Shot in the dark but is anyone else here a teacher? I am working on revising the literacy curriculum at my school and feel as though I’m doing it in complete isolation. I’d love to chat with another professional about it. #forkiverse #teachers #curriculum (im trying with this tagging stuff but I have legit never done it before)

@bagder

On the morning of the 13th day of the year we have received *checks notes* 13 #curl vulnerability reports on Hackerone this year.

None a confirmed vulnerability.

libpng memory corruptions:

* CVE-2026-22695 - Heap buffer over-read in `png_image_read_direct_scaled` (regression from CVE-2025-65018 fix)

https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

* CVE-2026-22801 - Integer truncation causing heap buffer over-read in `png_image_write_*`

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8

This is the Web of the 1990s and, to some degree, the early 2000s — that some of us experienced and remember.

The Web that some of us want to make a come back.

#WorldWideWeb

The Remarkable Computers Built Not to Fail by Asianometry

https://www.youtube.com/watch?v=SSSB7ZTSXH4

#tandem #hp

This is a super thought-provoking read: "your password doesn't matter": https://techcommunity.microsoft.com/blog/microsoft-entra-blog/your-paword-doesnt-matter/731984

It looks at all of the major failure cases of passwords, pointing out that only one password complexity choice (avoiding a password in the top 10) really influences those failure modes.

The rest can only be addressed with MFA.

@georgek @bontchev I don't have a clue if expecting EUR drives inflation or not, but pretty sure that real estate prices are not good indicators that it does.

@Tattooed_Mummy @ben @TwoClownsEating @babe @TheBreadmonkey @jerry @Nickiquote @skeletor

“Think to yourself that every day is your last; the hour to which you do not look forward will come as a welcome surprise.”

@airwhale @internetsdairy @nicol @TheBreadmonkey third one mostly explains robot uprisings!

@GossiTheDog It’s fascinating that payment processors and app stores happily bullied Tumblr over female presenting nipples and have kicked adult game creators off of Steam, but have been completely silent on CSAM and misogyny generated on X

[RSS] From gixy-ng to Gixy-Next: rescuing Gixy from AI slop

https://joshua.hu/gixy-ng-ai-slop-gixy-next-maintained

⚗️🧪 Periodic Table of Elements (UMT d.o.o. / Igor Pravst, 1996) - a very nice example of such a program with a lot of data, found on a floppy disk 💾 💾

[RSS] Multiple Vulnerabilities in OpenProject

https://mantodeasecurity.de/en/2026/01/multiple-vulnerabilities-in-openproject/

@infosecdj Hell, I can vibe-code a bot that posts publicly and outsource the whole verification mess :D

@infosecdj That's a pretty neat idea actually, would also catch invalid encoding programmatically, not to mention brightening my day with frames of events I care about :)

@infosecdj That would make a good sanity check assuming the compression doesn't change across downloads (I can imagine the stream in optimized in lots of ways), and I'll definitely give it a shot!

My other concern though is that the service may just start streaming blank/noise/whatever randomly, and I wouldn't notice.

@nieldk @13reak E-tags are a neat idea, but I'm not sure if will reflect the hash of the compressed stream delivered to me? I'll keep this in mind though!

@13reak It's 2), please explain!

@13reak There are no originals, only the data from the service with some random compression. What do I compare hashes to?

Edit: you can also think of this as analog->digital conversion (which is also part of this story actually) - how do I know there were no glitches in my encoding software along the way?