and i dont even drink anymore!

Good news: I'm drinking Port wine
Bad news: Haven't reached the Ballmer Peak

I was forwarded this screenshot and it just is living rent free in my head right now.

As part of the 20th anniversary of the BBS Documentary's release, I've ripped the 3 DVDs that were included in the project and have them hosted at Internet Archive. These ISO files can be played in the VLC player like DVDs, and include all bonus features, subtitles, director's commentary, etc.

https://archive.org/details/BBS_Documentary_DVD_Set

I read a paper book about a subject yesterday and it was ✨amazing✨ 10/10 would recommend trying books.

They look kinda like this emoji you might have seen: 📖

At no point did the book scold me because I have a whole-house ad blocker.

At no point did the book invite me to set up an account to continue reading.

At the end of the book, it simply ended, without immediately showing me additional, less relevant books.

Books. On paper! Who knew?

KernelSnitch: Side-Channel Attacks on Kernel Data Structures

Paper by Lukas Maar et al. about using a timing side-channel for leaking addresses of exploitation-relevant kernel structures.

https://lukasmaar.github.io/papers/ndss25-kernelsnitch.pdf

The stream will be live soon at https://youtube.com/live/q6KgFezu8tw?feature=share

btw (on arm64)

Hyper-V from Windows 11 version 22H2/23H2 works without (and does not use) VHE

From version 24H2 onwards VHE is mandatory. Those releases also have ARMv8.1-A atomics and RCpc from ARMv8.3-A as required.

[RSS] The Alder Lake SHLX Anomaly

https://tavianator.com/2025/shlx.html

"It seems like SHLX performs differently depending on how the shift count register is initialized. If you use a 64-bit instruction with an immediate, performance is slow."

[RSS] Cross Cache Attack CheetSheet

https://u1f383.github.io/linux/2025/01/03/cross-cache-attack-cheatsheet.html

[RSS] Some Casual Notes for CVE-2024-26921

https://u1f383.github.io/linux/2025/01/04/some-casual-notes-for-cve-2024-26921.html

I love this so much, this is literally the physical form of a workaround that's grown to meet enterprise demands.

This is literally, physically, what developers mean when they talk about "tech debt".

Have a great weekend and enjoy some tunes:

https://youtu.be/j_Md8_7mhOU

I will stream in 8h about the basics of the PDF format, teaching how to make a basic PDF from scratch.

This is an easy-level introduction to the PDF [portable document format], aimed at all audiences: infosec, but also digipres, DFIR, and others.

This will not cover complex cases, polyglots, abuses or exploit.
That will come next but this stream is the start on the topic.
The stream will be recorded and available publicly.

Let’s try something new in 2025…
This saturday at 8pm CET, I'll stream about crafting a valid PDF file from scratch.
We’ll see how it goes!

Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates.

https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/

Trying Out Binary Ninja's new WARP Signatures with IPSW Diff'ing
https://www.seandeaton.com/binary-ninja-warp-signatures/

#frombsky

#RetroFlash: PCGA-TKN1 #Sony #Vaio

Yes, it is exactly what you think it is:

an additional number pad you can flip out of the #notebook bay:

Big organizations have all sorts of problems that we employees can't help.

One problem I *can* help? The feud between the sysadmins and the network team.

I wrote the first edition of "Networking for System Administrators" in the hope that we tech flunkies would come together, freeing us to plot against the C-levels.

I'd appreciate your support for the new edition.

https://www.tiltedwindmillpress.com/product/n4sa2e-sponsor/

The eleventh LangSec (often featuring input validation, program analysis, program verification, parser hacking, specification analysis, and all sorts of related fun things) would love your submissions for 2025. See https://langsec.org/spw25 for the CFP 💚