Holy shit.

Just wow, wow, holy shit:

Completely rewriting a multi-million line COBOL codebase that has life-or-death consequences for real people in the space of a few months, using gen AI?

I’ve been writing software for 40-some years, and I have to say: this may be, without exaggeration, the stupidest software-related idea I’ve ever heard from leadership.

https://www.wired.com/story/doge-rebuild-social-security-administration-cobol-benefits/

ReactOS 0.4.15 Released

https://reactos.org/project-news/reactos-0415-released/

"Now, kernel access checks are fully functional and prevent unauthorized access to system objects. As a result, the Windows kernel now works with the vast majority of modules from ReactOS."

Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudypb 's blog. Don’t blacklist - replace BinaryFormatter.

Gemini 2.5 "reasoning", no real improvement on river crossings

https://awful.systems/post/3875809

"I think chain of thought / reasoning is a fundamentally dishonest technology. At the end of the day, just like older LLMs it requires that someone solved a similar problem (either online or perhaps in a problem solution pair they generated if they do that to augment the training data)"

“Vulgar Display of Power”

https://tante.cc/2025/03/28/vulgar-display-of-power/

> It is a display of power: You as an artist, an animator, an illustrator, a writer, any creative person are powerless. We will take what we want and do what we want. Because we can.

(⁠ノ⁠｀⁠Д⁠´⁠)⁠ノ⁠彡⁠┻⁠━⁠┻
(Days without cleaning up after a "coding assistant" in the prod: 0)

https://www.androidauthority.com/google-android-development-aosp-3538503/

Here are my notes on using a Python virtual environment with IDA Pro:

https://williballenthin.com/post/using-a-virtualenv-for-idapython/

#idapro

use-after-free (maybe?) in libspf2 /by @hanno

https://www.openwall.com/lists/oss-security/2025/03/28/1

Maybe @thezdi could shed some light on CVE-2023-42118 ?

I'm not promising you perfection, BUT

Rivers of Nihil featured in the CMS Live stream :D

https://www.youtube.com/watch?v=r7IoAtt8r24

#metal

Spent the morning with my amazing friend Diána Laurent. We sat in a café, talked, laughed, plotted a short comic, and she did character sketches for the MCs I came up with. It was inspiring and wonderful. Seeing an artist bring characters to life will always feel like absolute magic to me. ✨️

(AI can suck it. It will never replicate this.)

#art #artist #sketching #writing #CharacterArt #flow #image

Alright, let's get the #nakeddiefriday going.

Today's exhibit is AR9281 by Atheros, a very classic Wi-Fi chip found in many devices. Comes in very pink hues. A short thread with highlights follows.

SiPron page: https://siliconpr0n.org/archive/doku.php?id=infosecdj:atheros:ar9281-al1e

#electronics #reverseengineering #microscopy

Would you like to join the #CMS Virtual Visit today? Go to the CMS Youtube Channel at 14:30PM CET and join the LIVE streaming!

https://www.youtube.com/@cmsexperiment

#CERN

Sam Altman’s Studio Ghibli memes are another distraction from OpenAI’s money troubles

https://pivot-to-ai.com/2025/03/27/sam-altmans-studio-ghibli-memes-are-another-distraction-from-openais-money-troubles/ -text
https://www.youtube.com/watch?v=38T84uF771U - video

The IP-law debate around #LLM's reminded me of this old joke:

A cute little girl walks up to the ice cream stand:
- Hello, how much is an empty cone?
- Oh, I can give you that for free - smiles the shop owner
- OK, then I'd like to have 5000 of them!

OpenAI is using Studio Ghibli-style memes as an ad hoc promotional campaign for its new image generator—despite Ghibli founder Hayao Miyazaki's famous hatred of AI. Sam Altman even made his X avatar a 'Ghiblified' portrait.

Disgracing Miyazaki is part of the point: It's more proof to the industry's biggest boosters that they have won—that they're free to use, appropriate, and commoditize art however they see fit.

https://www.bloodinthemachine.com/p/openais-studio-ghibli-meme-factory

The root cause of the Chrome 0-day logical vulnerability CVE-2025-2783, which we discovered used in attacks with sophisticated malware, also affects the Firefox! New CVE-2025-2857 has just been fixed in Firefox 136.0.4 https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/

AppSec Ezine - 580th https://pathonproject.com/zb/?94fef6e1d88cee84#fBDZtrz8GV61O1oJd+9JWBeCO0Kuzyeb3/rheyA/NLA= #AppSec #Security

CVE-2025-27407: Inside the Critical GraphQL-Ruby RCE Vulnerability https://cenobe.com/blog/cve-2025-27407/