In the aerospace world, a "flat sat" (https://www.esa.int/Enabling_Support/Space_Engineering_Technology/Opened-out_FlatSat_for_CubeSat_testing) is a development mockup of satellite splayed out on a bench with all the boards easily accessible for testing.

Is there a similar term of art for a spread-out functional prototype that's not a spacecraft? I feel like it should have a name but I'm not aware of one.

In my latest stream, I walked through the binaries of PoCorGTFO.
Not just pure hex analysis, I also covered a few challenging or fun facts along the way.
https://www.youtube.com/live/POg2Qpxbplk?si=oDBmmd1v9pMiRjMY

It's 2025 and the techbros are still out there with their AGI fantasies.

So Mystery AI Hype Theater 3000 will also still be here taking it all apart with ridicule as praxis.

@alex & I will kick off the new year by aiming that praxis at ARC, o3 and all things OpenAI:

Monday, Jan 13, noon Pacific
https://www.twitch.tv/dair_institute

Microsoft will force install the new Outlook email client on Windows 10 systems starting with next month's security update.

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-new-outlook-on-windows-10-pcs-in-february/

Currently working on adding comment-overlays to Function-Graph-Overview.

The idea is to add special begin- and end- comments, and use those to draw overlays on the graph (think C#'s region thingy).

I hope this will make the CFG more viable as a code-understanding tool, as we'll be able to better document our findings.

#FunctionGraphOverview

AI generated content in a nutshell

(Disclaimer: This has to be one of the worst videos I've ever watched... enjoy)

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0062b660

ossl_parse_query

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0062b660.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0062b660.json&colors=light

“Why don’t you take some of that ‘go to mars’ money and actually help rather than Monday morning quarterbacking during a live fire?”

The CEO of Watch Duty is bringing the energy that we need to 2025.

https://sfstandard.com/2025/01/09/wildfires-watch-duty-elon-musk-los-angeles/

Another take on AI that (at least for now) kinda nails it.

Use of AI tools reduces critical thinking abilities. Frank Herbert looks more prophetic every day.

Exploiting SSTI in a Modern Spring Boot Application (3.3.4) https://modzero.com/en/blog/spring_boot_ssti/

Overview of WebAssembly Type Confusion in JavaScript Engines Exploitation

https://xia0.sh/blog/overview-of-wasm-in-jsengine-exploit?ref=blog.exploits.club

New Project Zero issue:

Samsung S24: Out of bounds write in APE Decoder

https://project-zero.issues.chromium.org/issues/368695689

CVE-2024-49415

It's not ../, it's a vanilla stack overflow as a result of strncpy with input size.

This company should not exist by now.

https://labs.watchtowr.com/do-secure-by-design-pledges-come-with-stickers-ivanti-connect-secure-rce-cve-2025-0282/

Our 2025 RE//verse talk schedule is now live! Talks start Friday, but don't forget to check the Thursday schedule and arrive early enough for the kick-off event!

https://re-verse.io/schedule.html?utm_source=mastodon&utm_medium=social&utm_campaign=schedulepub#sz-tab-45716

One of the most useful skills you get out of doing open source comes from learning to write READMEs.

Being able to describe a piece of software clearly and concisely in terms of
- what is is
- what it does
- how it does it
- why it does it that way
- how you use it
is a superpower that will you will be able to use throughout your career.

PowerSchool, a provider of K-12 software and cloud solutions, had a breach over the holidays. But not to worry, they paid the cybercriminals who hacked them and they have a video of the crooks deleting the data.

"PowerSchool has received reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist."

Thank goodness the threat actors are so reasonable, right? SMH.

Big news: a recent copyleft lawsuit we funded and supported has concluded with a very positive result for user rights! The suit, brought by a device owner in Germany, resolved with the purchaser receiving the right to repair, modify, and reinstall LGPLed software on their devices. Check out the details at https://sfconservancy.org/news/2025/jan/09/avm-copyleft-lawsuit-resolved-with-install/

Congratulations all crowd strike users on macOS who now get warnings about the libcurl version shipped by Apple. May you all enjoy your choices of software vendors.

It alerts about CVE-2024-9681. We said it is severity low. NVD says 6.5 medium.

Never a dull moment.

OK, I fleshed this out a little more. You can find the (In)Security Appliance Bingo 2025 in proper, two-dimensional form here:

https://cku.gt/appbingo25

Suggestions and submissions very welcome.