REing a TCP sever. Successful auth is cached with time-based expiration. I suspect the intent was to a resume a session if the underlying TCP connection died due to an IP change.
So, the cache is keyed on a unique session id, right? No.
Entries are keyed on the socket fd and aren't expired on a connection close. If a new client happens to get the same fd before the cache entry expires, they bypass auth. If they attempt to provide new creds, they are ignored!
Ugh. Started assembling another computer today. Couldn't find thermal paste. Drove to Fry's to get some. Finish assembling everything. Won't boot.
Hour of futzing around. Discovered BMC shows POST codes and Supermicro publishes a list if them for this board. Wrong RAM! Seriously?!?
Building computers isn't nearly as fun as used to be.
Authentication bypass on and inauthentic firmware updates accepted by self-encrypting SSDs. That's as bad as it can be for storage device security. https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd
he/him. Engineer, tinkerer, 🏎️,🔧,🔌,💻, FOSS FPGA tools.
Recently, the handling of online defamation has become a hot topic on many mass media as well as social media channels. News Article for Reference: https://www.jiji.com/sp/article?k=2020052500387 In response to these reports, it is expected that lawsuits and disclosure requests will become more publicly known; and government agencies will order stricter enforcement in addition to tightening regulations. However, under the current state of Japan, we will not be able to handle the increase of such administrative burdens and will have trouble dealing with it appropriately. Thus, we have decided to stop providing our service on mstdn.jp and mastodon.cloud starting June 30, 2020. We are very sorry for the inconvenience and appreciate your understanding on the matter.