days like today I remember to do my breathing exercises and gently remind myself this is nothing an extinction level event cant fix

What does it mean to be a hacker? This semester, I taught a hacker history and culture class, which was a blast. In one assignment, my students paid tribute to the classic @phrack Pro-Phile -- a small bio on a famous hacker. Check out their pieces: https://cse194.mahaloz.re/prophiles.html

Yes, hello! If you were following @bert_hubert@fosstodon.org you should have been redirected automatically to following this new account. And if not, if you are still interested in my ramblings, please follow this account manually. Can I ask for retoots so the people that might be interested see this news? Thanks!

CVE-2024-28956: Xen Security Advisory 469 v2: x86: Indirect Target Selection https://www.openwall.com/lists/oss-security/2025/05/12/5
A bug in the hardware support for prediction-domain isolation. An attacker might be able to infer the contents of arbitrary host memory, including memory assigned to other guests.

https://bird.makeup/@vu5ec/1921973704948371486

What happens if a cosmic ray hits a voting machine?

In Belgium’s 2003 elections, a relatively unknown Communist Party candidate received 4096 extra votes…from a spontaneous bit inversion.

It was more votes than was mathematically possible at that polling station.

#whataweekhuh

I think the most tragic aspect of deploying "AI" in teaching and learning situations is how much it pushes people into a situation of learned helplessness. This constant feeling of not knowing how to do a thing of being incapable of actually doing work on one's tasks is mentally so harmful. How do people under those conditions gain confidence in their abilities? Like ever?

kASLR Internals and Evolution by @r0keb

https://r0keb.github.io/posts/kASLR-Internals-and-Evolution/

Great news! The Pwnie awards nominations are now open!
https://pwnies.com/nominations/

"If all these big companies are shouting from the rooftops that AI is up to production code the money relies on, then zero open source contributions of substance is a glaring absence."

(Original title: If AI is so good at coding … where are the open source contributions?)

https://pivot-to-ai.com/2025/05/13/if-ai-is-so-good-at-coding-where-are-the-open-source-contributions/

This week’s exciting instalment of Security Vulnerabilities that would be deterministically mitigated by #CHERI is a multi-part series sponsored by #Apple.

Media decoders are trivial to sandbox on a CHERI system (around four lines of code). They take an input buffer and produce an output. They can run with write access to that output buffer and nothing else. An attacker who gains arbitrary-code execution in an image decoder, for example, gains the ability to write an image to the output buffer: exactly the same rights that someone who can substitute a different image file has already.

Adobe's patches are (finally) out. 13 bulletins addressing 40 CVEs in Cold Fusion, Lightroom, Dreamweaver, Connect, InDesign, Substance 3D Painter, Photoshop, Animate, Illustrator, Bridge, Dimension, Stager, & Modeler. The patch blog has been updated. https://www.zerodayinitiative.com/blog/2025/5/13/the-may-2025-security-update-review

In case you thought CTRL-F in chromium was useless... Microsoft has your back. https://www.neowin.net/news/microsoft-removes-a-lot-of-features-from-the-edge-browser/

Find on Page in Microsoft Edge for Business will soon be integrated with Microsoft 365 Copilot Chat. Microsoft Edge for Business is introducing Microsoft 365 Copilot Chat to Find on Page (CTRL+F). This feature seeks to help users more easily find relevant content and save time. Note: This is a controlled feature rollout. If you don't see this feature, check back as we continue our rollout.

While the #Adobe patches are still missing, the #Microsoft patch Tuesday rolls on with 5 0-days being exploited in the wild. Join @TheDustinChilds as he breaks down the release and calls out some familiar components. https://www.zerodayinitiative.com/blog/2025/5/13/the-may-2025-security-update-review