TBF I face much more challenges saving data _from_ the WaybackMachine using the CDX API than most of the sites I've scraped:

Most tools for offline archiving simply don't work, and although I'm *really* slow with my requests I get throttled all the time :P

Oh, and I almost forgot that it's surprisingly hard to translate IA URL's to local file paths, esp. since the URL's retrieved from the API aren't properly encoded (https://web.archive.org/.../http://example.com/...)

Huh, TianfuCup website cert expired: https://www.tianfucup.com

About once in a year I have to look at some Ruby stuff, and it's always getting worse.

Not only can't I install fresh versions with rbenv anymore, but even the ones that are available are broken.

@addison super interesting stuff!
I’d tend to disagree with this quote:

> In video games, the inputs are simple and largely don't affect the state too much. At most, it applies some vector to your position.

The harder a video game is, the more reliant it is on precise and well-timed inputs. Also, while some video games allow you to run around in circles without consequence, many don’t.

I think the input correlation is tighter than you make it out to be.

More ranting, as a result from a conversation I had with a couple other #fuzzing people:

https://addisoncrump.info/research/fuzzers-and-gaming/

Exploiting CVE-2024-26581: use-after-free in Linux kernel nftables subsystem

https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26581_lts_cos_mitigation/docs/exploit.md

#Linux #cybersecurity

neat: https://bug.directory/ from @thegrugq mailing list

[RSS] Eaton: Hardcoded SSH root password in XC-303 firmware

https://github.com/google/security-research/security/advisories/GHSA-xf7j-4x67-6h93

[RSS] Revisiting Neural Program Smoothing for Fuzzing (2023.09.28)

We find that the original performance claims for NPS fuzzers do not hold; a gap we relate to fundamental, implementation, and experimental limitations of prior works." #fuzzing

https://arxiv.org/pdf/2309.16618

[RSS] Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing

https://cispa.de/en/research/publications/79453-look-ma-no-input-samples-mining-input-grammars-from-code-with-symbolic-parsing

[RSS] Copy-and-Patch Compilation: A fast compilation algorithm for high-level languages and bytecode

https://arxiv.org/abs/2011.13127

The delayed import-table phantomDLL opportunities

https://hexacorn.com/blog/2024/09/14/the-delayed-import-table-phantomdll-opportunities/

#failedresearch

I've implemented Conway's Game Of Life, in Conway's Fractran, in 416 fractions.
https://paste.sr.ht/~rabbits/046a86f42b74789fd5ea08657d253287b3847ffc

@bascule No one? https://www.youtube.com/watch?v=6UPniOAMx94

OpenAI’s ‘$8.5 Billion Bills’ Report Sparks Bankruptcy Speculation

https://www.asiafinancial.com/openais-8-5-billion-bills-spark-bankruptcy-speculation

After a decade(?) without GReader I gave in and started using a server-based #RSS solution, primarily to sync between my devices.

#FreshRSS works pretty well so far: I use newsboat as client, and can even use the built-in scraper to follow sites that don't publish syndication feeds! The downside is that I have to use XPath...

Looks like Newag isn't satisfied with how their civil lawsuit against us in Warsaw is going - because they just filed another one, this time in Gdańsk, and from another corporate entity they manage. And to add to the pile of arbitrary accusations, this time it's about unfair competition (again) and violation of their corporate personality rights (slander?).

[RSS] Binary Ninja Ultimate

https://binary.ninja/2024/09/13/ultimate.html

[RSS] Ghost in the PPL Part 3: LSASS Memory Dump

https://itm4n.github.io/ghost-in-the-ppl-part-3/

Microsoft Security Response Center (MSRC) corrected CVE-2024-43461 (8.8 high) Windows MSHTML Platform Spoofing Vulnerability, marking it as both exploited and publicly disclosed based on evidence of exploitation from ZDI Hunting Team (see parent toot). This is the fifth zero day of September 2024 Patch Tuesday!
cc: @TheDustinChilds @campuscodi @briankrebs @todb @goatyell @ntkramer @hrbrmstr

#CVE_2024_43461 #eitw #activeexploitation #vulnerability #microsoft #msrc #zeroday #cve