How often do you get a 75x speedup on a real workload in a compiler? Not often!

Here's the story of one in SpiderMonkey: https://spidermonkey.dev/blog/2024/10/16/75x-faster-optimizing-the-ion-compiler-backend.html

Fuck Microsoft and Fuck Nadella.

As expected, the 24H2 update installed 'Recall', it can't be uninstalled.

To disable the Microcoft spyware, run this as admin

C:\Windows\System32>Dism /Online /Disable-Feature /Featurename:Recall

Can't vouch that all the people you share your screen, code, IP, private details, will disable theirs. consider NOT sharing anything ever again.

Sandbox escape from extensions due to insufficent checks in chrome.devtools.inspectedWindow.reload and chrome://policy (reward: $20000) http://crbug.com/338248595

I'm amazed that there has been zero coverage of this:

EU's new Product Liability Directive got voted through last thursday.

No later than two years from now, software, stand-alone, cloud or embedded are subject to "no-fault liability" (ie: doesn't matter how or why, only that it is defective.)

Here's the directive:

https://data.consilium.europa.eu/doc/document/PE-7-2024-INIT/en/pdf

Gentlemen, start your panic…

PS: Yes, there is a FOSS exemption, but only "outside commercial activity". (Ie: The guy in Nebraska but not RedHat)

Breaking News: The threat actor known as "USDoD" (aka "EquationCorp" and other monikers") has been arrested by Brazilian Federal Police. USDoD is probably best known for his attacks on #InfraGard, Airbus, and his role in the recent National Public Data breach.

Media coverage indicates he was arrested this morning: https://g1.globo.com/politica/noticia/2024/10/16/pf-prende-hacker-de-33-anos-suspeito-de-invadir-sistemas-e-vazar-dados-de-policiais.ghtml

#databreach #hacker #USDoD #EquationCorp

@brett @campuscodi

So, how true is it?

Proud to start sharing Google's strategy for tackling our remaining memory safety challenges: https://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html

It's high level, but it outlines the long-term strategy. We'll be sharing more detailed posts in this series.

#CPlusPlus #RustLang #CarbonLang

Google Chrome security advisory: Stable Channel Update for Desktop
New Google Chrome version 130.0.6723.58/.59 for Windows, Mac and 130.0.6723.58 for Linux has 17 security fixes, 13 externally reported. No mention of exploitation, and nothing sticks out.

#google #chrome #patchtuesday #vulnerability #CVE

Alternatives to @noscript for #chrome recommended by #google's store:
2 #adblockers and 2 trojans.🤨

https://chromewebstore.google.com/detail/doojmbjmlfjjnbmnoijecmcbfeoakpjm/related-recommendations

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Hot off the press!

• CVE-2024-30088 (7.0 high) Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
• CVE-2024-9680 (9.8 critical) Mozilla Firefox Use-After-Free Vulnerability
• CVE-2024-28987 (9.1 critical) SolarWinds Web Help Desk Hardcoded Credential Vulnerability

#cisa #cisakev #kev #knownexploitedvulnerabilitiescatalog #vulnerability #cve #eitw #activeexploitation #zeroday #CVE_2024_30088 #CVE_2024_9680 #CVE_2024_28987 #solarwinds #mozilla #firefox #microsoft #windows #kernel

Microsoft: Microsoft Digital Defense Report 2024
Microsoft has a 114 page PDF report covering the evolving cyber threat landscape: threat actors and their motivations, nation state threats, ransomware, fraud, identity and social engineering, and DDoS attacks. There's also Microsoft-specific recommendations as part of Secure Future Initiative. Of course, no annual threat intel report would be complete without artificial intelligence ✨. From AI-enabled cyber attacks to influence operations, and god forbid using AI for cybersecurity. There's a section on how governments and industry are approaching and advancing global AI security. This report also includes perspectives from different countries.

#microsoft #securefutureinitiative #AI #cyberespionage #ransomware #digitaldefensereport #threatintel #cybersecurity #infosec #cyberthreatintelligence #CTI

Donald Knuth on the rewards of computer programming