Oh my god, I just learned of a hilariously obvious bug that Nintendo (of all companies) failed to fix.

So, NES & SNES games often have a problem with pressing left+right and up+down, at the same time. This is because that's not supposed to be possible. It's physically prevented from happening by the design of the controller itself.

Former NSA cyberspy's not-so-secret hobby – Xmas light hacks • The Register
https://www.theregister.com/2024/12/25/joyce_christmas_lights/

#frombsky

Elon Musk has ordered everyone to stop donating to Wikipedia.

I never started, until this morning.

https://donate.wikimedia.org is the link, if anyone feels like disobeying a direct order from a billionaire jerkwad.

Happy Holidays to my oncall buddies today. I wish you all a quiet and uneventful shift.

I survived #Whamageddon \o/

To avoid sudden dangerous drops of frustration during these peaceful Holidays I'm configuring Postfix.

What are the online #book stores that are neither a) monopolistic giants built on enshittification nor b) copyright bullies?

If I ask for a unicorn, which ones do at least give authors a more fair share for their work?

The slides for the keynote our Cristofaro Mune(@pulsoid) has given at @h2hconference
"False Injections: Tales of Physics, Misconceptions and Weird Machines" are now available here:

https://raelize.com/upload/research/2024/2024_H2HC2024_False-Injections-Tales-of-Physics-Misconceptions-and-Weird-Machines.pdf

Enjoy!

nice one, asus

https://www.windowslatest.com/2024/12/22/asus-bombards-windows-11-with-christmas-exe-malware-like-christmas-wreath-banner/

In light of the Crowdstrike outage over 5 months ago, what specific changes has your organization made to your enterprise security program? What changes to policies, procedures, training, alerting, testing, and your written IRP have you made? Please share!

European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.

https://www.bleepingcomputer.com/news/security/european-space-agencys-official-store-hacked-to-steal-payment-cards/

Got like 20 new followers overnight at Bsky, what is happening?

Announcing #CodeQL Community Packs

https://github.blog/security/vulnerability-research/announcing-codeql-community-packs/

Maybe we should stop calling them *Notifications* and instead refer to *Interruptions*.

"Working on some stuff so I've turned off interruptions for a while."

"Right on."

⚡ A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk.

An uploaded file could turn into malicious JSP code—resulting in remote code execution.

» Affected Versions: Tomcat 9.0.0-M1 to 11.0.1
» Java users: Incorrect configurations = higher risk.
» Severity? CVE-2024-50379 scored a 9.8 on CVSS!

Details here 👉 https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html

Using @voooooogel control vector library to backdoor a model so that it introduces command injection vulnerabilities rather than using safer subprocess methods

Hi all. In order to make the Defensive Security Podcast content a bit more approachable and easier to navigate, I've created a playlist of individual stories/segments we cover here: https://www.youtube.com/playlist?list=PLzHXsgtVDQEq9JiCbwJojE4nd9dRVAT5l

Note: I've only gone back 4 episodes, but will be doing this for all episodes going forward.

Happy holidays!

Kagi's new video search controls let you replace clickbait thumbnails with real screenshots, customize title formatting, and focus on actual content.

You may find these controls in your search settings.

#Kagi #Search #AdFree #Videos

I started keeping a log of the serious attempts I've made to use generative AI for things (mostly coding-related). I've been bucketing them as successes or failures, along with the date and models used.

From the past several months, I'm up to 9 failures and 3 successes. I'll share this list some day.

When these systems have been successful, it's pretty neat. However, the successes I've seen have been for easy things, and the failures have mostly been time-sucks for me.

I feel like a heretic saying this (I'm a Principal Machine Learning Engineer), but I am not seeing a net benefit from using generative AI in my own work!

Windows Server 2022 and MsMpEng.exe:

https://www.hexacorn.com/blog/2024/12/20/windows-server-2022-and-msmpeng-exe/

Windows Server 2025 and MsMpEng.exe:

https://www.hexacorn.com/blog/2024/12/22/windows-server-2025-and-msmpeng-exe/

/by @hexacorn