Fun* fact in this video: the 'disposable' vapes thrown away in Britain alone contain enough lithium batteries to make 1.2 Million e-bikes.
I've been independently powering things with vape batteries that I've rescued before seeing this video. Pull out the cell, add a cheap usb charging module and you have a fully rechargeable 3.7v power source. If you need higher voltage you can put them in series and you can even get multi-cell balancing modules for next to nothing if you want to have a few in parallel for more current.
I don't trust them for anything critical, but they're great for low-budget projects as the cells are completely free. My bike lights are all powered by them (one can run a flashing bike light for a couple of weeks' use), as well as various other things that had their batteries die, or that didn't come with rechargeable batteries.
I also only charge them somewhere flameproof, though I haven't had any issues so far.
#making #electronics #reuse
https://www.youtube.com/watch?v=ehp23hrrEHY

Please help us test OpenSSH ahead of the 9.9 release, due in a few weeks.

New features include a new post-quantum key exchange based on ML-KEM, improved controls to disallow unwanted connections and better performance for the existing PQ key exchange.

Full details at: https://marc.info/?l=openssh-unix-dev&m=172638834815257&w=2

God this is fucking incredible. Please take my word for it and read

https://modem.io/blog/blog-monetization/

Apple unexpectedly drops its civil suit against #spyware vendor NSO
Group as it claims discovery against it might disclose information that would benefit… spyware vendors. https://www.securityweek.com/apple-suddenly-drops-nso-group-spyware-lawsuit/

@ciaranmak Got you! I'd say that hitting paywalls and even some JS-based UI monstrocity is the "normal" these days which I'd expect (and probably use Selenium or similar to grab it). But in case of the Wayback Machine I'd expect a friendlier API...

#namethatware #electronics A PCB from the late 90s ...

Please use content warnings to prevent spoilers. I'll publish the solution in ~ 24 hours

@ciaranmak I'm not sure I follow. Are you doing this via the CDX API? If there is RSS what requires tweaking? The RSS feeds don't include the whole content so you have to scrape them for archiving?

TBF I face much more challenges saving data _from_ the WaybackMachine using the CDX API than most of the sites I've scraped:

Most tools for offline archiving simply don't work, and although I'm *really* slow with my requests I get throttled all the time :P

Oh, and I almost forgot that it's surprisingly hard to translate IA URL's to local file paths, esp. since the URL's retrieved from the API aren't properly encoded (https://web.archive.org/.../http://example.com/...)

Huh, TianfuCup website cert expired: https://www.tianfucup.com

About once in a year I have to look at some Ruby stuff, and it's always getting worse.

Not only can't I install fresh versions with rbenv anymore, but even the ones that are available are broken.

@addison super interesting stuff!
I’d tend to disagree with this quote:

> In video games, the inputs are simple and largely don't affect the state too much. At most, it applies some vector to your position.

The harder a video game is, the more reliant it is on precise and well-timed inputs. Also, while some video games allow you to run around in circles without consequence, many don’t.

I think the input correlation is tighter than you make it out to be.

More ranting, as a result from a conversation I had with a couple other #fuzzing people:

https://addisoncrump.info/research/fuzzers-and-gaming/

ChatGPT Versions:
3.0 - It's wrong but very fast
3.5 - GPT3 but with more words
4.0 - GPT3 but with more words and slightly less wrong slightly less fast
4o - GPT3 but our investors wouldn't stop asking us when we're making the next model
4o1 - GPT3 but we boil the ocean by iteratively running your GPT3 queries through more GPT3 instances which all try to fact check each other based on no objective definition of what facts are
5.0 - We've cut costs and carbon emissions while maintaining model accuracy by replacing our GPUs with apes

Exploiting CVE-2024-26581: use-after-free in Linux kernel nftables subsystem

https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-26581_lts_cos_mitigation/docs/exploit.md

#Linux #cybersecurity

neat: https://bug.directory/ from @thegrugq mailing list

[RSS] Eaton: Hardcoded SSH root password in XC-303 firmware

https://github.com/google/security-research/security/advisories/GHSA-xf7j-4x67-6h93

[RSS] Revisiting Neural Program Smoothing for Fuzzing (2023.09.28)

We find that the original performance claims for NPS fuzzers do not hold; a gap we relate to fundamental, implementation, and experimental limitations of prior works." #fuzzing

https://arxiv.org/pdf/2309.16618

[RSS] Look Ma, No Input Samples! Mining Input Grammars from Code with Symbolic Parsing

https://cispa.de/en/research/publications/79453-look-ma-no-input-samples-mining-input-grammars-from-code-with-symbolic-parsing

[RSS] Copy-and-Patch Compilation: A fast compilation algorithm for high-level languages and bytecode

https://arxiv.org/abs/2011.13127

The delayed import-table phantomDLL opportunities

https://hexacorn.com/blog/2024/09/14/the-delayed-import-table-phantomdll-opportunities/

#failedresearch