Today is an excellent day to enjoy free, ad-free, non-stop #MTV #nostalgia

https://wantmymtv.vercel.app/

Capture XPC traffics and backtraces in Wireshark because why not

https://github.com/ChiChou/XpcScope/releases/tag/v1.0.0

Pwning Supercomputers - A 20yo vulnerability in Munge https://blog.lexfo.fr/munge-heap-buffer-overflow.html

The war waged by the tech authoritarian oligarchy against the media has reached a new level:

#Palantir is suing us. Us, the Republik Magazin.

A small Swiss media company, funded by readers, founded in 2018 and free of advertising. I am not aware of any other media company globally that Palantir is currently targeting so aggressively.

What is this about? Together with my wonderful colleagues at the WAV research collective Jenny Steiner, Lorenz Naegeli, Marguerite Meyer, and Balz Oertli, we published a two-part series on Palantir's activities in Switzerland on December 8 and 9.

Using an extensive corpus of documents – which we obtained thanks to the Freedom of Information Act – we were able to trace a sales campaign over a period of seven years. Palantir tried to get in with many federal authorities – and was rejected everywhere.

And we also found out that the Swiss Army Staff evaluated the software and came to the conclusion that the army should refrain from using Palantir products.

Among other risks, they feared that data would be passed on to the US authorities.

Palantir is not just any company. ICE uses its products to hunt down migrants in the US. The Israeli army IDF uses the software in its Gaza offensive. The British health authority NHS has made itself dependent on the products for data analysis during the pandemic. And CEO #AlexKarp displays inhuman and aggressive rhetoric towards Europe, while the company itself advertises the “optimization of the kill chain.”

These are all facts, repeatedly verified and published by renowned media outlets. Our research relating to Switzerland and Zurich is based on this.

In addition to analyzing documents, we also spoke to various sources – including Palantir executives here in Zurich. The quotes used were presented to them and approved. Of course, we always adhered to the high standards of journalistic work. We conducted a thorough fact check before publication.

But the company doesn't want us to write the truth.

After the US company owned by right-wing tech billionaire #PeterThiel dedicated an absurd blog post to us, claiming some misinformation (such as that they had not participated in official tenders with the federal administration, a point we never claimed. On the contrary: we spoke from the outset of attempts to establish contact, sales talks, informal meetings, business as usual), after the Global Director of Privacy & Civil Liberties (PCL) Engineering and contact person for Swiss media Courtney Bowman launched personal attacks against us in LinkedIn comments between Christmas and New Year (“partisan fear-mongering”), Palantir's Swiss lawyers demanded a counterstatement on December 29.

We rejected this in its entirety.

In January, they demanded the same thing again. We rejected it again.

And now we see each other in court.

But why all this?

Our research on the Swiss army report caused a huge international media response. The Guardian and the Austrian newspaper Der Standard reported on the Swiss army's rejection. Numerous financial portals and stock market magazines picked up our news (which could have consequences for the overvalued stock market company Palantir).

And Chaos Computer Club spokesperson Constanze Kurz presented our research to a huge audience at the renowned IT conference Chaos Communication Congress in Hamburg at the end of December.

All of this is making Palantir nervous.

We have now submitted a comprehensive defense brief. We can substantiate all of our findings with several documents and publicly available media reports.

We trust in the rule of law and freedom of the press in this country.

In keeping with yesterday's event “Zurich, little Big Tech City” at the Gessneralle, where we first announced this news exclusively to the audience on site:

World politics will soon be negotiated in Zurich: freedom of the press, the facts about ICE, Trump, Israel, Karp, tech authoritarianism.

The truth.

All this at the Zurich Commercial Court.

We will not be intimidated. And we will keep you informed.

this is going to be vague, but I don't know how to offer details without explaining everything, which would take a lot more words than I have available on a platform like this. in short though: Open Book Touch is going to blow your freaking mind straight out the back of your head. Even if you know to expect it, I promise: you may think you're ready, but you're not.

Watch this space. https://www.crowdsupply.com/oddly-specific-objects/open-book-touch

Matplotlib maintainer Scott Shambaugh has blogged about the AI agent blog shaming experience now.

https://theshamblog.com/an-ai-agent-published-a-hit-piece-on-me/

@zak I recently contemplated that this is essentially the same behavior as repeatedly prompting the slop machine. (the cmdline has the luxury of ctrl+r)

@zolutal Thanks, that's a quite common problem (template designers rarely know about RSS these days), I'll add /feed to the list of paths I have to try manually...

This is another incredible #talk from @REverseConf 2025

Full-stack Reverse Engineering of the Original Microsoft #Xbox (Markus Gaasedelen @gaasedelen)

https://youtu.be/hGlIkgmhZvc

In a world where proper keyword #search is excommunicated and engines refuse to index content based on arbitrary criteria, grep.app at least allows us to find and look at the source code:

https://grep.app/

RE: https://furry.engineer/@soatok/116055556402436098

By the way, I'm not giving them 90 days this time.

Last time I did that, they didn't bother to actually fix anything, so they didn't actually need any of that time. So they lost that privilege.

Expect a public disclosure / write-up as soon as I feel like it.

From Winslop release notes: "I do not own or operate winslop[.]com and I'm not affiliated with whoever registered it.
Even if it currently redirects to this GitHub repo, a third-party domain can be changed at any time (phishing, fake releases, malware links)."

https://github.com/builtbybel/Winslop/discussions/22

#phishing #malware

@grumpasaurus @jerry very small rocks!

@0xabad1dea but the blog post announcing the CCC quite literally says that the agents made the code base unmaintainable and cannot fix any more bugs without introducing new ones. So, that's a fail too.

And then looking at it from a practical perspective: if I want a C compiler, I can get one for free, and I have multiple options: clang, gcc, pcc, tcc, chibicc, and probably many more. If for some reason I want to add the support for a new platform in them, I can, too. It's been done too many times to count. Why would I want to spend merely 20 grand on building a thing that is, by all sensible benchmarks, at best is a toy?

I have an answer, and I don't like it. If I wanted to undermine labour, if I wanted to destroy FOSS, if I wanted to steal human work and resell it, that would've been exactly what I'd do. And I'm yet to be proven otherwise that there are other real motivations behind such projects.

2/2

@0xabad1dea like, I'll bait; great stuff, unsupervised agent produced something that can compile some C code that in a certain definition can be called "working", but absolutely not ready for any sort of production usage.
The agent has multiple reference implementations, extensive testing suite, and C is literally based on an extremely well defined standard. AI proponents claim that we're in an era where all we need is to provide a specification, and the agents will just implement the thing for us. This CCC thing is proof that they quite literally can't; it's difficult to think about a commercial software project that would have a specification better defined than the C standard. And a vanilla C compiler isn't all _that_ complicated, it's literally the kind of thing many undergrad SWE students build as a student project (yes yes lots of caveats and simplifications). You'd think Anthropic could improve on their CCC with the agents until they get the compiler working at least as well as the tcc would, but 1/2

@zolutal Could you please add RSS/Atom to your blog?

wrote a short blog post about some toying around I did with using kprobes to get around a mitigation in order to disable SMEP/SMAP:
https://blog.zolutal.io/two-shot-kernel-shellcode/

libpng CVE-2026-25646: Heap buffer overflow in `png_set_quantize`

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3

Pillow CVE 2021-25289: Fix OOB write with invalid tile extents

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Check Point Harmony Local Privilege Escalation (CVE-2025-9142)

https://blog.amberwolf.com/blog/2026/january/advisory---check-point-harmony-local-privilege-escalation-cve-2025-9142/

/via @badsectorlabs