LinkedIn upped their cookie banner game so much I literally can't use the site anymore. This is probably the most useful feature update they did in the last 10 years!

Just set some of my recursors to DNS4EU, let's see how it performs!

https://www.joindns4.eu/for-public#resolver-options

[RSS] Spotting CVE-2025-23016 with Ghidra

https://medium.com/@cy1337/spotting-cve-2025-23016-with-ghidra-533a084dac42

We wrote a blog post about a Linux kernel vulnerability we reported to Red Hat in July 2024. The vulnerability had been fixed upstream a year before, but Red Hat and derivatives distributions didn't backport the patch. It was assigned the CVE-2023-52922 after we reported it.

The vulnerability is a use-after-free read. We could abuse it to leak the encoded freelist pointer of an object. This allows an attacker to craft an encoded freelist pointer that decodes to an arbitrary address.

It also allows an attacker to leak the addresses of objects from the kernel heap, defeating physmap/heap address randomization.These primitives facilitate exploitation of the system by providing the attacker with useful primitives.

Additionally, we highlighted a typical pattern in the subsystem, as two similar vulnerabilities had been discovered. However, before publishing the blog post, we noticed that the patch for this vulnerability doesn't fix it. We could still trigger the use-after-free issue.

This finding confirms the point raised by the blog post. Furthermore, we discovered another vulnerability in the subsystem. An out-of-bounds read. We've reported them, and these two new vulnerabilities were already patched. A new blog post about them will be written.

Use-after-free vulnerability in CAN BCM subsystem leading to information disclosure (CVE-2023-52922)

https://allelesecurity.com/use-after-free-vulnerability-in-can-bcm-subsystem-leading-to-information-disclosure-cve-2023-52922/

I don’t know who to credit for this, but it’s beautiful

A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects.

— Robert A. Heinlein

#programmers #specialization

WinDBG vs esReverse: same concept (time travel debugging), very different scope.

We break down the differences in our blog: https://eshard.com/posts/difference-between-windbg-and-esreverse

#windows #cybersecurity

The fact that these apps can launch local web servers to collude with tracking scripts and completely de-anonymize the users is wild. It's appalling. But here is what's not new:

Native apps from huge advertising companies (née "social" networks) are nothing but a slot machine where you pay with your data.

Get off these apps. Remove them now. Best yet, get off these addictive shit sites. And if you can't, visit them in at truly privacy preserving browser. 2/3.

[RSS] Discovering a JDK Race Condition, and Debugging it in 30 Minutes with Fray

https://aoli.al/blogs/jdk-bug/

How to store data on #paper?

https://www.monperrus.net/martin/store-data-paper

Project: kubernetes/kubernetes https://github.com/kubernetes/kubernetes
File: staging/src/k8s.io/api/core/v1/generated.pb.go:72936 https://github.com/kubernetes/kubernetes/blob/a62752db5110225a89a83ec844a5884413e550ff/staging/src/k8s.io/api/core/v1/generated.pb.go#L72936

func (m *VolumeProjection) Unmarshal(dAtA []byte) error

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fkubernetes%2Fkubernetes%2Fblob%2Fa62752db5110225a89a83ec844a5884413e550ff%2Fstaging%2Fsrc%2Fk8s.io%2Fapi%2Fcore%2Fv1%2Fgenerated.pb.go%23L72936&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fkubernetes%2Fkubernetes%2Fblob%2Fa62752db5110225a89a83ec844a5884413e550ff%2Fstaging%2Fsrc%2Fk8s.io%2Fapi%2Fcore%2Fv1%2Fgenerated.pb.go%23L72936&colors=light

How Compiler Explorer Works in 2025 — Matt Godbolt’s blog
https://xania.org/202506/how-compiler-explorer-works

#fromBsky

Zen quote of the day.

When you go to the lavatory, spend a longer time there than is necessary.

@zhuowei I made this, you can check how it works on my accounts : https://github.com/v-p-b/rss2bsky.py

From George Orwell's 1984, published OTD, 8 June 1949 -

"The Party seeks power entirely for its own sake. We are not interested in the good of others; we are interested solely in power, pure power.

Power is not a means; it is an end.

Power is in tearing human minds to pieces and putting them together again in new shapes of your own choosing.

To die hating them, that was freedom.

War is peace
Freedom is slavery
Ignorance is strength.”

Are we there yet?
https://en.wikipedia.org/wiki/Nineteen_Eighty-Four
#Politics
1/n

⚠️ woman reportedly found having fun

@maldr0id @oberstenzian During last 10-15 years of communist Hungary there were some sanctioned comedians who could tell all the jokes about the system, allowing the people to get off some steam. The system still collapsed, and no one thinks of the comedians negatively. At that period the problem was not free speech as everyone knew things were shit (in part b/c of jokes that couldn't be controlled anyway) Problem was if you resisted, you could get shot.

@maldr0id not exactly about police but this one is great(not sure how it'll translate though)

Pravda has a story about Stalin visiting the fields at the countryside:
- How are we doing, how are we doing? - asked Comrade Stalin, jokingly
- We're fine, we're fine - replied the workers, jokingly

Communist Poland was exceptionally good at making fun of secret police and egomaniacal leaders.

If my American friends need some good authoritarian jokes so that they can keep their spirits up for the long run I can suggest some!