I finally did it!!!

a complete FPGA toolchain (synthesis, placement, routing, and programming) running entirely in the browser

https://yowasp.org

Hacking a Philips toothbrush head to allow you to use it beyond its normal lifetime. Yes, the toothbrush _head_ is hackable. This is a fantastic tale of reverse engineering. Be sure to read the followup at the bottom of the article.

https://kuenzi.dev/toothbrush/

#hacking #reverseengineering #sdr

If you're feeling any sort of impostor syndrome, watch this presentation where the guy leading the team that's invented just-in-time optimizing-for-parallelism shell script recompilation admits at the end that after having done all that he still has to look up the bash "if then else" syntax every time.

Maybe you're not an impostor, maybe you're succeeding even though all this stuff is genuinely hard to use.

https://www.usenix.org/conference/osdi22/presentation/kallas

keygen chiptune is the evolution of sea shanties: music that plays while you pirate

It sure is a good thing people chased away CISA last year. I mean, look at the propaganda they post. I’m super glad we made people stay on the other site to access this filth.

Yes, I’m having a moment of bitterness

Bezos and Musk have it deeply wrong.
The problem isn't that we need a trillion people to have more Einsteins or Mozarts.

The problem is we don't nurture and protect the ones we have.

Stephen Jay Gould wrote: "I am, somehow, less interested in the weight and convolutions of Einstein's brain than in the near certainty that people of equal talent have lived and died in cotton fields and sweatshops".

Open source rules engine for Magic: The Gathering
L: https://github.com/Card-Forge/forge/wiki
C: https://news.ycombinator.com/item?id=38651346
posted on 2023.12.15 at 00:40:06 (c=21, p=197)

New blog just dropped. https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645 We are making massive changes to the Print System in Windows to improve security. This represents a pretty big leap forward for security in Windows. The Print System in Windows has historically been a key target for attackers and these changes make significant reductions in total attack surface.

More over, we intend for this to become the default for users in the future. No more loading 3rd party print drivers, no more high privilege services, and robust exploit mitigations enabled to protect users.

There is a lot of work to do, this first release is only a step in the direction we are taking. But I feel it is the right direction for user safety.

"A security researcher uncovered a Twitter vulnerability in its link shortener. The vulnerability allowed an attacker to craft a malicious URL that, if a user clicked on it, would grant the attacker access to the user's account. The researcher reported the vulnerability to Twitter's bug bounty program, which closed the report as not worthy of a bug bounty. So the researcher published the vulnerability. Immediately Twitter takes its link shortener offline for hours while they fix it.But the press is only reporting on an hours-long X/Twitter link shortener outage, and has completely missed the security issues that led to it.Molly White's coverage of the vulnerability (sorry for the Xitter link but that's just the problem, literally no one else is covering this): https://twitter.com/molly0xFFF/status/1734965774517768471 "

Disclosure: https://x.com/shoucccc/status/1734802168723734764?s=20

(All quoting a friend on a private slack)

Are you using Dropbox cloud storage? You do not want 3rd party AI technology partners to have access to your Dropbox files? Flip this switch, which is on by default. Go to web->account-> settings- 3rd party AI. Please turn it off. Please boost so everyone know how bad this move is … 😡

Gmail has once again blacklisted my mail server because of the SIX emails I have sent in the entirety of December so far, because obviously that constitutes "an unusual rate of unsolicited mail".

I set up SPF, DKIM, DMARC, first get lumped in with a bad /24 IP block, slowly build up a reputation as a non-spammy IP, etc. etc., but none of that matters.

This is nothing but a racketeering scheme to force everyone to pay for Gmail for business.

Computers are like onions. Everything is layers built on layers, and every layer makes you cry. #sysadmin

We need a word for real-life enshittification caused by online culture. Like being unable to find an organisation’s info because they’ve Instagram but no website. Or panicked people being sent a videolink to download to their phone when they ring for an ambulance. Or being excluded from residents' association news if you're not on Facebook. Or having cash payment refused. Or staff in the business you’re physically standing in telling you to find the answer to your question on their website.

Computer science pioneer and United States Navy rear admiral Grace Hopper was born #OTD in 1906.

As far as I’m aware, she is the only person who has both a supercomputer and a US Navy destroyer named after her.

Image: Computer History Museum

Annoyed that a website is doing something custom on right-click?
Did you expect the browser's context menu (Back, Reload, Save Page As, View Source etc.)?

Just hold the ⇧Shift key while clicking and Firefox will show the built-in context menu.

Edit: I had no idea this was such a widely appreciated post. Credit where credit is due: @dveditz told me about this trick a couple of months ago.

How the first gen ipod was reverse engineered to run #Rockbox:

1. Someone figured out that when loading a particular HTML page (for viewing on the device), the device would reboot. It crashed. A buffer overflow in the HTML viewer!

2. The device remembered what it did before the crash, so it would reload the HTML page again after boot. Unless you connected to it over USB and removed the HTML file it would stick in this cycle.

(continues...)

Apache CouchDB 3.3.3 is now available. It is a maintenance release that among a number of bug fixes addresses CVE-2023-45725, the details of which will be released in seven days. We recommend all CouchDB users upgrade.

[Update: the blog post has now been amended with the CVE details.]

https://blog.couchdb.org/2023/12/05/3-3-3/

I can finally reveal some research I've been involved with over the past year or so.

We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parti
es.

1/4

Provisional agreement reached between the Council of Europe and European Parliament on the CRA.

For us software security needs, this is BIG.

The EU is the only jurisdiction to be proposing a bespoke regulatory regime for hardware _and software_ products, as opposed to merely using procurement regs/consumer protection law.

Of course, in Australia, we will never have the temperament to propose anything like this for software security. We prefer voluntary self-regulation and eventually fixing procurement regulations (see Shield 2 of our cyber security strategy).
https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/

Three days after Amazon announced its AI chatbot Q, some employees are sounding alarms about accuracy and privacy issues. Q is “experiencing severe hallucinations and leaking confidential data,” including the location of AWS data centers, internal discount programs, and unreleased features, according to leaked documents obtained by Platformer.

An employee marked the incident as “sev 2,” meaning an incident bad enough to warrant paging engineers at night and make them work through the weekend to fix it.

https://www.platformer.news/p/amazons-q-has-severe-hallucinations