Hello Mastodon!
Since this is my first post, I thought I'd share some incredibly niche C++ trivia / pedantry:
For an enum whose enumerators all have the value 0, C++ asks us to imagine a hypothetical integer type with minimal width that can represent 0 (https://eel.is/c++draft/dcl.enum#8.sentence-2). This means we must consider the case where the width is 0. For an unsigned integer type, this gives a range of representable values of [0, 0], and that's the type we pick. But before we can determine that that's minimal, we must also consider a signed integer type with a width of 0, for which we get a range of representable values of [-½, -½]! (https://eel.is/c++draft/basic.fundamental#1.sentence-5) Conveniently that range does not include 0, so we discover that we must use an unsigned integer type to determine the range of values of the enumeration. (We also rule out an unsigned integer type of negative width as that would have a range of values 0 to -½ (inclusive) or smaller, which I think we can reasonably conclude is an empty range despite the parenthetical.)
In any case: if you ever wondered whether a zero-bit signed integer type in C++ can represent only the value 0 or only the value -1, now you know: no, it can represent only the value -½. Truly a marvelous compromise.
Follow me for more brilliant insights like this one :)
Happy Patch Tuesday! The latest security patches from #Adobe and #Microsoft are here. Thankfully, no bugs are listed as being under attack, but there's still some interesting ones in the mix. Join @dustin_childs as he breaks down the March release. https://www.zerodayinitiative.com/blog/2026/3/10/the-march-2026-security-update-review
And don't miss our bug of the month! Each patch Tuesday we'll be selecting our very favorite patch to highlight. This month, it CVE-2026-26144 - a Critical-rated info disclosure in Excel that uses the Copilot Agent to exfiltrate data. Neat! https://youtube.com/shorts/r4EjP3JxYRk?feature=share
Announcing #Pwn2Own Berlin 2026! We've got 10 categories for targets, including an expanded #AI target list. We have 4 AI categories - including coding agents (looking at you #Claude). More than $1,000,000 in cash & prizes available. Read the details at https://www.zerodayinitiative.com/blog/2026/3/11/announcing-pwn2own-berlin-for-2026
Tempted to write a post that software development lost the plot a long time ago, and that the recent LLM developments are merely the icing on that cake. Software these days is not the painstaking work by people like @bagder or @hyc or @vitaut who write the best code they possibly can. Over the past decade, "the software world" has been developing in a very different way than that.
Metasploit Pro 5.0 is out now with a fresh UI and tons of improvements! Check out our announcement for details https://www.rapid7.com/blog/post/pt-announcing-metasploit-pro-5-penetration-testing-evolving/
Holy heck, #LookMumNoComputer will be at Eurovision?
And with this absolute banger?
https://lookmumnocomputer.bandcamp.com/track/eins-zwei-drei
#theStudio
yay i got my 10th chrome cve!!
i wrote a pretty fun patch for this one too
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html
I suspect most people outside of the UK won't have heard about the post office scandal, but it seems highly relevant to learn about now (given *waves* this):
For over 15 years, the software post offices in the UK had to use contained severe bugs, particular in accounting, that everyone at Fujitsu/horizon and the post blissfully ignored. Over 900 (!!!) postmasters were sentenced for alleged theft and fraud, some went to jail, some committed suicide. All because the software was shit and everyone who could do something about it didn't care and swept it under the rug.
Everything, including how it was uncovered, about this seems bizarre and Kafkaesque, but we better prepare for it to happen more often.
CVE-2026-3784 beat a new #curl record. This flaw existed in curl source code for 24.97 years before it was discovered.
Illustrated in the slightly hard-to-read graph below. The average age of a curl vulnerability when reported is eight years.
Me? Trolling the other microcontroller vendors? Surely not! Maybe if they had bothered to do something about the most common source of vulnerabilities at some point in the last few decades, the could have been on the other side of the sign...