"If you're thinking without writing, you only think you're thinking" - Leslie Lamport. As a programmer, he'd know this personally, as many programming ideas work fine in your head. Until you try to type it in. https://en.wikipedia.org/wiki/Leslie_Lamport

decomplexifying #curl

https://daniel.haxx.se/blog/2024/10/27/decomplexifying-curl/

I seem to remember the EICAR test string https://en.wikipedia.org/wiki/EICAR_test_file has been used in DoS attacks. Like, supply the string to a log/database such that it will be corrupted by antivirus. However, I cannot find any direct sources. Who can help?

[RSS] The Windows Registry Adventure #4: Hives and the registry layout

https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html

test

Should JavaScript be split into two languages? Google proposal divides opinion
Link: https://devclass.com/2024/10/22/should-javascript-be-split-into-two-languages-new-google-driven-proposal-divides-opinion/
Comments: https://news.ycombinator.com/item?id=41955353

New release! 📣

Parents can now shield their children from clickbait and shock value with powerful new video controls that show authentic thumbnails and clean titles.

Full release notes: https://kagi.com/changelog#5108

#Kagi #AdFree #Search #Family

New assessment for topic: CVE-2024-47575

Topic description: "A missing authentication for critical function vulnerability in Fortinet's FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. ..."

"The flaw lies in the FortiGate to FortiManager Protocol (FGFM), which is designed for deployment scenarios where NAT traversal is needed ..."

Link: https://attackerkb.com/assessments/89ecce82-7a39-4376-82e1-8f5bfaad47f6

Video for my #P99CONF talk on DTrace at 21 is now up, though you will miss me in the chat explaining which of the slides are throwing shade at eBPF https://www.youtube.com/watch?v=KjQnB9yB9kQ

are there any ex- #Sun engineers on fedi who'd be willing to help us with a thing? We're creating a #Solaris 10 #SPARC modernisation kit thing with a bunch of modern tools, and honestly having someone give it a look over who worked with Solaris 10 and stuff really colsely would be super helpful

Because of a conversation I had elsewhere.

CVE-2024-26926 Binder n-day analysis.
It is labeled EoP in Android Security Bulletin (Is it really exploitable?)

https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf

A quick newsletter post on the dehumanization behind Satya Nadella's remarks about copyright law

https://buttondown.com/maiht3k/archive/virtual-employees-and-remixing-machines-devalue/

[RSS] Bluetooth Low Energy GATT Fuzzing

http://blog.quarkslab.com/bluetooth-low-energy-gatt-fuzzing.html

That's a wrap for #Pwn2Own Ireland 2024! Over last 4 days, we awarded $1,066,625 for over 70 0-day bugs. That makes 4 contests in a row that exceeded the million-dollar mark. Congratulations to the Viettel Cyber Security team for winning Master of Pwn with 33 points and $205,000.

Oracle VM VirtualBox 7.0.10 r158379 Escape

https://zeroclick.sh/blog/cve-2023-22098/

Memory Management - Part 1: Virtual memory and Paging concepts

https://blog.reodus.com/posts/memory-management-part1/

Seasonal Spells for #ToddlerDnD

Toddler's Vicious Snot: This spell initially impacts the member of the party with the lowest HP. It lasts for 2 days. After that it affects all other members of the party, is immune to Healing, and you need a 20+ Con saving throw to recover from it.

Fall Back: This spell interrupts the target's Long Rest one hour too soon. Every time. For about two weeks.

Toddler's Disappearing Accessories: This spell affects hats, gloves, scarves, and boots.

#parenting #DnD

CVE-2024-9050: NetworkManager-libreswan IPSec VPN plugin local code execution

https://www.openwall.com/lists/oss-security/2024/10/25/1

The thing where companies make websites for their own executives, who never visit them, instead of their customers, who are forced to.