hey fedi does anyone know much about reverse engineering fpga bitstreams? is that something that is doable? what tools do people use for this?

looking at a xilinx chip specifically, haven't identified the specific model yet, but it's one that's at least 20 years old

#FPGA #ReverseEngineering #embedded #xilinx

[RSS] Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey

https://www.synacktiv.com/en/publications/breaking-the-beestation-inside-our-pwn2own-2025-exploit-journey.html

@rootwyrm @cR0w @trashpanda @scottwilson @hrbrmstr See also: https://thinkingmachines.ai/blog/defeating-nondeterminism-in-llm-inference/

Ooops, I just loaded it in IDA :P Because fuck the software licenses :PPPP

Now that it's 2025, could someone quickly vibe code a working clipboard for X11?

first: my newest zine, The Secret Rules of the Terminal!

This has all the gnarly details about the Unix terminal that I wish I knew when I started using it. It's weird and kind of wonderful (I talk about why you can use your mouse in the terminal!)

https://wizardzines.com/zines/terminal/

(2/16)

The bus deadlock in Oslo has illustrative value

#dev #programming #buses #multithreading

python, the official language of "well i could just use python"

Colossal blunder on my part this afternoon.
Pulled the drives from an areca raid array and
forgot what order they have to go back in
so now the array isn't recognized and RESCUE doesn't see it.
Has anyone documented the magic parameter sectors that describe this anywhere?

[RSS] Dell ControlVault, Lasso, GL.iNet vulnerabilities

https://blog.talosintelligence.com/dell-controlvault-lasso-gl-inet-vulnerabilities/

[RSS] Prepared Statements? Prepared to Be Vulnerable.

https://blog.mantrainfosec.com/blog/18/prepared-statements-prepared-to-be-vulnerable

#nodejs

When giving #infosec advice it's easy to forget that the average person probably only knows about Uniform Resource Locators and the Domain Name System.

And Public Key Infrastructure of course.

@joeycastillo "Uncle Sam has to borrow $207 by Friday so he can drink through the weekend"

Github actions yeah but what about Github consequences

Kid: "Yeah, that computer must have been old, it even had a CD-drive!"

#fml

AdTech should hire the dev who implemented the tab mute button in #Firefox. This damn thing attracts my cursor like a rare-earth magnet!

https://kagi.com/search?q=firefox+disable+tab+mute&r=no_region&sh=sz8XiYwKHp4PD09ExTXGuw

Scovilles per pigeon

Really big scoop (I don't think @briankrebs knows how big yet) here - he's tracked down somebody who says they are Rey from Lapsus$.

I don't wanna say why yet as I don't have all the pieces of the jigsaw, but I imagine this is going to turn into a long thread over time.

https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/

@cR0w

well strlen() returns the amount of bytes so in this regard multibyte characters are not really an issue per see.

https://gitlab.gnome.org/GNOME/glib/-/blob/f28340ee62c655487972ad3c632d231ee098fb7f/glib/gconvert.c#L1318 defines a char array of acceptable (meaning ASCII) characters.

Then it iterates over the dynamically allocated buffer and keeps track of the amount of "unacceptable" characters.

unacceptable was a gint (https://docs.gtk.org/glib/types.html#gint) which could therefore overflow.

To me it does look like glib could use some refactoring.

https://gitlab.gnome.org/GNOME/glib/-/commit/f28340ee62c655487972ad3c632d231ee098fb7f