@zolutal Thanks, that's a quite common problem (template designers rarely know about RSS these days), I'll add /feed to the list of paths I have to try manually...

This is another incredible #talk from @REverseConf 2025

Full-stack Reverse Engineering of the Original Microsoft #Xbox (Markus Gaasedelen @gaasedelen)

https://youtu.be/hGlIkgmhZvc

In a world where proper keyword #search is excommunicated and engines refuse to index content based on arbitrary criteria, grep.app at least allows us to find and look at the source code:

https://grep.app/

RE: https://furry.engineer/@soatok/116055556402436098

By the way, I'm not giving them 90 days this time.

Last time I did that, they didn't bother to actually fix anything, so they didn't actually need any of that time. So they lost that privilege.

Expect a public disclosure / write-up as soon as I feel like it.

From Winslop release notes: "I do not own or operate winslop[.]com and I'm not affiliated with whoever registered it.
Even if it currently redirects to this GitHub repo, a third-party domain can be changed at any time (phishing, fake releases, malware links)."

https://github.com/builtbybel/Winslop/discussions/22

#phishing #malware

@grumpasaurus @jerry very small rocks!

@0xabad1dea but the blog post announcing the CCC quite literally says that the agents made the code base unmaintainable and cannot fix any more bugs without introducing new ones. So, that's a fail too.

And then looking at it from a practical perspective: if I want a C compiler, I can get one for free, and I have multiple options: clang, gcc, pcc, tcc, chibicc, and probably many more. If for some reason I want to add the support for a new platform in them, I can, too. It's been done too many times to count. Why would I want to spend merely 20 grand on building a thing that is, by all sensible benchmarks, at best is a toy?

I have an answer, and I don't like it. If I wanted to undermine labour, if I wanted to destroy FOSS, if I wanted to steal human work and resell it, that would've been exactly what I'd do. And I'm yet to be proven otherwise that there are other real motivations behind such projects.

2/2

@0xabad1dea like, I'll bait; great stuff, unsupervised agent produced something that can compile some C code that in a certain definition can be called "working", but absolutely not ready for any sort of production usage.
The agent has multiple reference implementations, extensive testing suite, and C is literally based on an extremely well defined standard. AI proponents claim that we're in an era where all we need is to provide a specification, and the agents will just implement the thing for us. This CCC thing is proof that they quite literally can't; it's difficult to think about a commercial software project that would have a specification better defined than the C standard. And a vanilla C compiler isn't all _that_ complicated, it's literally the kind of thing many undergrad SWE students build as a student project (yes yes lots of caveats and simplifications). You'd think Anthropic could improve on their CCC with the agents until they get the compiler working at least as well as the tcc would, but 1/2

@zolutal Could you please add RSS/Atom to your blog?

wrote a short blog post about some toying around I did with using kprobes to get around a mitigation in order to disable SMEP/SMAP:
https://blog.zolutal.io/two-shot-kernel-shellcode/

libpng CVE-2026-25646: Heap buffer overflow in `png_set_quantize`

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3

Pillow CVE 2021-25289: Fix OOB write with invalid tile extents

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Check Point Harmony Local Privilege Escalation (CVE-2025-9142)

https://blog.amberwolf.com/blog/2026/january/advisory---check-point-harmony-local-privilege-escalation-cve-2025-9142/

/via @badsectorlabs

Accelerator mode changed to: PROTON PHYSICS

Byte magazine artist Robert Tinney, who illustrated the birth of PCs, dies at 78
He became one of the first to visualize personal computing by painting vivid cover art.
https://arstechnica.com/gadgets/2026/02/byte-magazine-artist-robert-tinney-who-illustrated-the-birth-of-pcs-dies-at-78/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

@gsuberland @esden E2EE for open groups is pointless, an adversary can just join your group and see everything. No cryptanalysis and no hacking required.

For small closed groups, use signal.

The niche we need to fill is large public group chats with a better UX than IRC.

On Discord Alternatives

Next month, Discord is going to start requiring age verification. The backlash from gamers everywhere has been predictable and justified. I guess their company name checks out. I've had a few people reach out to me because of my prior vulnerability disclosures and criticism of encrypted messaging apps. (Thanks, Toggart.) Unfortunately, asking a cryptography-focused security engineer for app recommendations is like asking a rocket scientist to…

http://soatok.blog/2026/02/11/on-discord-alternatives/

r2ghidra is ready for release. i'm waiting to cut r2-6.1 to trigger the ci. please help #radare2 to be tested as much as possible so we can make another stable release again!

Last year's shutdown of @glitchdotcom was a blow to my pedagogy. Glitch was ideal for creative coding classes and workshops. I looked around for alternatives. But there was nothing that was open, decentralized, and not at the mercy of VCs or Big Tech.

So I built my own. Here's Glitchlet.

Glitchlet runs on any shared hosting service (e.g., Reclaim Hosting). If you can run WordPress, you can run Glitchlet. Projects-in-progress are stored in the browser's local storage, but you can also one-click publish to make them public and remixable. Glitchlet is designed with educators in mind.

There's no single, primary Glitchlet that everyone uses. The idea is that every instructor installs their own Glitchlet and manages their own classes/workshops/projects. You can seed your instance with template files, or Glitchlet can easily import projects (including archived Glitch .tgz files).

Making something so easy to install and host has trade-offs, of course. No fancy pants Node or React projects, but Glitchlet works beautifully with HTML/JavaScript/CSS. No live collaboration, but you can still remix published projects.

Best of all—you're in control and not subject to the whims of some startup that suddenly decides to "sunset" a key pedagogical tool.

Glitchlet is alpha now, but its code will available to all very soon!

NEW: U.S. prosecutors say the hacking tools that Peter "Doogie" Williams stole from defense contractor L3Harris Trenchant could have been used against "millions of computers and devices" worldwide.

The prosecutors also confirmed that Williams "stood idly by while another employee of the company was essentially blamed" for his own actions, as we first reported last year.

Williams said he didn't know the tools could end up in the hands of Russia or other governments.

https://techcrunch.com/2026/02/11/doj-says-trenchant-boss-sold-exploits-to-russian-broker-capable-of-accessing-millions-of-computers-and-devices/