There is more cost to programming assistants than I have realized. I was recently talking with a friend, and I mentioned a new programming language that has some interesting features. The friend told me that they won't try it, because the programming assistant doesn't support it, because there aren't enough examples out there to train it.

We are literally throwing away innovation and diversity in exchange for convenience.

Would you look at that, it's tmp.0ut Volume 4! Happy Friday, hope you enjoy this latest issue!

https://tmpout.sh/4/

"How do you deal with code snippets in blog posts getting outdated?"

Every time I give a talk about blogging for developers, I'm asked this. Now I started to take action with the first iteration of the solution.

I added version metadata to my blog posts and display them at the start of the post.

https://hamatti.org/posts/track-software-versions-for-technical-blog-posts/

#blogging #TechnicalWriting

We're programmers. Programmers are, in their hearts, architects, and the first thing they want to do when they get to a site is to bulldoze the place flat and build something grand. We're not excited by incremental renovation: tinkering, improving, planting flower beds.

— Joel Spolsky

#programmers

Hello and welcome to this week's installment of #nakeddiefriday !

The guest of today is the TIBPAL16R4 by TI, a programmable array logic chip made with bipolar logic. The die has 2 metal layers, its maskwork produced in 1985. A short thread follows.

More info and hi-res pano at: https://siliconpr0n.org/archive/doku.php?id=infosecdj:ti:tibpal16r4

#electronics #reverseengineering #microscopy #icreverseengineering

It’s disheartening to see AI reactionism lead my community to a 180° on copyright.

Everyone is merrily attacking LibGen now. If it didn’t exist, big tech companies would still find training data, it just wouldn’t be accessible to regular people.

[RSS] Discourse Backup Disclosure: Rails/nginx send_file Quirk

https://projectdiscovery.io/blog/discourse-backup-disclosure-rails-send_file-quirk

This is CVE-2024-53991

[RSS] Last barrier destroyed, or compromise of Fuse Encryption Key for Intel Security Fuses

https://swarm.ptsecurity.com/last-barrier-destroyed-or-compromise-of-fuse-encryption-key-for-intel-security-fuses/

TIL of the bad.horse traceroute

Rejoice! 🎉

My idalib-based vulnerability research tools are now fully compatible with Windows 🪟

Please test them and report any bugs 🪲

https://security.humanativaspa.it/streamlining-vulnerability-research-with-ida-pro-and-rust/

(PS. Ya like my GPT writing style? 🚀)

Project: golang/go https://github.com/golang/go
File: src/cmd/compile/internal/abt/avlint32.go:175 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/compile/internal/abt/avlint32.go#L175

func (t *T) Intersection(u *T, f func(x, y interface{}) interface{}) *T

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fabt%2Favlint32.go%23L175&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fabt%2Favlint32.go%23L175&colors=light

she is all of us

canonical mode

👀 https://www.reuters.com/technology/cybersecurity/chinas-baidu-denies-data-breach-after-executives-daughter-leaks-personal-info-2025-03-20/

"But Ryan, the C preprocessor isn't a programming language!"

Skill issue.

The official website of zero-day broker Zerodium has been updated in December of last year. There are no price lists nor any information anymore, just an email and a PGP public key.

🤔

If you know what's happening there...let me know.

https://zerodium.com

New Project Zero issue:

msm_npu: Race between npu_host_unload_network and npu_host_exec_network_v2 leads to memory corruption

https://project-zero.issues.chromium.org/issues/380081941

CVE-2025-21424

[oss-security] [kubernetes] CVE-2024-7598: Network restriction bypass via race condition during namespace termination

https://seclists.org/oss-sec/2025/q1/234

"The order in which objects are deleted
during namespace termination is not defined, and it is possible for network
policies to be deleted before the pods that they protect." whoops :)

Up-to-date fork of Sourcetrail:

https://github.com/petermost/Sourcetrail

h/t @brk

I don't recall seeing a CVE for a WAF lib bypass before but here you go, add it to your tricks if it isn't already there.

https://github.com/corazawaf/coraza/security/advisories/GHSA-q9f5-625g-xm39

sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUEST_FILENAME will be set to /uploads/foo.php. This can lead to a rules bypass. This vulnerability is fixed in 3.3.3.

https://nvd.nist.gov/vuln/detail/CVE-2025-29914