@jautero This reminds me that the Sun isn't very hot, there's just lots of it[1] :)

I think this is a reasonable stance. What I do find unreasonable are design choices that (sorry, example again) make people shovel down megabytes of code into a client-side VM to display black on white text. I don't think this would cross anyones mind 20y ago, and not only because perf constraints. But our thinking changed at some point.

[1] https://www.youtube.com/watch?v=6tu0mIpX8nU

@jautero I qouted an example and there are others in the post. Also, not even considering performance, have you ever used MS Teams and thought "hmm, that's some fine piece of software"?

Yes we are all normal here in HUMANSVILLE. We are all HUMANS of course. No need to check.

The Debugging Book

Interactive guide exploring automated debugging, testing, and program repair with Python examples for researchers and developers.

https://www.debuggingbook.org/

#Fuzzing #Testing

Fun times with Telerik UI and DoS by default (it will hit for a long time I think). Sometimes it may lead to more fun, like RCE :)
Gadgeting inspired by @pwntester Oleksandr and @stevenseeley

Blog:

https://labs.watchtowr.com/more-than-dos-progress-telerik-ui-for-asp-net-ajax-unsafe-reflection-cve-2025-3600

[RSS] Reverse Engineering Denuvo in Hogwarts Legacy

https://momo5502.com/posts/2025-10-03-reverse-engineering-denuvo-in-hogwarts-legacy/

[RSS] Analyzing and Breaking Defender for Endpoint's Cloud Communication

https://labs.infoguard.ch/posts/attacking_edr_part5_vulnerabilities_in_defender_for_endpoint_communication/

@Lookatableflip 3B1B doesn't unfortunately. CGPG is close though!

I'm struggling to find and "ELI5 LLM" video, everything I get is either AI generated, marketing, or explaining advanced topics.

Any recommendations?

"You know, I couldn't do it. I couldn't reduce it to the freshman level. That means we really don't understand it." - Richard Feynman

Dear Infosec people who have looked at XML and XXE before: I am trying to get an understanding of Blind XXE.
Many of the descriptions I find are lacking an important detail which makes the attack much less practical. Blind XXE works by building an URL which contains content of a file, allowing to exfiltrate content. However, in all my tests, that *only* works if the file contains no newlines, as those are not allowed in URLs. Am I missing something?
🧵

That means the attack is only relevant if a) you have a file with a secret, but no newlines&other characters breaking an URL, b) you know the path.
That seems rather unlikely in practice.

It may be that there are implementations that will ignore that and still open the URL. Or that will auto-encode newlines. Or that there's some trick I don't know. But that's all speculation. If you know of any *working* scenario where exfiltration with newlines works, I'd be interested to hear about it.

DOMPurify 3.3.0 will soon be released, with this likely being the most important change in a long time:

https://github.com/cure53/DOMPurify/pull/1150

The Great Software Quality Collapse: How We Normalized Catastrophe

https://techtrenches.substack.com/p/the-great-software-quality-collapse

"We've normalized software catastrophes to the point where a Calculator leaking 32GB of RAM barely makes the news."

2025 Component Abuse Challenge: Load Cell Anemometer

https://hackaday.com/2025/10/09/2025-component-abuse-challenge-load-cell-anemometer/

Finding a buggy driver is one thing, abusing it is another🧠
In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader ! 🚀

➡️ https://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061_part2.html

A few technical examples of when C++/Rust interop is complicated. #EuroRust

And they say school material is disconnected from real life:

I just had to use one of my password cracking wordlists to figure out kiddos homework

Open Source isn't going to help.

There's a way to invisibly compromise all software.

A perfect, self-replicating "sin" passed down for generations of compilers.

It's not just theoretical, and Ken Thompson showed us how.

Fuck I gotta unlock my bootloader asap https://social.linux.pizza/@MichaelRoss/115342003180134350

My Dad's on the lookout for a reasonable e-book reader. No Android, no color, no LCD screen - eInk only.

It's been over a decade I last bought an ebook reader, and the Kindle Paperwhite we bought back then still functions great (it never connected to the internet), so I'm a bit out of my depth.

I was looking at a Kobo Clara BW, and I seem to recall reading favourable reviews of Kobo devices.

Is this a good one? Or is there any better one in a similar price range?

For various reasons, not interested in second hand devices, nor DIY or hacked customs. Dad needs something that can be bought off the shelf of a random local shop (or ordered online, shipping to Hungary without horrible tarrifs).