I am losing it at how many of my peers have forgotten what software engineering is. It is not typing in lines of code.

i'm making a #QBasic game using mode 13h, 320x200 8bpp. i'm using the line doubling feature of the VGA card to make it 320x100 then manually doubling each pixel horizontally for 160x100

i realized i could use a palette with 3 bits red/green and 2 blue, and then do "subpixel" dither to generate the in between colors. i made a converter to test if that would look good, and it does

here's a thread of images showing what that looks like

1/5

#PixelArt #QBasic #dos #RetroComputing #RetroDev

The latest Hacklore newsletter is out. Be sure to subscribe!

Boost for reach! 🙏

https://buttondown.com/hacklore/archive/hacklore-the-valentines-day-edition/

Dear FOSS maintainers,

here’s a list of funding programs currently accepting proposals for maintenance work:

Codeberg: https://codeberg.org/mechko/awesome-maintainer-funding

GitHub: https://github.com/mechko/awesome-maintainer-funding

Thanks to everyone who helped crowdsource it! I’ll keep it updated, issues and PRs are very welcome :)

#opensource #funding #maintenance #foss

First research in a while! Here's my brain dump on reverse-engineering and auditing Lenovo Vantage. In total, I found four (4) vulns. Check out the post and my custom tooling if you're interested.

https://mkiesel.ch/posts/lenovo-vantage/

BMW’s latest “innovation” isn’t about performance or safety. It’s a logo-shaped screw designed to keep owners out of their own cars. We dug into the patent, the intent behind it, and why Adafruit is already working on a custom bit to undo BMW’s attempt to block repair. Learn more at the link below.

http://ifixit.com/News/115528/bmws-newest-innovation-is-a-logo-shaped-middle-finger-to-right-to-repair
—
#iFixit #RightoRepair #FixTheWorld

In a joint security notice BfV & BSI warn that a likely state-controlled threat actor is conducting phishing attacks via messaging services such as Signal. The targets are high-ranking individuals in politics, military & diplomacy and investigative journalists in Germany & Europe. https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2026/202602_BfV_BSI_Sicherheitshinweis.html

-SmarterTools hacked via its own product
-Dutch DPA and European Commission hacked via Ivanti zero-days
-Senegal held for ransom
-state actor behind Signal phishing campaign in Germany
-Flickr 3rd party breach
-China executes scam compound execs
-DDoSer arrested in Poland
-Northwestern hacker pleads guilty
-Nigerian scammer gets 8 years
-17% of OpenClaw skills are malicious
-ClawHub to scan skills using VT

Podcast: https://risky.biz/RBNEWS523/
Newsletter: https://news.risky.biz/risky-bulletin-smartertools-hacked-via-its-own-product/

Due to $reasons I came across this blogpost https://www.elttam.com/blog/env/ about turning ENV variables into code execution which is nice. But the Python vector is depending on Perl, I didn't like that :P.

Digging a bit deeper in the code often helps, so it did this time:

Looking at https://github.com/python/cpython/blob/d73634935cb9ce00a57dcacbd2e56371e4c18451/Lib/webbrowser.py#L51-L52 I could simplify the payload to:

PYTHONWARNINGS='module::antigravity.'  BROWSER='sh -c id #%s' python whatever.py

Microsoft held an AMA session and updated its guide to help sysadmins safely replace Secure Boot certificates that are set to expire this June.

https://techcommunity.microsoft.com/event/windowsevents/ask-microsoft-anything-secure-boot/4486023

https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235

Good news!
We kept aside a few more bundles of training+conference ticket.
To secure your place, send an email to tickets@offensivecon.org or DM us on socials.
Be quick..

Good update to the MSRC leaderboards now that everything is in scope by default: https://www.microsoft.com/en-us/msrc/blog/2026/02/points-to-payouts-evolution-of-microsoft-security-researcher-leaderboard

LLMs are the anti-vax of software and engineering ;-)

In this video, I'm analyzing a really confusing dialog on macOS. Let's dig a bit deeper into what it should do and what it's actually doing. #reverseengineering

https://youtu.be/P7hYg2GpsTk

Recently I switched my music experience from SoundCloud to Bandcamp. I went through my playlists, albums and likes and bought matching tracks on Bandcamp.

At some point I want to delete my SoundCloud account. As they do not offer a data export feature (against GDPR) I created this project to make the export: https://codeberg.org/janikvonrotz/export-soundcloud-data

#SoundCloud #BandCamp #BandCampFriday #stopUsingSpotify #StopUsingSoundCloud #Data #datahoarder #archiving