MDN is more than just a resource. It's a community of developers, contributors, and learners passionate about web development.

Contribute to,
📚 MDN documentation
🤝 Help other devs
💟 Localize content
📝 Review or write on MDN

Start now 👇
https://developer.mozilla.org/en-US/community

@kstrlworks What are "development numbers"?

MongoDB have a blog out about #MongoBleed

Notably:

- Internal find at MongoDB

- they notified customers of the issue and patch availability on December 23rd

- A security vendor published technical details on December 24th, Christmas Eve

- Somebody at Elastic, a direct competitor, published an exploit with full secret extraction feature on December 25th, Christmas Day

That was an impossible situation for orgs - the security industry poured fire on them and set their own customers on fire.

Happy 0 January 2026 to all you nerds.

The US Treasury has lifted sanctions on three executives tied to spyware maker Intellexa, reversing a designation imposed by the Biden administration in 2024 (Suzanne Smalley/The Record)

https://therecord.media/treasury-sanctions-intellexa-removed
http://www.techmeme.com/251230/p18#a251230p18

BTW, glitching the early UART boot path that is fuse protected gives you access to very early nvidia-only key material that is locked down pretty early during the normal boot path. Every single other key on the TX2 is either derived from the FEK1 or FEK2 depending on a fuse bit. Default seems to be FEK2.

SHA1(FEK1) = 9d00fe0637b15de7b417c740a6210d19932c7eb4
SHA1(FEK2) = 0e0fdef7a31d32aaf0fee77679e065652daecb44

I initially did all this to reverse engineer the Denver microcode, however I never could make sense of the instruction set encoding. If anyone wants to tackle this, I can decrypt both microcode stages - seemingly a loader and the final JIT and I more or less completely reverse engineered MB1 that loads the Denver microcode.

/cc @elise

https://media.ccc.de/v/39c3-making-the-magic-leap-past-nvidia-s-secure-bootchain-and-breaking-some-tesla-autopilots-along-the-way

If you're interested in obscure details of the microcode in the Intel 8087 floating-point chip, I have a new blog post...
https://www.righto.com/2025/12/8087-microcode-conditions.html

@raptor https://www.youtube.com/watch?v=f55CqLc6IR0 🤘

I just got reminded that when you start a brand new smartphone the default screen autolock time is around 30s.

This is the attention span vendors are expecting from you.

[RSS] Why are we worried about memory access semantics? Full barriers should be enough for anybody

https://devblogs.microsoft.com/oldnewthing/20251226-00/?p=111919

Today I saw this UNIX v4 PDP11 emulator (running simh in the browser) and decided to write an IO plugin for radare2 to load tapes. Here's the source in case you are curious about how tapes are structured and how to extend r2 with new features like IO backends. https://github.com/radareorg/radare2/commit/aeeccc1d23d3b75edcd6e0013f1372830a6af134

Gentle Reminder for Newcomers :

Boosting posts keeps Mastodon alive!

Boost what you love! 💚
Boost freely! ✨

#Mastodon #Fediverse

New post on my blog! Decapping with DMSO.

https://dev-zzo.github.io/blarg/2025/12/19/decapping-dmso.html

#electronics #reverseengineering

@pancake Sounds like an oxymoron?

LMAO.

https://www.cve.org/CVERecord?id=CVE-2025-68120

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

Learn why some vulnerabilities resist to fuzzing and persist in long-enrolled OSS-Fuzz projects, and how you can find them!

https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/

@wirepair Back in the day we were looking for E.T. or large primes on idle time, now we run ads.

Unix V4 in your browser:

https://riedstra.dev/static/unixv4/

@imreFitos Yes, this is what I observed before. Now the slight difference is that I know exactly when I closed YT and it was before the last video shown.