Spoiler: it’s way too easy! See you there :) https://infosec.exchange/@1ns0mn1h4ck/114080672369739128

I belive that generative machine learning (so called "AI") will ultimately show us what is really important in life. It's tangible relationships with people. Any form of genuine human expression, including art is also feeding our relationship to the creator and ourselves. But if we replace that with machine-generated approximation of a real human expression, we are loosing that and becoming isolated. Alone.
Cherish people around you, make more time to be with them.
#thoughts #AI #ML #philosophy

Hello again, and welcome to the #nakeddiefriday show.

Today's guest is an older sibling of the previous entry, again a 80C51 derivative, the 83C592 (mask ROM) packaged as 80C592 (ROMless) by Philips. A short thread with some highlights follows.

SiPron page: https://siliconpr0n.org/archive/doku.php?id=infosecdj:philips:p80c592

Many thanks to debauer for donating the samples!

#electronics #reverseengineering #microscopy

checking in on decentralized assets intended to be independent from governments and big banks

#crypto #cryptocurrency

Look, "never" is relative

Friend turned me onto this awesome project. Ever wanted to literally program your music with Python? https://glicol.org/

Have you noticed there's a lot more drama going on here lately?

@finn and I did at least, so we wrote a blog post talking about what happened with VLC and Google, how that drama formed and what you can do to stop spreading misinformation.

https://steffo.blog/outrage-warps-reality/

This is my first-ever blog post that I wrote with someone together, so I hope the way I show what's written by whom is understandable.

Anyway, thank you, Finn, for helping me write such an important blog post. I think I couldn't have done it without you!

#blog #android #google #safetycore #vlc #ai #drama #fediverse

GNU Emacs 30.1 released with 2 CVE fixes https://www.openwall.com/lists/oss-security/2025/02/26/2
Fix shell injection vulnerability in man.el (CVE-2025-1244). We urge all users to upgrade immediately.
New user option 'trusted-content' to allow potentially dangerous features. This fixes CVE-2024-53920.

@VoltPaperScissors @marove @VVoidCamp We're going to have so much fun with this (and not just with kids)! Thank you!

My new DIY video is online! RGB Mushrooms that change color! 🍄💡🌒

Check it out: https://youtu.be/5Ar3oKDBxPA

@marove @VVoidCamp wär das nicht was fürs VVoidCamp?

#papercircuit #papercraft #electronics #diy #stem #mint

The SEC has ruled that meme coins aren’t securities since they “typically have limited or no use or functionality” and are “more akin to collectibles.”

These means getting rug pulled on a memecoin isn’t securities fraud. It’s more like overpaying for Beanie Babies.

https://www.cnbc.com/2025/02/27/sec-says-most-meme-coins-are-not-securities.html

@Aurimas @tychotithonus At least you don't have to deal with this in case of CrowdStrike :)

@tychotithonus I think this dilemma is equivalent to the USGOV vs. Kaspersky case. After some point you have to trust your supply chain. If that's not reasonable, you cut ties.

(I know this is not an answer, but my gut tells me this isn't really a technical problem to solve)

@bascule Or at least buy a CO detector! I also lost a friend to that shit...

Gene Hackman’s Family Reveals What They Believe Caused His Death: Carbon Monoxide

Yet another reason to get rid of all the gas appliances in your home if you can: they’re dangerous!

https://www.thedailybeast.com/gene-hackmans-family-daughter-elizabeth-hackman-reveals-what-they-believe-caused-his-death/

@cR0w Also considering the recent activity around the Linux kernel...

I'm tired enough to read "CVE Nürnberg Authority" and think that vulnerability management took a quite radical turn

SEC Consult SA-20250226-0 :: Multiple vulnerabilities in Siemens A8000 CP-8050 & CP-8031 PLC

https://seclists.org/fulldisclosure/2025/Feb/19

- Firmware Downgrade (CVE-2024-39601)
- Firmware Update Decryption via Secure Element Oracle (CVE-2024-53832)

If a government can issue a secret order to push a 'special' version of a mobile app just to a specific person (or set of people), how can this be mitigated?

• How can app "rarity" be detected locally? (Antivirus and its descendants have a concept of a "well-known benign executable" vs one that has only been rarely seen.

• Can a local app, or an OS feature, be used to compare local apps with a list of expected versions?

• Can this be done independently of the OS (since the order could also subvert the rarity check)? (Even an independent app can be subverted if the only app store is the official one maintained by the same vendor.)

• To detect unusual app versions, reproducible builds are necessary but not sufficient, unless the project is also FOSS -- because even if everyone gets the same APK, the app might receive different instructions from its server depending on unique metadata.

Today in "#systemd ruins everything", Jan learns that systemd-resolve...

- runs a proxy DNS server on 127.0.0.53 (which is in /etc/resolv.conf)
- uses it's own /run/systemd/resolve/resolv.conf
- will read and cache /etc/hosts regardless of what /etc/nsswitch.conf says (`ReadEtcHosts` defaults to `yes` in /etc/systemd/resolved.conf)

Applications that follow traditional libc resolver logic now will continue to get /etc/hosts results even if /etc/nsswitch.conf excludes 'files'.

🤦‍♂️