For those looking for a covid/flu vaccine around #39c3 bcrt at the globetrotter(.de) shop in hamburg north gives out shots, about 20-30 per shot. I paid 49 for covid+flu, also for non-germans.

(They do ask for your details, no idcard or details needed)

[RSS] From UART to Root: Breaking Into the Xiaomi C200 via U-Boot

https://github.com/h3xDum/Xiaomi-C200-Firmware-Analysis

Pretty cool - it turns out that the way I write my blog posts is called 'BLUF': Bottom Line up Front, and it was standardized by the US Army in their information management guidelines: https://en.wikipedia.org/wiki/BLUF_(communication)

@swapgs Maybe LLM assisted? The vuln is pretty funny and IMO the "philosophical" question it discusses is valid.

CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability writeup

https://www.pixiepointsecurity.com/blog/nday-cve-2025-29970/

[RSS] When OAuth Becomes a Weapon: Lessons from CVE-2025-6514

https://amlalabs.com/blog/oauth-cve-2025-6514/

[RSS] CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC

https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/

as promised, here is a repository that lets you quickly turn any random VPS into a Forgejo Actions runner in under 30 minutes, for use with Codeberg or your private forge! https://codeberg.org/whitequark/nixos-forgejo-actions-runner

it uses NixOS internally, but Nix knowledge is neither required nor assumed, and the README walks you through the entire process.

More good news for the shortest day

In July Helsinki marked an entire year without a single traffic death. The Finnish capital, which has a population of 690,000, achieved the feat through lower speed limits, improved street design and investing in pedestrian and cycling infrastructure. More than half of Helsinki’s streets have a speed limit of 30km/h (18-19mph) and roads have been narrowed with trees.

#RoadSafety #Helsinki #Finland #GoodNews

After several years of refusing to communicate on Meta's platforms I just managed to get my high school friends on Signal for an Xmas chat.

Can I now get my attaboy from @pluralistic?

@bert_hubert My similar rule is that I don’t get to say “just” unless I’m the person who has to “just” do it.

Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack https://www.cyberark.com/resources/threat-research-blog/vulnhalla-picking-the-true-vulnerabilities-from-the-codeql-haystack

I discovered a wonderful hack that likely would allow me to run Windows 2 on my vintage Apricot PC Xi before the New Year.

Quick recap: Apricot PC is a British computer from 1983, not compatible with the IBM PC. It had a Windows 1 port, but not Windows 2, and thus couldn't run Word, Excel, or Illustrator. With a bit of driver-writing, I managed to start Windows 2 on it, but my video driver is rudimentary and cannot be used for practical purposes. Windows video drivers are super-complicated, so I was fully expecting to spend over a month writing one (at least there are docs for everything!)

But I just discovered a way to run Windows 2 with Windows 1 video drivers. So if I had a Windows 1 driver for Apricot, I could use it in Windows 2. Of course, it's never that simple...

Find the difference between Windows 2 with Win1 driver and Windows 2 with the real Win2 driver - both are EGA 640x350!

🧵 thread with a few more screenshots and pointers

Picard management tip: Think.

New vulnerability report from Talos:

Foxit Reader Text Widget Format Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2278

CVE-2025-59488

New vulnerability report from Talos:

Foxit Reader Barcode Calculate CPDF_FormField Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2277

CVE-2025-58085

New vulnerability report from Talos:

Foxit PDF Editor Installation Uncontrolled Search Path Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2275

CVE-2025-57779

[RSS] TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering

https://www.evilsocket.net/2025/12/18/TP-Link-Tapo-C200-Hardcoded-Keys-Buffer-Overflows-and-Privacy-in-the-Era-of-AI-Assisted-Reverse-Engineering/

Anna's Archive backed up Spotify. They got 99.9% of metadata, and 300TB of music representing 86 million tracks - original 160kbps OGG for tracks with popularity>0, and re-encoded 75kbps for popularity=0. absolutely wild project.

the metadata in particular is a hugely useful data source. MusicBrainz catalogues 5 million unique ISRCs (like ISBNs but for music releases), whereas this archive has a whopping 186 million.

https://annas-archive.li/blog/backing-up-spotify.html

Here's the document release you were waiting for today!

The UNIX V4 tape!

https://archive.org/details/utah_unix_v4_raw

#retrocomputing