half-life alpha running under wx86 on a wii

at 3fps at most - in a 320x240 window (it doesnt even reach 1fps in 640x480 fullscreen) - but it does run

the actual rtm doesn't show any valid display modes for some reason

The second oldest digital computer in the world is now working 🙂🤷‍♂️

Well done @usagielectric for getting it in a running state!

https://youtu.be/1XIX1K6tyqg

The oldest is the Harwell Dekatron at @tnmoc in Bletchley Park, which is also very cool and well worth visiting 😁🖖

#ComputerHistory #RetroComputing

It's easy to get scared when headlines combine terms like "backdoor", "Bluetooth", and "a billion devices".

Should you be worried? No.

The "attack" for ESP32 chips in some Internet of Things devices is some undocumented commands that are likely to be for testing by the manufacturer, Espressif, the in the factory. It cannot spread from one device to another like a virus/worm, and it takes a lot more than being within Bluetooth range -- it requires physical access to I/O pins on the chip itself or access to a USB port (if one is present). That's just the standard way to flash the firmware. It should go without saying that if a malicious person has physical access to the inside of your device then you may have more security concerns.

It's been fascinating to watch the propagation of fear and misinformation in a niche where I have dabbled enough to develop a bit of technical proficiency.

My interpretation of events is that Tarlogic Security is spreading panic to gain attention or notoriety.

Undocumented "backdoor" found in Bluetooth chip used by a billion devices:
https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/

NIST (National Institute of Standards and Technology) has a CVE:
https://nvd.nist.gov/vuln/detail/CVE-2025-27840

Edit to update:

Espressif’s Response to Claimed Backdoor and Undocumented Commands in ESP32 Bluetooth Stack
https://www.espressif.com/en/news/Response_ESP32_Bluetooth

#ESP32 #Espressif #TarlogicSecurity #IoT #InternetOfThings

Schrödinger's audit: Companies are found compliant until they are compromised, in which case they will always be found out of compliance.

Today I realized I need a portable pencil holder for my books (mostly the technical ones) so I won't search in panic when I want to take some super important notes.

After a quick search using an adjustable elastic band is a straightforward design, but I like the binder clip idea even better:

https://www.wendaful.com/2017/03/diy-make-elastic-pen-loop-holder/

#books #diy

For the people speculating about "jailbreaking" the F35 so you could fly it without US support. The thing is so maintenance heavy it won't fly after a week if you stop supplying it proprietary parts and loving US vendor help. The software is only a tiny thing relatively speaking. This goes for a lot of high-end military kit.

The recent news about an alleged backdoor in #ESP32 chips is largely overhyped, but it’s a good opportunity to explain how we designed #CHERIoT to make this kind of attack almost impossible by construction.

SCI and the CHERI Alliance will both be at Embedded World next week. Come and talk to us about CHERIoT and how you can adopt it with SCI’s ICENI chips in your next products.

this is good
https://eprint.iacr.org/2025/435.pdf

Back when COVID-19 hit, savvy observers were aware this was going to be Bad, even as we were surrounded by people who assumed this would not be a big deal. I vividly remember doing last minute shopping with folks thronging around bowls of free food. I knew then not to get anywhere near that. I get the same feeling now. We cling to normalcy but the world is heading to a crazy situation at a rapid clip. Yet our thinking is not yet there. "Surely this will pass?"

Margaret Hamilton is one of my personal heroes. One of the early programmers, coiner of the term “software engineering”, and lead for the Apollo guidance program software project that got humanity to the moon. Many of the core programming principles we use come from her teams. Never let anyone tell you programming isn’t for women! (And yes, sadly I still hear people say that from time to time)

JUST IN - Our Twitter (X) account has been locked.

They claim we published "people's private information without their express authorization and permission."

We published names and email addresses of people working for the government. We will not be intimidated.

While we did this for security purposes, you don't have to be security-oriented, this is generic OS research.

https://bird.makeup/@spendergrsec/1897722500806787312

Project: golang/go https://github.com/golang/go
File: src/cmd/compile/internal/ssa/regalloc.go:610 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/compile/internal/ssa/regalloc.go#L610

func (s *regAllocState) init(f *Func)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2Fregalloc.go%23L610&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fssa%2Fregalloc.go%23L610&colors=light

https://developers.redhat.com/articles/2024/12/11/making-memcpynull-null-0-well-defined - Making memcpy(NULL, NULL, 0) well-defined.

A very fancy way to obtain RCE on a Solr server
https://www.hacefresko.com/posts/rce-on-solr-server-via-replication

#fromBsky

Reversing Samsung's H-Arx Hypervisor Framework (Part 1) https://dayzerosec.com/blog/2025/03/08/reversing-samsungs-h-arx-hypervisor-part-1.html

Created a #CodeQL Cheat Sheet to document what I struggled with recently:

https://scrapco.de/codeql-cheat-sheet/cpp/cpp-conditionals-cfg/

Will push updates as they pop to my mind. Contributions/ideas are also most welcome!

https://github.com/v-p-b/codeql-cheat-sheet

this is my legacy

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75aa89290

PostProcessRecordsWorker

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75aa89290.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75aa89290.json&colors=light

[RSS] To some people, time zones are just a fancy way of sounding important, episode 2

https://devblogs.microsoft.com/oldnewthing/20250307-00/?p=110946