Gonçalo Valério @dethos@s.ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
Joined Apr 2017
"Two vulnerabilities in Zoom could lead to code execution"
https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html
"How did I found SSRF in Facebook — the story of my first bug bounty"
https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
interesting read
"Sandboxing nginx with systemd"
https://medium.com/@nickodell/sandboxing-nginx-with-systemd-80441923c555
Gonçalo Valério
boosted
The upcoming "Feature Policy" is now called "Permissions Policy":
https://w3c.github.io/webappsec-feature-policy/
We already updated the relevant part of our Web server security series: https://infosec-handbook.eu/blog/wss3-tls-headers/#ex-headers
Keep in mind that the Permissions Policy isn't supported by most web browsers, so you don't need to set it at the moment. Clients ignore it.
#FeaturePolicy #PermissionsPolicy #webserver #security #infosec #cybersecurity
Gonçalo Valério
boosted
Achieving accessibility through simplicity
https://sourcehut.org/blog/2020-05-27-accessibility-through-simplicity/
https://dustri.org/b/i-wont-buy-ebooks-anymore.html
Ebooks with DRM suck. We should always try to buy them from stores/places that don't use this kind of crap.
"Catalina is checking notarization of unsigned executables"
or in another words:
Apple is tracking all the executables you run on "your" computer
https://lapcatsoftware.com/articles/catalina-executables.html
wow, I have no words for this...
Gonçalo Valério
boosted
(From medium.com): Stealing Secrets from Developers using Websockets https://medium.com/@stestagg/stealing-secrets-from-developers-using-websockets-254f98d577a0
"Security scanners for Python and Docker: from code to dependencies"
https://pythonspeed.com/articles/docker-python-security-scan/
"Google bans Podcast Addict app after 9 years for letting users play podcasts that reference COVID-19" -> https://reclaimthenet.org/google-play-suspends-podcast-addict/
"Google bans my events app for referencing Covid-19, or related terms"-> https://news.ycombinator.com/item?id=23221447
"Ask HN: How long has Google been censoring YouTube comments critical of China?"-> https://news.ycombinator.com/item?id=23221264
"Google deletes “communist bandits” 共匪 comments on Youtube globally."->https://news.ycombinator.com/item?id=23223219
🤔 Is there a new trend here? or just an old one?
Gonçalo Valério
boosted
"European Parliament strongly recommends any software developed by and for the EU institutions to be made publicly available under Free and Open Source Software licence"
"You don't need an image to run a container"
https://iximiuz.com/en/posts/you-dont-need-an-image-to-run-a-container/
A list of security related tools. Perhaps we can find something interesting there:
Gonçalo Valério
boosted
The PeerTube content bootstrap fund:
https://sourcehut.org/blog/2020-05-15-peertube-bootstrap-fund/
Please boost!
"Finding secrets by decompiling Python bytecode in public repositories"
"Report: Estimated 24,000 Android apps expose user data through Firebase blunders"
https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/
Pi-hole 5.0 is out.
https://pi-hole.net/2020/05/10/pi-hole-v5-0-is-here/
👏 from my perspective this is a "must-have" tool for any home network.
"DOM XSS in Gmail with a little help from Chrome"
https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/
Gonçalo Valério
boosted
Disambiguation time
Multitasking when a computer works on several problems at once.
Prallelism is when several problems are being worked on in a single time slice. Concurrency is when one problem is worked on per time slice, but the problem being worked on changes from slice to slice.
True parallelism requires one hardware thread (or CPU core) per task. The kernel offers preemptive mulitasking as an alternative for when CPU time is over-committed (which is literally always, and badly); it "pre-empts" tasks and switches between them in each time slice, which is effectively a kind of transparent concurrency.
Cooperative multitasking is the opposite of preemptive multitasking, and in this case each task decides for itself when to relinquish control to another task. A common way of achieving this is coroutines.
A process is a task with its own isolated memory space. A thread is a task within a process, which shares its memory space. Multithreading is using multiple threads, multiprocessing is using multiple processes.
Did I miss anything?
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
Joined Apr 2017
