Independent presidential candidate Robert F Kennedy Jr has posted a video on social media in which he admits that he dumped a dead bear cub in New York City's Central Park in 2014.

The clip, posted to his X account on Sunday, shows him with controversial US comedian Roseanne Barr as he describes bizarre circumstances that led to an incident that mystified New Yorkers 10 years ago. Mr Kennedy said a woman had hit and killed the bear with her car when he was driving behind her outside of the city, and he put it in his van with the intention of skinning the animal and harvesting its meat.

It appears he shared the anecdote to get ahead of an upcoming story in The New Yorker magazine.

The Kennedy campaign and the New Yorker did not respond to requests for comment. Seated with rolled-up sleeves at a table covered with food, Mr Kennedy tells Ms Barr in the video that he was driving to meet a group of people to go falconing near Goshen, New York, 10 years ago when the bear was killed. He says he pulled over to put the bear in his vehicle.

"I was going to skin the bear - and it was in very good condition - and I was going to put the meat in my refrigerator," he says. "And you can do that in New York state: Get a bear tag for a roadkill bear."

New York state does allow people to take bears killed on roads, but the law stipulates that a person has to notify law enforcement or the state's Department of Environmental Conservation to acquire such a tag. Mr Kennedy does not appear to have done that.

Instead, he says he continued to his falconing venture, which went late into the evening. He says he went on to a dinner reservation he had at Peter Luger Steakhouse in New York City, about 75 miles (121km) south of Goshen. "At the end of the dinner, it was late and I realised I couldn't go home," Mr Kennedy says. "I had to go to the airport, and the bear was in my car, and I didn't want to leave the bear in my car because that would have been bad."

That is when, he says, it occurred to him that there had been a series of bicycle accidents in New York and that he had an old bicycle in his car.

He tells Ms Barr that he had the idea of staging a bike accident with the bear carcass in Central Park, which several drunk people with him heartily endorsed. He emphasises that he had not been drinking.

"So we did that and we thought it would be amusing for whoever found it or something," he says. "The next day... it was on every television station. It was a front page of every paper and I turned on the TV and there was like a mile of yellow tape and 20 cop cars, there were helicopters flying, and I was like, 'Oh my god. What did I do?'"

Hopefully this means he’ll be getting healthy soon

Some of the highlights:

OpenSSH has been updated to version 9.5p1.

OpenSSL has been updated to version 3.0.12, a major upgrade from OpenSSL 1.1.1t in FreeBSD 13.2-RELEASE.

The bhyve hypervisor now supports TPM and GPU passthrough.

FreeBSD supports up to 1024 cores on the amd64 and arm64 platforms.

ZFS has been upgraded to OpenZFS release 2.2, providing significant performance improvements.

It is now possible to perform background filesystem checks on UFS file systems running with journaled soft updates.

Experimental ZFS images are now available for AWS and Azure.

The default congestion control mechanism for TCP is now CUBIC.

And much more…​

For a complete list of new features and known problems, please see the online release notes and errata list, available at:

https://www.FreeBSD.org/releases/14.0R/relnotes/

II. Problem Description

Some of the Sanitizers cannot work correctly when ASLR is enabled. Therefore, at the initialization of such Sanitizers, ASLR is detected via procctl(2). If ASLR is enabled, it is first disabled, and then the main executable containing the Sanitizer is re-executed, after printing an appropriate message.

However, the Sanitizers work by intercepting various function calls, and by mistake the already-intercepted procctl(2) function was used. This causes an internal error, which usually results in a segfault.

III. Impact

Binaries linked to AddressSanitizer (using -fsanitize=address), MemorySanitizer (using -fsanitize=memory) or ThreadSanitizer (using -fsanitize=thread) can crash at startup with a segfault, if ASLR is enabled. Other binaries are not affected.

IV. Workaround

If ASLR is enabled system-wide, the problem can be worked around by running the specific binary with proccontrol(1), to temporarily disable ASLR for only that program. For example:

proccontrol -m aslr -s disable /path/to/example_program

II. Problem Description

A check did not test both the dnode itself and its data for dirtiness. This provides a very small window of time while a file is being modified where the dirtiness check can falsely report that the dnode is clean. If this happens a hole may incorrectly be reported where data was written.

III. Impact

If an access occurs while a file is being modified and a hole is incorrectly reported, the data may instead be interpreted as zero bytes. Any application which checks for holes may be affected by this issue; if this occurs during a file copy it will result in a corrupt copy that retains the incorrect data. Note that the source file remains intact (a subsequent read will return the correct data).

IV. Workaround

Setting the vfs.zfs.dmu_offset_next_sync sysctl to 0 disables forcing TXG sync to find holes. This is an effective workaround that greatly reduces the likelihood of encountering data corruption, although it does not completely eliminate it. Note that with the workaround holes will not be reported in recently dirtied files. See the zfs(4) man page for more information of the impact of this sysctl setting.

The workaround should be removed once the system is updated to include the fix described in this notice.

and HEVC as the only video decoding. Kind of dissapointing as using a graphical display remains the worst part of the rpi systems

Good afternoon everyone! The bot apparently didn't like a few things with the new schedule but it looks like I have it together now. I'll be back to check on it before game time.

Cross-posted from [email protected] (Memmy doesn’t have cross posting yet)

Posting this for visibility: cross-posted from: https://lemmy.world/post/1299831

> Hi all, > > If you're just now signing in for the first time in 12+ hours, you may just now be finding out that Lemmy World and other instances where hijacked. The hijackers had the full abilities of hijacked user, mod, and admin accounts. At this time, I am only aware of instance defacing and URL redirections to have been done by the hijackers. > > If you were not forced to sign back in this morning, contact your instance admin to verify mitigations were completed on your instance. > > ## How? > > This occurred due to an XSS attack in the recently added custom emojis. Instance admins should follow the issue tracker on the LemmyNet GitHub, as well as the Matrix Chat. Post-Incident Activity is still on-going. > > Currently, it is likely that just your session cookie was stolen, with instance admins being targeted specifically by checking for navAdmin, an HTML element only instance admins had. I do not believe this to affect users across instances, but I have yet to confirm this. > > ## What happens next? > > As I am not the developers or affected instance admins, I cannot make any guarantees. However, here is what you'll likely see: > > 1. Post Incident investigation continues. This will include inspecting code, posts, websites, and more used by the hijackers. An official incident writeup may occur. You should expect the following from that report: > > - Exactly what happened, when. > - The incident response that occurred from instance admins > - Information that might have helped resolve the issue sooner > - Any issues that prevented successful resolution > - What should have been done differently by admins > - What should be improved by developers > - What can be used to identify the next attack > - What tools are needed to identify that information > > 2. A CVE is created. This is an official alert of the issue, and notifies security experts (and enthusiasts), even those not using lemmy, about the issue. > > > 3. A code security audit is done. This will likely just be casual reviews by technical lemmy users. However, I will be reaching out to the Mozilla Foundation and Cure53 as they recently did an audit of Mastodon. If there is interest in an external audit of lemmy and the costs are affordable, I'll look into crowdfunding this cost.

I'm trying to set up rules so I can access a few different containers from zerotier. I've already set up an ssh-x11 container and the passthrough is working fine with: > rdr on $ext_zero proto tcp from any to $ext_zero port 8000 -> 10.1.1.3 port 22

where $ext_zero is the variable for the zerotier bridge.

However, trying to stream music with jellyfin with: > rdr on $ext_zero proto tcp from any to $ext_zero port 8096 -> 10.1.1.6 port 8096

I get consistent connection refused messages.

The full pf.conf for redirections: Code: table <jails> persist nat on $ext_if from <jails> to any -> ($ext_if:0) rdr-anchor "rdr/*" rdr on $ext_zero proto tcp from any to $ext_zero port 8000 -> 10.1.1.3 port 22 rdr on $ext_zero proto tcp from any to $ext_zero port 8096 -> 10.1.1.6 port 8096 rdr on $ext_zero proto tcp from any to $ext_zero port 8920 -> 10.1.1.6 port 8920 rdr on $ext_zero proto udp from any to $ext_zero port 1900 -> 10.1.1.6 port 1900 rdr on $ext_zero proto udp from any to $ext_zero port 7359 -> 10.1.1.6 port 7359

The system is FreeBSD, the jails are roughly equivalent to a docker compose install.

Jellyfin is set to accept remote connections, with the whitelist left blank as per their instructions to allow all addresses. Why will ssh connect but not jellyfin?>>