@schrotthaufen @aurynn What do you need speed for in a terminal? No offense but your fingers/eyes are pbbly much slower than most things a computer does.

@aurynn I still don't get why terminal emulators require OpenGL

it is a very strange world when my terminal emulator program is taking up 1.2GB of memory.

@aurynn can you imagine devoting an entire 26 bytes to the date turnover routine?

@bagder I'm amazed by the patience you handle these reports with...

Here's the latest #curl hackerone issue I mentioned the other day: https://hackerone.com/reports/2871792 another one of those "we found a function call so therefore your program must be vulnerable".

Disclosed for educational purposes. Don't do this.

Fast conditional breakpoints via eBPF!?! Let's go! https://pernos.co/blog/linux-kernel-additions/

"With the new feature we contributed to 6.10 it's instead possible to filter the breakpoint hits in the kernel without ever trapping to rr or using ptrace. We can install a hardware breakpoint via the perf events subsystem and attach a BPF program to it that checks for matching register values and suppresses signals for those iterations that are not of interest."

[RSS] The fascinating security model of dark web marketplaces

https://boehs.org/node/dark-web-security

[RSS] Dependency Walker Rewrite

https://github.com/hfiref0x/WinDepends

ICP-Brasil issued cert for googgle[.]com

https://bugzilla.mozilla.org/show_bug.cgi?id=1934361

Got some negative or unrealistic threat model results that still bring interesting insights? A side channel that requires root to leak something from the kernel? Reproducing prior work? Somewhat related to microarchitecture? Here's your venue: uasc.cc

First edition is happening on February 19 in Bochum, the day before RuhrSec.
We accept submissions (papers, posters, talks) starting today and try to provide reviews within a 2 week time frame of submission.
Last Submission Deadline: January 27, 2025

@mcc I think this is relevant: https://devblogs.microsoft.com/oldnewthing/20240923-00/?p=110297

stalld: unpatched fixed temporary file use and other issues

https://security.opensuse.org/2024/11/29/stalld-fixed-tmp-file.html

@hajovonta @amszmidt I can mess up the same thing multiple times a day...

Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()

https://seclists.org/oss-sec/2024/q4/130

What a mess:

“the reporter also did not reply to any of linux-distros’ members questions, most notably ‘have you contacted either security () kernel org or the bluetooth maintainers about this issue?’”

“the issue may be the same as CVE-2024-27398”

tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337)

https://seclists.org/oss-sec/2024/q4/127

@timb_machine Glad to hear that :) On my side that rendered as a very sad little blob.

@timb_machine What's wrong?

⛧ SLEIGHER ⛧

NEW: The phones of the new NATO Secretary General Mark Rutte (including a hotline with the White House):
https://www.electrospaces.net/2024/12/the-phones-of-new-nato-secretary.html