turns out Qualcomm dropped the sources for talking to their Embedded USB Debug (EUD) peripheral, and it works on the OnePlus 6!

This means we get JTAG access directly via the USB port, yes seriously! There is also a UART peripheral which we can hook up (so far untested).

Basically you write 1 to a magic register (typically from the Linux driver but i have been testing from U-Boot) and all of a sudden a 7-port USB hub appears on your PC (in addition to whatever USB gadget you had set up) with a single device which is the EUD control interface.

Now that the code to talk to it is public (and functional with this openocd fork https://github.com/linux-msm/openocd) you can get JTAG access to the device for easier debugging of the kernel or U-Boot!

It seems like this works "by accident" on the OnePlus 6, likely the same debug policy misconfiguration that causes the device to go to crashdump instead of just rebooting (so it's unlikely to work on say, the PocoPhone F1, but maybe worth a try!).

There seem to be protections in place so you can't escalate to EL2 or EL3, when in EL2 all registers read as 0

Wanna earn up to $100,000 a month? Perhaps doing crime? For obscure reasons? This is your opportunity.

Don't miss out on this bizarre hacking campaign, which is currently looking for recruits on Twitter.

🤔 🤔 🤔

https://techcrunch.com/2025/04/01/someone-is-trying-to-recruit-security-researchers-in-bizarre-hacking-campaign/

Don't. Make. Me.

Me: The 90's were great

Also me: *casually downloading a 6 GiB ISO at 30 MiB/sec in 3.5 minutes*

Some things are definitely better than they were, and download speeds is one of them

New tool! Meet the iFixit ESD-Safe Hammer.

We hear you: sometimes you need a little more oomph to finish your fix. So, we engineered the world’s first hammer designed for electronics repair. It's built with a non-conductive handle, ESD-safe head, and just enough heft to "persuade" stubborn components.

Perfect for:
🔋 Glued-in batteries
🪛 Stripped screws
🔌Soldered memory
💥 Stress relief

Now unavailable at iFixit.com.

#iFixit #FixWithForce #AprilFools

New on MDN, I've documented all-new, fully-customizable <select> elements: https://developer.mozilla.org/en-US/docs/Learn_web_development/Extensions/Forms/Customizable_select. Thanks to everyone who provided reviews!

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

New iocaine & new template deployed. It looks great!

• Fancy markov-generated title!
• Beautiful CSS!
• Still can speak with some JS help!
• Minified output!
• QR code with alt text, all garbage!
• Hungarian content on the demo page! (until I restart iocaine again)

https://poison.madhouse-project.org/

well then

When parameterization fails: SQL injection in Nim's db_postgres module using parameterized queries https://blog.nns.ee/2025/03/28/nim-postgres-vulnerability/

UK government cuts funds for actually-working anti-cancer AI

https://pivot-to-ai.com/2025/03/31/uk-government-cuts-funds-for-actually-working-anti-cancer-ai/ - text
https://www.youtube.com/watch?v=he0dAvl37BY - video