I found time to play the intro and the first few chapters in the campaign, and the game is exceptionally nice. It feels like one of those over designed simulation games, where you can minmax the player characters and their gear to the limit, but the computer is taking over the task of all the bookkeeping, so the paperwork is not going to pull you down.
I just had a discussion about a bunch of people getting excited about “Chat”, Googles new upcoming Chat client based on Joyn. And we listed Talk, Hangouts, Allo and Duo, as well as Spaces and Wave as being interactive chat-like things that nobody uses.
Joyn is based on a standard from 2008, initiated by the late Nokia. It’s currently on it’s fifth major revision and has zero adoption, zero encryption and an intransparent cost – it’s implemented by each telco, with each telco providing it’s own implementation and gateways, and cost model, which may be charging only for the bytes, or like SMS for each message element. Also, each telcos message server intercepts all messages in the clear, by design.
Anyway, speaking about Spaces, I checked the site and learned that it was shut down on April, 17th. 2017. One year ago. Literally nobody noticed.
EDIT: This is now fixed. Facebook worked on the bug report and fixed the problem within 72 hours, including rollout.
Where I work, I am using an instance of Facebook at Work to communicate with colleagues. That is basically a grey-styled instance of Facebook which is supposed to run a forked codebase on isolated servers.
Today, it would not let me write the following SQL in Chat, in Facebook notes or comments:
Other versions of the error message complain about it being Spam, or mention the string sd.date as being problematic.
So a few days ago, somebody found an exploit in beep – now CVE-2018-0492. beep is a program that is part of Debian (and Ubuntu) to have the PC speaker multiple times, at different frequencies, with different pauses and beep lengths. That works just fine.
It’s also SUID root.
There is zero code in it that deals with the fact that it may run privileged. The author confidently writes: