Today my #rust compiler told me "expected future, found a different future".

And I'm like: me too buddy, me too

@swapgs The weird part is that even the GHSA link is broken. I also skimmed through recent commits, and nothing immediately suspicious came forward, but I guess PHP don't like to advertise security fixes this way either...

[RSS] New writeup: a vulnerability in PHP's extract() function allows attackers to trigger a double-free, which in turn allows arbitrary code execution (native code)

https://ssd-disclosure.com/ssd-advisory-extract-double-free5-x-use-after-free7-x-8-x/

Can't find official identifiers for this, the GitHub advisory link is broken...

Never forget.

Maybe you should build your own website https://neocities.org

I got #X11 running on the #PinephonePro under #FreeBSD ! Shown here running my favourite #icewm window manager. Super exciting! Now to get the touch screen working 😬

https://tobykurien.com/images/microblog/post-1744879274-0.jpg https://tobykurien.com/images/microblog/post-1744879274-1.jpg https://tobykurien.com/images/microblog/post-1744879274-2.jpg

I never liked nu metal and I feel retrospectively justified by the fact that both Fred Durst and Kid Rock seem to be almost uniquely brain damaged even today.

Project: microsoft/TypeScript https://github.com/microsoft/TypeScript
File: src/services/classifier.ts:1108 https://github.com/microsoft/TypeScript/blob/cbac1ddfc73ca3b9d8741c1b51b74663a0f24695/src/services/classifier.ts#L1108

function classifyTokenType(tokenKind: SyntaxKind, token?: Node): ClassificationType | undefined

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FTypeScript%2Fblob%2Fcbac1ddfc73ca3b9d8741c1b51b74663a0f24695%2Fsrc%2Fservices%2Fclassifier.ts%23L1108&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FTypeScript%2Fblob%2Fcbac1ddfc73ca3b9d8741c1b51b74663a0f24695%2Fsrc%2Fservices%2Fclassifier.ts%23L1108&colors=light

[RSS] Dubious security vulnerability: Once I have tricked the user into running a malicious shortcut, I can install malware

https://devblogs.microsoft.com/oldnewthing/20250414-00/?p=111072

Oh, this is interesting (and a little scary)

tl;dr don’t use SSDs for long term, offline storage. The data degrades after as little as two years without the drives being powered up

https://www.tomshardware.com/pc-components/storage/unpowered-ssd-endurance-investigation-finds-severe-data-loss-and-performance-issues-reminds-us-of-the-importance-of-refreshing-backups

[RSS] The Windows Registry Adventure #6: Kernel-mode objects

https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html

@ligniform Ahh thanks, I remembered it being under Community, but with careful inspection I found the two tiny arrows under the score circle...

Anyway, I'd appreciate if my threat intel followers would put a banhammer on the jofogas-order[.]help domain <3

#CISA Warns of Credential Risks Tied to #Oracle Cloud Breach:
👇
https://securityonline.info/cisa-warns-of-credential-risks-tied-to-oracle-cloud-breach/

Is it me or is it really not possible to vote on URL's on VT anymore?

can't remember where I saw it but "Using AI in education is like using a forklift in the gym. The weights do not actually need to be moved from place to place. That is not the work. The work is what happens within you" is a solid quote

Get your Apple updates folks.
https://support.apple.com/en-us/100100

CVE-2025-31200 and CVE-2025-31201 are being exploited ITW.

Today I learned something truly bizarre about Python.

What do you think this code does?

class C:
xs = [1]
ys = [1]
print([[None for y in ys] for x in xs])

Does it work and print [[None]]?
Or does it fail to access `xs` and `ys` because class scoping is weird?

Neither.

It successfully accesses `xs`, but then fails to access `ys`!

This is sort of documented (but not fully) under https://docs.python.org/3/reference/executionmodel.html#resolution-of-names.

Bonk Knob Records is very pleased to announce the release of "Not Bonk What I Call Wave: Remixes Vol 2"!

You can find it for streaming and download at all these fine places:

https://mirlo.space/bonk-knob-records/release/not-bonk

https://bonkwave.org/music/not-bonk-what-i-call-wave-remixes-vol2/

https://bonkknobrecords.bandcamp.com/album/not-bonk-what-i-call-wave-remixes-vol-2

https://bandwagon.fm/67fea099a706ef72dcec3978

Join us for the release party at 19:00 UTC / 20:00 BST / 21:00 CEST at https://party.bonkwave.org

#BonkWave #NotBonkWave

Unauthenticated Remote Code Execution in Erlang/OTP SSH

https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

Not much details and unfortunately I don't know much Erlang (yet), but this one seems pretty interesting!

CVE-2025-32433