My mind immediately went to chaining this with another recent vulnerability in the Ninja Forms - File Upload plugin [0]
> This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
So, upload and execute a script that loads Copy Fail and even if you're only executing as www-data or another restricted user that "can't" sudo -- suddenly, uid=0!
Yes but what I'm saying is that copy.fail is a minor detail in this scenario.
If you are running Ninja Forums you need to run it in its own VM so that if it gets compromised _you don't care if it has uid=0_.
You need to do that regardless of copy.fail. Now that you've patched copy.fail, there are loads and loads of other vulns that can be used the same way.
The fact that in the miniplayer you can't display both the album art and the track information at the same time unless the cursor is hovering over the window absolutely boggles my mind. If I'm listening to a station, I want to glance over and see what I'm listening to. And I like the album art showing. This worked until Tahoe.
View menu > Hide Large Artwork will show the track info, but you of course lose the album art.
Of course it's not a major issue, it doesn't make the system unusable, but it was a nice little experience thing.
All I know about modern Apple Music is that it’s always active in now playing when nothing else is playing, and accidentally pressing play sometimes summons an account setup screen.
> You can try to find Wally (Waldo), as in the well-known game Where's Wally. He is partially visible, but if you click on him, he will appear in full and wave at you.
I once bought one of those alarms that brighten along with the pattern of natural sunlight in the morning (and dim in the evening), as I don’t get much natural light in my bedroom. The time display on it was so unbelievably bright at its lowest setting that my sleep was worse until I piled stuff up in front of it. I don’t even bother with it anymore.
Renting, I'd want something I can temporarily attach to arbitrary pre-existing blinds. On reflection, there are several types one might encounter but I'm particularly thinking of the "twist stick to adjust horizontal slats" style. (As opposed to "loop of chain controls angle", or "fully unroll from top".)
I think there was a Show HN some months back where somebody 3D printed a mount so that the twist-stick could be slotted in at a slight angle.
Of 60-something Linodes in Newark across a few accounts (we don't use LKE, Node Balancers, etc)
- Many came back up yesterday. Most of the rest came back up this morning.
- All but two are back online. One of those is "Powered off" but can't be turned on because "Linode busy". The other is online but unreachable, same behavior as most of them during the outage.
- Three required me to put them in Rescue Mode and run fsck.ext4 -F /dev/sda to get them back online.
I woke up to a few hundred messages from Icinga - thankfully my phone is on do-not-disturb overnight. Some of my servers in Newark are up and responding, some are not.
Happy Sunday! Cleaning up the automatically-created maintenance/alert tickets generated by this is going to be a fun time.
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh...
reply