WordPress 6.8 is due to switch their password hashing to bcrypt, and their application passwords to BLAKE2b.

Great news:

They disarmed the 72 char footgun with bcrypt in the way I recommended (HMAC, rather than just SHA2, to prevent hash shucking, and base64 to prevent NUL truncation).

https://core.trac.wordpress.org/changeset/59828

[RSS] ACS Password Leaks Are A Security Issue On #IBMi

https://www.itjungle.com/2025/02/17/acs-password-leaks-are-a-security-issue-on-ibm-i/

Our work featured in IT Jungle

🚨Secure Boot relies on revocation lists (dbx) to block malicious bootloaders, but discrepancies between the @uefiforum & @microsoft lists create security gaps.

👉Call for a single and openly maintained revocation list -- a unified source of truth!

https://www.binarly.io/blog/from-trust-to-trouble-the-supply-chain-implications-of-a-broken-dbx

Project: golang/go https://github.com/golang/go
File: src/cmd/compile/internal/ssa/rewritePPC64latelower.go:55 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/compile/internal/ssa/rewritePPC64latelower.go#L55

func rewriteValuePPC64latelower_OpPPC64AND(v *Value) bool

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2FrewritePPC64latelower.go%23L55&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2FrewritePPC64latelower.go%23L55&colors=light

New updates in LIEF including better support for PE modifications and ARM64EC/ARM64X binaries.

Blog post: https://lief.re/blog/2025-02-16-arm64ec-pe-support/

Stop saying “artificial intelligence”. (And “neural networks” too.)

Be more specific. Say “reinforcement learning”. Say “generative modelling”. Say “Bayesian filtering”. Say “statistical prediction”.

These are incredibly useful tools that have nothing to do with “intelligence”.

And say “model trained on plagiarised data”.

Say “bullshit generator”.

Say “internet regurgitator”.

These are also nothing to do with intelligence, but they have the added bonus of being useless, too.

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75ab2bd98

x86_skip_prefixes

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2bd98.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2bd98.json&colors=light

Microsoft Productivity Pack for Windows (1992)

Serious question to US folks: Does Mint 400 have a Fear&Loathing track these days?

CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection

https://seclists.org/oss-sec/2025/q1/140

"This vulnerability is related to BeyondTrust CVE-2024-12356"

https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/

The little devil (notice the vi reference) on my shoulder took over and made me connect #Emacs TRAMP to OpenSSH running on Windows.

Now Emacs is struggling really hard, spinning up the CPU fan 😆

The livestream on crypto-polyglots is up!
https://www.youtube.com/live/RP5PVRUs6L8?si=udjoa6O0MSyq6w9D

[RSS] Chop, Chop, Chop: Trying Out VR for Woodworking

https://hackaday.com/2025/02/15/chop-chop-chop-considering-vr-for-woodworking/

🫣 🍿

master: welcome to my Smart Home

student: wow. how is the light controlled?

master: with this on-off switch

student: i don't see a motor to close the blinds

master: there is none

student: where is the server located?

master: it is not needed

student: excuse me but what is "Smart" about all of this?

master: everything.

in this moment, the student was enlightened

Why is the nonsense phrase “vegetative electron microscopy” turning up in fake scientific papers? Add two-column formatting to the list of things AI doesn’t understand. https://retractionwatch.com/2025/02/10/vegetative-electron-microscopy-fingerprint-paper-mill/
Via @Researchbuzz

Project: golang/go https://github.com/golang/go
File: src/cmd/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go:172 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go#L172

func (enc *Encoder) For(obj types.Object) (Path, error)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Ftools%2Fgo%2Ftypes%2Fobjectpath%2Fobjectpath.go%23L172&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Ftools%2Fgo%2Ftypes%2Fobjectpath%2Fobjectpath.go%23L172&colors=light

Oh my god Internet Archive you magnificent bastards what did you do, and PLEASE KEEP DOING IT FOREVER

Emacs made me extensively use LLM's to search for answers and watch videos to understand features. This is a first!

I think the reason is that I lack the meta-knowledge about where to look for information. This is in part because Emacs tutorials prevalent in search results don't directly apply to Space Emacs and I don't know yet how to translate between the two worlds.

I think the same underlying issues in part explain the popularity of LLM's and video tutorials. It seems an important personal decision if we deem a topic important enough to invest in acquiring the missing meta-knowledge. It seems an important quality of the tool we use if it helps us acquire the meta-knowledge they provided a shortcut for.