So let me get this straight... rsync made a *security release* fixing a bunch of CVEs, it regressed some stuff, people looked at the commit log, saw Claude sign-offs, and started a mob on the sole maintainer?

Yeah, this stuff is what gives legitimate AI criticism a bad name.

I don't like it, you may not like it either, but when people are throwing LLMs at legacy codebases and finding CVEs by the dozen, and a sole maintainer is trying to keep the house from falling apart... if you're attacking them, you're firing at the wrong person.

You know what's a bigger cancer on this world than AI? People incapable of seeing any nuance in situations. And this applies to absolutely everything. I'm absolutely exhausted of extremist takes. From every single side and point of view, in every single debate, AI related and not.

You all seriously need to touch grass, and learn to stop being outraged all the time over every single thing in this world.

shitpost driven development

It's been a while since I did a vulnerability research article. How about a little DoS zero-day as a treat?

https://malwaretech.com/2026/06/exploiting-a-remote-kernel-vulnerability-in-comodo-internet-security.html?1

電気屋ミクさんに触発されて電子部品屋で働くミクさんを描いた #shapoart

RE: https://social.security.plumbing/@freddy/116685551584070386

The presentation will also finally answer the question whether I am a one trick pony. 🫣🤫

Parsing modern ASP.NET Core Identity password hashes for password cracking with hashcat. https://www.pentagrid.ch/en/blog/parsing-modern-aspnet-core-identity-password-hashes-to-hashcat/ #itsecurity #infosec #hashcat #asp #dotnet

If MS really wanted to improve Notepad they'd just replace it with vim

@algernon Get well soon!

Bug tracker use and etiquette should be part of university curriculum.

"The mental model and the explanation aren’t two things – they’re the same object. I think people assume good explanations are simplifications of the expert’s real model. Sometimes they’re just the expert’s real model."

https://xania.org/202605/walking-the-dog

Interesting interview format too!

[RSS] Pwning Minecraft: 4-Byte Heap Overflow to RCE

https://osec.io/blog/2026-06-02-minecraft-heap-overflow-to-rce

The FSB says it found a Western spyware op targeting Russian officials and a Kaspersky exec is going around giving interviews about malware infecting iPhones via an "invisible" iMessage

Hmmm... hmmm...

https://www.rbc.ru/rbcfreenews/6a1e7d589a7947f2bc33dc35

Today I begin posting a series of twice-weekly blog posts describing security software I've developed for personal use over the last 25 years that may be useful for others who manage home or small business infrastructure using OpenBSD, Linux, and/or macOS. https://lippard.blogspot.com/2026/06/25-years-of-openbsd-security-tools.html

3. "28 Errors Later" (28 Years Later)

Just like last year, we replaced a whole wall of movie posters with our own punny movie posters at the cinema where RustWeek 2026 took place. I designed seven new posters for this year's event. See the thread below 👇

I don't mean to brag but I already did this

Researchers teach brain cells to play 'Doom'

https://phys.org/news/2026-05-brain-cells-play-doom.html

[RSS] Docker Internal (2)

https://u1f383.github.io/linux/2026/06/02/Docker-Internal-2.html

Follow-up on research of Dockers security internals

The Pirate Bay Remains Resilient, 20 Years After The Raid https://yro.slashdot.org/story/26/06/01/2145208/the-pirate-bay-remains-resilient-20-years-after-the-raid?utm_source=rss1.0mainlinkanon

@sjfriedl Somehow we've been tricked into believing it's okay to have bugs if you patch 'em.

No, it's not okay to have these bugs.

I say this from the other side. Bugs usually get the minimal patch fix rather than an investigation of how they happened in the first place.

As I said previously, the MSRC and all security folks I engaged with are mostly very nice in person, the security improvements in Microsoft software and services are what we could see in our labs and during our daily research, the ~17M yearly bounty payout are real, and many more. IMO MSRC has been an absolutely leader and has basically defined what the vendor Security Responses look like today (I recall a lot of *SRCs). There’s definitely zero reason for Microsoft to kill all the decades-long good efforts and community relationships in one single post (can’t imagine that😅).

There were and there will be sometimes very hard to deal with for some cases, no doubt. If things go bad, I will complain bad. But with more effective and direct communications, I think (at least I hope) we can improve continuously.

Overall, I’m personally very happy to see this clarification coming out and hopefully this drama can be resolved peacefully.