Learning #Rust made me a better #Python programmer.

Not because I write Rust at work. Because Rust forced me to think about things I'd been ignoring and I never realized this fact.

Also came across this today. Wasn't already in the ruleset, so I fixed that.

FreePBX Authenticated Command Injection - testconnection SSH functionality.

https://theyhack.me/CVE-2025-64328-FreePBX-Authenticated-Command-Injection/

[RSS] Micropatches released for Microsoft Excel Remote Code Execution Vulnerability (CVE-2025-62203)

https://blog.0patch.com/2026/02/micropatches-released-for-microsoft.html

Patch diffing + RCA for clfs.sys can take awhile.

I gave the diff + binary to a local LLM.

It mapped the UAF path, race condition, all IOCTLs in <20 min

LLMs don't replace the work, they are momentum.

New blog post following the UAF trail of CVE-2025-29824:

https://clearbluejar.github.io/posts/how-llms-feed-your-re-habit-following-the-uaf-trail-in-clfs/

Dirty Ptrace: Exploiting Undocumented Behaviors in Kernel mmap Handlers

Talk by Xingyu Jin and Martijn Bogaard about a new type of logical bugs in kernel driver mmap handlers exploitable via the ptrace functionality.

Authors found multiple Android vendor drivers affected by the issue. They also wrote an exploit for the IMG DXT GPU driver to escalate privileges on Pixel 10.

Video: https://www.youtube.com/watch?v=yAUJFrPjfCI
Slides: https://powerofcommunity.net/2025/slide/x-84592.pdf

Does anybody know, by any rare chance, what #Firefox settings might cause CORS errors? Since last week I'm unable to access, for example, a local #Jellyfin instance with Firefox due to this problem, as it causes a lot of CORS errors (same origin policy).

I have already tried changing "Enhanced Tracking Protection" settings: they are ignored.

I have also already tried creating a new fresh Firefox profile. It works, but as soon as I synchronise it with my Mozilla account, it fails again.

NEW: French Police searched the local X offices as part of a criminal investigation for several crimes, including possession and distribution of child sexual abuse material.

Paris prosecutor's office also announced that it summond Elon Musk and former X CEO Linda Yaccarino for questioning.

https://techcrunch.com/2026/02/03/french-police-search-x-office-in-paris-summons-elon-musk-for-questioning/

I _also_ managed to break my IDE, fantastic!

I am SO GOOD at tweaking my Signal settings when the whole service goes down:

https://status.signal.org/

(or did I bring down Signal?)

@iamleot I like this approach, thanks!

A fun quirk of modern languages is variable names aren’t restricted to ASCII.

Most compilers won’t let you use emojis as identifiers in C++, but we *can* be pretty funny (notice cout).

A legitimate use case is replicating scientific paper notation in code.

Open Source security in spite of AI - the recording.

https://daniel.haxx.se/blog/2026/02/03/open-source-security-in-spite-of-ai/

@andrewnez This is art.

Incident Report: CVE-2024-YIKES

A series of unfortunate events.

https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html

This petition wants contributing to Free Software to be legally and officially recognized as volunteering in Germany on the same level as youth work or ambulance service:

https://www.openpetition.de/petition/online/recognition-of-work-on-open-source-as-volunteering-in-germany#petition-main

This would bring fiscal and funding advantages for FLOSS organizations and the volunteers themselves.

If you are a German citizen, please sign the petition and let's get our volunteers the recognition they deserve!

---

Photo credit: Redazione Cultura. distributed under CC By SA license

@ybon Did you experience keyboard issues with KaiOS (doubling key presses specifically, I had this with multiple KaiOS phones)? If so, does the new software solve that issue?

[RSS] Exploiting CVE-2025-49825 (authentication bypass vulnerability in Teleport)

https://blog.offensive.af/posts/exploiting-cve-2025-49825/

After all these years I still rely on brute-force when it comes to copy-pasting on #Linux:

- Which paste should I use for vim's * and + buffers?
- Which clipboard is used by Java GUI's?
- Did JavaScript manage to put text on the clipboard this time? Which one?
- etc.

How do fellow #X11 users keep track of your clipboards?

RE: https://cyberplace.social/@GossiTheDog/116003657697941309

There were lots of folks in MS when I was there who were willing to tell management that this was a mistake. They were the ones given lower bonuses and told that they needed to get behind the corporate priorities. Some of them found niches where they could work on something they found interesting without management noticing, a lot more left. The people who were promoted were the ones who either had terrible judgement or were willing to lie to management.

The board needs to hold Satya Nadella and Kevin Scott accountable for creating that environment. If not, shareholders might start asking why 20% of the company’s value was wiped out in six months.

Schrödinger’s Cat is the most misunderstood meme in physics.
Pop-science says: “The cat is both alive and dead.”
Schrödinger said: “That’s absurd!” (He called it a 'burlesque case').
He created the experiment to prove quantum mechanics was incomplete, not to celebrate "weirdness." If a theory suggests a cat is smeared between life and death, it's missing a piece of reality.
Stop the mysticism. Schrödinger wanted a better map of the real world.
#Physics #Science #schrodinger