#workaround — Public Fediverse posts

*Root in 20 Minuten: Kritische Sicherheitslücke in #openssh Workarround-Anleitung ohne Update*
In den letzten 15 Jahren gibt es zahlreiche Versionen von OpenSSH. Eine schwerwiegende #sicherheitslucke betrifft diese Fernzugriffssoftware. Angreifer könnten unter bestimmten Voraussetzungen ungehindert Root-Zugriff auf betroffene Server erlangen. Wir beschreiben hier eine #Workaround Lösung für alle Administratoren die kein Update durchführen
https://raidrush.net/threads/root-in-20-minuten-kritische-sicherheitsluecke-in-openssh-workaround-ohne-update.865188/

*Root in 20 Minuten: Kritische Sicherheitslücke in #openssh Workarround-Anleitung ohne Update*
In den letzten 15 Jahren gibt es zahlreiche Versionen von OpenSSH. Eine schwerwiegende #sicherheitslucke betrifft diese Fernzugriffssoftware. Angreifer könnten unter bestimmten Voraussetzungen ungehindert Root-Zugriff auf betroffene Server erlangen. Wir beschreiben hier eine #Workaround Lösung für alle Administratoren die kein Update durchführen
https://raidrush.net/threads/root-in-20-minuten-kritische-sicherheitsluecke-in-openssh-workaround-ohne-update.865188/

*Root in 20 Minuten: Kritische Sicherheitslücke in #openssh Workarround-Anleitung ohne Update*
In den letzten 15 Jahren gibt es zahlreiche Versionen von OpenSSH. Eine schwerwiegende #sicherheitslucke betrifft diese Fernzugriffssoftware. Angreifer könnten unter bestimmten Voraussetzungen ungehindert Root-Zugriff auf betroffene Server erlangen. Wir beschreiben hier eine #Workaround Lösung für alle Administratoren die kein Update durchführen
https://raidrush.net/threads/root-in-20-minuten-kritische-sicherheitsluecke-in-openssh-workaround-ohne-update.865188/

*Root in 20 Minuten: Kritische Sicherheitslücke in #openssh Workarround-Anleitung ohne Update*
In den letzten 15 Jahren gibt es zahlreiche Versionen von OpenSSH. Eine schwerwiegende #sicherheitslucke betrifft diese Fernzugriffssoftware. Angreifer könnten unter bestimmten Voraussetzungen ungehindert Root-Zugriff auf betroffene Server erlangen. Wir beschreiben hier eine #Workaround Lösung für alle Administratoren die kein Update durchführen
https://raidrush.net/threads/root-in-20-minuten-kritische-sicherheitsluecke-in-openssh-workaround-ohne-update.865188/

*Root in 20 Minuten: Kritische Sicherheitslücke in #openssh Workarround-Anleitung ohne Update*
In den letzten 15 Jahren gibt es zahlreiche Versionen von OpenSSH. Eine schwerwiegende #sicherheitslucke betrifft diese Fernzugriffssoftware. Angreifer könnten unter bestimmten Voraussetzungen ungehindert Root-Zugriff auf betroffene Server erlangen. Wir beschreiben hier eine #Workaround Lösung für alle Administratoren die kein Update durchführen
https://raidrush.net/threads/root-in-20-minuten-kritische-sicherheitsluecke-in-openssh-workaround-ohne-update.865188/

🥳 New Kitten¹ release!

Implemented workaround:

There is a bug in the CommonMark spec that results in preformatted code with empty lines nested in an HTML node not rendering correctly.²

In Kitten, this previously threw an error (see #294³ and also #318⁴).

Kitten now works around the issue in its own parser.

Full change log: https://codeberg.org/kitten/app/src/branch/main/CHANGELOG.md

Enjoy!

:kitten:💕

¹ https://kitten.small-web.org
² https://github.com/commonmark/commonmark-spec/issues/807
³ https://codeberg.org/kitten/app/issues/294
⁴ https://codeberg.org/kitten/app/issues/318

#Kitten #KittenRelease #SmallWeb #SmallTech #CommonMark #spec #bug #workaround #Markdown #web #dev #NodeJS

I'm an #engineer, not an #artist. But every so often, I need to use graphics-related tools for something I'm working on. Today's example was trying to lay out some control panel #graphics, and I was using #Inkscape on #Debian.

What I did: created a circular object

What I wanted to do: when I select that object and type values into the #coordinates boxes, the circular object moves so that its *center* is at the specified coordinates.

What Inkscape actually does: moves the object so the top-left corner of the object's bounding box is at those coordinates.

Really not helpful when you want to #align multiple objects to the same #center.

Do some searching, find #forum posts of others asking how to do this exact thing. Answers range from "select the object and open the #XML editor..." to "do this specific thing which doesn't appear to have existed in the UI for a decade", to people suggesting workarounds (you need a #workaround for what must be an *extremely* common workflow?).

One workaround: "just create a #guide, move (or maybe it was 'align') the object's something-or-other to the guide". The word "guide" does not occur in the UI, FAQ or in the basic documentation for Inkscape. Searching for it is troublesome because of all the web pages that have "guide" in their *title* rather than their content.

Lots of other discussions with links to pages on the Inkscape site which are now 404.

Where's that "FFFFUUUUUUUU..." meme when I need it?

Got an app that's installed on an old device and refuses to install on a new one (e.g. it was discontinued)? As of November 2025:

* On your old device:
* Install an APK exporter (such as https://f-droid.org/en/packages/axp.tool.apkextractor/)
* Copy the APK off the device
* On your new device
* Copy the APK into storage
* Install APK Explorer & Editor (https://f-droid.org/en/packages/com.apk.editor/)
* Open the app and click "APK's[sic]" at the bottom
* Click "Select from storage" and select the file
* Click the compass symbol next to the tabs at the top
* Select "Simple Decompile (faster)"
* Click the folder symbol at the bottom
* Click AndroidManifest.xml
* Click `android:minSdkVersion` and `android:targetSdkVersion` and set them to 29
* Click "Save"
* Click the hammer at the top-right (yes, it's clickable!)
* Click "Build"
* It should give a green tick. Click "Install"
* If you're prompted about "Harmful app blocked", expand the "More Details" expander and click "Install anyway"
* Don't send the app to Google (or do, so that they can see that it's fine - but as you're the only one installing it then it's kinda pointless!)
* Wait for installation to complete

Note: This is ONLY safe because you copied the APK from your old device. Otherwise, pay attention to the harmful app warnings!

#Android #APK #SystemUpgrade #LegacyApps #LegacySoftware #MakeDoAndMend #Hacks #Workaround #FDroid

Spine crack and #workaround

In spite of telling a customer we don't have scoring equipment and any #ink that isn't a super light shade would #crack, they wanted to see it. Upon agreeing it's bad, I thought of a possible #solution by intentionally creating a white line down the #spine #fold. Customer was happy. And I am happy that I can show this photo to future customers instead of printing a sample I know they won't like.

https://flic.kr/p/2rAVT81

#print #paper #copy #TalesFromThePrintShop

Wie #Microsoft jetzt bestätigt, schlägt die Installation des August-#Sicherheitsupdates für #Windows11 #24H2 über #WSUS reihenweise fehl. Man arbeitet schon an einer Lösung und stellt einen #Workaround bereit. https://winfuture.de/news,152939.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Wie #Microsoft jetzt bestätigt, schlägt die Installation des August-#Sicherheitsupdates für #Windows11 #24H2 über #WSUS reihenweise fehl. Man arbeitet schon an einer Lösung und stellt einen #Workaround bereit. https://winfuture.de/news,152939.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Wie #Microsoft jetzt bestätigt, schlägt die Installation des August-#Sicherheitsupdates für #Windows11 #24H2 über #WSUS reihenweise fehl. Man arbeitet schon an einer Lösung und stellt einen #Workaround bereit. https://winfuture.de/news,152939.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Wie #Microsoft jetzt bestätigt, schlägt die Installation des August-#Sicherheitsupdates für #Windows11 #24H2 über #WSUS reihenweise fehl. Man arbeitet schon an einer Lösung und stellt einen #Workaround bereit. https://winfuture.de/news,152939.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Wie #Microsoft jetzt bestätigt, schlägt die Installation des August-#Sicherheitsupdates für #Windows11 #24H2 über #WSUS reihenweise fehl. Man arbeitet schon an einer Lösung und stellt einen #Workaround bereit. https://winfuture.de/news,152939.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

https://blog.gslin.org/archives/2025/06/23/12484/apscheduler-requests-%e9%81%87%e5%88%b0-oserror-errno-24-too-many-open-files-%e7%9a%84%e5%95%8f%e9%a1%8c/

APScheduler + requests 遇到 OSError: [Errno 24] Too many open files 的問題

#apscheduler #bug #code #collection #flask #gc #gunicorn #pypy #pypy3 #python #requests #source #urllib #urllib3 #workaround

Investigating an argument-dependent lookup issue and working around it — https://devblogs.microsoft.com/oldnewthing/20250214-00/?p=110868
#HackerNews #Investigating #ArgumentDependentLookup #LookupIssue #Workaround #DevBlogs

Credo che fare quello che volevo fare riguardo le #PWA, a maggior ragione ora che mi sto informando un po’, è più complicato di quanto credevo… ecco perché ai tempi cercai vie apparentemente più impegnative. Il lavoro di ieri è comunque valido e meglio di nulla, ma ho paura che la mancanza del supporto offline si possa sentire, perché quel metodo non la aggiunge magicamente, e riuscire a farlo appunto non è una passeggiata. 😤️

Per poter “funzionare #offline”, un sito web deve registrare un Service Worker che risponde ad un particolare evento fetch restituendo risorse precedentemente cachate. Sarebbe abbastanza semplice, se non fosse che, per una scomodissima combinazione di requisiti di sicurezza e mancanza di #API nei browser, non c’è letteralmente alcun modo pratico di registrare uno di ‘sti cosi tramite estensioni, figurarsi userscript. Nello specifico, gli script per i ServiceWorker devono essere necessariamente serviti su protocollo https: (quindi niente blob: o data:, cosa che ci taglia via immediatamente gli inject con gli userscript, ma nemmeno file: o http:), per forza dallo stesso dominio della pagina (e quindi non si scappa ospitando per conto proprio solo quel file senza clonare il #sito), e come ho detto non ci sono API per iniettarne da #estensioni. 😨️

Ovviamente, andando per la strada di creare un’estensione, in pura teoria non servirebbe nemmeno preoccuparsi di usare questo metodo, perché a quel punto si potrebbe direttamente usare l’estensione per intercettare il traffico, salvandolo quando è nuovo, per poi servirlo da una cache quando non c’è Internet. Le API webRequest sembravano proprio adatte, quindi mi sono messa a fare varie prove, per poi scoprire che… non riesco in alcun modo a visualizzare il contenuto restituito per una pagina se non c’è #Internet: la schermata di errore del #browser prende precedenza, e nessuna delle cose che ho provato riesce a sovrastarla. E anche potenziali #workaround, come usare le API tabs per modificare il contenuto della pagina di errore pur rimanendo sull’URL desiderato, col piffero che funzionano! (E no, sembra proprio che io non possa usare le richieste #web dell’estensione per servire una risposta fake ad un path da registrare come worker, l’evento viene triggerato ma il navigatore non si beve il risultato.) 😭️

In poche parole: ennesimo #rabbithole #JavaScript che mi sta completamente consumando, e anche molto velocemente, perché più trovo ostacoli alla mia #idea più cerco di andare veloce per superarli, ma più ne incontro sempre di nuovi e più il cervellino ammuffito deve elaborare, ma ci sono aspetti del #webdev che sarebbe meglio non elaborare proprio. A questo punto, tutte le strade che posso prendere per risolvere il #problema sono in ogni caso #hack: ne ho in mente qualcuna rimanendo con un’estensione, che comporterebbe comunque un dietro le quinte estremamente bizantino ma nessun particolare compromesso di sicurezza o usabilità… oppure, ben due soluzioni ancora peggiori (e in parte simili), che spero vivamente di non dover usare; sarebbe anche peggio. Comunque, che cavolo, questa piattaforma di #sviluppo è piena di risorse, una maniera prima o poi si troverà. ☠️

https://octospacc.altervista.org/2024/03/26/pwtorturaaaa/

#API #browser #estensioni #hack #idea #Internet #JavaScript #offline #problema #PWA #rabbithole #sito #sviluppo #web #webdev #workaround

VirtualBox 內的 Windows 上傳速度很慢的問題

因為我電腦有兩張網卡，兩條線分別接到自己拉的 HiNet 以及社區網路 (不過出去也是 HiNet，這是另外一回事了)。

我桌機的預設 routin

https://blog.gslin.org/archives/2024/02/11/11654/virtualbox-%e5%85%a7%e7%9a%84-windows-%e4%b8%8a%e5%82%b3%e9%80%9f%e5%ba%a6%e5%be%88%e6%85%a2%e7%9a%84%e5%95%8f%e9%a1%8c/

#Computer #Murmuring #Network #OS #Software #Windows #10 #bridge #bug #ipv4 #large #lso #mode #mtu #network #nic #offload #performance #send #speed #virtualbox #vm #windows #workaround

VirtualBox 內的 Windows 上傳速度很慢的問題

因為我電腦有兩張網卡，兩條線分別接到自己拉的 HiNet 以及社區網路 (不過出去也是 HiNet，這是另外一回事了)。

我桌機的預設 routin

https://blog.gslin.org/archives/2024/02/11/11654/virtualbox-%e5%85%a7%e7%9a%84-windows-%e4%b8%8a%e5%82%b3%e9%80%9f%e5%ba%a6%e5%be%88%e6%85%a2%e7%9a%84%e5%95%8f%e9%a1%8c/

#Computer #Murmuring #Network #OS #Software #Windows #10 #bridge #bug #ipv4 #large #lso #mode #mtu #network #nic #offload #performance #send #speed #virtualbox #vm #windows #workaround