I can't seem to get WebView2 working in a Visual Studio extension, so I'm dropping that effort for now.

If anyone knows how to do this, or actually wants Function-Graph-Overview in Visual Studio, let me know!

The number one skill required for learning any complex system is patience.

— Kelsey Hightower

#complexity

🚨 We are calling on all EU-based Mozillians to help us monitor Apple’s new browser choice screens.

Let’s hold Big Tech to account!

Anyone in the EU with an Apple device can join in this effort.

Learn more: http://mzl.la/49xJpvP

[RSS] Linux vDSO & VVAR - CVE-2023-23586 analysis

https://u1f383.github.io/linux/2024/12/11/linux-vdso-and-vvar.html

[RSS] X41 Reviewed Mullvad VPN

https://x41-dsec.de/news/2024/12/11/mullvad/

[RSS] Far From Random: Three Mistakes From Dart/Flutter's Weak PRNG

https://www.zellic.io/blog/proton-dart-flutter-csprng-prng

Incredible essay about the importance and challenges of digital archival by Maxwell Neely-Cohen, as well as the various imperfect strategies to achieve “century-scale” digital archives.

https://lil.law.harvard.edu/century-scale-storage/

"We picked a century scale because most physical objects can survive 100 years in good care. It is attainable, and yet we selected it because the design of mainstream digital storage mediums are nowhere close to even considering this mark."

1/

#archival

[RSS] Cleo Harmony, VLTrader, and LexiCom: CVE-2024-50623, RCE via arbitrary file write

https://labs.watchtowr.com/cleo-cve-2024-50623/

[RSS] CodeQL zero to hero part 4: Gradio framework case study

https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-4-gradio-framework-case-study/

New vulnerability report from Talos:

Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2064

CVE-2024-49532

New vulnerability report from Talos:

Adobe Acrobat Reader Font Private Point Numbers Out-Of-Bounds Read Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2070

CVE-2024-49533

New vulnerability report from Talos:

Adobe Acrobat Reader Font Program Function Definition Out-Of-Bounds Read Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2076

CVE-2024-49534

[RSS] Never Underestimate CSRF: Why Origin Reflection is a Bad Idea

https://www.sonarsource.com/blog/never-underestimate-csrf-why-origin-reflection-is-a-bad-idea/

QEMU 9.2 open-source machine emulator introduces advanced ARM support, Nitro Enclave emulation, Vulkan-enhanced graphics, and more.
https://linuxiac.com/qemu-9-2-open-source-machine-emulator/

#qemu #virtualization #foss

[RSS] Fake It 'til We Make It: The Art of Windows User Space Emulation

https://momo5502.com/posts/2024-10-04-the-art-of-windows-user-space-emulation/

The new #curl CVE-2024-11053 we call "netrc and redirect credential leak"

While security low, it will of course still be relevant to whomever uses the unlucky combination of options.

https://curl.se/docs/CVE-2024-11053.html

[RSS] 2025 Hackaday Europe CFP: We Want You!

https://hackaday.com/2024/12/10/2025-hackaday-europe-cfp-we-want-you/

[RSS] It rather involved being on the other side of this airtight hatchway: Disabling anti-malware scanning

https://devblogs.microsoft.com/oldnewthing/20241210-00/?p=110626

[RSS] The Ruby on Rails _json Juggling Attack

https://nastystereo.com/security/rails-_json-juggling-attack.html

[RSS] Binary pointer alias analysis -- beating CodeQL's taint analysis without even having source code

https://attilaszia.github.io/pointerarticle/