Project: pypy/pypy https://github.com/pypy/pypy
File: rpython/rlib/parsing/deterministic.py:217 https://github.com/pypy/pypy/blob/9abbb4f358a5c308aefb85652a229cc98f899e13/rpython/rlib/parsing/deterministic.py#L217

def make_code(self):

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpypy%2Fpypy%2Fblob%2F9abbb4f358a5c308aefb85652a229cc98f899e13%2Frpython%2Frlib%2Fparsing%2Fdeterministic.py%23L217&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpypy%2Fpypy%2Fblob%2F9abbb4f358a5c308aefb85652a229cc98f899e13%2Frpython%2Frlib%2Fparsing%2Fdeterministic.py%23L217&colors=light

Every damn day

The libxml2 maintainer is no longer accepting embargoed security reports. They just get treated like regular issues.

This bit in a comment on the announcement really resonates with me:

> these companies make billions of profits and refuse to pay back their technical debt, either by switching to better solutions, developing their own or by trying to improve libxml2.

Too often a company will depend on some library, and then when there are issues with it, shame the maintainer into fixing them. "There's a problem with your project, it is your responsibility to fix it".

No.

You chose to build on top of this library, and with that took on all responsibility that comes with that choice. Any tech debt or bugs are now YOUR tech debt and bugs. What are you going to do about them?

https://gitlab.gnome.org/GNOME/libxml2/-/issues/913

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0051a550

asn1_cb

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0051a550.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0051a550.json&colors=light

https://links.fabiomanganiello.com/share/683ee70d0409e6.66273547

PHRACK is coming to #DEFCON! We're printing ~10,000 zines and giving an hour-long talk you won't want to miss! Stay tuned. 🔥 #40yrsOfPhrack #phrack72

We did a presentation at Null Byte Security Conference last year entitled "The importance of a rigorous methodology in information security research". The presentation aimed to introduce security professionals to the importance of rigor in information security research, but also to other aspects.

We consider rigor very important for the information security industry.

We have observed, over more than 15 years in the field, that many beginners lack a solid understanding of rigor and the scientific method, which hinders their learning and growth.

The audience was mostly people starting in the information security industry, and we tried to make it simple, but not simpler. The slides can be found at the link below:

https://allelesecurity.com/wp-content/uploads/2025/06/The-importance-of-a-rigorous-methodology-in-information-security-research.pdf

CVE-2025-48706 - Out-of-bounds read in COROS PACE 3

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-028.txt

Watch Out! Bluetooth Analysis of the COROS PACE 3

https://blog.syss.com/posts/bluetooth-analysis-coros-pace-3/

📣 Exciting opportunity in our iOS team for a Senior Vulnerability Researcher with experience in Apple platforms.

Remote or office based.

https://jobs.gohire.io/interrupt-labs-zcocopee/senior-ios-vulnerability-researcher-237538/

Do you know of examples of a software library's test suite catching a bug in its upstream dependencies? I've seen a few of these over the years, and I'd like to put together a small list. Things like:

- A programming language implementation's test suite uncovering a bug in other implementations
- A library's test suite uncovering a bug in the language implementation itself
- A framework addon's / extension's test suite uncovering a bug in the framework

Some pictures of KICKI a DEC PDP-10 model KI10 sn 522 currently in preservation.

Would you like to support us? Visit: https://icm.museum

#retrocomputing #vintagecomputing

You've been asking for the slides from my x33fcon talk this year - here they are!

I covered most modern anti-phishing protections and how to evade them, with a particular focus on how URL rewriting can be used to bypass Google Safe Browsing.

Enjoy! 🪝🐟

🔗👇