What's with the odd name? Apple already has a 15 year-old product called Thunderbolt. Mozilla already has a similarly-named but totally-different product called Thunderbird.
Not sure about the US but in France there’s absolutely no way this would be confused with Apple Thunderbolt. No one talks about it, and I don’t even know it it’s even a thing anymore since USB-C.
As for Thunderbird, it’s not the same name? Idk what to say
My first thought was "why would Mozilla support a proposal to expose Thunderbolt to the Web after rejecting similar proposals for USB and Bluetooth?"
So yeah, especially in light of the lightning bolt logo and "thunderbolt.io" domain name, I think it's confusing enough that I'm honestly surprised there's no "Thunderbolt is a registered trademark of Intel Corporation used under license" notice on the site.
It's a reasonable shortcut for what this project provides: training code, inference code and a ChatGPT-style web interface for chatting with the model.
Is there a recommended (best practice) way to nmap scan your network for vulnerable machines, just to be safe?
From Red Hat's statement:
> Red Hat rates these issues with a severity impact of Important. While all versions of RHEL are affected, it is important to note that affected packages are not vulnerable in their default configuration.
Basically, Red Hat machines aren't vulnerable unless "the cups-browsed service has manually been enabled or started."
And if the target is running CUPS on that port it will reach out to `myserver:PORT` and POST some data. The downside is you need to have a server running that can accept inbound requests to see if it connects back.
A fair point, although nmap does list results as "closed", "open" or "open/filtered".
Which can be ambiguous if the port is open or firewalled.
However, if the nmap reports that port is "closed," it most likely is:
Starting Nmap 7.92 ( https://nmap.org ) at 2024-09-26 20:02 EDT
Nmap scan report for [host] (localip)
Host is up (0.00084s latency).
PORT STATE SERVICE
631/udp closed ipp
I'd add that GP specifically requested an nmap command.
All that said, you're absolutely correct and if nmap returns something like this:
Starting Nmap 7.92 ( https://nmap.org ) at 2024-09-26 20:04 EDT
Nmap scan report for [host] (localip)
Host is up (0.00058s latency).
PORT STATE SERVICE
631/udp open|filtered ipp
then further poking could be required, as you suggest.
I would point out that cups-browsed isn't really necessary unless you desire to have printers automatically added without any user interaction. Which is poor opsec in any situation.
If we're talking about a corporate environment, adding printers can be automated without cups-browsed, and at home or in the wild (cafes, public wifi, etc.) that's an unacceptable (at least from my perspective) risk and printers (if needed in such an unsecured environment) should be explicitly added by the user, with manual checks to ensure it's the correct device.
As such, rather than checking to see if cups-browsed is running unsecured, simply check to see if it's installed:
reply