"A common fallacy is to assume authors of incomprehensible code will somehow be able to express themselves lucidly and clearly in comments."
– @kevlin
"... or prompts." I would like to add.
Today's software signatures may not survive tomorrow's quantum computers.
Over the past two years, we collaborated with the Sigstore community to build controlled cryptographic agility into the ecosystem with a centralized algorithm registry, configurable restrictions, and Go implementations of post-quantum algorithms LMS and ML-DSA to prove it's future-ready. https://blog.trailofbits.com/2026/01/29/building-cryptographic-agility-into-sigstore/
Only ninety-nine (99) days to go!! High time to submit your abstract(s) to the program committee. We are really looking forward to receive & review them! https://cfp.nluug.nl/.
🚨 New advisory was just published! 🚨
Three new post auth vulnerabilities have been found in ISPConfig. These vulnerabilities allow attackers who have either Reseller or Client accounts to escalate to root level access via unsafe theme handling and backup restore/download symlink abuse: https://ssd-disclosure.com/ispconfig-multiple-post-auth-privilege-escalation-vulnerabilities/
Together with Mario Birkholz of @neuSoM fame, I have written an article about Mastodon and the Fediverse in the journal of the German Physical Society: https://pro-physik.de/zeitschriften/download/23119
It's free to read but in German. Let's hope that @DPGPhysik's move to the Fediverse will inspire other scientific societies and universities to follow!
#physics #mastodon #fediverse #academicchatter #wisskomm #physik
From Politico, @bartgroothuis @barbarakathmann and me on how the Netherlands is about to see its national government service login infrastructure move to US spying/sanction regulation: https://www.politico.eu/article/netherlands-eu-us-tech-digid-donald-trump-policy/
> What if success was not privatizing resources but instead contributing to the commons, to make it each day better, richer, stronger?
We should be proud of our EU commons
I love that article from @ploum - https://ploum.net/2026-01-22-why-no-european-google.html
The new AirTags 2 just arrived!
Time to take them apart 🧵
Fuzzing software becomes much more effective if you can generate _valid_ inputs. We have now built the first approach to _statically_ extract complete and precise input grammars from parser code, producing syntactically valid and diverse inputs by construction. Enjoy! https://dl.acm.org/doi/10.1145/3776743
Horrible idea:
Disclose vulns in the speech bubbles of furry porn commissions
They know what's in your house.
They know who your friends are.
They know what you say about people behind their back.
They know what you eat.
They know where you sleep.
They know when you're on your period.
They know when you fart.
They are not the NSA.
They are not the CIA.
They are your child's kindergarden teachers.
Tim Cook Wrote a Memo on the ‘Events in Minneapolis’
https://daringfireball.net/linked/2026/01/28/tim-cook-memo
The VulnCheck research team found an unauth RCE vuln in SmarterMail that at least three other researchers discovered independently. VulnCheck canaries are also detecting in-the-wild exploitation of CVE-2026-24423. Lots of sudden attention on this software from researchers and adversaries.
https://www.vulncheck.com/blog/smartermail-connecttohub-rce-cve-2026-24423
Build systems suck, all of them. They try to solve a real problem but fundamentally the only way to win this game is not to play.
*ducks*