stty

https://wizardzines.com/comics/stty/

(from The Secret Rules of the Terminal, out now! https://wizardzines.com/zines/terminal/)

You just don't understand the fourth industrial revolution

@cR0w @talosvulns OK but why aren't the ones at Talos listed at Nvidia? (I just did a quick Ctrl+F, I may have missed something)

@cR0w Interesting... @talosvulns just released a bunch of Nvidia writeups but CVE's don't seem to match up

@cR0w Also one by Rapid7 on @attackerkb: https://attackerkb.com/topics/LbA9ANjcdz/cve-2025-10035/rapid7-analysis

@linux Are you an LLM?

"CVE-2025-1727 reveals a critical design flaw: the EoT/HoT linking protocol — which sends emergency brake commands [to trains] over a radio channel — has no cryptographic authentication."

https://cervello.security/blog/vulnerabilities-incidents/research-cve-2025-1727/

🚨 SolarWinds, the gift that keeps on giving: a new Web Help Desk patch bypass, CVE-2025-26399, enables unauthenticated RCE via deserialization.

It’s a patch bypass of CVE-2024-28988/CVE-2024-28986 - previously exploited.

Given SolarWinds’ past, in-the-wild exploitation is highly likely. Patch now.

Need help assessing your exposure? https://watchtowr.com/

[RSS] BYOVD to the next level (part 1) -- exploiting a vulnerable driver (CVE-2025-8061)

http://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061.html

Help, I need a code signing certificate that won't bankrupt me.

Three years ago, I paid $100 for a three-year code signing certificate. I've signed all my open-source projects' releases with it. Now that it's renewal time, Certera (SignMyCode.com) wants almost $700 for the same three-year certificate (excluding the mandatory HSM purchase, which I am totally on board with).

I write silly C and PowerShell code, and I timestamp my signatures so that they're perpetually valid. My PowerShell Gallery stuff, as well as binaries of aprs-weather-submit on Windows and macOS, are all signed and hashed (but not notarized by Apple, because that's another $99 a year for something that feels done unless Bob Bruninga's followers are thinking about APRS 2.0).

If I can't find a solution, anything I write or update in the future will have to be released as unsigned unless I half-ass something (like the Notepad++ developer using self-signed certs -- semi-dangerously clever). $100 every three years, fine. $700 every three years, and I'll do it if my three fans click my Buy Me A Coffee link over and over.

Is there any CA out there that will offer open-source, not-for-profit developers like me a chance to get globally-trusted code signing certificates? I don't think SigStore ever took off (sadly), and even if it did, I don't think it's part of the Microsoft Authenticode program.

#CodeSigning #SSL #TLS #certificates #Certera #SoftwareDevelopment #C #PowerShell #PowerShellGallery #AmateurRadio #HamRadio #APRS #APRS-Weather-Submit #GitHub #security #developer #Windows #macOS #Linux #Authenticode #DevSecOps #DevOps

SALLY STRUTHERS: Do you use floats? Sure. We all do. But did you know a + b + c ≠ c + b + a with many floats? No. Well, neither did I, but with this one PDF you can become a fount of floating-point foibles to impress and depress your colleagues around the water cooler. Isn't this fun?

https://dl.acm.org/doi/pdf/10.1145/103162.103163 #compsci

@tekhedd Thanks, I got this from others too and ofc I remember the format, but wasn't 100% sure the support is there today.

@rootwyrm Good tips, thanks! Probably this will be the fallback if webamp (that also has that irreplaceable early-2000's charm) doesn't work.

@buherator https://github.com/captbaritone/webamp

@capeta yeah I think this is mostly for LANs, but thanks!

@Viss Whoa that's the most awesomest thing I've seen in a while :O Thank you!

Let's say I have a couple of MP3's (very royalty free ofc) that I want to share with normie friends on a web server. Is there a playlist format or maybe even some web frontend that I can use to organize these tracks so my friends can listen to the tracks without installing anything on their Win/Mac boxes, just opening a single URL/file?

It's be nice if there was support for basic HTTP auth because I don't want to open this to everyone either.

#FOSS #MP3 #mixtape

@burritosec

Bishop: Organized crime?
Cosmo: Don't kid yourself. It's not that organized.

[RSS] The Phantom Extension: Backdooring chrome through uncharted pathways

https://www.synacktiv.com/en/publications/the-phantom-extension-backdooring-chrome-through-uncharted-pathways.html

@burritosec Have you tried organized crime?