I just registered for https://uasc.cc/ -- uASC (the Microarchitecture Security Conference) is on February 3rd, in Leuven, Belgium.

**Registration is free but mandatory!**

I would be happy to see all of you there :)

Especially from the Cologne and Ruhr area, it's just a train ride to Leuven -> join us!

"LLMs learn the same way a person does, it's not plagiarism"

This is a popular self-justification in the art-plagiarist community. It's frustrating to read because it's philosophically incoherent but making the philosophical argument is annoyingly difficult, particularly if your interlocutor maintains a deliberate ignorance about the humanities (which you already know they do). But there is a simpler mechanical argument you can make instead: "learning" is inherently mutual.

this is part of my aesthetic objection to LLMs -- they're just so profoundly inelegant. they represent a staggering amount of brute force in terms of time, information and material resources to solve problems that people *and computers* can address much more efficiently. they're a kind of anti-computing

We expect to continue support for #MIPS for the foreseeable future, and welcome contributions. Especially now that the patents have expired on many 64-bit MIPS designs! :)

@chaos0815 Yeah, it's moments like this when I become nostalgic for strict typing, but part of Pythons power is exactly this kind of flexibility. I could argue for a more strict API/type checking in this particular lib, but I guess this is also something that makes them (very) popular, so I think I just have to be more careful in the future (like building less funky loops)...

OK, I feel like an absolute noob:

I just spent hours debugging that I left a comma at the end of a #Python assignment, so the value became a tuple instead of the object I wanted 🤦

The library I passed the value to also has very liberal typing so it failed quietly, and the IDE didn't tip me off because I overwrote the value inside a loop...

Extra commas are the new lack of semicolons!

#fail #programming

#curl 8.18.0 has been released. This release fixes 2 medium and 4 low level vulnerabilities:
- CVE-2025-13034: No QUIC certificate pinning with GnuTLS https://curl.se/docs/CVE-2025-13034.html
- CVE-2025-14017: broken TLS options for threaded LDAPS https://curl.se/docs/CVE-2025-14017.html
- CVE-2025-14524: bearer token leak on cross-protocol redirect https://curl.se/docs/CVE-2025-14524.html
- CVE-2025-14819: OpenSSL partial chain store policy bypass https://curl.se/docs/CVE-2025-14819.html
- CVE-2025-15079: libssh global knownhost override https://curl.se/docs/CVE-2025-15079.html
- CVE-2025-15224: libssh key passphrase bypass without agent set https://curl.se/docs/CVE-2025-15224.html

I discovered the last 2 vulnerabilities.

Download curl 8.18.0 from https://curl.se/download.html

#vulnerabilityresearch #vulnerability #cybersecurity #infosec

@bert_hubert Java applets have been disrupting my life for decades!

TIL #pwndbg accepts donations, so if you care about your debuger command line being actually *good* then consider throwing some money at them:

https://github.com/sponsors/pwndbg/

#ReverseEngineering

Well, I didn't have this on my 2026 Bingo card...

"‘Stop sending butt plugs to Bahrain’: Toronto sex store receives letters from U.S. Department of War":

https://www.ctvnews.ca/toronto/article/stop-sending-butt-plugs-to-bahrain-toronto-sex-store-receives-letters-from-us-department-of-war/

[RSS] Micropatches Released for Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability (CVE-2025-47987)

https://blog.0patch.com/2026/01/micropatches-released-for-credential.html

Nominations for the Top 10 (new) Web Hacking Techniques of 2025 are now live! Review the submissions & make your own nominations here: https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open

its so cold im using chrome instead of firefox to read news on my phone cuz i need the ads to warm up my phone and hands

Are we entering a world where chatbots will replace devs?
Probably not. Prompting an LLM with natural language is inherently lossy and ambiguous. Up to this point, programming has always been deterministic: Your code does what you say it should do otherwise, it’s a bug. Coding agents break that contract.

Our blog:
https://blog.trailofbits.com/2025/12/19/can-chatbots-craft-correct-code/

buckle up and prepare for an unload of *six* CVEs against #curl getting published tomorrow, severity low and medium

Has someone tried redeploying 2026?

Do your work poorly and blame it on bad tools, machinery, or equipment.