Is it just me or Win11 stopped reporting DLL load errors (VC runtime in particular)?

@airwhale if you enforce TLS checks you'll get a lot of complaints from avg users because shit stops working for random reasons (time desync, cert issued by some new CA etc). My gut tells me that Syn would have disabled verification even if the lib had it on by default (as it should have, we agree on that).

@airwhale Participating in P2O as a vendor is a thing to be respected in the first place. They also wrote a blog about their efforts, but the link is broken - you can probably get it from an archive:

https://blog.synology.com/the-efforts-synology-made-in-pursuit-of-data-security

This is a more technical analysis from the attackers view:

https://drive.google.com/file/d/1MYCNVKkNETkqS-cLJsqHE43Sfm4LZbCO/view?pli=1

In short: they took significant steps forward during the past years, they probably ignored active network attacks (on LANs this may make sense, for Internet comms not so much).

...because y'know, in this day and age restarting a computer doesn't *really* restart it

It's 2026 and I'm restarting my Windows VM the second time hoping that it'll finally recognize it's 2026 already

V now has SSA, SSA => x64/arm64 backends, a linker built in V and a code signer.

As the result, a 2000 line test program is compiled in 8ms!

It's work in progress, self hosting is not possible yet. But once it is, it's going to be awesome!

I thought the Linux scheduler has always worked like this o.O

RE: https://bird.makeup/users/lauriewired/statuses/2015880031227281872

[RSS] When NAS Vendors Forget How TLS Works

https://www.interruptlabs.co.uk/articles/when-nas-vendors-forget-how-tls-works

#QNAP #Synology #Pwn2Own #NoCVE

absolutely fantastic

OpenSSL Security Advisory

https://openssl-library.org/news/secadv/20260127.txt

One high, one medium, and 9 low severity issues.

The high severity is a stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467): attacker provides an oversized IV, leading to buffer overflow prior to authentication, possibly leading to remote code execution if you're parsing untrusted CMS or PKCS#7 content with AEAD (e.g., AES-GCM).

[RSS] Reproducible Linux Kernel bisection

https://www.linaro.org/blog/reproducible-linux-kernel-bisection/

RE: https://mastodon.thenewoil.org/@thenewoil/115971195227745876

Next up will be a VPN ban. Many tech-y people will see that and think “lol yeah well that’s not going to stop *me* from using a VPN”

A VPN ban isn’t really meant stop you from using one. It means when they catch you doing so, they’ll use the fact you’re using this harmless technology itself as a *pretense* to lock you up without needing to do any “hard work” (i.e. an investigator’s job) like actually confirming whether you committed a real crime.

Don’t think you won’t be impacted just because you know how to outsmart an ISP filter! This is not a plan to protect children or stop you from consuming adult media. It is a ploy to eventually eliminate ALL freedom of expression and free access to information in the UK.

And the same goes for Chat Control and encrypted messengers, btw

#UKpol #VPNban #PornHub #ChatControl #Privacy #FreeSpeech #SocialMedia

Twelve years. I started this project twelve years ago, and today I hold the result in my hand. It’s a book that combines bead weaving with math called, “Beading with Algorithms: Cellular Automata in Peyote Stitch.” With help from mathematician and artist Roger Antonsen, graphic designer Zelda Lin, a handful of talented proof readers, and the good people from World Scientific Publishing Company, my dream of combining my loves of math, art, and teaching into a book is finally a reality.

This book is the first of its kind, a recipe book of algorithms that can be used and combined to generate colorful patterns in peyote stitch beadwork in any size and shape you desire. These algorithms could also be applied to other pixelated art forms like tile laying, embroidery, crochet, and quilts. We included projects like bracelets, pill pouches, pendants, beaded beads, and key chains. We also included a bunch of different grids that you can photocopy and color with markers.

Of course I’m biased, but I think it’s a really beautiful book. We included multiple colorful images on almost every page, 172 pages in all. It was a huge layout challenge, but Zelda nailed it. My original goal was to write 128 pages on how to use algorithms to make beaded jewelry, but the more we explored the space, the more we found. Not just millions of algorithms, the space of possibilities is infinite. So of course, we couldn’t include them all. But we used math and Roger’s custom software that he wrote for this project to help us find dozens of the easiest algorithms and more than a hundred more in increasing levels of complexity. We included all of our favorites. 1/2

#MathArt #beading #Genuary #math #beadweaving

@alex @JadedBlueEyes Archive link: https://archive.ph/AbxU5

Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar

https://blog.cloudflare.com/serverless-matrix-homeserver-workers/

Friends, Romans, countrymen, lend me your ear.

If you are writing about a CVE or compiling a list of CVEs and their proof of concept code, please please please mirror the original proof of concept somewhere. I don't care if it's an unformatted .py file on your server. Just put it somewhere rather than hoping that that github user in China won't get their account deleted at any point in the next 15 years.

Wayback machine is down today. Swear words have been said.

Fedi post virality threshold seems to be around 1550 followers

Rewriting the Linux Kernel in Java

The Booz Allen tech contractor behind Treasury Department's unprecedented decision yesterday to cancel all 31 of its contracts with the consulting firm, took the job with Booz Allen - much like Edward Snowden before him - specifically to get access to IRS tax records of President Trump and leak them. And not only Trump's records, he stole the tax records of more than 400,000 other individual and corporate taxpayers -- leaking some of these to the media as well. All of this contributed to the Treasury decision yesterday. https://www.zetter-zeroday.com/booz-allen-tech-contractor-took-irs-job-specifically-to-leak-trumps-tax-records/

New post: Incident Response in GCP: Out of Scope – Ouf of Mind https://insinuator.net/2026/01/incident-response-in-gcp-out-of-scope-ouf-of-mind/