JRaccoon
Just a lvl 27 guy from 🇫🇮 Finland. Full-stack web developer and Scrum Master by trade, but more into server-side programming, networking, and sysadmin stuff.
During the summer, I love trekking, camping, and going on long hiking adventures. Also somewhat of an avgeek and a huge Lego fanatic.
- 1 Post
- 20 Comments
They can include runnable JavaScript too, which can cause vulnerabilities in certain contexts. One example from work some years back: We had a web app where users could upload files, and certain users could view files uploaded by others. They had the option to download the file or, if it was a file type that the browser could display (like an image or a PDF), the site would display it directly on the page.
To prevent any XSS (scripts from user-provided files), we served all files with the CSP sandbox header, which prevents any scripts from running. However, at the time, that header broke some features of the video player on certain browsers (I think in Safari, at least), so we had to serve some file types without the header. Mistakenly, we also included image files in the exclusion, as everyone through image files couldn’t contain scripts. But the MIME type for SVG files is
image/svg+xml
… It was very embarrassing to have such a simple XSS vuln flagged in a security audit.
JRaccoon@discuss.tchncs.deto Games@lemmy.world•Assassin's Creed Shadows Drops To 40 FPS At 720P On The Next-Gen Nvidia RTX 5070TiEnglish93·1 month agoMight be an unpopular opinion but after around two hours of gameplay I’m perfectly happy with the performance on my 3060Ti. On medium-high settings it can easily maintain 60fps on 1440p. That is with DLSS of course and ray tracing turned down to minimum.
JRaccoon@discuss.tchncs.deto Ask Lemmy@lemmy.world•How do I stop thinking about how many hours there are left on the weekend?3·2 months agoI don’t have an answer for you, but I can absolutely relate. Some people say something like “find a job you love, and you’ll never work a day in your life.” But for me, it doesn’t work that way. I like my job, have awesome coworkers, and always look forward to the next week. But obviously I’d still rather be doing things I enjoy more. You know, playing that latest video game, finally finishing the Lego set I bought three months ago, hanging out with friends, etc. Two days out of seven just isn’t enough time to do all that, which leads to anxiety about optimizing the little time I have.
One thing that has helped me somewhat (and I know I’m very privileged to be able to do this) is taking every other Friday off. A two-day weekend versus a three-day weekend makes a huge difference for me. I’m actually considering switching to having every Friday off. But then ofc, there might be the dilemma of having the time to do the things I enjoy but not enough money for them :(
JRaccoon@discuss.tchncs.deto Android@lemmy.world•Your Android phone will run Debian Linux soon (like some Pixels already can)English4·2 months agoNope. But as mentioned in the article, some support for display servers might be coming in Android 16.
Networking does work. I was able to install packages using apt and also ping machines on my local network. Could be useful.
I guess in a pinch it could be used to ssh into other machines. However, I’m sure there are plenty of SSH clients available for Android, which are much more lightweight solution than running a whole VM.
JRaccoon@discuss.tchncs.deto Android@lemmy.world•Your Android phone will run Debian Linux soon (like some Pixels already can)English4·2 months agoIt has access to /sdcard as a shared folder.
How does this work? The app doesn’t seem to have any settings related to it yet. Under
/mnt
in the VM I noticed foldershared
that seems to match the downloads folder on my phone, which seems odd
JRaccoon@discuss.tchncs.deto Android@lemmy.world•Your Android phone will run Debian Linux soon (like some Pixels already can)English32·2 months agoTested this on my Pixel 8a. Works as you would expect. Personally I have a little hard time coming up with use cases for this but I guess it’s kinda cool.
JRaccoon@discuss.tchncs.deto Linux@lemmy.world•What’s Your Best Experience with Linux?English3·2 months agoI had some old hardware lying around and decided to try building LFS (Linux from scratch) on it. For those unfamiliar, LFS is a “distro” where you compile every single package from source manually, with no package manager or anything. With my limited Linux experience it was really like diving directly into the deep end but the process was surprisingly easy and I learned so much by doing it.
Once the base system was complete, I installed the bare minimum needed to get X, Xfce, and some basic applications running. I’m honestly amazed how little system resources are required to have a fully functional graphical environment for basic web browsing and whatnot. The system boots almost instantly on a decade old hardware and after boot sits at way below 500mb ram usage.
I use the vanilla FF but with this theme applied:
https://github.com/black7375/Firefox-UI-Fix
JRaccoon@discuss.tchncs.deto Ask Lemmy@lemmy.world•What's everyone's favorite Lemmy app?7·2 months agoFor those who have tried multiple apps, it would more helpful to others if you also mentioned WHY the certain app is your favorite. Is there some unique feature you really like or something else that sets it apart from all the others.
Personally I’ve only used Voyager. It seems to have everything I need but I cannot really call it my favorite as I haven’t tried any others.
JRaccoon@discuss.tchncs.deto Web Development@programming.dev•Ending Support for Expiration Notification EmailsEnglish0·3 months agoProviding expiration notification emails means that we have to retain millions of email addresses connected to issuance records. As an organization that values privacy, removing this requirement is important to us.
I fully support the privacy argument (I didn’t realize it has been mandatory to give some emai address to get a cert) but why not make it optional instead?
The reminder email from them has saved me once when originally “temporary” domain was not so temporary after all and I forgot to set up auto-renewal and monitoring for it.
JRaccoon@discuss.tchncs.deto Cybersecurity@sh.itjust.works•Telegram captcha tricks you into running malicious PowerShell scriptsEnglish0·3 months agoThe website (Telegram in this case, but can be any website) adds a specifically crafted text to the clipboard and then tricks the user into pasting that text into the Windows Run dialog, which can be used to execute any command(s), basically like a command prompt.
The text the attacker places in the clipboard is actually a command to download and execute an executable file from the internet, giving the attacker remote access to the system or whatever the payload happens to be.
It’s a pretty clever trick. Perhaps MS should consider adding a warning before allowing pasting into the Run dialog or cmd for the first time. They already have this in the Edge browser console.
Yeah I get that, but why return that information in the HTTP response?
Interesting read. One thing I don’t fully get is why does Cloudflare have the airport code in the response headers anyway? I cannot think of a single reason to have it in the response.
JRaccoon@discuss.tchncs.deto Cybersecurity@sh.itjust.works•Malicious PyPi package steals Discord auth tokens from devsEnglish0·3 months agothe malicious package was added to PyPi last year in June and has been downloaded 885 times so far.
That’s a pretty long time to go undetected. Makes you wonder how many other similar packages there currently are, yet to be discovered, in PyPi, npm and others.
JRaccoon@discuss.tchncs.deto Games@lemmy.world•Do you wish that you could recycle games?English531·3 months agoI’ve learned that over in the EU, people can actually re-sell their games on Steam.
Unless I’ve totally missed something, this is (sadly) not true.
The original Super Mario Bros. and SMB 3. The first console I got to play as a child was the NES at my grandparents’ house. Every couple of years I get a nostalgic craving and it’s usually those two games I return to. Also, there are many great rom hacks available if getting bored of the originals.
JRaccoon@discuss.tchncs.deto Technology@lemmy.world•New USB logos will simplify branding on hubs and cablesEnglish18·4 months agoI think this time the manufacturers will be pretty quick at adopting the new branding; if there’s two competing devices next to each other, one marked with “USB 3.2 Gen 2x2”, which no one understands, and other one with “USB 20Gbps” I think the latter will sell more.
JRaccoon@discuss.tchncs.deto Self Hosted - Self-hosting your services.@lemmy.ml•Do you turn your servers off when you leave home? What is your line of thinking on this?English1·4 months agoI do it if I’ll be away more than just couple of days. Some of my hardware is pretty old at this point and I’m just a little paranoid about the possible fire hazard. I’m sure it would be fine to leave everything running but no real harm in shutting it down either.
Also, if applicable, have a different person perform the restore every time and have them do it just by following the documentation. This way multiple persons have actual experience with the process if the shit ever hits the fan and this also makes sure the documentation is accurate and up-to-date.
I think most guesses in this thread are a bit on the low side. I say $48.50.