RE: https://tech.lgbt/@ShadowJonathan/115979646528496303

Give me Universal Basic Income and watch me obsessively plant fruit and nut trees in the entire city.

Hey Hey, People.

Just updated my book-in-progress - Suricata: An Operator's guide.

This update finally closes out chapter 7, a scenarios/exercises chapter to help readers grasp the concepts of threat research and data pivoting, and how the data acquired gets turned into Suricata rules.

There are three scenario exercises in total:

Scenario 1: PolarEdge Botnet
Scenario 2: Myth Stealer
Scenario 3: Oyster backdoor

As always, the book is available for free, and I'm not expecting anyone to pay for my half-finished work. Download a copy here:

https://leanpub.com/suri_operator

the exercises chapter is made much more fun for readers, if they can follow along, so I've updated the github supplementaries repo with pcaps for both the second and third exercise. You can find that repo here:

https://github.com/da667/Suricata-An-Operators-Guide-Supplementaries

Future plans:

Chapter 8 is going to be another somewhat hands-on chapter, where readers learn how to "throw" and capture pcaps of proof-of-concept exploits, and/or forge their own pcaps based on threat research write-ups. I'm not 100% sure which CVEs/vulns I'll be picking on here, but I'll be doing three of them, just for some variety.

As a former K-12 technology educator, let me break this down for you. If a "toy" comes with an app, it isn't a toy; it's a data collection mechanism, and likely a brand loyalty engine.

Kids don't need these things. In fact, they're much, much better off without them.

https://www.wired.com/story/an-ai-toy-exposed-50000-logs-of-its-chats-with-kids-to-anyone-with-a-gmail-account/

Comodo has some newer MDM products they cannot, surprise-surprise, adequately protect from abuse.

*.itsm-us1.comodo[.]com (US)
*.cmdm.comodo[.]com (EU)
*.mdmsupport.comodo[.]com (legacy)

https://russianpanda.com/The-Abuse-of-ITarian-RMM-by-Dolphin-Loader

#rmm

"A common fallacy is to assume authors of incomprehensible code will somehow be able to express themselves lucidly and clearly in comments."
– @kevlin

"... or prompts." I would like to add.

NoFX pops out of retirement to say #fuckICE 🤘:

https://www.youtube.com/watch?v=sU6s6VEJxrU

Today's software signatures may not survive tomorrow's quantum computers.
Over the past two years, we collaborated with the Sigstore community to build controlled cryptographic agility into the ecosystem with a centralized algorithm registry, configurable restrictions, and Go implementations of post-quantum algorithms LMS and ML-DSA to prove it's future-ready. https://blog.trailofbits.com/2026/01/29/building-cryptographic-agility-into-sigstore/

Only ninety-nine (99) days to go!! High time to submit your abstract(s) to the program committee. We are really looking forward to receive & review them! https://cfp.nluug.nl/.

🚨 New advisory was just published! 🚨

Three new post auth vulnerabilities have been found in ISPConfig. These vulnerabilities allow attackers who have either Reseller or Client accounts to escalate to root level access via unsafe theme handling and backup restore/download symlink abuse: https://ssd-disclosure.com/ispconfig-multiple-post-auth-privilege-escalation-vulnerabilities/

Together with Mario Birkholz of @neuSoM fame, I have written an article about Mastodon and the Fediverse in the journal of the German Physical Society: https://pro-physik.de/zeitschriften/download/23119

It's free to read but in German. Let's hope that @DPGPhysik's move to the Fediverse will inspire other scientific societies and universities to follow!

#physics #mastodon #fediverse #academicchatter #wisskomm #physik

From Politico, @bartgroothuis @barbarakathmann and me on how the Netherlands is about to see its national government service login infrastructure move to US spying/sanction regulation: https://www.politico.eu/article/netherlands-eu-us-tech-digid-donald-trump-policy/

> What if success was not privatizing resources but instead contributing to the commons, to make it each day better, richer, stronger?

We should be proud of our EU commons

I love that article from @ploum - https://ploum.net/2026-01-22-why-no-european-google.html

The new AirTags 2 just arrived!

Time to take them apart 🧵

Fuzzing software becomes much more effective if you can generate _valid_ inputs. We have now built the first approach to _statically_ extract complete and precise input grammars from parser code, producing syntactically valid and diverse inputs by construction. Enjoy! https://dl.acm.org/doi/10.1145/3776743