And we're live with Pentium II: https://youtube.com/live/Jt4_ekA7q4M?feature=share

Preparing a post about lafleur, the CPython JIT fuzzer I develop.

It has found 4 JIT crashes so far:
#136996: "JIT: `executor->vm_data.valid` assertion failure in `unlink_executor`".
#137007: "JIT: assertion failure in _PyObject_GC_UNTRACK".
#137728: "Assertion failure or `SystemError` in `_PyEval_EvalFrameDefault` in a JIT build".
#137762: "Assertion failure in `optimize_uops` in a JIT build".

Contributions welcome!

https://github.com/search?q=repo%3Apython%2Fcpython+lafleur&type=issues

#Python #CPython #fuzzer #fuzzing #lafleur #JIT

That "EDR 0-day" post on reddit is quite entertaining!

Made a little pornographic test case for the UK #OnlineSafetyAct, to see whether we can get Ofcom to ban AWS S3 from the United Kingdom.

http://ofcom.s3-website-us-east-1.amazonaws.com/

Doing #curl command lines in powershell can be a whole adventure: https://medium.com/@shindeshreeharsh157/my-midnight-battle-with-a-curl-command-ac6b22942f01

[RSS] tar-fs Link Directory Traversal Vulnerability

https://github.com/google/security-research/security/advisories/GHSA-xrg4-qp5w-2c3w

CVE-2025-48387

[RSS] SQLite - Integer Overflow in FTS5 Extension

https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g

Hi, I'm your favorite security vendor, welcome to...

"printer on fire" thread by @lauriewired unrolled from the other site:

https://threadreaderapp.com/thread/1956498902443827574.html

lp0 is a Linux error code that means “printer on fire.”

It’s not a joke. In the 50s, computerized printing was an experimental field.

At LLNL (yes, the nuclear testing site), cathode ray tubes created a xerographic printer.

...it would occasionally catch fire.

Fun fact: the #Ghidra API is quite consistent in naming methods according to the data types they accept/return, but HighVariables are returned from Varnodes via getHigh()

hashcat v7.1.0 released!

This update includes important bug fixes, new features, and support for new hash-modes, including KeePass with Argon2.

Read the full write-up here: https://hashcat.net/forum/thread-13353.html

A sad day indeed - the original Rick Roll video has finally been taken down from YouTube from a copyright claim.
https://www.youtube.com/watch?v=dQw4w9WgXcQ

On a related note: is there a window manager/theme/config/??? that is optimized for #eInk screens?

I guess high a contrast theme, minimal animation/tiling would be essential, but I expect many little problems to solve along the way.

#Linux #OSS

Can't read LED screens on the beach so I spent some time hacking on @albinowax's old Perl script and made single-file e-books of all Phrack issues, ICYMI:

https://scrapco.de/dataslate/phrack/

(Will probably update when 72 comes out)

Liberating a Collapsible Chair from a Single Piece of Wood

https://hackaday.com/2025/08/15/liberating-a-collapsible-chair-from-a-single-piece-of-wood/

I wish watchTwr Labs was on mastodon, their blog posts are always amazing.
Today's about a Fortinet vulnerability:
https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256/

squirrels always act and look like its their first day being a squirrel

finally got around to writing up my windows exploit from pwn2own vancouver 2024! (plus some notes about using it on xbox) https://exploits.forsale/pwn2own-2024/

Following the method demonstrated by @yarden_shafir in "Your Mitigations Are My Opportunities", this implementation automates adding a driver to the HvciDisallowedImages registry entry, ensuring it will be blocked from loading after the next reboot.

https://github.com/unkvolism/Solemn