My small child BlogFlock (https://blogflock.com) is a social RSS feed reader - share the blogs you follow with friends and strangers!

BlogFlock will always be free to use and never show you ads.

But running a feed aggregator is expensive at scale.

On top of BlogFlock's pretty decent feature set (if I say so myself), what features or service guarantees would convince you to spend $25/year on a social feed reader?

"The designer of a new system must not only be the implementor and the first large-scale user; the designer should also write the first user manual. If I had not participated fully in all these activities, literally hundreds of improvements would never have been made, because I would never have thought of them or perceived why they were important."

-- Donald Knuth, “The Errors of TeX”

looks like the AI + MCP-assisted reverse engineering hype train is gaining steam! 🚂✨

in just the past few days, we've seen:
• @itszn13 integrating MCP into @vector35’s Binary Ninja (https://x.com/itszn13/status/1903227860648886701)
• @jh_pointer casually dropping his IDA MCP project, which I had to nerdsnipe myself into trying (https://github.com/MxIris-Reverse-Engineering/ida-mcp-server, https://x.com/bl4sty/status/1904631424663379973)
• @mrexodia rolling out a clean (judging by a quick code quality check) MCP implementation for IDA (https://github.com/mrexodia/ida-pro-mcp)
• @lauriewired dropping GhidraMCP for @nsagov’s Ghidra (https://github.com/LaurieWired/GhidraMCP)

these tools are early-stage but already hint at the potential for interactive RE software running on (semi) autopilot.

makes me wonder—should we formalize a set of MCP primitives across RE tools and unify them under one overarching framework? 🤔

of course, these aren’t silver bullets. but much like typical LLM usage, in the right hands, they could be powerful time-savers.

curious to see what comes next! might be time for hacking competitions focused on small/constrained binaries to start thinking about countermeasures against AI-assisted cheesing. 👀

https://bird.makeup/@itszn13/1903227860648886701

New Signal update just dropped

#SignalGate #USpolitics #WorldPolitics

Napalm Death is like fine wine, but with napalm.

Today we are very proud to announce that the United Nations has switched from Google Forms to CryptPad Form for collecting endorsements on the UN Open Source Principles: https://unite.un.org/news/sixteen-organizations-endorse-un-open-source-principles

CryptPad Form is a full-fledged application allowing you to build privacy-preserving questionnaires for your respondents.

Try it for free, without even registering an account, on our CryptPad.fr flagship instance!

#UnitedNations #UN #Privacy #OpenSource #Forms #Studies #FOSS

Looking to write your own MCP for a popular decompiler? Check out our unified API that allows scripting in IDA, Ghidra, Binja, and angr. In the same few Python lines, you can make a struct, retype a function, and modify local vars. Check it out: https://github.com/binsync/libbs

https://bird.makeup/@bl4sty/1904843439180493069

Anybody knows what Asimov is in MS lingo? :)

Back in 2022, there was wide scale disruption to the NHS (healthcare) in the UK due to LockBit ransomware at Advanced.

They have paid a £3m fine to the ICO, who have published their 58 page PDF investigation. Worth a read for findings.

https://cy.ico.org.uk/media2/gdlfddgc/advanced-penalty-notice-20250327.pdf

The £3m fine is due to failures to run Vulnerability Management correctly and failure to enforce MFA.

A thread about some other things:

Tuesday's cryptic message about atop turns out to be a local memory corruption issue, but details are unclear:

https://www.openwall.com/lists/oss-security/2025/03/26/2

What is clear to me is that the original "warning" was a shameful example of spreading FUD...

CVE-2025-31160 was issued to track the problem.

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a810cc4

Revert

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a810cc4.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a810cc4.json&colors=light

Our first keynote from Natalie is live! Want to find fully-remote bugs? Learn more about her workflow and lessons learned from a true expert in the field. Bonus: during the Q&A you can learn that even just finding a single obscure file format can be what it takes to find a bug: https://www.youtube.com/watch?v=UOr1F-Tx1Zg

I have a question: In Signal, imagine that a new device gets added to your phone as a Linked Device. What sort of notification would you receive on your primary device (phone)? Are there photos of the current workflow here? This article https://www.npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability asserts that recently Signal added UI to prevent user getting phished and unknowingly adding a linked device. What did they add?

[RSS] Llama's Paradox - Delving deep into Llama.cpp and exploiting Llama.cpp's Heap Maze, from Heap-Overflow to Remote-Code Execution

https://retr0.blog/blog/llama-rpc-rce

[RSS] Blasting Past Webp

https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html

An analysis of the NSO BLASTPASS iMessage exploit

If it annoys you— as it somewhat does me— that the precise definition of the Rust programming languages is "vibes" and "three separate PDFs, none of them authoritative" and "well, whatever the reference compiler does is the language", this is pretty neat news. https://mastodon.social/@rustfoundation/114229759326166359

Protip: if someone posts a technical or legal analysis of something the administration is doing or proposing and your response is that legalities are irrelevant and a waste of time, the problem is YOU.

You know who wants you to think laws don’t matter anymore and that pushback is hopeless? Fascists.

Don’t act like a fascist.

Conservative folklore peeps in Hungary: "Folktales carry our Traditional Values and the Ancient Wisdom of Our Ancestors. They follow a strict set of Traditional Rules"

Literal Hungarian folktales I found in archives:

- Princess Rosalia Lemonfarts

- The Diamond Prince in a Rubber Suit

- The Magic Flying Penis

- Rapunzel, but it's a bloke who makes a rope from his body hair

- Saint Peter got drunk and puked the first 🌈

- The Princess who became a Prince

#folklore #folktales #storytelling

CodeQLEAKED – Public Secrets Exposure Leads to Potential Supply Chain Attack on GitHub CodeQL https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/