An example of algorithmic resistance

This is great news 🤩 I guess it’s about time to start learning CodeQL seriously

#CodeQL can be enabled at scale on C/C++ repositories in public preview using build-free #scanning

https://github.blog/changelog/2025-06-03-codeql-can-be-enabled-at-scale-on-c-c-repositories-in-public-preview-using-build-free-scanning/

[RSS] postMessaged and Compromised

https://msrc.microsoft.com/blog/2025/08/postmessaged-and-compromised/

"a deep dive into the risks of misconfigured postMessage handlers""

“Stack Overflow data reveals the hidden productivity tax of 'almost right' AI code | VentureBeat”

https://venturebeat.com/ai/stack-overflow-data-reveals-the-hidden-productivity-tax-of-almost-right-ai-code/

> AI tools don’t just produce obviously broken code. They generate plausible solutions that require significant developer intervention to become production-ready. This creates a particularly insidious productivity problem.

::sighs::

Google publishes security research on #GitHub, but instead of commiting to a repository they issue Security Advisories for a somewhat random repo:

https://github.com/google/security-research/security

Is there a way to clone this data as a #Git repository (from a service named after the aforementioned SCM system)?

[RSS] When CTF Meets Bug Bounty: A Critical UXSS in Opera Browser

https://medium.com/@renwa/when-ctf-meets-bug-bounty-a-critical-uxss-in-opera-browser-ee16f389e555?source=rss-3f8ae70e3957------2

[RSS] SQLite: Integer truncation in findOrCreateAggInfoColumn

https://github.com/google/security-research/security/advisories/GHSA-qj7j-3jp8-8ccv

CVE-2025-6965

I should write a summarizer for @talosvulns...

Until then, it's worth to check out the latest image parser bugs:

https://talosintelligence.com/vulnerability_reports/

The most compact, informative, and useful introduction to the Philosophy and Sociology of Science remains Kovar (2001), “Electron Band Structure in Germanium, My Ass”.

Hungarian folktale opening formula:

"There was a tall poplar tree with 77 branches, on each branch it had 77 crow nests, in each nest 77 crows.
Whoever doesn't listen to my tale, may the crows blind them. Whoever does listen, may they never see Heaven.
I'm going to start the story now, and you can all consider which one you'd choose."

... Hungarian folk tellers had no chill. 😆

#folklore #folktales #storytelling #Hungary

Frame 174,023 of 207,800

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00660540

asid_validate_path_internal

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00660540.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00660540.json&colors=light

Refreshing to hear of a boss not being a lemming
https://www.theregister.com/2025/08/21/aws_ceo_entry_level_jobs_opinion/

I love computing history, but I often find computer museums and history books focusing a lot on super early computers and then almost skipping to the microcomputer boom. I guess having a working NES, BBC Micro and C64 in a museum will attract more visitors than an operational Burroughs or Ferranti.

In this aspect, I really appreciate all the awesome machines in TNMOC (e.g. WITCH) and CHM (IBM 1401). I feel like I need to make friends at TNMOC and ask them for an in-deep tour they don't offer to casual visitors. :D

I understand that very few computers of the first, second and third generations of computers did not survive, but I feel this era of computing history criminally underappreciated. Early user interfaces, graphic tablets, vector graphics, 3D, all sorts of quirky data storage and processing hardware, dawn of the machine learning, and a massive, massive gap between governments, corporations and regular hobbyists...

Is it me or when you have your download location configured to iCloud in mobile #Safari but your storage is full, then your one-time downloads (e.g. etickets) just disappear without warning?

Also, what a great design to have downloads that you cant access without Internet...

#Apple

Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.

1) Part1: https://leftarcode.com/posts/afd-reverse-engineering-part1/

2) Part2: https://leftarcode.com/posts/afd-reverse-engineering-part2/

3) Part3: https://leftarcode.com/posts/afd-reverse-engineering-part3/

4) Part 4: https://leftarcode.com/posts/afd-reverse-engineering-part4/

#reverseengineering #windows #cyber #malware

This feels like a very @SwiftOnSecurity story but I’m going to tell it.

Chat bots (not just LLM driven) are surprisingly old. In the mid 90s, a mark up language for string-driven bots called AIML was released. A small community of early hackers and devs got really into it. I was part as a teen.

DEFCON is fun, finding a V8 bug is even more fun

https://xia0.sh/blog/maglev-deopt

Hey folks! Compiler Explorer is free & open for everyone, but if you're planning to use our API for bulk executions though, please ping us! CE is a shared resource and heavy use can slow things down for the whole community. DM me to chat - happy to help figure out what works best for everyone! :)