People finally caught on (sortof) to what I said 8 years ago ( ) that nobody knows what they're doing with the pointer hashing stuff, with %pK use for printks being the proof: https://lore.kernel.org/linux-hardening/Z4Z2TW_HaANvT4VH@smile.fi.intel.com/T/#t

https://bird.makeup/@grsecurity/929407342655008770

Currently planned schedule for my next livestreams:
Friday 9 PM CET, the WAD (Doom's) archive.
https://www.youtube.com/live/g0VyFDYefqQ?si=Ta2p1zn0jSDCivhV
Saturday 9PM, JavaScript in PDFs.
Sunday, Doom in PDF!

Project: golang/go https://github.com/golang/go
File: src/cmd/cgo/godefs.go:18 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/cgo/godefs.go#L18

func (p *Package) godefs(f *File, args []string) string

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcgo%2Fgodefs.go%23L18&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcgo%2Fgodefs.go%23L18&colors=light

As you might imagine, recovering from rebuilding the Internet Archive systems from a new perspective took time, and the priority was super important systems, and ones merely "working" were left alone. But that's changed - we updated emulation at the Internet Archive so it's more secure, and the systems we're offering just added a few!

Any other gophers that use IDA Pro wanna help out?

https://github.com/blacktop/go-idalib

Ticket shop is live.
https://www.offensivecon.org/register.html

The OSS-Fuzz team is hiring a PhD intern for this summer. Come join us and build something interesting that will have immediate impact on 1000+ open source projects. https://www.google.com/about/careers/applications/jobs/results/92969243305222854-research-intern-phd-summer-2025

Cool project: "Nepenthes" is a tarpit to catch (AI) web crawlers.

"It works by generating an endless sequences of pages, each of which with dozens of links, that simply go back into a the tarpit. Pages are randomly generated, but in a deterministic way, causing them to appear to be flat files that never change. Intentional delay is added to prevent crawlers from bogging down your server, in addition to wasting their time. Lastly, optional Markov-babble can be added to the pages, to give the crawlers something to scrape up and train their LLMs on, hopefully accelerating model collapse."

https://zadzmo.org/code/nepenthes/

The original artist describes their Fortran code that rendered the Nostromo's vector landing display in "Alien": https://archive.org/details/creativecomputing-1981-06/page/n51/mode/2up?ui=embed&view=theater

this is the chrome logo if they were being honest

We are looking for an Android security expert to join our team and work on securing Chrome on Andoird. Job posting is available at https://google.com/about/careers/applications/jobs/results/104891950447895238, but also feel free to reach out to me directly.

My team in Chrome Platform Security is hiring for a senior Android security expert - if you're into syscalls, binder, processes and other low level stuff you'd be perfect - I do this but for Windows and didn't know Chrome or much C++ when I started.

The ad is generic but feel free to ask questions - https://www.google.com/about/careers/applications/jobs/results/104891950447895238 - you'll be a part of a wider security team that works on lots of cool stuff and protects billions of people - https://www.chromium.org/Home/chromium-security/quarterly-updates/

Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: https://neodyme.io/blog/com_hijacking_1/

Project: golang/go https://github.com/golang/go
File: src/cmd/compile/internal/walk/assign.go:281 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/compile/internal/walk/assign.go#L281

func ascompatee(op ir.Op, nl, nr []ir.Node) []ir.Node

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fwalk%2Fassign.go%23L281&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fwalk%2Fassign.go%23L281&colors=light

Results of the RP2350 Hacking Challenge are now public - I'm happy that my entry qualified as one of the winning breaks!

Also huge shout out to the other winners: @aedancullen, Kévin Courdesses, @ioactive & @hextreeio - awesome work!

Thanks for the challenge @raspberry_pi!

https://bird.makeup/@raspberry_pi/1879181804034498569

Harnessing Libraries for Effective Fuzzing by @2ourc3

https://github.com/20urc3/Publications/blob/main/Articles/LIB_HARNESS_GUIDE/README.md

Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems

https://huhong789.github.io/papers/ye:badass.pdf