选择chaos这个词是因为~~实在很难找到一个更合适的词来形容这儿了……
根据洛杉矶时报报道,骇客可能窃取了全部美国人的社会安全号。
社会安全号码(Social Security Number, SSN)是依据 42 U.S.C. § 405(c)(2) 发给一部分美国纳税人(包括公民、永久居民,以及有工作许可的临时居住在美国的人员)的一个九位数字。 目前,这个号码是由社会保障署(Social Security Administration)发给这些纳税人的, 尽管社会安全号码的设计本意是帮助社会保障署区分这些纳税人的,但由于它是由联邦机构签发的终生不变的数字, 因此它成了事实上的美国全国身份证识别代码,并且在税务以及许多其他地方都有使用。
Read more...之前没有特别注意这个漏洞,这里稍微记一笔。
PostgreSQL 包含一系列系统视图,这些系统视图可以用来查询系统表。
由于 pg_stats_ext
和 pg_stats_ext_exprs
这两个视图在 PostgreSQL 14-16 的 16.3、15.7 和 14.12 之前的版本中缺少了必要的访问控制,
因此未经授权的用户将可以通过这些视图访问其他用户通过 CREATE STATISTICS
创建的一系列统计数据,而这些数据可能会揭示这些未经授权的用户原本没有权限访问的数据,或是函数的执行结果。
PostgreSQL 在 16.3、15.7 和 14.12 中修正了这一问题,但这仅限于新安装的情况。
对于已经安装好的正在运行的数据库,管理员还必须重建这两个系统视图以收紧权限(加入了 WITH (security_barrier)
以及 WHERE
子句来限制访问)。
修正脚本位于源代码的 src/backend/catalog/fix-CVE-2024-4317.sql
(对于 FreeBSD pkg 用户,这些修正脚本会安装到 /usr/local/share/postgresql/fix-CVE-2024-4317.sql
),
使用 psql
运行即可。
Have you ever thought about this?
In 100 years, like in 2124, we will all be buried with our relatives and friends.
Strangers will live in our homes we fought so hard to build, and they will own everything we have today. All our possessions will be unknown and unborn, including the car we spent a fortune on, and will probably be scrap, preferably in the hands of an unknown collector.
Our descendants will hardly know who we were, nor will they remember us. How many of us know our grandfather’s father?
After we die, we will be remembered for a few more years, then we are just a portrait on someone’s bookshelf, and a few years later our history, photos and deeds disappear in history’s oblivion. We won’t even be memories.
If we paused one day to analyze these thoughts, perhaps we would understand how ignorant and weak the dream to achieve it all really was.
If we could only think about this, surely our approaches, our thoughts would change, we would be different people.
Always having more, no time for what’s really valuable in this life. I’d change all this to live and enjoy the walks I’ve never taken, these hugs I didn’t give, these kisses for our children and our loved ones, these jokes we didn’t have time for. Those would certainly be the most beautiful moments to remember, after all they would fill our lives with joy.
And we waste it day after day with greed and intolerance.
Read more...其实想搭一套 paperless-ngx 已经挺久的了, 趁着四月底休假的时候搞了一动。
我们经常会有一些各式各样的 PDF 文档,例如和各种供应商、公司之间签署的文件、账单, 以及参加一些学术会议时留下的幻灯、资料等等。比较自然的办法就是创建不同的文件夹来分门别类地保存。 然而,简单地用文件系统来保存这些文件有这样一些问题:
Read more...这篇和较早的 线上重做 FreeBSD GPT 引导分区 情况有些类似,但略有不同。
前段时间 Andriy Gapon 为 Samsung 860 / 870 SSD 增加了一个 quirk。 Samsung 的 SSD 内部使用的是 8K 或 16K 的存储页,但为了和业界标准兼容, 它的控制器为 4K 扇区做了优化。
Read more...今天在家里的票务系统上修改某个票的状态(该操作会出发点一封邮件)时, 我正好另一个窗口开着邮件服务器的日志,观察到一些奇怪的现象:
Mar 19 20:17:12 XXXXXX postfix/smtp[XXXXX]: certificate verification failed for
gmail-smtp-in.l.google.com[2607:f8b0:4023:1c03::1a]:25: self-signed certificate
Mar 19 20:17:12 XXXXXX postfix/smtp[XXXXX]: Untrusted TLS connection established
to gmail-smtp-in.l.google.com[2607:f8b0:4023:1c03::1a]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS
(2048 bits) server-digest SHA256
Mar 19 20:17:12 XXXXXX postfix/smtp[XXXXX]: XXXXXXXXXX: Server certificate not verified
Mar 19 20:17:13 XXXXXX postfix/smtp[XXXXX]: certificate verification failed for
gmail-smtp-in.l.google.com[142.250.142.26]:25: self-signed certificate
Mar 19 20:17:13 XXXXXX postfix/smtp[XXXXX]: Untrusted TLS connection established
to gmail-smtp-in.l.google.com[142.250.142.26]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384
(256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Mar 19 20:17:13 XXXXXX postfix/smtp[XXXXX]: XXXXXXXXXX: Server certificate not verified
Mar 19 20:17:13 XXXXXX postfix/smtp[XXXXX]: certificate verification failed for
alt1.gmail-smtp-in.l.google.com[142.250.115.27]:25: self-signed certificate
Mar 19 20:17:13 XXXXXX postfix/smtp[XXXXX]: Untrusted TLS connection established
to alt1.gmail-smtp-in.l.google.com[142.250.115.27]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS
(2048 bits) server-digest SHA256
Mar 19 20:17:13 XXXXXX postfix/smtp[XXXXX]: XXXXXXXXXX: Server certificate not verified
Mar 19 20:17:14 XXXXXX postfix/smtp[XXXXX]: certificate verification failed for
alt1.gmail-smtp-in.l.google.com[2607:f8b0:4023:1004::1b]:25: self-signed certificate
Mar 19 20:17:14 XXXXXX postfix/smtp[XXXXX]: Untrusted TLS connection established to
alt1.gmail-smtp-in.l.google.com[2607:f8b0:4023:1004::1b]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS
(2048 bits) server-digest SHA256
Mar 19 20:17:14 XXXXXX postfix/smtp[XXXXX]: XXXXXXXXXX: Server certificate not verified
Mar 19 20:17:14 XXXXXX postfix/smtp[XXXXX]: Verified TLS connection established to
alt2.gmail-smtp-in.l.google.com[2607:f8b0:4003:c15::1b]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA
(prime256v1) server-digest SHA256
Mar 19 20:17:15 XXXXXX postfix/smtp[XXXXX]: XXXXXXXXXX: to=<XXXXXXX@gmail.com>,
relay=alt2.gmail-smtp-in.l.google.com[2607:f8b0:4003:c15::1b]:25, delay=2.8,
delays=0.06/0.1/2/0.66, dsn=2.0.0, status=sent (250 2.0.0 OK XXXXXXXXXX
XXXX-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.XX - gsmtp)
目前的经济形势下,许多公司都在进行裁员。大部分情况下,作为雇员对于公司是否进行裁员所能做的影响极为有限, 因此有必要提前对可能发生的裁员进行准备,以免仓促之下做出错误决策,或是在大规模裁员导致的踩踏事故面前束手无策。
本文主要是针对在美国境内工作的普通雇员,家里没矿,也暂时还没攒够足够退休的钱。 内容主要来自近期的阅读和想到的一些东西,算是给自己留下一些笔记。
Read more...周三的时候,USPS发来了一封电子邮件,内容如下:
Read more...最近没怎么关注安全方面的进展,结果错过了去年年底披露的 SMTP Smuggling。 这是 Timo Longin 发现的一个全新的针对 SMTP 协议的攻击手法, 现在的年轻人真是蛮厉害的。
Read more...