How often do you get a 75x speedup on a real workload in a compiler? Not often!

Here's the story of one in SpiderMonkey: https://spidermonkey.dev/blog/2024/10/16/75x-faster-optimizing-the-ion-compiler-backend.html

Fuck Microsoft and Fuck Nadella.

As expected, the 24H2 update installed 'Recall', it can't be uninstalled.

To disable the Microcoft spyware, run this as admin

C:\Windows\System32>Dism /Online /Disable-Feature /Featurename:Recall

Can't vouch that all the people you share your screen, code, IP, private details, will disable theirs. consider NOT sharing anything ever again.

Sandbox escape from extensions due to insufficent checks in chrome.devtools.inspectedWindow.reload and chrome://policy (reward: $20000) http://crbug.com/338248595

I'm amazed that there has been zero coverage of this:

EU's new Product Liability Directive got voted through last thursday.

No later than two years from now, software, stand-alone, cloud or embedded are subject to "no-fault liability" (ie: doesn't matter how or why, only that it is defective.)

Here's the directive:

https://data.consilium.europa.eu/doc/document/PE-7-2024-INIT/en/pdf

Gentlemen, start your panic…

PS: Yes, there is a FOSS exemption, but only "outside commercial activity". (Ie: The guy in Nebraska but not RedHat)

Breaking News: The threat actor known as "USDoD" (aka "EquationCorp" and other monikers") has been arrested by Brazilian Federal Police. USDoD is probably best known for his attacks on #InfraGard, Airbus, and his role in the recent National Public Data breach.

Media coverage indicates he was arrested this morning: https://g1.globo.com/politica/noticia/2024/10/16/pf-prende-hacker-de-33-anos-suspeito-de-invadir-sistemas-e-vazar-dados-de-policiais.ghtml

#databreach #hacker #USDoD #EquationCorp

@brett @campuscodi

So, how true is it?

Proud to start sharing Google's strategy for tackling our remaining memory safety challenges: https://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html

It's high level, but it outlines the long-term strategy. We'll be sharing more detailed posts in this series.

#CPlusPlus #RustLang #CarbonLang

Google Chrome security advisory: Stable Channel Update for Desktop
New Google Chrome version 130.0.6723.58/.59 for Windows, Mac and 130.0.6723.58 for Linux has 17 security fixes, 13 externally reported. No mention of exploitation, and nothing sticks out.

#google #chrome #patchtuesday #vulnerability #CVE

Alternatives to @noscript for #chrome recommended by #google's store:
2 #adblockers and 2 trojans.🤨

https://chromewebstore.google.com/detail/doojmbjmlfjjnbmnoijecmcbfeoakpjm/related-recommendations

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Hot off the press!

• CVE-2024-30088 (7.0 high) Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
• CVE-2024-9680 (9.8 critical) Mozilla Firefox Use-After-Free Vulnerability
• CVE-2024-28987 (9.1 critical) SolarWinds Web Help Desk Hardcoded Credential Vulnerability

#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #eitw #activeexploitation #zeroday #CVE_2024_30088 #CVE_2024_9680 #CVE_2024_28987 #solarwinds #mozilla #firefox #microsoft #windows #kernel

Microsoft: Microsoft Digital Defense Report 2024
Microsoft has a 114 page PDF report covering the evolving cyber threat landscape: threat actors and their motivations, nation state threats, ransomware, fraud, identity and social engineering, and DDoS attacks. There's also Microsoft-specific recommendations as part of Secure Future Initiative. Of course, no annual threat intel report would be complete without artificial intelligence ✨. From AI-enabled cyber attacks to influence operations, and god forbid using AI for cybersecurity. There's a section on how governments and industry are approaching and advancing global AI security. This report also includes perspectives from different countries.

#microsoft #securefutureinitiative #AI #cyberespionage #ransomware #digitaldefensereport #threatintel #cybersecurity #infosec #cyberthreatintelligence #CTI

Donald Knuth on the rewards of computer programming

Absolutely wild how many companies are adopting AI notetaking apps for meetings.

Y'all'er just chill sending your planning, product direction and revenue details to some random third party in exchange for them doing the low value task of halfassing note taking for you?

https://bird.makeup/@aubyrs/1845890452710375829

Claims of Chinese researchers breaking "military grade encryption" with a quantum computer are totally overblown. They attacked a trivial 22 bit key and used a quantum annealing architecture. Still not cryptographically relevant and not a quantum computer. Still not breaking RSA!

https://www.scmp.com/news/china/science/article/3282051/chinese-scientists-hack-military-grade-encryption-quantum-computer-paper

https://x.com/twistedhardware/status/1845968772215328896

@buherator

The Tor folks updated their post to say that:

"An earlier version of this blog post incorrectly stated that 'Mozilla is aware of this attack being used in the wild against Tor Browser users.' This has been corrected to accurately reflect Mozilla's official statement. To be clear, the Tor Project has no evidence that Tor Browser users were targeted specifically."