just released liboprf-0.9.3

liboprf is a library implementing the OPRF from https://www.rfc-editor.org/rfc/rfc9497.html and in addition it also provides a threshold variant (tOPRF) and a distributed key generation (DKG) protocol for the tOPRF shared secret, as well as a key update protocol for the tOPRF shared secret. it comes with a high level python frontend that supports servers on TLS, USB and Bluetooth LE

see: https://github.com/stef/liboprf

We need to normalize declaring software as finished. Not everything needs continouos updates to function. In fact, a minority of software needs this. Most software works as it is written. The code does not run out of date. I want more projects that are actually just finished, without the need to be continuously mutated and complexified ad infinitum.

slip slop slap

https://hackerone.com/reports/3465094

Microsoft will pay bug bounties even for 3rd party components:

https://www.theregister.com/2025/12/12/microsoft_more_bug_payouts

Does anyone have a copy of the following paper:

https://doi.org/10.1016/0167-4048(82)90003-7

Robert H. Courtney, Jr., "A systematic approach to data security", in Computers & Security Volume 1, Issue 2, June 1982 (pgs. 99-112)

I have tried Sci-Hub and Anna's but no luck

(it is paywalled at https://www.sciencedirect.com/science/article/abs/pii/0167404882900037 for $30 which seems criminal)

The World Is Not A Desktop - Mark Weiser

https://dl.acm.org/doi/10.1145/174800.174801

make a programming language and then make a game in it.

https://itch.io/jam/langjamgamejam

https://langjamgamejam.com/
#langjam #gamejam #langjamgamejam

@warandpeas This is dark even by my standards! (love it)

@sassdawe What pisses me off is the bloody "reasoning" they provide, but it actually is a copy-paste saying nothing. This tells me the story of "Here's 10k of our customers, and now we will _pretend_ we care about them enough to write 5 sentences to a web page." #LEGO

@LinuxAndYarn @Taco_lad @cR0w @reverseics

[RSS] Is web3 security going great?

https://bfswa.substack.com/p/it-web3-security-going-great

@rodneylives We're on the WW fucking W, and this is a screenshot from X(?) that I got on Signal. Just go nuts with it!

Jeez this blew up! If you are reading this:

Learn how things work and write it down. We're accelerating to stupid.

This is beautiful. I've been looking at this for 5 hours now.

LEGO turned down the Turing Machine model idea :(

https://beta.ideas.lego.com/product-ideas/10a3239f-4562-4d23-ba8e-f4fc94eef5c7

absolutely losing it. My mom received a spam call that got picked up by Google call screening on her phone, and it ended up responding with one of the more unhinged Asterisk voice recordings before hanging up LMAO

Analyzing CVE-2025-2296 [Un-verified #kernel bypass #SecureBoot mechanism in direct boot mode]

https://www.kraxel.org/blog/2025/12/analyzing-cve-2025-2296/

Gerd Hoffmann aka kraxel writes: ""[…] So, if secure boot is enabled attempts to boot via 'EFI stub' will fail, the firmware rejects the binary due to the signature check failing. OVMF will fallback to the legacy 'EFI handover protocol' loader. The legacy loader does not do secure boot verification, which is the core of CVE-2025-2296. And this was essentially unfixable (in the firmware alone) because there simply is no valid secure boot signature due to the patching qemu is doing. Nevertheless there are some use cases which expect direct kernel boot with secure boot enabled to work. Catch 22. […]

Secure boot bypass sounds scary, but is it really? […] So, the actual impact is quite limited. […]""

#Linux #UEFI #QEMU

@wolfnowl This is the only thing protecting human civilization from kneeling to super intelligent chicken overlords!

I'm a huge fan of writing and trying to type on a fucking TV remote got me thinking how much touch-screen keyboards may constrain our thinking...

#ShowerThought

Turns out your outsourced dev team vibe-coded the encryption routine of your #ransomware.

https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/

#VolkLocker