@mdfranz "When API’s go away, and it’s all a federated MCP mesh." This must be one of those people who - despite working in IT - has always thought of APIs as some magical thing beyond human comprehension, but fortunately MCPs will now finally make everything clear and simple!

"The purpose of a system is what it does"

https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does

This is exactly what I've been trying to articulate re: cookie banners. The word of the regulation and intent is largely irrelevant to the effect it caused.

... the README says "the most useful feature is X". I try X, absolute garbage. I look at the code of X: the only relevant piece of data is simply not included anywhere in the computation. ffs

(no I won't open an Issue/PR, let them figure out themselves...)

Kagi's Small Web initiative and why we're committed to it:

#Kagi #Search #SmallWeb

GitHub Disables Rockchip’s Linux MPP Repository After DMCA Request

https://hackaday.com/2026/01/05/github-disables-rockchips-linux-mpp-repository-after-dmca-request/

"Die Zeit" reveals that German foreign intelligence, in a multi-year campaign, intercepted Barack Obama's phone calls while aboard Air Force One because the encryption was flawed. Angela Merkel didn't know about it.

https://www.zeit.de/politik/ausland/2026-01/bnd-barack-obama-air-force-one-angela-merkel

A Glimpse Into DexProtector
https://www.romainthomas.fr/post/26-01-dexprotector/

@troed I guess it's fine for ad-hoc tools, but I'm looking at code with many stars on GH rn. It works. Sometimes it freezes. Everything is redundant, identifiers don't describe actual purpose but something else, functions are prohibitively large. No one will be willing or able to maintain this shit for more than 6 months.

The general code quality of hacking tools has always been shit. Thanks to LLMs now it's somewhat worse.

POC2025 videos are up:

https://www.youtube.com/watch?v=_eem7AVAMpI&list=PLHu2EA4lxh3Yvaa5sr9TYM3ywzGFBbpR8

This is my every-once-in-awhile post since I’m thinking about it today: if you have a lead on install media, an image of a dev/test system, etc. for the Dynix ILS (from the 1980s/90s), please reach out. No, it’s not on Internet Archive despite some things saying it is.

Anna’s Archive Loses .Org Domain After Surprise Suspension https://torrentfreak.com/annas-archive-loses-org-domain-after-surprise-suspension/

[RSS] DRIVER_POWER_STATE_FAILURE (0x9F): Tracking a Stuck USB Power IRP to FocusriteUSB

https://medium.com/@Debugger/driver-power-state-failure-0x9f-tracking-a-stuck-usb-power-irp-to-focusriteusb-f82e93688a97?source=rss-3ba65b326b28------2

[RSS] CVE-2025-38352 (Part 3) - Uncovering Chronomaly

https://faith2dxy.xyz/2026-01-03/cve_2025_38352_analysis_part_3/

[RSS] RCE via ColdFusion ARchive (CAR) Deployment: One Example of an Authenticated Attack Path in CFAdmin (CVE-2025-61808)

https://www.hoyahaxa.com/2026/01/rce-via-coldfusion-archive-car.html

Trend in Number: Apple Kernel Space CVEs & Vulnerability Reporters
The blue line represents the number of kernel CVEs, and the green line represents the number of vulnerability reporters across the entire Apple platform. Starting in 2022, the number of vulnerability reporters has been increasing, while the number of kernel CVEs has been decreasing.

Do you have an idle cluster? Can you spare a couple core-years?

Help me bruteforce some test vectors for RSA key generation edge cases!

Here are the instructions, it's just a matter of running a single self-contained cross-compilable Go binary that will report the results autonomously.

https://gist.github.com/FiloSottile/19e7ceb1fdcdaa128f7d3319ad0939fa

A German hacker known as "Martha Root" dressed as a pink Power Ranger and deleted a white supremacist dating website live onstage

This happened during the recent CCC conference.

Martha had infiltrated the site, ran her own AI chatbot to extract as much information from users as possible, and downloaded every profile. She also uncovered the owner of the site. She has published all of the data.
#CCC
https://media.ccc.de/v/39c3-the-heartbreak-machine-nazis-in-the-echo-chamber
Leak data:
https://okstupid.lol/

@davidgerard this is a good intro with historical background: https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/

You can also ping @matthewdgreen on bsky

*sigh* several weeks ago, I tried to view something on Harvard University's rare manuscript site ("Curiosity Collections"), but the images were all broken. Digging into the javascript console, I found that the images are not missing from the server if you extract their URLs, but the json is being put together wrong and the viewer can't parse it.

I sent an email to the site's contact person with all the info I had. They were apologetic and said their maintainers were "aware" of the issue, but the vague reason they gave me (a VPN issue) doesn't make a lot of sense in the context that the images are all loadable if you know their URL and the viewer is crashing in a json parsing function. So I suspect someone told the contact person a plausible-sounding reason without investigating. At the very least, they don't seem to be trying at all to fix it.

So the rare manuscripts website of a world-major university has been languishing broken for several weeks at minimum, but who knows how long it'd been like that before I, personally, noticed. I guess this is a "state of American education" post.