Look, "never" is relative

Friend turned me onto this awesome project. Ever wanted to literally program your music with Python? https://glicol.org/

Have you noticed there's a lot more drama going on here lately?

@finn and I did at least, so we wrote a blog post talking about what happened with VLC and Google, how that drama formed and what you can do to stop spreading misinformation.

https://steffo.blog/outrage-warps-reality/

This is my first-ever blog post that I wrote with someone together, so I hope the way I show what's written by whom is understandable.

Anyway, thank you, Finn, for helping me write such an important blog post. I think I couldn't have done it without you!

#blog #android #google #safetycore #vlc #ai #drama #fediverse

GNU Emacs 30.1 released with 2 CVE fixes https://www.openwall.com/lists/oss-security/2025/02/26/2
Fix shell injection vulnerability in man.el (CVE-2025-1244). We urge all users to upgrade immediately.
New user option 'trusted-content' to allow potentially dangerous features. This fixes CVE-2024-53920.

My new DIY video is online! RGB Mushrooms that change color! 🍄💡🌒

Check it out: https://youtu.be/5Ar3oKDBxPA

@marove @VVoidCamp wär das nicht was fürs VVoidCamp?

#papercircuit #papercraft #electronics #diy #stem #mint

The SEC has ruled that meme coins aren’t securities since they “typically have limited or no use or functionality” and are “more akin to collectibles.”

These means getting rug pulled on a memecoin isn’t securities fraud. It’s more like overpaying for Beanie Babies.

https://www.cnbc.com/2025/02/27/sec-says-most-meme-coins-are-not-securities.html

Gene Hackman’s Family Reveals What They Believe Caused His Death: Carbon Monoxide

Yet another reason to get rid of all the gas appliances in your home if you can: they’re dangerous!

https://www.thedailybeast.com/gene-hackmans-family-daughter-elizabeth-hackman-reveals-what-they-believe-caused-his-death/

I'm tired enough to read "CVE Nürnberg Authority" and think that vulnerability management took a quite radical turn

SEC Consult SA-20250226-0 :: Multiple vulnerabilities in Siemens A8000 CP-8050 & CP-8031 PLC

https://seclists.org/fulldisclosure/2025/Feb/19

- Firmware Downgrade (CVE-2024-39601)
- Firmware Update Decryption via Secure Element Oracle (CVE-2024-53832)

If a government can issue a secret order to push a 'special' version of a mobile app just to a specific person (or set of people), how can this be mitigated?

• How can app "rarity" be detected locally? (Antivirus and its descendants have a concept of a "well-known benign executable" vs one that has only been rarely seen.

• Can a local app, or an OS feature, be used to compare local apps with a list of expected versions?

• Can this be done independently of the OS (since the order could also subvert the rarity check)? (Even an independent app can be subverted if the only app store is the official one maintained by the same vendor.)

• To detect unusual app versions, reproducible builds are necessary but not sufficient, unless the project is also FOSS -- because even if everyone gets the same APK, the app might receive different instructions from its server depending on unique metadata.

[RSS] Taking the relaying capabilities of multicast poisoning to the next level: tricking Windows SMB clients into falling back to WebDav

https://www.synacktiv.com/en/publications/taking-the-relaying-capabilities-of-multicast-poisoning-to-the-next-level-tricking

[RSS] A Deep Dive into JS Trusted Types Violations

https://bughunters.google.com/blog/5850786553528320/a-deep-dive-into-js-trusted-types-violations

Hyperlight is a library for creating micro virtual machines — or sandboxes — specifically optimized for securely running untrusted code with minimal impact.

https://github.com/hyperlight-dev/hyperlight

It supports both Windows and Linux, utilizing Windows Hypervisor Platform on Windows, and either Microsoft Hypervisor (mshv) or KVM on Linux.

#hypervisor #virtualization

“HKEY_CURRENT_USER. You will never find a more wretched hive of scum and villainy.”

Anybody knows how to demangle a string, not a symbol, in #Ghidra using Python?

[RSS] How Does #Linux Direct Mapping Work?

https://u1f383.github.io/linux/2025/02/27/how-does-linux-direct-mapping-work.html

been reminded of this several times this week and not in a nice way

[RSS] Sidekick in Action: Finding Vulnerabilities in dnsmasq

https://binary.ninja/2025/02/26/sidekick-in-action-finding-vulnerabilities-in-dnsmasq.html

Firefox now has Terms of Use! This'll go over like a lead balloon.

You give Mozilla all rights necessary to operate Firefox, including processing data as we describe in the Firefox Privacy Notice, as well as acting on your behalf to help you navigate the internet. When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

https://www.mozilla.org/en-US/about/legal/terms/firefox/

RIP Michelle Trachtenberg, thanks for all the laughs :(