@pancake Thanks for the clarification!

@pancake I think we are talking about different things (please provide a link or stg if I misunderstand). When I just launch claude it can and will write at random FS paths for example, because the process has the privileges to do so. Can it do the same if I launch it in a regular old container where the project directory is mounted (it will have access to everything inside the mount ofc but not my whole ~)?

@pancake I get that this is a stronger isolation layer, but why is that necessary? Do agents randomly perform container escapes?

Simplicity is definitely a plus, but that wouldn't require VMs either.

@pancake How is this different from simply bind mounting your project dir?

[RSS] Windows stack limit checking retrospective: Alpha AXP

https://devblogs.microsoft.com/oldnewthing/20260318-00/?p=112146

Almost 7 years of silence.
Today, that changes.
March 23, 2026.
Follow to be among the first to know:
https://www.corelan.be/index.php/contact
Tick tock. It’s coming.

Our Call for Participation is now live!

If you have a talk, workshop, performance, or installation you'd like to bring to EMF, you can now submit it here:

https://www.emfcamp.org/cfp

Accepted proposals are guaranteed the chance to buy a ticket!

@fluffykittycat

I refer to this as the Oracle problem. In the early ‘90s, if you were using a database to manage things like payroll and inventory, you needed a big server. Paying for an expensive database was a good idea because you really needed to get the last bit of efficiency out of the system.

By the early 2000s, your company’s database might have doubled in size (7% annual growth), but computers were 64x faster for the same price. Now you could (and a lot of companies did, but shouldn’t) handle the same workload in Access on a moderately good desktop. Another decade later and they could buy three cheap Arm SBCs for under $100 and set up Postgres with replication and handle the same workload without noticeably spiking the CPU usage. Not only did the hardware cost drop to almost nothing, the cost of an expensive database went from a rounding error in the accounting to the vast majority of the cost.

Sums up my experience growing up

The `left-pad` incident was 10 years ago today.

https://en.wikipedia.org/wiki/Npm_left-pad_incident

Thankfully, we've completely solved software supply chains in the years since.

[RSS] LLVM Adventures: Fuzzing Apache Modules

https://pwner.gg/blog/2026-03-20-apatchy

🤞https://open.substack.com/pub/chinatalk/p/how-claude-opened-the-strait-of-hormuz

looks like anthropic got rid of the claude refusal triggering string :(

This is my analysis (and PoC) for CVE-2026-20817, a privilege escalation in the Windows Error Reporting service.

👉 https://itm4n.github.io/cve-2026-20817-wersvc-eop/

Credit goes to Denis Faiustov and Ruslan Sayfiev for the discovery.

TL;DR A low privilege user could send an ALPC message to the WER service and coerce it to start a WerFault.exe process as SYSTEM with user-controlled arguments and options. I did not achieve arbitrary code execution, but perhaps someone knows how this can be done? 🤷‍♂️

Google Search using AI to rewrite headlines

https://www.theverge.com/tech/896490/google-replace-news-headlines-in-search-canary-coal-mine-experiment

NetAskari believes a recent hack and leak from China's National Super Computer Center of China (NSCC) might be real

https://netaskari.substack.com/p/chinas-massive-data-leak-of-military

@airwhale @13reak Ironically, the publisher went out of business shortly after this article (and its follow-up) came out because the no-ads, optional subscription model didn't work out for them...

@jerry yes + they had that likely related fuckup with the not-really-revoked cert, resulting in the compromise of their gov cloud.

@jerry You mean other than the recent MS thing?