Er... missed link for that last post, https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/

The latest edition of the Security Liberation Front is out¹:

__
¹ https://slf.fish/

100% tariff on the MM/DD/YY date format.

People, with #Greenland raising awareness of our massive 24/7 dependence on US clouds for vital services, I made a list of what (government) stuff would break here under US sanctions. It is EXTREMELY depressing. Can I suggest that people also make a list like this one for their own countries? It is getting quite some traction here: https://berthub.eu/articles/posts/dashboard-amerikaanse-afhankelijkheden/

@piggo I would probably cry because of the unnecessary complexity containers introduce for this use-case.

Join us for the kick-off of Pwn2Own Automotive 2026! As always, we begin the event with a random drawing to see the order of attempts for the contest, which starts first thing on Wednesday, January 21. https://youtube.com/live/Dtp-ICE0crw

@cstross Put another way: LLMs have revealed a zero-day exploit in human consciousness and culture: if you can manufacture plausibility at scale, you can bypass all of the accumulated wisdom of centuries of skepticism and critical thinking. Any fact-using profession is potentially vulnerable to this attack.

A former writer for South Park foresaw Trump's takeover of the Kennedy Center and had the foresight to register the domain names trumpkennedycenter dot org and dot com back in August. JFK's niece thanked him for doing so. Of course, the Trump-controlled board now wants their domain name and threatened legal action. His response is brilliant.

[RSS] The Computational Web and the Old AI Switcharoo

https://fromjason.xyz/p/notebook/the-computational-web-and-the-old-ai-switcharoo/

"shoehorning AI features into our apps isn't just tech bros following their tail. It's setting the expectation that all consumer technology requires AI."

RE: https://haunted.computer/@binarygolf/115878068970692998

Last day of BGGP6 today!

If you host your own e-mail domain could you please test if @internetarchive sign up verification/pw reminder e-mails arrive to you?

[RSS] Quantum computing for lawyers

https://bfswa.substack.com/p/quantum-computing-for-lawyers

@voltagex By "idle" you mean the guest CPU is at 0%? Windows tends to do a lot of things when it senses that no one is looking, incl.: FS indexing, malware scans, updates, all of which consumes CPU and I/O (which may need some emulation by the host too).

The British are to blame for this aren’t they

A glimpse into what a kernel engineer debugs for enterprise customers.

A bank is running a "security" solution that installs kprobes to intercept, among other things, calls to do_execveat_common(), and monitors all the arguments that could have been passed to execveat(). As do_execveat_common() can be triggered not only by userspace, but also by call_usermodehelper_exec(), a kprobe crafted with poor assumptions may result in an erroneous double dereference of what it thinks points to argv**, causing a General Protection Fault.

The kernel is not dumb however. If a GPF is triggered by a kprobe, it is handled gracefully, and nothing happens, and kprobe just returns a safe value. For a GPF to be triggered however, the CPU has to really try to read the wrong memory address first. The address is pretty random each time, meaning it can point to memory regions that are not mapped by kernel, but have some special meaning for a platform.

Enter the platform. It is configured by the hardware vendor in such a way that if an unaligned access to an MMIO region happens, an MCE is generated. And it is not some MCE for a correctable error, but an MCE indicating process context corruption, in other words, it's fatal. So, once it happens, the system dies with a kernel panic.

And this is exactly what the customer experienced. A socket() syscall caused modprobe to be invoked via call_usermodehelper_exec() → do_execveat_common() chain to load the ipv6 module. This triggered a kprobe that dereferenced wrong memory pointer twice provoking a GPF. The kernel began to gracefully handle the GPF, but the platform saw that the second dereference resulted in accessing the MMIO region, and this was an unaligned access, hence the platform threw MCE. And the system died.

It was fun to investigate this and to explain to the customer that three legitimate things in their system being hit together can trigger a crash.

And of course we joked we should have moved the whole case to the networking team, because it's always IPv6.

[RSS] Random BSODs on ASRock Z170 Extreme4: Fixed by Disabling CPU C-States

https://medium.com/@Debugger/random-bsods-on-asrock-z170-extreme4-fixed-by-disabling-cpu-c-states-9416d48a64e9?source=rss-3ba65b326b28------2

I recently had to deploy a change to #Debian Code Search to limit the amount of memory used during indexing a single package — because of #Firefox, which now ships as 388_859 files, totaling 1.78 GB! The resulting search index is 2.76 GB. Doing this entire indexing in one go is just too much for typical servers.

So now we flush into intermediate index files and merge them in the end: https://github.com/Debian/dcs/commit/8e76d5b9408cd12cfb6b728c1f1f3a96a9775310

The resulting drop in max heap usage is nicely visible on the graph by now :)

@n_dimension @cstross "any large family gathering will contain 2-3 human spam generators the will jibber-jabber nonsensical human-like speech constantly." - I'm so glad I'm not the only one with this feeling! :D On the other hand human intelligence was never properly defined. IMO shifting goalposts here indicate that we have an improved, yet still incomplete understanding about how intelligence may be defined, rather than dismissing intelligence because we don't like the looks of it.

But then I discovered https://github.com/builtbybel/Winslop. A tiny tool helped a lot in disabling all of that crap. Nice and simple and it gave me a feeling of control. Thank you Belim! :)

(Yes, this is a lesson in empathy with the user and pretty much accidentally a metaphor that somehow connects to my employer and their main product. No, I will not take any further questions.

P.S. I would prefer arkenfox as a config system over any kind fork)

2/2