Here's some nice empirical evidence to support what we all feel: insecure configuration and insecure defaults drive compromises more than software vulnerabilities. This paper argues that the Secure-By-Design initiative would be better served by focusing on the former.

https://www.documentcloud.org/documents/25524680-sbd-feb-2025-seymourwoods/

X appears to be blocking Signal's "Signal.me" links in DMs, posts, and profile pages, giving error messages and showing a warning page for users clicking them (Matt Binder/disruptionist)

https://www.disruptionist.com/p/elon-musks-x-blocks-links-to-signal
http://www.techmeme.com/250217/p8#a250217p8

Reviewing the Cryptography Used by Signal

Last year, I urged furries to stop using Telegram because it doesn't actually provide them with any of the privacy guarantees they think it gives them. Instead of improving Telegram's cryptography to be actually secure, the CEO started spreading misleading bullshit about Signal®. Since then, I've been flooded with people asking me about various other encrypted messaging apps…

http://soatok.blog/2025/02/18/reviewing-the-cryptography-used-by-signal/

@tmr232 @veronica "Writing is nature's way of letting you know how sloppy your thinking is." - Dick Guindon

(Edit: "Programming is nature's way of letting you know how sloppy your writing is.")

I have been introduced to the obscure Linux failure condition called “unbalanced btrfs filesystem.” That’s when you have more than 100 GiB free on your hard drive, yet the file system will refuse operations like renaming a file, claiming that you have no space left. Which comes out of the blue, without any kind of prior warning. And you first have to search past all the unhelpful articles explaining how to remove unused files, until you find that the issue is specific to the btrfs filesystem and with some luck can be cured by running some obscure commands (yet these commands also tend to refuse working because … 🥁🥁🥁 … you have no space left).

It’s 2025 and Linux still does that to people…

Study after study also shows that AI assistants erode the development of critical thinking skills and knowledge *retention*. People, finding information isn't the biggest missing skillset in our population, it's CRITICAL THINKING, so this is fucked up

https://www.microsoft.com/en-us/research/uploads/prod/2025/01/lee_2025_ai_critical_thinking_survey.pdf
https://slejournal.springeropen.com/articles/10.1186/s40561-024-00316-7
https://resources.uplevelteam.com/gen-ai-for-coding
https://www.techrepublic.com/article/ai-generated-code-outages/
https://arxiv.org/abs/2211.03622
https://pmc.ncbi.nlm.nih.gov/articles/PMC11128619/

#LibreOffice: patches two #vulnerabilities allowing arbitrary file writes & remote data extraction from environment variables & configuration files. CVE-2024-12425 & CVE-2024-12426 require no user interaction beyond opening a malicious document containing a malicious font or an image:
👇
https://securityonline.info/libreoffice-vulnerabilities-cve-2024-12425-cve-2024-12426-pocs-released-patch-asap/

@kopper ffmpeg can do anything. ffmpeg can show you God and convert Him to an animated PNG

Ever looked at some small setting/config option and thought that cannot be secure? So did I...

https://mkiesel.ch/posts/cordaware/

Qualys Security Advisory

CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client

CVE-2025-26466: DoS attack against OpenSSH's client and server

https://www.openwall.com/lists/oss-security/2025/02/18/1

[RSS] Debugging An Undebuggable App

https://bryce.co/undebuggable/

#iOS

The livestream on multi-hashcolls is up!
Awesome that David joined and commented on his own hashquines!
https://www.youtube.com/live/-asJnf-S2Nk?si=DCACWGTQyFVOmN1a

The next livestream will be on mitigating hash collisions: preventing them at format design, filtering them out or detecting them.
https://www.youtube.com/live/A7EBbGv1B3U?si=G0zp4eRd0agKSzxY

@ryanc Thanks for reminding me of my forgotten coffee!

@revng Awesome, thank you!

@SensorLock Plotly works great, thank you! Scatter Matrix looks _exactly_ like what I had in mind, but realized that since I have a time dimension a plain scatter plot actually captures the temporal aspect much better.

@pancake I'm not a psychologist but I'd say you spend too much time around computers :D

@Extelec That is awesome! How does Pico Cray's performance compare to the original Cray? :)

@falken @foone yes the Pico Cray https://www.extremeelectronics.co.uk/other-2/pico-cray-small-scale-distributed-computing/