mesolithic hunter-gatherers who had survived the ice who interacted with farmers moving up from the direction of modern day Syria. Their languages would have merged in some way to allow them to describe things that their neighbours had that they didn’t. Hunter-gatherers would not have words for, e.g., ploughing or barley while farmers would have fewer words for spears and other hunting equipment. Into this mix, the argument goes, came a third group, a fully nomadic culture called the Yamnaya people. These people and their successors subsequently underwent vast migrations from the steppes across the continent and were responsible for spreading the Proto-Indo-European languages. That’s a hypothesis, not a proven fact, but it is plausible and has a reasonable amount of evidence in its favour.

Recent progress in this field has been driven not only by linguists but also by archaeologists and geneticists, with each aspect of this triangulation vital. It was reading about archaeology in this book that prompted me to write a post about the Nebra Sky Disc. There are some fascinating snippets from palaeogenetics, too. Full DNA sequences are now known for about 10,000 individuals who lived in prehistoric times.

One extraordinary find involves two burials of individuals who both lived about 5,000 years ago. Their DNA profiles match so well that they were probably second cousins or first cousins once removed. The thing is that one of them was buried in the Don Valley, north-east of Rostov in modern-day Russian, while the other was found 3,000 km away in the Altai mountains. Assuming they were both buried where they died, the implications for the distance over which people could move in a lifetime are remarkable.

Another fascinating genetic snippet applies to Irish, a Celtic language. The Celtic languages derive from a proto-Celtic source that probably arose about 1000 BC. Around 2450 BC one of the cultures preceding the Celts arrived in Britain and Ireland, now called the Bell Beaker People because of their taste in pottery. The genetic record shows that the DNA of the Beaker folk replaced about 90% of the previous local gene pool, and all of the Y chromosomes; for some reason men of the earlier culture stopped fathering children. A similar change happened in Ireland, about 200 years later.One possible inference is that there was a violent conquest involving the erasure of the male population, but we don’t know for sure that it was sudden and catastrophic.

Whatever language the Beaker people brought with them was not Celtic (though it may have been Indo-European). The fascinating conundrum is that when Celtic languages arrived in Ireland whoever brought them left not a trace in the genetic record. This is unlike any of the similar changes in language use throughout European pre-history. Either the population responsible has not been identified or the language was spread through communication (e.g. for trade) rather than settlement. Irish may be a Celtic language, but there is little evidence of significant numbers of Celts settling here and bringing it with them.

Some time ago I wrote a post about the Celtic languages, which you might want to look at if you’re interested in this topic. A lot of that post I now realize to be very simplistic, but to add one other snippet I should mention that the name of Turkish football team Galatasaray translates to “Palace of the Celts” after the Celtic-speaking people who settled in Anatolia; these were the Galatians to whom Paul addressed his Epistle.

I thoroughly recommend this fascinating book. It made me want to find out more about so many things. It also gacve me additional motivation to pursue an idea I had a while ago to do a Masters in Linguistics wehn I retire from physics…

#archaeology #BeakerPeople #CelticLanguages #Genetics #LasuraSpinney #liguistics #Proto #ProtoIndoEuropeanLanguage #YamnayaCulture

Le libéralisme, quelle saleté...

https://loma.ml/display/373ebf56-1268-c547-88b0-19b815549029

https://www.dokunetzwerk.org/2025/08/23/nds-konzert-in-hilchenbach/

#rechtsrapptnicht
#rechtsrocktnicht
#NDS #NeuerDeutscherStandard #Proto #Kavalier #Naggert #Raupbach

#Wissenschaft - Sprachgeschichte
Der Urknall unserer Sprache.
Vor 5.000 Jahren wurde die Mutter der meisten europäischen #Sprachen geboren: das #Proto-#Indoeuropäische. In “Der Urknall unserer Sprache” erklärt Laura #Spinney, wie #Linguistik, #Archäologie und #Genetik die #Geschichte des Indoeuropäischen neu erzählen.

https://www.deutschlandfunkkultur.de/laura-spinney-der-urknall-unserer-sprache-100.html
#Podcast

Ieri finalmente ho visto i Clock Dva!
#oira #piemonte #electronica #cyberpunk #retrofuture #proto #techno

https://www.youtube.com/watch?v=ZEcc-X4zGXY&list=RDLfUiPu84YIE&index=28

#Books and #stories for #JulyReads. | Tag to mute: #BokBooks

Thirteen novels:
●●●●○ A Half-Built Garden - Ruthanna Emrys #hopepunk
●●●◐○ Murderer Invisible - Philip Wylie #vintage
●●●◐○ Vengeance - Jennifer Foehner Wells {Confluence 5}
●●●◐○ The Crossing {Assiti Shards} - Kevin Ikenberry
●●●○○ Survivors - Terry Nation
●●●◐○ Dark Futures {New John Connor Chronicles 1} - Russell Blackford
●●●●○ Up-Time Pride and Down-Time Prejudice {Ring of Fire} - Mark H. Huston
●●●○○ The Invaders {Invaders 1} - Keith Laumer #TieIn
●●●●○ The Surrogate Affair {Stewart Grant 01} - Jack Dearborn #detective
●●●◐○ An Evil Hour {New John Connor Chronicles 2} - Russell Blackford
●●●●○ Lock In {Lock In 1} - John Scalzi
●●●●○ Miles Grant, Private Investigator {Miles Grant 01}- Jack Dearborn #mystery
●●●◐○ Enemies from Beyond {Invaders 2} - Keith Laumer #TieIn

One novella:
●●●○○ Unlocked {Lock In 0.5} - John Scalzi

One novelette:
●●◐○○ Project Time Machine {Agent Adams 1} - Tim Tolbert

Twenty-four stories:
●●◐○○ Death and the Senator - Arthur C. Clarke
●●●○○ Martian Quest - Leigh Brackett
●●●○○ At the Bottom of New Lake {Warmer 6} - Sonya Larson
●●●◐○ Rump-Titty-Titty-Tum-TAH-Tee - Fritz Leiber #classic
●●●◐○ Seventh Victim - Robert Sheckley
●●●○○ The Little Man Who Wasn't All There - Robert Bloch {Lefty Feep}
●●●○○ The Hillside - Jane Smiley {Warmer 7}
●●●○○ Naked Ghost Story - P.A. Choi
●●●○○ Old Ventures, New Partners - Nicolas Wilson
●●●◐○ Never Stop to Pat a Kitten - Miriam Allen deFord
●●●◐○ One Long Ribbon - Florence Engel Randall
●●●○○ The Golden Opportunity of Lefty Feep - Robert Bloch
●●●○○ A Big Man with the Girls - Judith Merril and Frederik Pohl
●●●◐○ Ugly Earthling - Elizabeth Chater
●●●◐○ The Maze - A. Bertram Chandler
●●●●◐ Small Moments in Time - Jack Campbell [John Hemry]
●●●○○ Second Variety - Philip K. Dick
●●●○○ A Naked Wish - P.A. Choi
●●●◐○ The Case of the Dow Twins - Edward Page Mitchell #proto
●●●○○ Poor Little Saturday - Madeleine L’Engle
●●●◐○ Youth - Isaac Asimov
●●○○○ 108 Stitches - Tony Bertauski
●●●○○ Lefty Feep and the Sleepy-Time Gal - Robert Bloch
●●●◐○ Helen O'Loy - Lester del Rey

━━━━━━━━━━━
2025-07: 24 ss | 01 nvt | 01 nva | 13 nov
2025-06: 26 ss | 03 nvt | 00 nva | 12 nov
2025-05: 24 ss | 06 nvt | 01 nva | 13 nov
2025-04: 29 ss | 06 nvt | 00 nva | 11 nov
━━━━━━━━━━━

The Miles Grant and Stewart Grant detective novels are interesting, in that they seem to be doing a "case worthy of a book" per year, and after 24 years, Miles retires and Stewart takes over as detective.

The number of novels per month is going up. It used to hover around nine: two per week, with one in the partial week. But I've been reading some shorter books lately, which has boosted the number. Novellas remain rare.

Finally finished all the stories in Pioneering Women of Science Fiction, Christopher Broschell's collection of stories from the 1940s and 1950s.

$Calendar produced by koReader software running on my Kobo Sage ereader showing what stories and novels I've read in July. Each title appears on a horizontal stripe that spans from one to four days. Each day features three titles, with a histogram beneath showing what fraction of each hour of that day I was reading on this device. The calendar is in black-and-white, and the stripes are in black, white, or shades of gray, with the titles in black or white to contrast. Most full weeks contain eight or nine titles, though they can hold a couple more or less than that. Titles of novels are in bold, nudist stories are in italics. The titles are all listed in the main post. Descriptions of all novels and shorter works were found in the weekly posts.$

If you ever notice that handling your Telegram bot scenarios has become a mess, you should probably take a look at the callback_data field. This is the place that often spoils things, so take a look at refactoring approach using base85 + protobuf:

🔍 https://seroperson.me/2025/02/05/enhanced-telegram-callback-data/

#telegram #scala #protobuf #proto