WordPress 6.8 is due to switch their password hashing to bcrypt, and their application passwords to BLAKE2b.

Great news:

They disarmed the 72 char footgun with bcrypt in the way I recommended (HMAC, rather than just SHA2, to prevent hash shucking, and base64 to prevent NUL truncation).

https://core.trac.wordpress.org/changeset/59828

[RSS] ACS Password Leaks Are A Security Issue On #IBMi

https://www.itjungle.com/2025/02/17/acs-password-leaks-are-a-security-issue-on-ibm-i/

Our work featured in IT Jungle

🚨Secure Boot relies on revocation lists (dbx) to block malicious bootloaders, but discrepancies between the @uefiforum & @microsoft lists create security gaps.

👉Call for a single and openly maintained revocation list -- a unified source of truth!

https://www.binarly.io/blog/from-trust-to-trouble-the-supply-chain-implications-of-a-broken-dbx

Project: golang/go https://github.com/golang/go
File: src/cmd/compile/internal/ssa/rewritePPC64latelower.go:55 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/compile/internal/ssa/rewritePPC64latelower.go#L55

func rewriteValuePPC64latelower_OpPPC64AND(v *Value) bool

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2FrewritePPC64latelower.go%23L55&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2FrewritePPC64latelower.go%23L55&colors=light

@cryptax The calling convention defines how return value is set, so it may very well affect the decompilation afaik

@cryptax I guess that's the result of incorrectly identified calling convention? You can check/set with right click on func name -> Edit Function Signature

New updates in LIEF including better support for PE modifications and ARM64EC/ARM64X binaries.

Blog post: https://lief.re/blog/2025-02-16-arm64ec-pe-support/

Stop saying “artificial intelligence”. (And “neural networks” too.)

Be more specific. Say “reinforcement learning”. Say “generative modelling”. Say “Bayesian filtering”. Say “statistical prediction”.

These are incredibly useful tools that have nothing to do with “intelligence”.

And say “model trained on plagiarised data”.

Say “bullshit generator”.

Say “internet regurgitator”.

These are also nothing to do with intelligence, but they have the added bonus of being useless, too.

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75ab2bd98

x86_skip_prefixes

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2bd98.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2bd98.json&colors=light

Microsoft Productivity Pack for Windows (1992)

@G33KatWork Almost the same vibes: https://www.youtube.com/watch?v=AZfxXQUSNIQ

@G33KatWork I don't like cars and I don't know shit about them. This is still highly entertaining!

Serious question to US folks: Does Mint 400 have a Fear&Loathing track these days?

CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection

https://seclists.org/oss-sec/2025/q1/140

"This vulnerability is related to BeyondTrust CVE-2024-12356"

https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/

Cygwin SSHd works of course, but I'll have to figure out project/workspace management for this to be actually useful...

The little devil (notice the vi reference) on my shoulder took over and made me connect #Emacs TRAMP to OpenSSH running on Windows.

Now Emacs is struggling really hard, spinning up the CPU fan 😆

The livestream on crypto-polyglots is up!
https://www.youtube.com/live/RP5PVRUs6L8?si=udjoa6O0MSyq6w9D

This review is one reason why I write so many blog posts that simply restate what is obvious if you look really well. But it turns out that "seeing in front of one's nose requires a constant struggle". Orwell mentions in the review ^ that it is therefore the duty of "intelligent people" to restate the obvious. On seeing in front of one's nose: https://www.orwellfoundation.com/the-orwell-foundation/orwell/essays-and-other-works/in-front-of-your-nose/