#wh40k #windows

May I present to you; a full copy of doom, running inside of a Rollercoaster Tycoon 1 save game exploit ✨

Thanks for everyone that came to check out our @districtcon Junkyard talk! We had a lot of fun putting it together. (check the thread for slides / exploit)

(No) surprise!

I think we all saw this coming... #Odido didn't remove data when they said they would, which we now know because it leaked out. Some leaked data was from customers who left 10 years ago, while they state they remove it after 2. Only 8 years late. Even the tax office doesn't need it that long...

https://nos.nl/artikel/2602804-odido-overschrijdt-eigen-termijn-bewaren-gegevens

#datalek #privacy #databreach #cybersecurity #dataleak #security #TMobile

OPNSense managed to destroy itself during an update, still people wonder why companies buy Fortinet...

@froge They do:

https://annas-archive.li/donate?tier=2

What stage of #enshittification is it when Amazon adds a "Download Problems" option to it's Refund menu instead of fixing their system so people can download their digital purchases?

(Would it be ironic if I supported Anna's Archive with Amazon gift cards after I downloaded the books from there?)

a nice neat “quartz of course” generator

https://marshdeer.github.io/xkcd2501-generator/

RE: https://furry.engineer/@soatok/116082533052740652

ok the ghost vuln is quite funny. the WAF example really sounds like an array is involved there and it would have bet 20 bucks that its a type confusion (because despite it being 2026 its really easy to shoot yourself in the foot if your types get quirky)

but - spoilers - nope, its really just straight up string interpolation into raw sql like in the good ol days lmao. oh well, happens

[RSS] When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise (CVE-2025-32355, CVE-2025-59793)

https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/

nono - kernel-enforced capability sandbox for AI agents https://nono.sh

I’ve been working on this for a while, but let’s make it official: I started a little Tumblr-like microblog about software craft and quality!

You can sign up via RSS or a weekly newsletter digest. There’s already almost two months of content in there, if you just want to check it out.

Hope you like it!

https://unsung.aresluna.org/

Just got this link on my discord - https://www.kickstarter.com/projects/bitman/bootblock-rebels - passing it along because this book looks fun!

The past two months, I've been working on a little pet project, lovingly called OnlyJunk.Fans: hosted iocaine. For free. Because I could, and wanted to.

It's going to officially launch on the 17th of February, in just a few days. But I thought I'll blog about it before the launch, because I won't have time to do so later.

🚨 New advisory was just published!

Source code review of the Novarain/Tassos framework uncovered 3 critical primitives: unauthenticated file read, unauthenticated file deletion, and SQL injection enabling arbitrary DB reads, affecting 5 widely deployed Joomla! Extensions. Chained together, these bugs allow reliable RCE and administrator account takeover on unpatched Joomla! Instances: https://ssd-disclosure.com/joomla-novarain-tassos-framework-vulnerabilities/

EDIT: alt text added

#jailbreak #hack #f35 #uspol

@cR0w Good enough, where do I send the money?

@cR0w Do you have experience in pulling information out of thin air? Because I know of no other sources but need the bits...

❤️ Thank you to the #Archlinux Wiki maintainers! ❤️

#Maintainers in general, and maintainers of documentation most of the time get way too little recognition for their contributions to #SoftwareFreedom.

ArchWiki is one of the pearls of the internet! That's why I dedicated my this year's #ilovefs post to the #ArchWiki maintainers!

https://k7r.eu/i-love-the-work-of-the-archwiki-maintainers/

Naming things is freaking hard...

The final chapter? The statement from Ars:

On Friday afternoon, Ars Technica published an article containing fabricated quotations generated by an AI tool and attributed to a source who did not say them. That is a serious failure of our standards. Direct quotations must always reflect what a source actually said.

https://arstechnica.com/staff/2026/02/editors-note-retraction-of-article-containing-fabricated-quotations