[RSS] NVIDIA/Mellanox ConnectX-5: Custom #Ghidra processor module for iRISC

https://irisc-research-syndicate.github.io/2025/02/14/writing-a-ghidra-processor-module/

If you do not include an appropriate fuse in your design, your design will designate one.

@albinowax 1) Burp is (rightfully) the de facto standard for webapp testing. Even if by some miracle someone interested in the field didn't hear about it, what else would anyone recommend?
2) What kind of information could a 0-10 numeric answer possibly give you about the desired direction of improvement?
3) You have e-mail support, a forum, and Discord (that I know of) where proper discussions can take place. Hell, even social media allows better interaction with your team than this Clippy-style "would you like to scream into this void?" non-sense.

What this simple dialog tells me is that someone, who doesn't know better than copying dark patterns from freemium mobile games got in a position to get this useless, disrupting junk *added to the code base*. And I'm sorry, but I won't hold back my words to express my concerns about this direction because 1) allows shoving more shit down our throats unless we push back hard.

I hope you didn't take this as a personal attack. I mentioned you because I'm sure you understand the needs and concerns of professional users better than anyone.

@bh @404mediaco because your cpu vendor is not relevant when you happen to run malware.

Thanks to OSTIF!, in 2024, we assessed cURL's HTTP/3 components. We found two issues, enhanced fuzzing coverage, and provided testing and security recommendations.

https://github.com/trailofbits/publications/blob/master/reviews/2023-12-curl-http3-securityreview.pdf

cURL marked our 14th security assessment with OSTIF, with our first being in 2019. OSTIF's mission to secure critical open-source software has led to security improvements across projects on which we all depend.
Read their annual reports:
https://ostif.org/ostif-2024-annual-report/
https://ostif.org/2024-sovtech-audit-report/

@bh @404mediaco They could deploy the same code on a mainframe in Fort Knox, it would be the same bug (if my theory is correct). I dont have info abt usgov webapp deployment policy.

@bh @404mediaco yeah ik. It's a platform, the user provides implementation. You don't blame your cpu for executing malware.

@bh @404mediaco frankly I don't see why CF is relevant, this looks like an app-specific endpoint, but I may be missing some detail

Better late than never, I just published a blogpost about my experience at @blackhoodie training, hexacon 2024. Again, big thanks to the organizers for putting together this training, it was really good! 😊

https://p0pcycle.com/2025/02/14/blackhoodie-my-experience/

FBI files on Kevin Mitnick released thx to a FOIA request by hexadecim8.com

https://vault.fbi.gov/kevin-mitnick/kevin-mitnick-part-01-final/view

#frombsky

Super scummy for microsoft to auto upgrade (at the added cost of an extra £30 a year) people to a AI plan, and not offer a "actually I don't use any of that stuff" can I not pay that £30 a year?

And then only when you are at the cancel page, it's like "🥺 oh sorry do you want the old deal back? 🥺"

For anyone else, you don't even have to get that far into the cancel page for this. So it's easy to save £30 a year with this.

Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.

— Antoine de Saint Exupry

#complexity

Unrestrict the restricted mode for USB on iPhone. A first analysis @citizenlab #CVE-2025-24200 👉 https://blog.quarkslab.com/first-analysis-of-apples-usb-restricted-mode-bypass-cve-2025-24200.html

Happy #nakeddiefriday folks!

Today's specimen is p/n SC13890P23A by Motorola/Freescale. This came from an embedded cellular modem I tore out of [redacted]. The die is marked ATLAS-UL.

It is the most colourful die I have ever imaged.

SiPron page: https://siliconpr0n.org/archive/doku.php?id=infosecdj:motorola:sc13890p23a

Preparing a talk on #programming an #AnalogComputer - using the wonderful #THAT from anabrid and my #Vectrex that has been modified to provide an additional #oscilloscope mode.

Really cool blog post about permissions in browsers and how they work. https://albertofdr.github.io/web-security-class/browser/browser.permissions

Better than watching live coding on Twitch I guess?

[RSS] Bent // Broken 2025 Worldwide Virtual Circuit Bending Festival

https://blog.adafruit.com/2025/02/13/bent-broken-2025-worldwide-virtual-circuit-bending-festival/

Today's @kagihq changelog is honestly kind of a massive deal for privacy stuff:
- Human readable privacy policy page
- Privacy pass (an open source, cryptographic verifiable way of doing searches through Kagi without them being able to see who you are)
- Official tor service

https://kagi.com/changelog#6172 #kagi

[RSS] On the Original Punched Cards

https://hackaday.com/2025/02/12/on-the-original-punched-cards/