Mozilla has updated their press release with the following clarification:

UPDATE: We’ve seen a little confusion about the language regarding licenses, so we want to clear that up. We need a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information type into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice.

https://blog.mozilla.org/en/products/firefox/firefox-news/firefox-terms-of-use/

That is good to hear, but their reasoning makes no sense given that no other browser uses that language.

Firefox now has Terms of Use! This'll go over like a lead balloon.

You give Mozilla all rights necessary to operate Firefox, including processing data as we describe in the Firefox Privacy Notice, as well as acting on your behalf to help you navigate the internet. When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

https://www.mozilla.org/en-US/about/legal/terms/firefox/

RIP Michelle Trachtenberg, thanks for all the laughs :(

@mttaggart @Viss Sure, these are just my personal priorities that I try not to confuse with universal axioms :)

@mttaggart @Viss Yeah that too, although I don't find that feature as significant as search.

Majority are backfilled CVEs from 2021/2022, with someone randomly providing "affected since" commits of introductions of drivers for ones without Fixes tags.

524 new Linux kernel CVEs today, 7 newly-rejected

I got another #NameThatWare for you all. This time, lets try something new.
Its quite hard to make a challenge that is both accessible and challenging at the same time. So now, I will post multiple pictures. The first in this post is the 'hard' level. If you are not an expert, look at the 2nd picture that will be behind a CW. There is also a 3rd picture for easy-mode.

As always, try to write down you observations and deductions behind a CW to not spoil it for others.

@briansmith https://web.archive.org/web/20240114184648/https://www.openssl.org/~bodo/tls-cbc.txt ?

NEW: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum.

Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.

http://techcrunch.com/2025/02/26/hacked-crypto-exchange-bybit-offers-140-million-bounty-to-trace-stolen-funds/

@Viss Let me add that the same behavior effectively made discussing implementation options for search - a killer feature for many use-cases - a taboo. As a result Fedi still doesn't have a comparable feature, while Bsky has this since day one (monolithic arch helps them of course).

I spent the afternoon reading OSR.com and now I hear it in old Obi-Wan Kenobi's voice in my head

Wrapping up our COM hijacking series! 🎉

In the final part, we discuss a custom IPC protocol, use a registry write to gain SYSTEM privileges, and explore Denial of Service attacks on security products. 💥💻

Don't miss it! https://neodyme.io/en/blog/com_hijacking_4/

here is my problem today: how to get more readers onto Pivot To AI? https://pivot-to-ai.com

you know what the site is and what it does

typically ~1000 unique viewers a day, pretty stable

regular readers become patrons, but first I have to lure them in repeatedly - that's my pipeline

ideas welcome, including bad and hackneyed ones

Hackaday Europe 2025: Workshops and More Speakers

https://hackaday.com/2025/02/26/hackaday-europe-2025-workshops-and-more-speakers/

@jt_rebelo @arstechnica The end goal is a new set of electronics that completely lack hardware support for any kind of phone-home nonsense and are designed for utmost simplicity and reliability, rather than giant piles of rapidly developed spaghetti code full of features nobody wants.

We know how to build safe and reliable electronics, we do it all the time for e.g. geostationary communications satellites that have to function for 10+ years without any maintenance and that would cost $100M+ to replace.

We know how to build reliable software. We just... don't. Because it's too expensive.

I'm not slacking off...

https://learn.microsoft.com/en-us/windows-hardware/drivers/debuggercmds/-pfn

Unfortunately the hv-vendor-id trick didn't work to make KDNET work over Proxmox, at least not by just setting the enlightenment in the cpu entry of the node's Proxmox config :(

https://infosec.place/notice/ArU6AdcfLlqQd1uAzY

rotfl https://hackerone.com/reports/2293343

8 CVEs in X⁠.Org X server and Xwayland https://www.openwall.com/lists/oss-security/2025/02/25/1
CVE-2025-26594: Use-after-free of the root cursor
CVE-2025-26595: Buffer overflow in XkbVModMaskText()
CVE-2025-26596: Heap overflow in XkbWriteKeySyms()
CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey()