> What if success was not privatizing resources but instead contributing to the commons, to make it each day better, richer, stronger?

We should be proud of our EU commons

I love that article from @ploum - https://ploum.net/2026-01-22-why-no-european-google.html

The new AirTags 2 just arrived!

Time to take them apart 🧵

Fuzzing software becomes much more effective if you can generate _valid_ inputs. We have now built the first approach to _statically_ extract complete and precise input grammars from parser code, producing syntactically valid and diverse inputs by construction. Enjoy! https://dl.acm.org/doi/10.1145/3776743

Horrible idea:

Disclose vulns in the speech bubbles of furry porn commissions

AI-Driven Security(tm): exploit doesn't work because target is out of RAM...

They know what's in your house.
They know who your friends are.
They know what you say about people behind their back.
They know what you eat.
They know where you sleep.
They know when you're on your period.
They know when you fart.

They are not the NSA.
They are not the CIA.
They are your child's kindergarden teachers.

#parenting

Tim Cook Wrote a Memo on the ‘Events in Minneapolis’
https://daringfireball.net/linked/2026/01/28/tim-cook-memo

The VulnCheck research team found an unauth RCE vuln in SmarterMail that at least three other researchers discovered independently. VulnCheck canaries are also detecting in-the-wild exploitation of CVE-2026-24423. Lots of sudden attention on this software from researchers and adversaries.

https://www.vulncheck.com/blog/smartermail-connecttohub-rce-cve-2026-24423

[RSS] Micropatches Released for Microsoft Office Security Feature Bypass Vulnerability (CVE-2026-21509)

https://blog.0patch.com/2026/01/micropatches-released-for-microsoft.html

Build systems suck, all of them. They try to solve a real problem but fundamentally the only way to win this game is not to play.

*ducks*

Is it just me or Win11 stopped reporting DLL load errors (VC runtime in particular)?

@airwhale if you enforce TLS checks you'll get a lot of complaints from avg users because shit stops working for random reasons (time desync, cert issued by some new CA etc). My gut tells me that Syn would have disabled verification even if the lib had it on by default (as it should have, we agree on that).

@airwhale Participating in P2O as a vendor is a thing to be respected in the first place. They also wrote a blog about their efforts, but the link is broken - you can probably get it from an archive:

https://blog.synology.com/the-efforts-synology-made-in-pursuit-of-data-security

This is a more technical analysis from the attackers view:

https://drive.google.com/file/d/1MYCNVKkNETkqS-cLJsqHE43Sfm4LZbCO/view?pli=1

In short: they took significant steps forward during the past years, they probably ignored active network attacks (on LANs this may make sense, for Internet comms not so much).

...because y'know, in this day and age restarting a computer doesn't *really* restart it

It's 2026 and I'm restarting my Windows VM the second time hoping that it'll finally recognize it's 2026 already

V now has SSA, SSA => x64/arm64 backends, a linker built in V and a code signer.

As the result, a 2000 line test program is compiled in 8ms!

It's work in progress, self hosting is not possible yet. But once it is, it's going to be awesome!

I thought the Linux scheduler has always worked like this o.O

RE: https://bird.makeup/users/lauriewired/statuses/2015880031227281872

[RSS] When NAS Vendors Forget How TLS Works

https://www.interruptlabs.co.uk/articles/when-nas-vendors-forget-how-tls-works

#QNAP #Synology #Pwn2Own #NoCVE

absolutely fantastic

OpenSSL Security Advisory

https://openssl-library.org/news/secadv/20260127.txt

One high, one medium, and 9 low severity issues.

The high severity is a stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467): attacker provides an oversized IV, leading to buffer overflow prior to authentication, possibly leading to remote code execution if you're parsing untrusted CMS or PKCS#7 content with AEAD (e.g., AES-GCM).