We identified a new pre-auth remote code execution bug in F5-BIGIP's management panel. Today is disclosure day, so we can't share all the details yet (need to give folks time to patch), but we do go into details about how to identify AJP Request smuggling and demonstrate if an application is vulnerable. If you're not familiar with this technique, it's definitely worth a look!
Readit NewsBig screen has the most toxic online community I have ever interacted with. I know there is worse out there but the amount of anti-LGBTQ chat I hear was disturbing for a place that is about watching movies.
Yeah, I wouldn't wade into anything public there - stick to private rooms with your friends. The moment you go into any sort of "I want to meet strangers" in VR setting you're really rolling the dice. I briefly hopped into the "shared lobby" for Big Screen at one point and encountered probably 3 or 4 negative internet stereotypes immediate (14 year old yelling obscenities, someone trying to hump my face, and someone just blasting noise so loud through their mic it was painful). Very much something you would only want to experience with trusted parties.
So what’s the killer app?
Beatsaber and some other games can be a lot of fun, but they’re not new. What new experience are ready for this?
I get the quality is better, and that’s not nothing.
But other than that this largely seems like more of the same. VR still doesn’t seem to have advanced much in software to me. And Meta keeps pushing virtual meetings and such but that’s not my cup of tea.
I owned a Quest 2 and had some fun with it. I’ve owned previous headsets too. But I just don’t see anything that would makes me say “ooh I need that”.
This feels very “PC” to me. By which I mean they’re selling it because they can sell new hardware. The Pentium 9 is out! Which is fine.
But when Sony/Nintendo/MS want to sell a new console they put new and fancier games. They give you a specific reason to upgrade besides better specs. So you can play Horizon 12: We’re On The Moon Now. Or Bob’s Crazy Adventure. Whatever.
All this time and it still seems like the market is 95% games, and those aren’t advancing much beyond visuals. So I don’t feel like I’m really missing anything.
I've found BigScreen (https://www.bigscreenvr.com/software) to be a fairly compelling killer app case for VR. Besides being able to trick your eyes into thinking they're in a movie theater, the social elements are great. On a weekly cadence I jump into a shared room with 6+ of my friends and we pick a bad movie to watch together as we MST3k it. There's something about positional audio when talking with someone that makes it easier to replicate the experience of hanging out in person versus a video meet.
We've been doing this since the pandemic started and it's the #1 way I stay in touch with a bunch of friends now. It's also ruined real life movie theaters for me since I'm used to being able to talk with friends while watching. We'll actively wait for a movie to hit streaming before "seeing it in the theaters" with each other.
All of this was already possible with the Quest 2, but I'm interested to see how the quest 3 can further make those hangouts feel even closer to the real thing. Dunno if it will be a big enough leap for everyone to jump from the 2 to the 3, but if the visuals comes through sharper, or the sound is better, or the controller is easier to hold for 2 hours - any of those things would be a win.
bouncyhat commented on · Posted by u/bouncyhat
Technical details behind the discovery and exploitation of CVE-2023-41265 and CVE-2023-41266.
Relevant Security Advisory: https://community.qlik.com/t5/Official-Support-Articles/Crit...
Nuclei Detection Template: https://github.com/praetorian-inc/zeroqlik-detect
TL;DR - how do I detect this on my resources? [vulnerable instances will return a 400]: curl -H "X-Qlik-Xrfkey: 1333333333333337" -H "Host: localhost" -v -k --path-as-is https://<yourserver>/resources/qmc/fonts/../../../qrs/Reload...
There were some really cool Flash tools in the works around then. Some internal developers had gotten some version of Flash Alchemy to run Doom in the browser. There was a lot of work going on to add proper GPU integration into the platform. I got to see some cool prototypes. Ultimately though, my timing was poor. This was right around when Steve Jobs decided that the iPhone shouldn't run Flash. The internal lore/rumor mill was that some PM had missed Steve Jobs reporting crashes in Safari enough times that Jobs was just DONE with Flash and had decided to kill it on his platform. I have no idea how true that was.
There was a mad scramble at Adobe to try to figure out how to keep Flash running on the iPhone. The AIR team was actively looking into reverse engineering solutions so they could essentially deploy Flash apps that didn't look like they were written in Flash. They tried to rally the community with a "We <3 Flash" campaign. It didn't matter. Flash was taken off the iPhone and Adobe made the call to give up. In 2009 after a few waves of 2008 recession cuts they slashed a huge part of the platform team and I knew it was over.
There were a lot of reasons that Flash probably needed to go, but I wonder about what the web would have been if it hadn't been killed around that time. Regardless I hope this project succeeds. <3 Flash.