HUGE NEWS In the UK, Tanya O'Carroll has won her fight to force Facebook to let her opt out of its creepy surveillance-based targeted advertising. Campaigners are now gearing up to enable us this right not to be surveilled in this way, undermining the business model. https://www.thetimes.com/uk/technology-uk/article/facebook-personal-data-opt-out-swg26rm5z

I have a Win11 VM.
I shut it down from its Start Menu.
It restarts.
I shut it down from the login screen right after restart.
"Other users may be logged in to this system" (that just restarted)

Maybe my morning coffee didn't kick in or the product team didn't get their correct dose of drugs.

bent // broken 2025: virtual fest schedule:

https://bentbrokenfest.wordpress.com/bent-broken-2025-virtual-fest-schedule/

#circuitbending festival starting in ~7 hours (if I can convert time zones correctly)

If you don’t think this administration is so incompetent or callous as not to do this, you haven’t been paying attention.

MCP Job Security Pass - LLVM Pass to save Reverse Engineers from Automation :D

https://github.com/thebabush/mcp-job-security

My father-in-law is a COBOL programmer on social security and he's basically ready to join ISIS at this point

The BlackHoodie training at @offensive_con deals with compiler backdoors and is sponsored by @hexrayssa what an honor♥️The training takes place May 15th and registration is now open https://blackhoodie.re/Offensivecon2025/

I'll be doing a speaking!

https://bird.makeup/@offensive_con/1904596974763995528

New updates to the Decompilation Wiki by harpend (on GitHub). We have a new in-depth Switch structuring section and a new Loop Reduction section.

https://decompilation.wiki/fundamentals/structuring/schema-based/switch-structuring/

Kagi empowers you to personalize your search results, allowing you to see more of what you prefer, less of what you don't, or block content entirely.

View the top domains that users create personalizations for: https://kagi.com/stats?stat=leaderboard

#Kagi #AdFree #Search

Another must-watch talk from RE//verse 2025 is live! Zion Basque challenges decompilers to step up their game and introduces a roadmap for a practical solution to solve some of the trickiest compiler behavior's to analyze. Check it out here: https://youtu.be/VP29biKLoSw

Holy shit.

Just wow, wow, holy shit:

Completely rewriting a multi-million line COBOL codebase that has life-or-death consequences for real people in the space of a few months, using gen AI?

I’ve been writing software for 40-some years, and I have to say: this may be, without exaggeration, the stupidest software-related idea I’ve ever heard from leadership.

https://www.wired.com/story/doge-rebuild-social-security-administration-cobol-benefits/

ReactOS 0.4.15 Released

https://reactos.org/project-news/reactos-0415-released/

"Now, kernel access checks are fully functional and prevent unauthorized access to system objects. As a result, the Windows kernel now works with the vast majority of modules from ReactOS."

Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudypb 's blog. Don’t blacklist - replace BinaryFormatter.

Gemini 2.5 "reasoning", no real improvement on river crossings

https://awful.systems/post/3875809

"I think chain of thought / reasoning is a fundamentally dishonest technology. At the end of the day, just like older LLMs it requires that someone solved a similar problem (either online or perhaps in a problem solution pair they generated if they do that to augment the training data)"

“Vulgar Display of Power”

https://tante.cc/2025/03/28/vulgar-display-of-power/

> It is a display of power: You as an artist, an animator, an illustrator, a writer, any creative person are powerless. We will take what we want and do what we want. Because we can.

(⁠ノ⁠｀⁠Д⁠´⁠)⁠ノ⁠彡⁠┻⁠━⁠┻
(Days without cleaning up after a "coding assistant" in the prod: 0)

https://www.androidauthority.com/google-android-development-aosp-3538503/

Here are my notes on using a Python virtual environment with IDA Pro:

https://williballenthin.com/post/using-a-virtualenv-for-idapython/

#idapro

use-after-free (maybe?) in libspf2 /by @hanno

https://www.openwall.com/lists/oss-security/2025/03/28/1

Maybe @thezdi could shed some light on CVE-2023-42118 ?