The US military tracked Putin's movements. How? His comrades (advisers, drivers, etc.) had smartphones and were browsing the internet, using apps. Ads were displayed to them. And data traces from advertising networks revealed everything. https://www.wired.com/story/how-pentagon-learned-targeted-ads-to-find-targets-and-vladimir-putin/

I am re-reading Dune. This quote by the Reverend Mother Gaius Helen Mohiam is remarkable:

“Once, men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.”

It's not about a Terminator-style AI-apocalypse where the machines want to kill us all dead. It's just an accurate prediction of what actually appears to be happening.

Hello world! Kaitai project and #KaitaiStruct finally got its own its own space in Fediverse!

If you're not familiar with us, we create declarative language for binary format specification — see https://kaitai.io/ — and tooling around it — a compiler which transforms declarative specs into ready-made parsers in variety of programming languages, visualizers and IDE for rapid format spec development and much much more.

Watch this space for more news from us!

Have you ever wanted to start editing #Wikipedia, but got overwhelmed or felt like you didn't know where to start? Every time I encourage people to start editing, I hear that, so I'm trying to help.

https://www.youtube.com/watch?v=bRRHR1NEOqE

programmers are always posting like "worked on tracking down an issue with a Flurble deployment for twelve hours. the problem wasn't in Flurble at all - it was in the Gumbies install. It turns out if you install Gumbies 3.0 over Gumbies 2.7 and don't do a cache flush on all the client spiders they'll get stuck in the crystal maze." then you look up Gumbies and the site is one of those scroll scroll scroll types with one sentence per page, like

"GUMBIES is a lean, expressive sharding sandcube for testing and deploying large scale Woodchips playgrounds.

GUMBIES automates and streamlines away watersliding phases, meaning your team can get right to the chipping.

See why Microsoft, OpenAI and Bloingo have embraced GUMBIES in their Woodchips workflows."

and you get to the bottom and you're like I want this I guess but I still don't know what it is

Tried using the new Google Chrome V8 settings to turn off the JavaScript JIT, as discussed by @campuscodi in https://news.risky.biz/risky-biz-news-google-addresses-jit-security-in-chrome-122/

However funnily enough that completely broke the Microsoft Teams web client on Mac OS X for me. It remained consistently stuck on "connecting" for over 5 minutes. Even allow-listing teams.microsoft.com wasn't enough, only worked when I allow-listed all of microsoft.com.

So be aware this is not as benign a change as it should be - not only a performance hit but things can actually stop working.

And this got me wondering... is Teams' JavaScript just so horribly inefficient that it takes forever to work without JIT? Or what kind of shenanigan is it doing to REQUIRE the browser JIT to work? 🤔

in the spirit of transparency, here’s our response to CISA’s RFI on Secure by Design: https://kellyshortridge.com/papers/CISA-2023-0027-Shortridge-Sensemaking.pdf

SbD should not incentivize lip service or #security theater. It should not be at odds with business goals.

So, @rpetrich and I wrote what SbD should be and not be.

We hope mastonerds especially appreciate our recommendations in Section 1.2.1 for how #software teams can start investing in SbD while supporting velocity, dev productivity, & reliability.

blog: https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/

For #BlackHistoryMonth, let's remember Jerry Lawson, an electronics engineer from Brooklyn, NY. He worked at Fairchild Semiconductor in the 70s, and helped design a second generation game console known as the Fairchild Video Entertainment System (VES), later named the Channel F. His design was based around Fairchild's F8 processor.

This console, although unable to compete with the later Atari Video Computer System, was innovative in many ways. It was one of the first consoles to use a dedicated CPU; it was one of the first consoles to include a pause feature, and it was also the first console to use an extremely important innovation that would shape video games forever: the use of removable ROM cartridges, each of which could feature completely new, unique games, paving the way for consoles to build libraries of titles covering all sorts of styles of games.

Modern gaming owes a debt to Lawson's engineering prowess and innovative designs.

Today, February 19, in 1998, hacker Trinity fends off two units of police officers and faces off with sinister sentient computer programs known as Agents (The Matrix, 1999)

#Movies #Film #Cinemastodon #Letterboxd #TheMatrix

Just analyzed a spyware sample that bypasses Android 13 Restricted Settings so as to drop another malware with full access to Accessibility API.
+ use of malformed ZIP to break apktool and other tools.

https://cryptax.medium.com/android-spynote-bypasses-restricted-settings-breaks-many-re-tools-8791b3e6bf38

#SpyNote #SpyMax #Android #malware #accessibility #ZIP

So someone dumped a ton of internal Chinese gov’t docs, and I’m working on translations here. From what I can tell, the company An Xun International has been dropping spyware in its products? More to come.

https://github.com/mttaggart/I-S00N/blob/main/README-en.md

This week, Super Bowl 2024 shattered records, with the #NFL championship broadcast on CBS becoming the most-watched televised event in #US history.

Also riding high from the big game? #Elon #Musk's #X.

A whopping 75.85 percent of traffic from X to its advertising clients' websites during the weekend of the Super Bowl was fake.

https://mashable.com/article/x-twitter-elon-musk-bots-fake-traffic

#Ukraine #Russia

The (edit:) CURRENT beta version of #Signal is version 7.0.0.
There's a good reason for the round number. This will be the first version where usernames and phone number privacy are available outside of the staging environment.
From this version on, you'll be able to talk to people on Signal without revealing your phone number, and also, you may use Signal without revealing to people who have your number saved that you do.
This is huge.
https://github.com/signalapp/Signal-Android/compare/v6.47.4...v7.0.0

#Privacy #FOSS #OpenSource #PNP

This is fantastic and I think it's going to fuck up software engineering so much.

https://www.theverge.com/2024/2/15/24074214/justice-in-forensic-algorithms-act-democrats-mark-takano-dwight-evans

This was honestly super hard to write. The subject has been bugging me all day. I'm worried that people are going to hate my guts for saying it, but everything feels right to me.

https://wedistribute.org/2024/02/tear-down-walls-not-bridges/

Dear @mozilla
Please, please, please put the RSS indicator back in Firefox.

People need to know about this technology which empowers users over greedy, controlling corporations.

Update: As many have pointed out, you *can* use @thunderbird as an RSS feed reader, and there are many #firefox add-ons to restore the RSS indicator (one of which I'm already using). But my point is that Firefox needs to lean into RSS as an answer to all the crap that is the modern web, and help educate users about it

no centralised social network could ever produce "the taliban deleted my account". that's a mastodon special.

The 0day dumpster fire that is the security hardware industry rn continues unabated this week.

From Rapid7:

"Critical Fortinet FortiOS CVE-2024-21762 Exploited
Feb 12, 2024

On February 8, 2024 Fortinet disclosed multiple critical vulnerabilities affecting FortiOS, the operating system that runs on Fortigate SSL VPNs. The critical vulnerabilities include CVE-2024-21762, an out-of-bounds write vulnerability in SSLVPNd that could allow remote unauthenticated attackers to execute arbitrary code or commands on Fortinet SSL VPNs via specially crafted HTTP requests.

According to Fortinet’s advisory for CVE-2024-21762, the vulnerability is “potentially being exploited in the wild.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21762 to their Known Exploited Vulnerabilities (KEV) list as of February 9, 2024, confirming that exploitation has occurred."

https://www.rapid7.com/blog/post/2024/02/12/etr-critical-fortinet-fortios-cve-2024-21762-exploited/

https://www.cisa.gov/news-events/alerts/2024/02/09/cisa-adds-one-known-exploited-vulnerability-catalog

Broadcom Ends Support For Free ESXi Vmware Hypervisor https://tech.slashdot.org/story/24/02/12/1816248/broadcom-ends-support-for-free-esxi-vmware-hypervisor?utm_source=rss1.0mainlinkanon

Meanwhile in Canada