#hugops — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #hugops, aggregated by home.social.
-
-
-
-
-
-
-
-
-
-
-
Found out as I was trying to log the book I just finished that the #bookwyrm instance I was on, bookrastinating.com, is down, and apparently has been for close to two weeks... I do hope it comes back. #hugops to the admins. I know what it's like to maintain community infrastructure on your own time and dime. Sometimes life gets in the way of things.
https://thenighthas.me/@bookrastinating/statuses/01KQQJXGWHP6S1Z359E4B7B3H5
-
Found out as I was trying to log the book I just finished that the #bookwyrm instance I was on, bookrastinating.com, is down, and apparently has been for close to two weeks... I do hope it comes back. #hugops to the admins. I know what it's like to maintain community infrastructure on your own time and dime. Sometimes life gets in the way of things.
https://thenighthas.me/@bookrastinating/statuses/01KQQJXGWHP6S1Z359E4B7B3H5
-
Found out as I was trying to log the book I just finished that the #bookwyrm instance I was on, bookrastinating.com, is down, and apparently has been for close to two weeks... I do hope it comes back. #hugops to the admins. I know what it's like to maintain community infrastructure on your own time and dime. Sometimes life gets in the way of things.
https://thenighthas.me/@bookrastinating/statuses/01KQQJXGWHP6S1Z359E4B7B3H5
-
Found out as I was trying to log the book I just finished that the #bookwyrm instance I was on, bookrastinating.com, is down, and apparently has been for close to two weeks... I do hope it comes back. #hugops to the admins. I know what it's like to maintain community infrastructure on your own time and dime. Sometimes life gets in the way of things.
https://thenighthas.me/@bookrastinating/statuses/01KQQJXGWHP6S1Z359E4B7B3H5
-
Releasing a universal #Linux #kernel #exploit with very little or even no previous time to distribute a patch through distributions is not cool. Doing it on the day before a weekend - on two weekends in a row - is just being an asshole. Looking at you, #CopyFail and #DirtyFrag.
You may think it helps your PR, that people will queue to use your cool new AI/agentic/whatever tool because you found the bug. You may think that releasing the full exploit because somebody else was even quicker with "leaking" your cool find makes it right. You're wrong. This is neither responsible nor coordinated disclosure. In security, we've tried to learn the hard lessons on keeping in-production, live systems on a global scale safer.
Yes, those bugs have existed for a long time in the kernel source. Yes, other bad actors may already have found them. But you're shining a light on it *and* giving every script kiddie in the world a working exploit to point their mass scans at. That's dangerous. There's a reason why the normal process is to reach out at least to the most widely installed distributions before releasing the bug details publicly. There's a reason why 90 days is a good default - it allows downstream percolation of patches. You can still get the credit. This way, you only create stress for admins.
[For a little relief, refer to https://www.tomshardware.com/tech-industry/cyber-security/dirty-frag-exploit-gets-root-on-most-linux-machines-since-2017-no-patches-available-no-warning-given-copy-fail-like-vulnerability-had-its-embargo-broken for a quick mitigation, because updating kernels and rebooting a fleet of hosts just takes time, weekend or not. #HugOps]
-
Releasing a universal #Linux #kernel #exploit with very little or even no previous time to distribute a patch through distributions is not cool. Doing it on the day before a weekend - on two weekends in a row - is just being an asshole. Looking at you, #CopyFail and #DirtyFrag.
You may think it helps your PR, that people will queue to use your cool new AI/agentic/whatever tool because you found the bug. You may think that releasing the full exploit because somebody else was even quicker with "leaking" your cool find makes it right. You're wrong. This is neither responsible nor coordinated disclosure. In security, we've tried to learn the hard lessons on keeping in-production, live systems on a global scale safer.
Yes, those bugs have existed for a long time in the kernel source. Yes, other bad actors may already have found them. But you're shining a light on it *and* giving every script kiddie in the world a working exploit to point their mass scans at. That's dangerous. There's a reason why the normal process is to reach out at least to the most widely installed distributions before releasing the bug details publicly. There's a reason why 90 days is a good default - it allows downstream percolation of patches. You can still get the credit. This way, you only create stress for admins.
[For a little relief, refer to https://www.tomshardware.com/tech-industry/cyber-security/dirty-frag-exploit-gets-root-on-most-linux-machines-since-2017-no-patches-available-no-warning-given-copy-fail-like-vulnerability-had-its-embargo-broken for a quick mitigation, because updating kernels and rebooting a fleet of hosts just takes time, weekend or not. #HugOps]
-
Releasing a universal #Linux #kernel #exploit with very little or even no previous time to distribute a patch through distributions is not cool. Doing it on the day before a weekend - on two weekends in a row - is just being an asshole. Looking at you, #CopyFail and #DirtyFrag.
You may think it helps your PR, that people will queue to use your cool new AI/agentic/whatever tool because you found the bug. You may think that releasing the full exploit because somebody else was even quicker with "leaking" your cool find makes it right. You're wrong. This is neither responsible nor coordinated disclosure. In security, we've tried to learn the hard lessons on keeping in-production, live systems on a global scale safer.
Yes, those bugs have existed for a long time in the kernel source. Yes, other bad actors may already have found them. But you're shining a light on it *and* giving every script kiddie in the world a working exploit to point their mass scans at. That's dangerous. There's a reason why the normal process is to reach out at least to the most widely installed distributions before releasing the bug details publicly. There's a reason why 90 days is a good default - it allows downstream percolation of patches. You can still get the credit. This way, you only create stress for admins.
[For a little relief, refer to https://www.tomshardware.com/tech-industry/cyber-security/dirty-frag-exploit-gets-root-on-most-linux-machines-since-2017-no-patches-available-no-warning-given-copy-fail-like-vulnerability-had-its-embargo-broken for a quick mitigation, because updating kernels and rebooting a fleet of hosts just takes time, weekend or not. #HugOps]
-
Releasing a universal #Linux #kernel #exploit with very little or even no previous time to distribute a patch through distributions is not cool. Doing it on the day before a weekend - on two weekends in a row - is just being an asshole. Looking at you, #CopyFail and #DirtyFrag.
You may think it helps your PR, that people will queue to use your cool new AI/agentic/whatever tool because you found the bug. You may think that releasing the full exploit because somebody else was even quicker with "leaking" your cool find makes it right. You're wrong. This is neither responsible nor coordinated disclosure. In security, we've tried to learn the hard lessons on keeping in-production, live systems on a global scale safer.
Yes, those bugs have existed for a long time in the kernel source. Yes, other bad actors may already have found them. But you're shining a light on it *and* giving every script kiddie in the world a working exploit to point their mass scans at. That's dangerous. There's a reason why the normal process is to reach out at least to the most widely installed distributions before releasing the bug details publicly. There's a reason why 90 days is a good default - it allows downstream percolation of patches. You can still get the credit. This way, you only create stress for admins.
[For a little relief, refer to https://www.tomshardware.com/tech-industry/cyber-security/dirty-frag-exploit-gets-root-on-most-linux-machines-since-2017-no-patches-available-no-warning-given-copy-fail-like-vulnerability-had-its-embargo-broken for a quick mitigation, because updating kernels and rebooting a fleet of hosts just takes time, weekend or not. #HugOps]
-
Releasing a universal #Linux #kernel #exploit with very little or even no previous time to distribute a patch through distributions is not cool. Doing it on the day before a weekend - on two weekends in a row - is just being an asshole. Looking at you, #CopyFail and #DirtyFrag.
You may think it helps your PR, that people will queue to use your cool new AI/agentic/whatever tool because you found the bug. You may think that releasing the full exploit because somebody else was even quicker with "leaking" your cool find makes it right. You're wrong. This is neither responsible nor coordinated disclosure. In security, we've tried to learn the hard lessons on keeping in-production, live systems on a global scale safer.
Yes, those bugs have existed for a long time in the kernel source. Yes, other bad actors may already have found them. But you're shining a light on it *and* giving every script kiddie in the world a working exploit to point their mass scans at. That's dangerous. There's a reason why the normal process is to reach out at least to the most widely installed distributions before releasing the bug details publicly. There's a reason why 90 days is a good default - it allows downstream percolation of patches. You can still get the credit. This way, you only create stress for admins.
[For a little relief, refer to https://www.tomshardware.com/tech-industry/cyber-security/dirty-frag-exploit-gets-root-on-most-linux-machines-since-2017-no-patches-available-no-warning-given-copy-fail-like-vulnerability-had-its-embargo-broken for a quick mitigation, because updating kernels and rebooting a fleet of hosts just takes time, weekend or not. #HugOps]
-
Happy Sunday morning to everyone except Netlify who let their critical-path `netlify.app` domain expire. #hugops for their teams working incident response.
Now everyone's sites are down if they are using `sitename.netlify.app` CNAME records with third-party DNS providers, as is recommended in most cases. 🙃
I posted a workaround here, which should help if your DNS records have low TTL: https://answers.netlify.com/t/my-websites-have-stopped-working/162180/9
-
Happy Sunday morning to everyone except Netlify who let their critical-path `netlify.app` domain expire. #hugops for their teams working incident response.
Now everyone's sites are down if they are using `sitename.netlify.app` CNAME records with third-party DNS providers, as is recommended in most cases. 🙃
I posted a workaround here, which should help if your DNS records have low TTL: https://answers.netlify.com/t/my-websites-have-stopped-working/162180/9
-
Happy Sunday morning to everyone except Netlify who let their critical-path `netlify.app` domain expire. #hugops for their teams working incident response.
Now everyone's sites are down if they are using `sitename.netlify.app` CNAME records with third-party DNS providers, as is recommended in most cases. 🙃
I posted a workaround here, which should help if your DNS records have low TTL: https://answers.netlify.com/t/my-websites-have-stopped-working/162180/9
-
Happy Sunday morning to everyone except Netlify who let their critical-path `netlify.app` domain expire. #hugops for their teams working incident response.
Now everyone's sites are down if they are using `sitename.netlify.app` CNAME records with third-party DNS providers, as is recommended in most cases. 🙃
I posted a workaround here, which should help if your DNS records have low TTL: https://answers.netlify.com/t/my-websites-have-stopped-working/162180/9
-
Happy Sunday morning to everyone except Netlify who let their critical-path `netlify.app` domain expire. #hugops for their teams working incident response.
Now everyone's sites are down if they are using `sitename.netlify.app` CNAME records with third-party DNS providers, as is recommended in most cases. 🙃
I posted a workaround here, which should help if your DNS records have low TTL: https://answers.netlify.com/t/my-websites-have-stopped-working/162180/9
-
Hier ein paar Hugs für die Ops unter euch. 🫂🫂🫂🫂🫂🫂 #hugops
-
Hier ein paar Hugs für die Ops unter euch. 🫂🫂🫂🫂🫂🫂 #hugops
-
Hier ein paar Hugs für die Ops unter euch. 🫂🫂🫂🫂🫂🫂 #hugops
-
Hier ein paar Hugs für die Ops unter euch. 🫂🫂🫂🫂🫂🫂 #hugops
-
Hier ein paar Hugs für die Ops unter euch. 🫂🫂🫂🫂🫂🫂 #hugops
-
-
-
-
-
-
#hugops to everybody at Canvas, and the innumerable students, admins, and faculty at all the impacted organizations
-
#hugops to everybody at Canvas, and the innumerable students, admins, and faculty at all the impacted organizations
-
#hugops to everybody at Canvas, and the innumerable students, admins, and faculty at all the impacted organizations
-
#hugops to everybody at Canvas, and the innumerable students, admins, and faculty at all the impacted organizations
-
#hugops to everybody at Canvas, and the innumerable students, admins, and faculty at all the impacted organizations
-
Aber mal ernsthaft: Wenn bei mir um 22:00 das Handy klingeln würde mit der Meldung "alle .de Domains lösen gerade nicht mehr auf!" und es meine Verantwortung wäre den Kram zu fixen: Soviel Grundeis für meinen Arsch gäbe es gar nicht.
Ich bin gespannt auf das Post-Mortem. Und bis dahin: Lieben Dank für das schnelle fixen, #DENIC Menschen! :hug: #HugOps
-
Aber mal ernsthaft: Wenn bei mir um 22:00 das Handy klingeln würde mit der Meldung "alle .de Domains lösen gerade nicht mehr auf!" und es meine Verantwortung wäre den Kram zu fixen: Soviel Grundeis für meinen Arsch gäbe es gar nicht.
Ich bin gespannt auf das Post-Mortem. Und bis dahin: Lieben Dank für das schnelle fixen, #DENIC Menschen! :hug: #HugOps
-
Aber mal ernsthaft: Wenn bei mir um 22:00 das Handy klingeln würde mit der Meldung "alle .de Domains lösen gerade nicht mehr auf!" und es meine Verantwortung wäre den Kram zu fixen: Soviel Grundeis für meinen Arsch gäbe es gar nicht.
Ich bin gespannt auf das Post-Mortem. Und bis dahin: Lieben Dank für das schnelle fixen, #DENIC Menschen! :hug: #HugOps
-
Aber mal ernsthaft: Wenn bei mir um 22:00 das Handy klingeln würde mit der Meldung "alle .de Domains lösen gerade nicht mehr auf!" und es meine Verantwortung wäre den Kram zu fixen: Soviel Grundeis für meinen Arsch gäbe es gar nicht.
Ich bin gespannt auf das Post-Mortem. Und bis dahin: Lieben Dank für das schnelle fixen, #DENIC Menschen! :hug: #HugOps
-
Aber mal ernsthaft: Wenn bei mir um 22:00 das Handy klingeln würde mit der Meldung "alle .de Domains lösen gerade nicht mehr auf!" und es meine Verantwortung wäre den Kram zu fixen: Soviel Grundeis für meinen Arsch gäbe es gar nicht.
Ich bin gespannt auf das Post-Mortem. Und bis dahin: Lieben Dank für das schnelle fixen, #DENIC Menschen! :hug: #HugOps
-
-
-
-
-
-
To all humans working at #DENIC right now: #HugOps
___
Credit for the comic: https://www.heybuddycomics.com/dinosandcomics