This is another incredible #talk from @REverseConf 2025
Full-stack Reverse Engineering of the Original Microsoft #Xbox (Markus Gaasedelen @gaasedelen)
RE: https://furry.engineer/@soatok/116055556402436098
By the way, I'm not giving them 90 days this time.
Last time I did that, they didn't bother to actually fix anything, so they didn't actually need any of that time. So they lost that privilege.
Expect a public disclosure / write-up as soon as I feel like it.
@0xabad1dea but the blog post announcing the CCC quite literally says that the agents made the code base unmaintainable and cannot fix any more bugs without introducing new ones. So, that's a fail too.
And then looking at it from a practical perspective: if I want a C compiler, I can get one for free, and I have multiple options: clang, gcc, pcc, tcc, chibicc, and probably many more. If for some reason I want to add the support for a new platform in them, I can, too. It's been done too many times to count. Why would I want to spend merely 20 grand on building a thing that is, by all sensible benchmarks, at best is a toy?
I have an answer, and I don't like it. If I wanted to undermine labour, if I wanted to destroy FOSS, if I wanted to steal human work and resell it, that would've been exactly what I'd do. And I'm yet to be proven otherwise that there are other real motivations behind such projects.
2/2
@0xabad1dea like, I'll bait; great stuff, unsupervised agent produced something that can compile some C code that in a certain definition can be called "working", but absolutely not ready for any sort of production usage.
The agent has multiple reference implementations, extensive testing suite, and C is literally based on an extremely well defined standard. AI proponents claim that we're in an era where all we need is to provide a specification, and the agents will just implement the thing for us. This CCC thing is proof that they quite literally can't; it's difficult to think about a commercial software project that would have a specification better defined than the C standard. And a vanilla C compiler isn't all _that_ complicated, it's literally the kind of thing many undergrad SWE students build as a student project (yes yes lots of caveats and simplifications). You'd think Anthropic could improve on their CCC with the agents until they get the compiler working at least as well as the tcc would, but 1/2
wrote a short blog post about some toying around I did with using kprobes to get around a mitigation in order to disable SMEP/SMAP:
https://blog.zolutal.io/two-shot-kernel-shellcode/
Byte magazine artist Robert Tinney, who illustrated the birth of PCs, dies at 78
He became one of the first to visualize personal computing by painting vivid cover art.
https://arstechnica.com/gadgets/2026/02/byte-magazine-artist-robert-tinney-who-illustrated-the-birth-of-pcs-dies-at-78/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
@gsuberland @esden E2EE for open groups is pointless, an adversary can just join your group and see everything. No cryptanalysis and no hacking required.
For small closed groups, use signal.
The niche we need to fill is large public group chats with a better UX than IRC.
On Discord Alternatives
Next month, Discord is going to start requiring age verification. The backlash from gamers everywhere has been predictable and justified. I guess their company name checks out. I've had a few people reach out to me because of my prior vulnerability disclosures and criticism of encrypted messaging apps. (Thanks, Toggart.) Unfortunately, asking a cryptography-focused security engineer for app recommendations is like asking a rocket scientist to…
r2ghidra is ready for release. i'm waiting to cut r2-6.1 to trigger the ci. please help #radare2 to be tested as much as possible so we can make another stable release again!
Last year's shutdown of @glitchdotcom was a blow to my pedagogy. Glitch was ideal for creative coding classes and workshops. I looked around for alternatives. But there was nothing that was open, decentralized, and not at the mercy of VCs or Big Tech.
So I built my own. Here's Glitchlet.
Glitchlet runs on any shared hosting service (e.g., Reclaim Hosting). If you can run WordPress, you can run Glitchlet. Projects-in-progress are stored in the browser's local storage, but you can also one-click publish to make them public and remixable. Glitchlet is designed with educators in mind.
There's no single, primary Glitchlet that everyone uses. The idea is that every instructor installs their own Glitchlet and manages their own classes/workshops/projects. You can seed your instance with template files, or Glitchlet can easily import projects (including archived Glitch .tgz files).
Making something so easy to install and host has trade-offs, of course. No fancy pants Node or React projects, but Glitchlet works beautifully with HTML/JavaScript/CSS. No live collaboration, but you can still remix published projects.
Best of all—you're in control and not subject to the whims of some startup that suddenly decides to "sunset" a key pedagogical tool.
Glitchlet is alpha now, but its code will available to all very soon!
NEW: U.S. prosecutors say the hacking tools that Peter "Doogie" Williams stole from defense contractor L3Harris Trenchant could have been used against "millions of computers and devices" worldwide.
The prosecutors also confirmed that Williams "stood idly by while another employee of the company was essentially blamed" for his own actions, as we first reported last year.
Williams said he didn't know the tools could end up in the hands of Russia or other governments.