Periodic reminder to the fedi EE / embedded systems community: I have a lot of lab capabilities and resources that the average hobbyist can't afford, and am willing to offer them up on reasonable terms (i.e. FREE in many cases) to help people out.

As a general rule if you're not making money on it (i.e. hobbyist/noncommercial/academic project) and it's not a major time commitment or consumable cost for me, all I ask is that you pay return shipping if you want the hardware sent back to you afterwards. For anything large or commercial in nature, I'm still potentially interested but we'd have to discuss compensation first.

Capabilities and equipment available:
* 3D planar EM simulation (Sonnet Pro)
* 5 3/4 digit multimeters (R&S HMC8012)
* Various oscilloscopes to 16 GHz BW (PicoScope 6424E, LeCroy WaveRunner 8404M-MS, LeCroy SDA 816Zi-A) plus power rail, current, and differential probes
* VNA measurements to 8.5 GHz (PicoVNA 106 / 108)
* BERT BER/eye pattern/bathtub curve measurements to 28 Gbps (MultiLane ML4039-BTP)
* Vector signal generation to 6 GHz (Siglent SSG5060X-V)
* Fine pitch soldering and PCB rework, BGA assembly, inner layer circuit edits, etc
* Low magnification stereo microscopy
* High magnification reflected light optical microscopy to ~300nm resolution, including large area automated step-and-repeat scanning and stitching of multi-gigapixel datasets
* Coming soon: Embedding and cross section polishing for failure analysis etc

CALL FOR PAPERS PERIODIC REMINDER

You have an offensive, defensive, audit research or dev mixing Security and FLOSS or open protocol/format?

Go ahead and submit your proposal!

👉 https://cfp.pass-the-salt.org/pts2025/cfp

A question, doubt? Our support team is listening to you: speaker-support@pass-the-salt.org

📅 The deadline is March, 30 2025!
D-40

Boost REALLY appreciated 🙏

Reminder for those using the iOS Patreon app to support their creators: Apple is now taking a 30% cut for new donations through the app, plus whatever Patreon takes. Consider alternate donation methods (including direct to the Patreon website rather than the Apple mobile app).

I’ve found, btw, that ko-fi has the best deal for creators - for a $72 annual fee, they do not take any cut of donations.

libxml2 vulnerabilities https://www.openwall.com/lists/oss-security/2025/02/18/2
Fixed in 2.12.10, 2.13.6 and upcoming 2.14.0.
CVE-2024-56171: Use-after-free in xmlSchemaIDCFillNodeTables
CVE-2025-24928: Stack-buffer-overflow in xmlSnprintfElements
Null-deref in xmlPatMatch

Breaking: Apple pulls end-to-end encrypted storage option from UK after secret order for a back door. https://www.washingtonpost.com/technology/2025/02/21/apple-yanks-encrypted-storage-uk-instead-allowing-backdoor-access/

Microsoft is paywalling features in Notepad and Paint

There’s some bad news for Windows users who want to use all of the built-in features of the operating system and its integrated apps. Going forward, Microsoft is restricting features in two iconic apps, which you’ll need to unlock with a paid subscription.

The two apps in question? Notepad and Paint. [...]

Windows Insiders

https://www.osnews.com/story/141773/microsoft-is-paywalling-features-in-notepad-and-paint/

#Windows

📢Call for beta testers!📢
The beta for "Fuzzing 1001: Introductory Fuzzing" will start ~ March 7th. It will take ~6 hours to complete. If you're interested in participating, please sign up below.
https://forms.gle/fxCM9Y1CprUJgQi59

Lesser known tricks, quirks and features of #C

https://jorenar.com/blog/less-known-c

CP/M-86 for Newbies is a starter kit for CP/M-86 with everything ready to unpack and run. It bundles the PCe PC emulator (Windows only), preconfigured PCe environments for running different CP/M-86 versions including Concurrent CP/M-86 and Concurrent DOS, and other software such as the Pirx Commander file manager.

https://github.com/MarekStarobrat/Pirx.Commander/tree/main/Releases/CPM-86

#cpm #retrocomputing

Our latest issue of ThinkstScapes is now available for download.

For this issue (covering the last quarter of 2024) we tracked over over 1400 talks and scoured content from almost 1100 blog posts.

As always, PDF, ePUB and an audio summary are available free (with no reg-wall) at https://thinkst.com/ts

I hope you're all doing risk assessments and checking the exposure of your business/NGO/public institution to the US weaponizing its tech infrastructure (Google, Microsoft, Apple) and shutting down your operations if they disagree with your mission?

#Security #RiskAssessment #Tech

We've issued our first short-lived (6 day) certificate! https://letsencrypt.org/2025/02/20/first-short-lived-cert-issued/

Come learn Windows Internal with
@yarden_shafir at Recon Montreal on June 23-26 #reverseengineering #cybersecurity https://recon.cx/2025/training.html#trainingWindowsInternals

Updates on Paragon scandal in Italy via Guardian:

-Journalist union filed criminal complaint due to Meloni's government not answering Qs.

• President of 🇮🇹 parliament invoked rule to not respond Qs claiming all unclassified info has been made public.

-Italy's foreign intelligence agency AISE, confirmed it is a customer of Paragon in Parliament, and that the the contract is suspended.

Still lots of unanswered questions.

https://www.theguardian.com/world/2025/feb/19/journalists-launch-legal-action-against-italian-government-over-spyware-claims

thanks "security researchers" !

https://github.com/curl/curl.dev/pull/6

After what feels like a century of delays.. Apple's new C1 baseband aka 'Sinope' aka 'INITIUM' etc. looks pretty interesting; PAC, ASLR & repurposed iBoot on the bb with some very familiar Synopsys licensed IP blocks + EM4 ARCv2 cores ;) good luck doing exdev on this platform lol

I missed the NVIDIA sev:CRIT TOCTOU the other day. Mostly because IDGAF about NVIDIA. But I still enjoy this meme.

https://www.zerodayinitiative.com/advisories/ZDI-25-087/

This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. An attacker must first obtain the ability to execute code within a container in order to exploit this vulnerability.

The specific flaw exists within the mount_files function. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host.

https://nvidia.custhelp.com/app/answers/detail/a_id/5616

Obsidian is now free for work.

Starting today, the #Obsidian Commercial license is optional. Anyone can use Obsidian for work, for free. Explore the organizations that support Obsidian on our site.

https://obsidian.md/blog/free-for-work/

New Parallels "victim"-assisted LPE 0day dropped due to ZDI not playing well with the reporter:
https://jhftss.github.io/Parallels-0-day/

I've confirmed that it works fine on Intel. Though ARM may require some retooling (if it's vulnerable)