The package of my toothbrush says "95% Natural Origin".

5% of my toothpaste is supernatural :O

In the Future All Food Will Be Cooked in a Microwave, and if You Can’t Deal With That Then You Need to Get Out of the Kitchen

https://www.colincornaby.me/2025/08/in-the-future-all-food-will-be-cooked-in-a-microwave-and-if-you-cant-deal-with-that-then-you-need-to-get-out-of-the-kitchen/

The truth about "free" search and why it's a trap:

https://www.youtube.com/shorts/IrGegzLXRUk

#Kagi #Search

from my link log —

Turing completeness of GNU find: from mkdir-assisted loops to standalone computation.

https://arxiv.org/abs/2602.20762

saved 2026-02-25 https://dotat.at/:/XR86F.html

Signficant segments of the tech industry think we’re months away from not needing to review LLM-agent code anymore.

I just reviewed an LLM-generated PR in which it quietly switched two out of 100 calls to the get_customer_data() function to the variant that doesn’t check that the customer owns the requested data.

I’m sure this is fine.

@fridadotre Thanks for the prompt reply! Is this true for the gadget too? I tried to supply a config with "runtime":"v8" but hit the same bugs. If the v8 support is there in the official release gadgets I just have to figure out why my config isn't applied (or maybe the bugs affect both paths).

Is it possible/reasonable to compile @fridadotre with V8 in 2026? (I just reported a couple of QuickJS bugs that are blockers for me)

If so, are there any documentation available about the build process or is that knowledge lost to bitrot?

#Frida #ReverseEngineering

[ZDI-26-124|CVE-2025-15060] claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus of Trend Research) https://zerodayinitiative.com/advisories/ZDI-26-124/

Today's oofness is on us :(:

https://blog.talosintelligence.com/uat-8616-sd-wan/

#threatintel, #sdwan

And so but anyway, did I ever tell you about my most humiliating experience as a skilled and successful computer programmer?

How many people know that #WordPress was co-founded by a black man, Mike Little?

Or that he's from the north of England? A self-taught coder from #Stockport, just south of #Manchester? Or that he never received so much as a share, cent or job offer from the $7bn+ valued Automattic after spending five months working exclusively with Matt Mullenweg on the B2 fork?

After @bevangelist told me about @mikelittle I interviewed him for a documentary I never got round to making. Back then I was left with two certainties: he's Wozniak to Mullenweg's Jobs. Among other things he added the one-click upgrade that's been central to WP's bonkers 45%-of-the-web-success. And he's one of the nicest people I've ever interviewed, which is also bonkers given that he not only didn't share in WP's financial success, but that he's barely known.

But he should be - so, better late than never - please meet #MikeLittle, perhaps the most-influential-least-known person in #foss… https://25.netribution.co.uk/nic/mike-little-the-british-co-founder-of-wordpress-youve-probably-never-heard-of/

@cR0w @Sempf I love how we're talking a whole *era* <3

Observation:

- People started deploying anti-scraping measures to fight LLM scraping
- Web indexers can't index stuff anymore
- Search results are even worse than before
- The only way to retrieve the information is to use models that were trained in pre-anti-scraping times (or beat anti-scraping)

If I'm right, anti-scraping can actually push people towards LLM's (who currently absolutely have the capacity to circumvent most anti-scraping).

If you think you share knowledge worth finding, please consider this before deploying countermeasures!

#scraping #search #llm

Something new in our community and that deserves more attention: Breakdown of BLERP, the BLE re-pairing attacks by
Daniele Antonioli
& Sacchetti (NDSS 2026). TL;DR: the BLE standard doesn't authenticate re-pairing.
Paper + PoC indexed there:
https://community.penthertz.com/t/blerp-ble-re-pairing-attacks-and-defenses/17

Access control bypass via header smuggling, with no desync required! Using header smuggling for more than HTTP desync like this is totally underrated - a lot of defences only filter the CL and TE headers. You can detect these with Parser Discrepancy Scan.
https://www.linkedin.com/posts/jakedmurphy1_excited-to-share-that-i-recently-identified-activity-7431735557115789313-xhnA/

[RSS] Abusing Cortex XDR Live Terminal as a C2

https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/

I have a successful build and I only had to patch Meson twice!

@opensource shout-out to @kirschner , for his post about the 500 million euro that the German government spends each year (!) on Microsoft licensing, while asking how much #opensource we could have procured and developed with a fraction of that money. During @nlnet 's presentation.

@timb_machine https://theamazingworldofgumball.fandom.com/wiki/The_Revolt

@soatok

"why are compilers, man?"

So toolchain engineers have a safe space to recover after working on linkers.

( @resistor )