[RSS] Bypassing debug password protection on the RH850 family using fault injection

http://blog.quarkslab.com/bypassing-debug-password-protection-on-the-rh850-family-using-fault-injection.html

I've been seeing a lot of comments online about how browser telemetry is just a way to spy on users and we never actually use it, and it provides no value.

We can debate whether you think someone (Firefox or otherwise) overcollects telemetry, or doesn't collect it in a privacy-preserving enough way. And you should be able to turn it all off, for any reason.

But it's been instrumental for me, personally, to ship multiple security improvements to Firefox - and I'm just one of hundreds of developers. I wrote up some more here: https://ritter.vg/blog-telemetry.html

When looking at calculations of the environmental impact of LLM systems, consider carefully where the system boundary is drawn.

eg. Is the increased energy usage of the servers being scraped for source data included? Or the increased energy usage of every 3rd-party browser doing proof of work just to access the site? What about the network in between?

If I punch you in the face, and we want to measure the pain caused, we need to consider more than just how *my* hand feels afterwards.

I have just updated this old #IDA Plugin of mine: IDA Magic Strings.

https://github.com/joxeankoret/idamagicstrings

It now supports installation using hcli (https://hcli.docs.hex-rays.com/getting-started/installation/)

#IDAMagicStrings

Daily fill-the-blanks game:

"[REDACTED] technology is characterised by a constant stream of poorly thought-out experimentation and constantly trying to outdo the competition [...] Therefore [REDACTED] technology is not uniform, lending [REDACTED] a cobbled together and random appearance.[...] Much of [REDACTED] technology is unreliable and sometimes seemingly inoperable to [REDACTED], in some cases only working properly in the hands of an [REDACTED]."

Solution below...

🎉 The 10th Nix Milano Unconference is back at our HQ!
Limited seats, so secure your spot and join us!
📅 Saturday, Mar 14, 2026 | 9:30 AM
📍 Via Carlo Farini 57A, Milan
🔗 https://mobilizon.it/events/096bf456-efd6-4230-9ddc-0cce7c72046a

[RSS] Aha, I found a counterexample to the documentation that says that Query-Performance-Counter never fails

https://devblogs.microsoft.com/oldnewthing/20260304-00/?p=112110

DOMPurify 2.5.9 and DOMPurify 3.3.2 were released today in a rush to fix a security issue caused by jsdom's faulty tag parsing.

A total of four people reported the exacty same bug within a window of three days.

One did so via email, thank you. One did so via private security advisory, thank you too.

One however simply published a ticket for everyone to see, the other one just dropped a CVE on us without a working fix release. Thanks for nothing.

https://github.com/cure53/DOMPurify/releases/tag/3.3.2

https://github.com/cure53/DOMPurify/releases/tag/2.5.9

I'm here waiting until the multi-trillion dollar wunderchild of human progress finishes "Finagling..."

Btw. is it me or these pinnacles of technology only ask confirmation for `echo` when they are about to execute `echo lol && rm -rf ~/`?

@iFixit Do you see any improvements on the keycap front? My perfectly good ThinkPads become unsuable because keycaps break all the time and I can only order full keyboards (*if* I can find any!).

[RSS] Reverse Engineering Crazy Taxi, Part 1

https://wretched.computer/post/crazytaxi

If you as a journalist bring up the fact the Linus Torvalds vibe-codes, but fail to add "for his guitar effect pet-project" you can consider yourself a permanent resident of the tabloid/propaganda shelf.

@cygnus-xr1 I'm listening through their Bandcamp rn :)

@cygnus-xr1 Just what I needed, thx!

"Every single time you mandate #ageverification, you are mandating the creation of a centralized database of extraordinarily sensitive personal information. Government IDs. #Biometric facial data. The kind of data that, once breached, cannot be “changed” like a password. You get one face. You get one #government ID number. When those leak—and they will leak—the damage is permanent."

https://www.techdirt.com/2026/02/25/hackers-expose-the-massive-surveillance-stack-hiding-inside-your-age-verification-check/

A few years ago I designed a way to detect bit-flips in Firefox crash reports and last year we deployed an actual memory tester that runs on user machines after the browser crashes. Today I was looking at the data that comes out of these tests and now I'm 100% positive that the heuristic is sound and a lot of the crashes we see are from users with bad memory or similarly flaky hardware. Here's a few numbers to give you an idea of how large the problem is. 🧵 1/5

[RSS] Building a Custom Architecture and Platform: Part 3

https://binary.ninja/2026/03/04/quark-platform-part-3.html

#BinaryNinja

what the—and I cannot stress this enough—absolute fuck:

"...sensitive and personal footage captured by [Meta Smart Glasses]—including people going to the bathroom, getting dressed, and having sex—is being reviewed by contractors who see all of it uncensored."

https://gizmodo.com/dear-meta-smart-glasses-wearers-youre-being-watched-too-2000728928

Joshua Rogers has published a good tutorial on how to customize your Firefox right-click menu and remove all the bloat you don't like

https://joshua.hu/firefox-making-right-click-not-suck