David Leadbeater's Avatar

David Leadbeater

@legacydgl.bsky.social

Old account. Follow @dgl.cx. πŸ‘¨β€πŸ’» β†’ https://dgl.cx

113 Followers  |  233 Following  |  9 Posts  |  Joined: 03.07.2023  |  1.4742

Latest posts by legacydgl.bsky.social on Bluesky


(Also renamed this account as then it’s clearer in clients what’s happening, I think.)

06.12.2025 21:53 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Yeah, shame, would be nice to do it transparently. Mostly I kept forgetting to check Bluesky so figured if I could have everything in one place it would be nicer and aside from this bit it seems this should be possible.

06.12.2025 21:52 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I apparently don’t understand how Bluesky works, this account was @dgl.cx but I switched it to use @ap.brid.gy by changing the DNS records. However there doesn’t seem to be a Mastodon like way to migrate followers. So you might need to refollow this same handle @dgl.cx to get future updates.

06.12.2025 21:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984)

You have a bash command line of "exec program ..." and you control "..." can you make it do something different? What if it is somewhat sanitised for shell metacharacters? If you can inject $[+] it will make bash error on that line and run the next. This is how dgl.cx/2025/10/bash... works.

07.10.2025 06:19 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Developers, the weakest link in the supply chain? BSides Canberra 2025 Supply chain security is a topic which has been raised in profile in recent years through events such as the xz backdoor. In the open source world trust matters a lot. While trust is mostly gained thr...

I'll be speaking at BSides Canberra: cfp.bsidescbr.com.au/bsides-canbe... -- this will cover my recent find of an RCE in Git (dgl.cx/2025/07/git-...) and how that and some other vulnerabilities could be used against developers.

31.07.2025 01:02 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
DΓ©jΓ  vu: Ghostly CVEs in my terminal title

New blog post: Ghostty 1.0.0 terminal security; dgl.cx/2024/12/ghos... (CVE-2024-56803)

31.12.2024 23:35 β€” πŸ‘ 12    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0

That's some twisted spire.

28.11.2024 06:09 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Since Apple discontinued the iPhone mini. Because Apple define market segments…

17.11.2024 08:44 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
terminal smooth scrolling

Would be fun combined with the old style VT smooth scrolling… flak.tedunangst.com/post/termina...

15.11.2024 22:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@legacydgl is following 20 prominent accounts