Mixed 1girl With Extra Sauce

Fri 5/22/26 12:26am

Comments: 0

Fun

Today’s illustrations are brought to you by “crossing the streams”. I used a vision model to extract categorized descriptions of the elements in ~5,000 pictures (roughly half GenAI, half Japanese cheesecake), then selected random lines from each category, ran them through a prompt enhancer, and fed them back into SwarmUI. Many of the results were “more chaotic” than usual…

The Register was not terribly helpful

So I’m reading an article about an actively-exploited Nginx security hole that’s apparently been around for many years (since version 0.6.27), and while they mention the CVE in the article, they don’t bother to link to it or even vaguely describe the exploit. Or mention the mitigation steps.

The workaround?

To mitigate this vulnerability, use named captures instead of
unnamed captures in rewrite definitions.  
For example, the following rewrite directive uses unnamed PCRE
capture groups, $1 and $2:  

rewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1&tab=$2 last;  

To mitigate this vulnerability for this example, replace $1 and $2
with the appropriate named captures, $user_id and $section:  

rewrite ^/users/(?<user_id>[0-9]+)/profile/(?<section>.*)$ /profile.php?id=$user_id&tab=$section last;

Among its flaws is granting DoorDash drivers way too much info about the store’s internal operations, including orders other than the one they were sent to pick up. A popular trick is picking up one order, then waiting around in the parking lot because they knew other orders were coming out soon, with the result that the first order is delivered late and cold.

At least when I was working the ovens at Domino’s in the Eighties, we could smack a driver who tried to “optimize” his trips this way.

Cloud Save And Die

Something I’m seeing pop up on xTwitter recently is complaints from people whose Google/Microsoft/Apple accounts have been permanently closed because they turned on cloud backups. No explanation, no warning, no recourse. (example)

Why? Because your cloud storage is scanned for various categories of “objectionable” material, the (increasingly “AI-driven”) scanners are fallible, the process is fully automated, and the providers have no customer service to speak of.

Because these accounts are monolithic, you don’t just lose your cloud storage, you lose email, calendar, purchases (excuse me, “licenses”), etc. Not for sharing the detected material with anyone, simply for possessing it.

Several of the people complaining have been manga artists, and it’s easy to see how common material legally distributed in Japan could trigger an AI trained in California or China.

Inventory not found

Eric Raymond has whipped his captive AI into creating a new project that assembles the output of (almost) every package manager on your Unix/Linux system. It doesn’t do Python’s pip, however, apparently due to the simple fact that none of the pip tools will report the description of the package. To be fair, doing so looks something like this:

for i in $(find $(pip list -v --no-index --format=json 2>/dev/null | 
    jq -c -r '.[]|.location' | sort -u) -type f -name METADATA | sort) ; do
    echo $(TZ= stat -f %Sm -t %Y-%m-%dT%H:%M:%SZ $i) \
        $(awk '/^Name:/{n=$2}/^Summary:/{$1=""; s=$0}END{print n,"pip",s}' $i |
        tr -d '\015')
done

(it ended up about 65 lines in Python, so I sent him a patch)