You know what, I'm kind of OK with the #Firefox AI opt-whatever solution they have

...compared to the fact that they kill all my sessions by a forced fucking restart when I try to act responsibly and update.

That's fucking outrageous!

Wow, Blogspot seems to have a massive spam problem!

Log4j, *the* project that escalated the need for funding open source in the first place, is currently being DOS’d by slop vulnerability reports. Well done everyone. Slow fucking clap.

https://github.com/apache/logging-log4j2/discussions/4052

@codecolorist Many thanks!

@fridadotre Thank you for the additional info! I already opened #1096 and #1097 in frida-gum, hope they will be useful!

Right now I'm trying to fingerprint the runtime based on JS behavior (e.g. `console.log(gc.toString())`) but neither gadget configs nor `frida --runtime` seem to have any effect.

Update: It seems in V8 `gc.toString()` doesn't have newlines

#curl is secured for the billions - the steps we take. There is no silver bullet. No magic solution. Just plain engineering and doing everything as good as we can and to keep tightening every bolt there is.

(slide for upcoming presentation)

What Windows Server 2025 Quietly Did to Your NTLM Relay https://decoder.cloud/2026/02/25/what-windows-server-2025-quietly-did-to-your-ntlm-relay/

LOGOS/ASTLOGO.GIF

@algernon

> both double as AI scrapers too

Yes that's definitely a problem, but that can be decided on a case-by-case basis (again, nuance).

> traditional search is dead

In my dreams a service with pagerank+full-text indexing+user-defined ranking would be incredibly useful. I have to deal with so much new shit every day that a personal index wouldn't even be remotely useful.

You may be right about GH, but in this case the means matter more than the ends. "A systems purpose is what it does", and it'd be painful to see anti-scaping work *for* LLMs (I'm still not sure if this is happening or not).

@algernon I get that there's a lot of nuance here, that's why I asked for "consideration" that can include e.g. allowing standard crawlers.

Apparently building an index is much bigger effort than I expected (based on the struggles of EU and alternative providers), so I don't think that will happen in the near future.

LLM performance will degrade for sure, but I don't think it will restore trust in traditional search or otherwise move ppl away from assistants once they became dependent.

Btw. my post was less about your work, and more about e.g. GitHub where content is no longer properly searchable either via web search or their internal search :)

Want to learn more about Chrome exploitation?

In our latest article, we break down two critical Android GPU driver vulnerabilities that enabled Chrome sandbox escape from a compromised renderer and were used in full device exploit chains. Read the full technical analysis here: https://ssd-disclosure.com/chrome-gpu-sandbox-escape-via-qualcomm-adreno-and-arm-mali-gpu-drivers/

I just realized that my cyclomatic complexity calculator breaks with PyGhidra so I pushed some fixes:

https://github.com/v-p-b/rabbithole

#Ghidra #ReverseEngineering

I found this Veratasium documentary on the xz Jia Tan backdoor adventure quite good and surprisingly detailed:

https://www.youtube.com/watch?v=aoag03mSuXQ

This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

The package of my toothpaste says "95% Natural Origin".

5% of my toothpaste is supernatural :O

In the Future All Food Will Be Cooked in a Microwave, and if You Can’t Deal With That Then You Need to Get Out of the Kitchen

https://www.colincornaby.me/2025/08/in-the-future-all-food-will-be-cooked-in-a-microwave-and-if-you-cant-deal-with-that-then-you-need-to-get-out-of-the-kitchen/

The truth about "free" search and why it's a trap:

https://www.youtube.com/shorts/IrGegzLXRUk

#Kagi #Search

from my link log —

Turing completeness of GNU find: from mkdir-assisted loops to standalone computation.

https://arxiv.org/abs/2602.20762

saved 2026-02-25 https://dotat.at/:/XR86F.html

Signficant segments of the tech industry think we’re months away from not needing to review LLM-agent code anymore.

I just reviewed an LLM-generated PR in which it quietly switched two out of 100 calls to the get_customer_data() function to the variant that doesn’t check that the customer owns the requested data.

I’m sure this is fine.

@fridadotre Thanks for the prompt reply! Is this true for the gadget too? I tried to supply a config with "runtime":"v8" but hit the same bugs. If the v8 support is there in the official release gadgets I just have to figure out why my config isn't applied (or maybe the bugs affect both paths).