@tmr232 just use regex

"sorry we used your data to throw an election and rob hundreds of millions of people of their privacy. here's twenty eight dollars as a sorry"

RE//verse 2026 CFP is open! Want to be apart of the lineup? Submit your talk: https://sessionize.com/reverse-2026

Still looking for a winter con to attend? RE//verse returns to Florida in March! You don't want to miss out. Get your tickets here: https://shop.binary.ninja/collections/re-verse-admissions-requires-sales-tax/products/re-verse-2026-admission

[RSS] Why is the name of the Microsoft Wireless Notebook Presenter Mouse 8000 hard-coded into the Bluetooth drivers?

https://devblogs.microsoft.com/oldnewthing/20250915-00/?p=111599

Since #Microsoft does not care, and the grace period is over, here is the Hardened Runtime bypass they introduced through .NET MAUI on #macOS. All applications built with it are vulnerable. The #vulnerability has existed probably since 2019.

https://afine.com/breaking-hardened-runtime-the-0-day-microsoft-delivered-to-macos/

Bogdan, who is sadly not on Mastodon, built a web server from a disposed vape.

On the one hand, what has the world come to, treating 32-bit processors faster than our youth's computers as disposable...

OTOH, the sheer amount of cool we can do by just repurposing the trash shat out by rampant consumerism!

https://bogdanthegeek.github.io/blog/projects/vapeserver/

#Permacomputing FTW

Hey security vendors: Maybe try not calling threat actors "low skilled" or "script kiddies" just because a particular attack or exploit was not "sophisticated." You may have observed them hitting low hanging fruit in this instance but when they inevitably pants your customers and you suddenly start calling them "sophisticated" I'm going to call you out, especially in sales and support calls.

As the person that founded the most high profile Black instance in the fedi and still develops safety tools for this environment, there is still a lot of resistance in the fedi in accepting how massively it failed Black and Brown internet folks.

I don’t mind the technical discussions between ATProtocol and Activity Pub because they both have stuff to learn from each other, but the fedi damaged reputation isn’t due to technical concerns.

The fedi has a *terrible* reputation to the point people are choosing a corporate option they know is bad over a free one.

Folks really need to think about what that means.

I regularly talk to folks who left the fedi and they *consistently* say the bigoted harassment they faced on the fedi is the *worst they’ve experienced* online. These aren’t people that are unfamiliar with how digital communities work. These are veteran digital citizens that are accustomed to bad faith engagement on the web.

Fortunately, the rise of Blacksky and other independent installs are rendering Bluesky irrelevant as it continues to enshitify, but the fedi needs to accept its utter failure in regards to safety and moderation is a central reason why we are talking about Bluesky at all.

I do believe it’s possible for the fedi to still be a major player in social media.

But it has to be real about why many people believe Bluesky is the lesser evil.

During the weekend I learned you can achieve TRAMP-like behavior (editing remote files with local editor) in #Neovim with netrw. Only problem was reauthentication without passwordless key files, but SSH ControlMaster can solve that \o/

https://neovim.io/doc/user/pi_netrw.html

https://news.ycombinator.com/item?id=2183699

I am a @mwl fan, and have been for a long time, so I cannot but recommend backing his 2nd edition of Networking for Systems Administrators:

https://mwl.io/ks

Let's get the new generation of "cloud natives" civilised with an understanding of systems and networking!

​

[RSS] New OpenSecurityTraining2 class: "TPM 2.0 Programming using Python and the tpm2-pytss libraries" (~13 hours)

https://ost2.fyi/TC2202

Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days

https://www.willsroot.io/2025/09/ksmbd-0-click.html

I'm happy to share that LIEF 0.17.0 is out: https://lief.re/blog/2025-09-14-lief-0-17-0/

Borrowed from fakebook.

My daughter came home from school and said,
“Mom, you’re not going to believe what happened in history class today.”

Her teacher told the class they were going to play a game.
He walked around the room and whispered to each kid whether they were a witch or just a regular person. Then he gave the instructions:

“Form the biggest group you can without a witch. If your group has even one, you all fail.”

She said the whole room instantly lit up with suspicion.
Everyone started interrogating each other. Are you a witch? How do we know you’re not lying?
Some kids clung to one big group, but most broke off into smaller, exclusive cliques. They turned away anyone who seemed uncertain, nervous, or gave off even the slightest hint of being guilty.

The energy shifted fast. Suddenly everyone was suspicious of everyone.
Whispers. Finger-pointing. Side-eyes. Trust dissolved in minutes.

Finally, when all the groups were formed, the teacher said,
“Alright, time to find out who fails. Witches, raise your hands.”

And not one hand went up.

The whole class exploded. “Wait! You messed up the game!”

And then the teacher dropped the bomb:
“Did I? Were there any actual witches in Salem, or did everyone just believe what they were told?”

My daughter said the room went dead silent.

That’s when it hit them. No witch was ever needed for the damage to happen. Fear had already done its work. Suspicion alone divided the entire class, turning community into chaos.

And isn’t that exactly what we’re seeing today?
Different words, same playbook.
Instead of “witch,” it’s liberal, conservative, vaxxed, unvaxxed, pro-this, anti-that.
The labels shift, but the tactic is the same.

Get people scared. Get them suspicious. Get them divided.
Then sit back while trust crumbles.

The danger was never the witch.
The danger is the rumor. The suspicion. The fear. The planted lies.

Refuse the whisper. Don’t play the game. Because the second we start hunting “witches,” we’ve already lost.

My article about my Sun Netra T1 is now available on my blog, in French and in English !
Here I present you my machine and how to install OpenBSD on it, so it's not soeasy to find things online :)

Link : https://blog.vinishor.xyz/posts/Restauration-SunNetra-en.html

Mon article sur le Sun Netra T1 est maintenant disponible sur le blog !
Je vous présente ma machine et comment installer OpenBSD dessus, vu qu'on trouve pas toujours des infos en ligne :)

Lien : https://blog.vinishor.xyz/posts/Restauration-SunNetra.html

#sparc64 #openbsd #sun

[RSS] Windows KASLR Bypass - CVE-2025-53136

https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/

[RSS] ig-labs/defender-mpengine-fuzzing: Fuzzing Harness and Unpatched Crash Results from Fuzzing Defender MpEngine

https://github.com/ig-labs/defender-mpengine-fuzzing

one of the worst ever "comprehensive security audits" ...

https://hackerone.com/reports/3337561

segmentation faults per degree