@airwhale I still don't get how the market of "telling people about things" can be more profitable than the market for "things" (G and Meta being the largest companies in the world) in the first place.

@airwhale My gut tells me most of these are in fact stand-ins for large adtech companies like Meta and Google.

Does anyone know where to find more info on the surveilance economy online? I was looking for an update on the unfortunate Debora Silvestri who crashed so badly yesterday, and of course, was met with "We value your privacy" banner where I could consent to giving away… something?

The Privacy Policy talks about two cookies - both Google Analytics, and two partners for gaining "audience insights". The actual cookie pop-up list 1.709 (!) so-called "partners", many with "legitimate interest". Basically all these are companies nobody has ever heard of.

I know I'm leaking info like IP-address, browser and device details. What I can't understand is how all these 1.709 little leeches can possibly deliver enough value and generate revenue based on this information. Who pays them, and for what?

Thanks!

#advertisements #surveillance #cookies

We’ve always had a problem with least privilege, but users needed to be owned for it to visibly hurt the enterprise.

Kevin didn’t know what to do with the extra creds, but his agent will.

Maybe the first run of the “paperclip” problem will be agents wiping shares to save us..

Okay these "Background Security Improvements" are definitely worse than RSRs. They show up at random times in your Settings app, and if you tap anywhere else, they disappear immediately. You can find them again, but they're not under Software Updates where they should be, but under Privacy & Security > Background Security Improvements, which also does not seem to show up in search.

EDIT: HOLY SHIT I have to enable "Automatically Install" in order to even be allowed to download them MANUALLY?! And there's no progress indicator either?? Whoever approved this should be hurled into the sea.

Fixing a Buffer Overflow in UNIX v4 Like It’s 1973

https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/

Exploit su on a PDP-11 :)

🚨 We are extending the deadline for our Volume 5 Call For Papers and its Rootkit Competition!

Check out the updated dates below:

→ https://tmpout.sh/blog/vol5-cfp.html (until May 1st 2026)
→ https://tmpout.sh/blog/vol5-rootkit-competition.html (until May 31st 2026)

We are looking forward to reading your work!

Whenever I use Chrome to debug a modern website, it's so funny to see all the requests usually blocked by my normal setup. It's like watching a fish being released back into the sea, swimming happily, gobbling up all the data and sending telemetry out to the other fish.

AI is going great at MS:

"You will see us be more intentional about how and where Copilot integrates across Windows [...] we are reducing unnecessary Copilot entry points, starting with apps like Snipping Tool, Photos, Widgets and Notepad"

To tilt Hungarian election, Russians proposed staging assassination attempt - The Washington Post

https://archive.ph/f8zdV

Great, I finally get myself to learn a Python project management tool then it immediately gets slurped up by OpenAI :P

https://simonw.substack.com/p/thoughts-on-openai-acquiring-astral

@swapgs Not sure I get your point. In my case I simply connect to a VM, a server binary is downloaded there automatically to which the IDE on my machine can connect over SSH.

@airwhale Better not imagine what would happen if one of those bottles ended up at ISS!

Since I read the JPL coding manual I'm always very considerate before introducing an infinite loop.

Then I usually decide that "it's fine, this is not a spaceship" and forget to implement the exit path.

"Intego X9: Never trust my updates"

Read @coiffeur0x90's research showing how XPC interprocess communications and the update mechanism of the Intego antivirus for MacOS can be abused for local privilege escalation.

https://blog.quarkslab.com/intego_lpe_macos_3.html

@filippo Last time I checked you couldn't even migrate post between instances running the same software... I'm not sure if this is only a limitation when you'd transfer posts between remote servers and you could just vibe code a DB migration script, or there's some fundamental limitation of how posts are referenced in the network.

@filippo Pleroma/Akkoma are more lightweight if that helps

@algernon I wonder if the death of the last Pope was on HN...

Call me crazy, but there are times when I think that ChatGPT sprinkling in knowledge about what I normally ask is... not useful.

This is from a question I asked about grease.

Chuck Norris didn't die, he just roundhouse kicked all of us into this shit timeline :(

R.I.P.