Posts
10864
Following
416
Followers
657
24. θΔ *NIX Developer.Average Paw Enjoyer. ♿ HSD
PFP by @zombineko@furaffinity.net

Opinions expressed in this profile are representative of those of your employer.

Furry Code
FPR4a A C->+ D>++ H+++ M- P++>++++ R- T+++ W- Z- !S RLCT a cl+++ d e+>++ f++++ h- iwf+++ j p-->- !s
charlotte
repeated
kunsi@chaos.social

Franziska

Gleisbogen oder so, keine Ahnung ich mach nix mit Bahninfrastruktur

0
3
0
charlotte

Charlotte 🦝 therian

gross
Show content

you can save 100% on deodorant by using the all natural deodorant that a skunk can provide

1
2
7
charlotte

Charlotte 🦝 therian

can't even sleep anymore. because of woke.
1
1
7
charlotte

Charlotte 🦝 therian

i think people calling for 1:1 translation should try learning the language something is translated from before declaring that’s how translation should work. it doesn’t and for many good reasons.

1
0
3
charlotte
repeated
zorotl@monads.online

zergie

0
3
1
charlotte
repeated
puckipedia@puckipedia.com

hacker witch puck 👩‍💻

okay so. nix 2.24+ vuln: nar unpacking is fucked, and local unprivileged users, or any binary cache you have configured, can just Get Root on your system

if you create a nar file with a directory containing both a symlink and a directory with the same name, the symlink will be followed and filled with the contents you put in that directory due to a refactoring mistake

and, as the nix daemon usually runs as root (with the nix store mounted read-write), it's possible to write files into e.g. /run/current-system/etc/systemd/system. and as such, and get persistent root access from unpacking a malicious NAR.

now do you make Nix read a NAR? well... there's two primary ways

any untrusted user that can talk to the nix daemon can write NARs that are either content-addressed, or signed by a trusted key, into the Nix store;
...and any binary cache can do this as well, as the daemon will fetch nar files from the binary cache.

now this vuln would be evil but local privesc only if this was all, except for a very funny second issue:
the signature on NAR files is validated only *after* unpacking the NAR

so any malicious binary cache can reuse the signature of, say, a store path on cache.nixos, and (this is very likely, of course) if the nix daemon trusts the signature, it will end up unpacking any nar of the cache's choice without checking that the signature (or even hash!) matches

in certain cases (e.g. there's a symlink pointing to root in a trusted nar) this can even be done entirely silently, which is .. very bad.


at this point the disclosure timeline has passed; and a point release was even made after the vulnerability was well known by the entire team (GHSA-h4vv-h3jq-v493 was opened a day before the point release); and the severity of the vulnerability is high enough that i want people to be aware of this issue

3
7
1
charlotte
repeated
lukito@gamedev.lgbt

Lukito

How are you all because I am this

8
8
2
charlotte

Charlotte 🦝 therian

if PMD is a game that makes you θΔ what game makes you &
1
0
1
charlotte

Charlotte 🦝 therian

40 degrees? is that in cum or fart?

2
1
6
charlotte

Charlotte 🦝 therian

⚠ this account is known to the state of california to cause the urge to pet

0
0
6
charlotte

Charlotte 🦝 therian

I am looking for accountant interns in my new finance startup called “taking the money and run”. this is a reverse financed internship. you need to pay me $400 a month to participate

0
0
2
charlotte

Charlotte 🦝 therian

the true solution to the open source supply chain is to commit every single thing ever written in any programming language and mint it on the ethereum blockchain

1
0
2
charlotte

Charlotte 🦝 therian

if plushies have a million fans, then i am one of them. if plushies have ten fans, then i am one of them. if plushies have only one fan then that is me. if plushies have no fans, then that means i am no longer on earth. if the world is against plushies, then i am against the world.

1
2
7
charlotte

Charlotte 🦝 therian

devkitpro is actually my trademark

you can tell because i made it up and it's not registered anywhere
0
0
1
charlotte

Charlotte 🦝 therian

i wish programmers of bad name fields get their name rejected as invalid somewhere

0
1
2
charlotte
repeated
maeow@meow.woem.cat

maeow neocat_hug_dlr

Baden Baden

0
2
1
charlotte
repeated
easrng@pleroma.envs.net

em

7
9
2
charlotte
repeated
markarayner@mas.to

Mark A. Rayner

Break in case of

0
9
3
charlotte

Charlotte 🦝 therian

🦨

1
1
1
charlotte
repeated
sugar@goblin.camp

Davey sugar_approved

critical support

5
2
0
Show older
About Raccoon Noises

Rules

  • Hate against minority groups is forbidden. This includes racism, sexism, ableism, xenophobia, homophobia, transphobia,, antisemitism, islamophobia, queer exclusionism, etc.
  • Content that is illegal under German Law is not permitted. This especially includes the promotion and dissemination of any Nazi symbolism and ideology, except for education, reporting on past or current events, and antifascist art.
  • Please add content description to all media that you post. This instance automatically adds a CW if it is missing. If you are unable to create one, you can request one via the #DescriptionWanted hashtag
  • Be considerate. Add content warnings for NSFW Content, common phobias, overly long posts, controversial subjects, etc. Please try to avoid flashing images and quickly moving text inside of your posts.
  • NSFW content is generally allowed, but all NSFW content must be properly marked as such, including kinks. Profile images, names, bios, etc must be fully SFW, or they are subject to removal
  • Bots are allowed, however they must be marked as such and must make unlisted posts, may only @ or interact with posts of other users iff they have prompted the bot, or have given explicit permission to do so. Additionally, bots may not post more than 10 posts in a 60 minute interval without interaction.
We highly encourage reporting posts violating our rules, even if they are not on our instance. Your reports will not be ignored. For transparency we publish local moderation decisions for users on this server, and federation moderation decisions on the #FediBlock hashtag.
We do the following moderation automatically:
  • Unlisting of bot posts
  • Adding of CWs to unlabeled media
  • Modification or removal of posts that cause issues with certain clients

Privacy Policy

What data do we collect?

We collect the following data:
  • Email Addresses from local users
  • Posts and Media uploaded by local users
  • User Profiles and Posts by certain remote users

How do we collect your data?

If you are a user of this instance, we collect and process your data when you sign up for or use interactive features (e.g. Posting) of the Website.
If you are not a local user, we collect your data over the following ways:
  • One of our users has requested to follow your account, and you have accepted the request.
  • One of your posts has been interacted with by a remote account, that a local account has followed. This includes Replies, Repeats, Quotes, Likes, Emoji Reactions, and @-Mentions.
  • You have requested that your post is shown to one of our users (i.e. through @-Mentions or DMs)
  • User Interaction: One of our users has explicitely looked up your profile or one of your posts on this instance, for example to interact with it.
  • You have posted a public post on an instance that participates in the awoo.today relay.

How will we use your data?

We collect your data so that we can:
  • Store and display your posts to our local users
  • Display public posts to anonymous users
  • Deliver your public, unlisted, and private posts to your followers
  • Deliver direct messages to the recipient
  • Allow our users to follow you
  • Allow our users to interact with your posts
As members of the awoo.today relay, we will send posts that you have marked as “public” to all of the other instances participating in the relay.

How do we store your data?

We store your post, profile and account data securely in the Hetzner Datacenter in Falkenstein, Germany. See their DIN ISO/IEC 27001 certification Media is stored on Backblaze B2
We employ technical security measures to avoid exposure to sensitive data.
We also store backups of post, profile, and account data in multiple locations, in an encrypted form, on our server near Chemnitz, Germany, as well as on Backblaze B2.
For technical reasons it is not possible modify these backups to remove your data. If this is a concern, please contact us.

What are your data protection rights?

We want to make sure that you are aware of your data protection rights. Every user is entitled to the following:
The right to access — You can request a copy of the data we have about you. This may require a short verification for remote users. Local users can do so in the settings under Export/Import
The right to rectification — You can request us to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is inaccurate.
The right to erasure — You can request us to erase the data we have about you.
The right to restrict to processing — You can restrict us from transmitting your posts to other servers by setting your post visiblity to “Local”. Remote users can also restrict processing of certain posts, by setting its visiblity to “Unlisted” or “Private”.
The right to object to processing — As a remote user, you can object to further processing of posts and profile data by blocking this domain.
The right to data portability — You can at any point move to other instances. Due to technical restrictions, it is currently not possible to automatically transfer the users you follow and posts to your new account.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, or need help with the included tools, please contact us at our email privacy@chir.rs

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology
For further information, visit allaboutcookies.org.

How do we use cookies?

We use cookies for keeping you logged in. Additionally we store certain configuration in cookies, however these cookies are never transmitted to anyone.

How to manage cookies

You can tell your browser to not accept cookies, or tell it to remove cookies this website has stored on your device. Please consult your browser’s documentation on instructions on how to do that.

Privacy policies of other websites

This site contains many links to other websites. This privacy policy only applies to this website. Please consult the privacy policy of these remote sites before entering any personal information.

Changes to our privacy policy

We may make occasional adjustments to this privacy policy. This policy was last updated on 2022-12-30.

How to contact us

If you have any questions about this policy, the data we hold about you, or want to exercise one of your data protection rights, please contact us at: privacy@chir.rs

How to contact the appropriate authority

Should you wish to report a complaint, or if you feel that we haven’t addressed your concern in a satisfactory manner, you may contact the Sächsische Datenschutzbehörde.
We also offer the Mastodon Web UI. Keep in mind that some features are missing, like emoji reactions, quoting, and JPEG XL.

Art Credit