The press release for that Secret Service UN SIM farm raid is here: https://www.secretservice.gov/newsroom/releases/2025/09/us-secret-service-dismantles-imminent-telecommunications-threat-new-york

Some images are below:

"Employees are using AI tools to create low-effort, passable looking work that ends up creating more work for their coworkers.[...] it shifts the burden of the work downstream, requiring the receiver to interpret, correct, or redo the work. In other words, it transfers the effort from creator to receiver"

Good to see this finally phrased out!

https://hbr.org/2025/09/ai-generated-workslop-is-destroying-productivity

“AI-Generated “Workslop” Is Destroying Productivity”

https://hbr.org/2025/09/ai-generated-workslop-is-destroying-productivity

> For an organization of 10,000 workers, given the estimated prevalence of workslop (41%), this yields over $9 million per year in lost productivity.

Add the impact of variability on work queues (delays, delays, delays) and this loss is a massive underestimation

(Edited to add: the "article" itself is tripe and I don't endorse it in any way.)

(Edited again: like, it's really bad.)

macOS WindowServer

unironically yes
https://bird.makeup/users/fishoutofwaterb/statuses/1969920969776206123

RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀
In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
https://blog.quarkslab.com/security-review-of-php-documentation.html

[RSS] Exploring GrapheneOS secure allocator: Hardened Malloc

https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc.html

Something I've been thinking about for most of 2025, but haven't found a good way to solve, is the need to preserve history and educate each other in spite of what the fascists in power want.

When they ban "Critical Race Theory" in public schools, there ought to be a decentralized system that folks can turn to to learn it without their school's permission.

There were many atrocities against minority communities that never got discussed when I went to public school. I remember also needing a permission slip to learn about natural selection in biology class.

In short, I think there ought to be a Pirate Systen of Education (and I don't just mean PDF scans of $400 textbooks).

With the Straw Hat flag becoming an International symbol of freedom, I can't help but think about the scholars of Ohara from One Piece. Learning and preserving a forbidden history.

Maybe this idea isn't mine to bring to fruition. So I'm letting it scatter to the wind. May someone clever and motivated make it bloom.

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0071d200

mime_parse_hdr

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0071d200.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0071d200.json&colors=light

r2ghidra 6.0.2 is out! #reverseengineering

Ozzy Man (~6M subs) features Doom hacks (starting around 3:10):

https://www.youtube.com/watch?v=34o23CHh7bo

Internet hive mind: what are these?

Options I'm considering are cellular microcells, water/power meter collectors (my leading candidate), some kind of public wifi network.

Guesstimating 900 MHz band from the antenna size as best i can guess from ground level, but I don't have a SDR on me to be sure.

#Bing search results #enshittification level 100

Well done Microsoft.

[RSS] Linux Kernel Runtime Guard (LKRG) 1.0 first mature release + talk slides

https://www.openwall.com/presentations/NullconBerlin2025-LKRG/

For centuries, Europe bled through endless wars. Neighbours became enemies, borders became battlegrounds and generations knew only division.

The creation of the European Union changed that, proving that dialogue between 🇪🇺 countries, cooperation, and solidarity can overcome conflict.

Since then, we’ve worked to build bridges where there were once barriers: peace is not just our history. It is our mission, our responsibility, and our future.

Today and every day.

#PeaceDay

Something quite interesting: https://fil-c.org/

tldr: CHERI guarantees (purecap only) on existing hardware

The catch is as always with purecap models is that you have a whole new ABI.

Interestingly pointers stay 8 bytes here, with the capability being invisible to the running program (but instead maintained invisibly by the runtime).

🚨 Warning to PHP package maintainers: We did not email you to change your passwords & 2FA. Emails asking you to update your credentials are a phishing attempt. We had the phishing site & domain taken down. If you got the email and entered your credentials, please contact us. #phpc #composerphp

This is beautiful; pure poetry: https://obsidian.md/blog/less-is-safer/

(Obsidian’s dependency-management philosophy.)

I have a suggestion: If you have a project or repo that's getting popular, stop writing features for a few months and implement this instead.

#softwaredevelopment #softwareengineering #0dependencies

There is a lot of demand for digital privacy and security advice out there right now and lots of people are giving advice and writing guides. I beg them to do a few things:

1. Be explicit about the threat model your advice is meant for.

2. Do not give advice you haven't tried implementing yourself. Eat your own dog food.

3. Get feedback on your guide from your target audience before publication.

4. Incorporate that feedback. This is not an optional step.