@troed @Viss The ToS will obviously point out these caveats so they won't have troubles in court. What matters is the companies communication (marketing, PR aka. "oUr sERvErz aRe In SwiTZeRlAnd") because that is what people actually see and base their decisions on.

If you don’t build infrastructure to conduct indiscriminate and omnipresent mass surveillance, then your enemies can’t gain access to it.
https://edition.cnn.com/2026/03/05/politics/fbi-investigating-cyber-breach-critical-surveillance-network

@Viss @bhhaskin @floriann "subscriber information received from the Swiss Mutual Legal Assistance Treaty Unit" - so the FBI basically asked the Swiss police, that got the data and forwarded it back under the umbrella of a long standing treaty between the countries/authrities. This should not be surprising at all btw, but somehow for many VPN customers it is.

so if you want to subscribe to a vpn, and you were considering proton, maybe dont

https://infosec.exchange/@josephcox/116178496048136287

drumroll

iocaine 3.2.0

drumroll

Documentation & nixocaine/stable updated as well.

@aristot73 I can't seem to find the mentioned @bert_hubert post, could you provide a link plz?

So, the Dutch government tried to whitewash Amazon's sovereign cloud offering, only to be called out so hard that they had to withdraw the paper.
#digitalsovereignty
https://nltimes.nl/2026/03/05/dutch-govt-pulls-report-dangers-american-cloud-service-criticism

RE: https://fosstodon.org/@kdkorte/116180140578126363

"Bert Hubert posted a blog on his website criticizing the research. According to him, the report underestimates the risk governments face by using Amszon’s new cloud service. "

@bert_hubert holding the door :)

[RSS] Bypassing debug password protection on the RH850 family using fault injection

http://blog.quarkslab.com/bypassing-debug-password-protection-on-the-rh850-family-using-fault-injection.html

I've been seeing a lot of comments online about how browser telemetry is just a way to spy on users and we never actually use it, and it provides no value.

We can debate whether you think someone (Firefox or otherwise) overcollects telemetry, or doesn't collect it in a privacy-preserving enough way. And you should be able to turn it all off, for any reason.

But it's been instrumental for me, personally, to ship multiple security improvements to Firefox - and I'm just one of hundreds of developers. I wrote up some more here: https://ritter.vg/blog-telemetry.html

When looking at calculations of the environmental impact of LLM systems, consider carefully where the system boundary is drawn.

eg. Is the increased energy usage of the servers being scraped for source data included? Or the increased energy usage of every 3rd-party browser doing proof of work just to access the site? What about the network in between?

If I punch you in the face, and we want to measure the pain caused, we need to consider more than just how *my* hand feels afterwards.

I have just updated this old #IDA Plugin of mine: IDA Magic Strings.

https://github.com/joxeankoret/idamagicstrings

It now supports installation using hcli (https://hcli.docs.hex-rays.com/getting-started/installation/)

#IDAMagicStrings

Daily fill-the-blanks game:

"[REDACTED] technology is characterised by a constant stream of poorly thought-out experimentation and constantly trying to outdo the competition [...] Therefore [REDACTED] technology is not uniform, lending [REDACTED] a cobbled together and random appearance.[...] Much of [REDACTED] technology is unreliable and sometimes seemingly inoperable to [REDACTED], in some cases only working properly in the hands of an [REDACTED]."

Solution below...

🎉 The 10th Nix Milano Unconference is back at our HQ!
Limited seats, so secure your spot and join us!
📅 Saturday, Mar 14, 2026 | 9:30 AM
📍 Via Carlo Farini 57A, Milan
🔗 https://mobilizon.it/events/096bf456-efd6-4230-9ddc-0cce7c72046a

[RSS] Aha, I found a counterexample to the documentation that says that Query-Performance-Counter never fails

https://devblogs.microsoft.com/oldnewthing/20260304-00/?p=112110

DOMPurify 2.5.9 and DOMPurify 3.3.2 were released today in a rush to fix a security issue caused by jsdom's faulty tag parsing.

A total of four people reported the exacty same bug within a window of three days.

One did so via email, thank you. One did so via private security advisory, thank you too.

One however simply published a ticket for everyone to see, the other one just dropped a CVE on us without a working fix release. Thanks for nothing.

https://github.com/cure53/DOMPurify/releases/tag/3.3.2

https://github.com/cure53/DOMPurify/releases/tag/2.5.9

I'm here waiting until the multi-trillion dollar wunderchild of human progress finishes "Finagling..."

Btw. is it me or these pinnacles of technology only ask confirmation for `echo` when they are about to execute `echo lol && rm -rf ~/`?

@iFixit Do you see any improvements on the keycap front? My perfectly good ThinkPads become unsuable because keycaps break all the time and I can only order full keyboards (*if* I can find any!).

[RSS] Reverse Engineering Crazy Taxi, Part 1

https://wretched.computer/post/crazytaxi