Communist Poland was exceptionally good at making fun of secret police and egomaniacal leaders.

If my American friends need some good authoritarian jokes so that they can keep their spirits up for the long run I can suggest some!

In case anyone here has connections with the Python team: can you please tell them to update their docs on XML security? The way it is is quite misleading, and it's been annoying me for a while. I raised this a while ago in their issue tracker, but it got no reaction whatsoever. https://github.com/python/cpython/issues/127502 🧵

PHP just turned 30! 🎉 Did you create guestbooks for your website like the early users of the language? 📜 Do you remember technologies like PHP-Nuke, phpBB, or browsing vBulletin forums? 💻

The slides for @offensive_con talk "Hunting for overlooked cookies in Windows 11 KTM and baking exploits for them" by @saidelike and I are here:

https://docs.google.com/presentation/d/1M_ziQt6rZA01ghsv0qo7lhqyOLIZYNnV-qjHWun6A1g/edit?usp=sharing

another day, another binary file format with a badly designed magic number

not gonna call it out specifically but here are some RFC2113 MUSTs for magic number design:

MUST be the very first N bytes in the file
MUST be at least four bytes long, eight is better
MUST include at least one byte with the high bit set
MUST include a byte sequence that is invalid UTF-8
SHOULD include a zero byte, but you can usually get away with having that be part of the overall version number that immediately follows the magic number (did I mention that you really SHOULD put an overall version number right after the magic number, unless you know and have documented exactly why it's not necessary, e.g. PNG?)

good examples:

• PNG
• ELF

bad examples:

• GIF
• PE
• PDF

End of an era: our CVSweb service turned 21 today, and was promptly retired. Our anoncvs was similarly shut down at the age of 21 two years ago, quietly.

https://bird.makeup/@openwall/1367145526093893641

💥 I'm a youtuber now! 📺

Just recorded a short video solving a crash in the #r2dec decompiler to lower the barrier to help new contributors get handy with the radare2 codebase and common developer workflows. #r2tv

https://www.youtube.com/watch?v=Fr6cOa_YRkI

Just launched Code Auditor CTF — https://auditor.codes

A web platform to practice finding real-world C/C++ vulnerabilities
• 8000+ challenges
• Progress tracking + leaderboard
• Beginner-friendly
• Fully open source (beta): https://github.com/20urc3/auditor.codes

Alan Turing died by suicide on 7 June 1954. Turing was convicted of gross indecency in 1952 and given a choice between imprisonment and probation. His probation would be conditional on his agreement to undergo hormonal physical changes designed to reduce his libido. Turing's conviction led to the removal of his security clearance and barred him from continuing with his consultancy for GCHQ. He was denied entry into the United States after his conviction.

#AlanTuring #GayRights #OnThisDay

Standing by the printer holding a hammer just to make sure it does what it's told

Besides watermelon, there should be windmelon, firemelon and earthmelon - the four elemelons.

The Tiny Awards are back, and so am I! After a year off, I'll be a judge helping to decide "the best of the small, poetic, creative, handmade web" made in the last 12 months. Nominations open until the end of June, submit anything you love! https://tinyawards.net/

So, my technical report on fuzzing CPython with fusil is almost done.

I'd really appreciate some help categorizing the found issues by relevance/severity/importance or any other name for impact.

Do you have the chops to help with that? And do you have time and interest? Please get in touch if so! And please boost if you can :)

A plot, some tables, links to the report and some discussion are available in this thread:

https://discuss.python.org/t/feedback-on-the-recent-fusil-fuzzing-campaign-of-cpython/91737

#Python #CPython #fuzzing #fuzzer #fusil

Project: microsoft/typescript https://github.com/microsoft/typescript
File: src/compiler/program.ts:3242 https://github.com/microsoft/typescript/blob/81c951894e93bdc37c6916f18adcd80de76679bc/src/compiler/program.ts#L3242

function checkModifiers(modifiers: NodeArray<ModifierLike>, isConstValid: boolean)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2Ftypescript%2Fblob%2F81c951894e93bdc37c6916f18adcd80de76679bc%2Fsrc%2Fcompiler%2Fprogram.ts%23L3242&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2Ftypescript%2Fblob%2F81c951894e93bdc37c6916f18adcd80de76679bc%2Fsrc%2Fcompiler%2Fprogram.ts%23L3242&colors=light

USMC AH-1Z Viper working the pattern at Pt. Mugu, July 2024 #USMC #choppa #rotor #Mugu #AH1Z #aviationphotography #planespotting #AvGeek #spotter #photography #Nikon #aircraft #nikonphotography

Fucking stupid UI/UX choices.

Fortigate Firewall/Routers - All options for BGP/IPSEC are behind an "advanced options" user preference.... IT'S A FORTIFUCKINGROUTER the only people in this interface are advanced users.

PaloAlto XDR portal - Right-click for options on a line... fine... But wait, if you hold option/alt, you get even more options. I get the need to define which options are less common choices, but you should not be hiding things behind click-modifiers. The only people using the XDR interface will be advanced users. If a user doesn't have authorization for a command, then don't show it. If the option is destructive, then confirm with N number of dialogs. Also, the ENTIRE user interface is in italics.

Admin interfaces should never have hidden options.