@dosnostalgic I feel deep spiritual connection with the kid on the couch

Hey, look. It's a decent scan of this legendary image!

Can we print this part of Microsoft's T&S as a leaflet and distribute at our university?

#AI

https://www.microsoft.com/en-us/microsoft-copilot/for-individuals/termsofuse

Here we go!

The A to Z Challenge has begun. My theme this year is Small Town Legends: weird folklore from villages and small towns in and around Hungary.

First up: some very strange geese.

Ács: Zombie Goose Shenanigans https://share.google/Aa9plXTmBYbUrUPXM

#AtoZChallenge #SmallTownLegends #blogging #folklore #folktales #legends

i don't see enough people with one of the best tool improvements i've ever made for reverse engineering, so i had to write a blog post about it!

https://simonomi.dev/blog/color-code-your-bytes/

@G33KatWork

Oracle have laid off 30k employees today. They did it to personal email accounts at 6am 🫡 saying they needed the money to spend on GenAI instead. https://thenextweb.com/news/oracle-layoffs-march-2026

Oracle’s share price since they went GenAI nuts:

Micropatches released for Windows Storage Elevation of Privilege Vulnerability (CVE-2026-21508)
https://blog.0patch.com/2026/03/micropatches-released-for-windows.html

I keep coming back to the leaded petrol analogy for LLMs and coding

Harms that are manageable when it's only used by a small number of experts become catastrophic pollution when it's used broadly throughout society

If LLMs were only used by a small number of experienced devs working with well-engineered guardrails, we'd have less of a problem

But once they start getting more commonly used, they start to pollute the entire ecosystem and the only way forward is stiff regulation for everybody

@1a1nC #NoKinkShaming

New vulnerability report from Talos:

Foxit Reader List Box Calculate Array Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2365

CVE-2026-3779

@synnfynn There's a quote along the lines of "doing mathematics is not about the joy of discovery but the relief from suffering"

@mttaggart What's the fun in that?

New security advisory in our bug parade: Unauthenticated Remote Code in dormakaba evolo Service.

.NET Remoting is still a thing...

https://mogwailabs.de/en/advisories/mlsa-2026-001/

Our colleague @mal had another look at OpenOLAT and found a nice RCE (CVE-2026-28228 and CVE-2026-28228). If you're interested, details can be found on our blog https://secfault-security.com/blog/openolat-ssti.html

#wero

Did anyone got that alleged Vim RCE PoC working? MacOS doesn't seem vulnerable, Ubuntu 22/24, Debian 13, the same... Advisory says <9.2.0272 but doesn't seem like it?

Smells like AI slop hype? Yeah, kinda because most distros don't seem to ship vim with +tabpanel feature. HYPEEEEEEEEEEEEEEEEE

@avuko Nah, "with a little bit of extra code, my lib could also do X" is definitely not 0-sum logic. It is true though that people find complexity compelling ("complexity sells better").

Also note that gaining understanding of lib capabilities/limitations/general design *is* valuable (but also can be a prohibiting barrier of entry for small projects).

@david_chisnall

@avuko @david_chisnall IMO part of the problem is that deep in their souls every dev wants to build frameworks that can do many things. You basically miss Quick Start guides that show you how to do $simple_thing. No one wrote that guide because they see value in $complex_things[] their project can do and probably even see $simple_thing distracting from the Real Purpose of the project.

Source: I also tend to write frameworks for everything.

Instead of using an LLM to write me some boilerplate and basic functionality, frontend etc, why isn’t there a library where I can find all of these?

You know, something structured and shared, again, like a library, for specific purposes, and specific languages, with educational hints from development pros on the best way to do things and maybe some constructive feedback and improvements from other people?

And why were we left to deal with stackexchange instead?

Could this have been, dare I say it: gatekeeping?