As the next step in my quest to make it easier to poison AI crawlers, I present you: OCIocaine: a project where #DockerCompose meets #Caddy and #Iocaine, to poison AI crawlers for all your sites, automatically.

The idea here is to provide a docker compose file that starts up Caddy and Iocaine, configured so that Caddy will reverse proxy for any and all services on the same docker network, as long as they have a few labels that tell it to do so. In addition, a Caddyfile snippet will be available for all of these, which takes care of routing bad visitors to Iocaine.

And if that's not enough, the whole thing comes preconfigured with a wordlist (a list of English words), and traning data (the complete works of Shakespeare), and a list of known AI crawlers (courtesy of ai.robots.txt).

All you have to do is copy the sample configuration, create a network, start it up, and deploy labeled containers into the same network, and OCIocaine takes care of the rest.

WordPress 6.8 is due to switch their password hashing to bcrypt, and their application passwords to BLAKE2b.

Great news:

They disarmed the 72 char footgun with bcrypt in the way I recommended (HMAC, rather than just SHA2, to prevent hash shucking, and base64 to prevent NUL truncation).

https://core.trac.wordpress.org/changeset/59828

[RSS] ACS Password Leaks Are A Security Issue On #IBMi

https://www.itjungle.com/2025/02/17/acs-password-leaks-are-a-security-issue-on-ibm-i/

Our work featured in IT Jungle

🚨Secure Boot relies on revocation lists (dbx) to block malicious bootloaders, but discrepancies between the @uefiforum & @microsoft lists create security gaps.

👉Call for a single and openly maintained revocation list -- a unified source of truth!

https://www.binarly.io/blog/from-trust-to-trouble-the-supply-chain-implications-of-a-broken-dbx

Project: golang/go https://github.com/golang/go
File: src/cmd/compile/internal/ssa/rewritePPC64latelower.go:55 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/compile/internal/ssa/rewritePPC64latelower.go#L55

func rewriteValuePPC64latelower_OpPPC64AND(v *Value) bool

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2FrewritePPC64latelower.go%23L55&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2FrewritePPC64latelower.go%23L55&colors=light

New updates in LIEF including better support for PE modifications and ARM64EC/ARM64X binaries.

Blog post: https://lief.re/blog/2025-02-16-arm64ec-pe-support/

Stop saying “artificial intelligence”. (And “neural networks” too.)

Be more specific. Say “reinforcement learning”. Say “generative modelling”. Say “Bayesian filtering”. Say “statistical prediction”.

These are incredibly useful tools that have nothing to do with “intelligence”.

And say “model trained on plagiarised data”.

Say “bullshit generator”.

Say “internet regurgitator”.

These are also nothing to do with intelligence, but they have the added bonus of being useless, too.

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75ab2bd98

x86_skip_prefixes

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2bd98.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75ab2bd98.json&colors=light

Microsoft Productivity Pack for Windows (1992)

Serious question to US folks: Does Mint 400 have a Fear&Loathing track these days?

CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection

https://seclists.org/oss-sec/2025/q1/140

"This vulnerability is related to BeyondTrust CVE-2024-12356"

https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/

The little devil (notice the vi reference) on my shoulder took over and made me connect #Emacs TRAMP to OpenSSH running on Windows.

Now Emacs is struggling really hard, spinning up the CPU fan 😆

The livestream on crypto-polyglots is up!
https://www.youtube.com/live/RP5PVRUs6L8?si=udjoa6O0MSyq6w9D

[RSS] Chop, Chop, Chop: Trying Out VR for Woodworking

https://hackaday.com/2025/02/15/chop-chop-chop-considering-vr-for-woodworking/

🫣 🍿

master: welcome to my Smart Home

student: wow. how is the light controlled?

master: with this on-off switch

student: i don't see a motor to close the blinds

master: there is none

student: where is the server located?

master: it is not needed

student: excuse me but what is "Smart" about all of this?

master: everything.

in this moment, the student was enlightened

Why is the nonsense phrase “vegetative electron microscopy” turning up in fake scientific papers? Add two-column formatting to the list of things AI doesn’t understand. https://retractionwatch.com/2025/02/10/vegetative-electron-microscopy-fingerprint-paper-mill/
Via @Researchbuzz

Project: golang/go https://github.com/golang/go
File: src/cmd/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go:172 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go#L172

func (enc *Encoder) For(obj types.Object) (Path, error)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Ftools%2Fgo%2Ftypes%2Fobjectpath%2Fobjectpath.go%23L172&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Ftools%2Fgo%2Ftypes%2Fobjectpath%2Fobjectpath.go%23L172&colors=light

Oh my god Internet Archive you magnificent bastards what did you do, and PLEASE KEEP DOING IT FOREVER