SALLY STRUTHERS: Do you use floats? Sure. We all do. But did you know a + b + c ≠ c + b + a with many floats? No. Well, neither did I, but with this one PDF you can become a fount of floating-point foibles to impress and depress your colleagues around the water cooler. Isn't this fun?

https://dl.acm.org/doi/pdf/10.1145/103162.103163 #compsci

Let's say I have a couple of MP3's (very royalty free ofc) that I want to share with normie friends on a web server. Is there a playlist format or maybe even some web frontend that I can use to organize these tracks so my friends can listen to the tracks without installing anything on their Win/Mac boxes, just opening a single URL/file?

It's be nice if there was support for basic HTTP auth because I don't want to open this to everyone either.

#FOSS #MP3 #mixtape

[RSS] The Phantom Extension: Backdooring chrome through uncharted pathways

https://www.synacktiv.com/en/publications/the-phantom-extension-backdooring-chrome-through-uncharted-pathways.html

at this point anybody still using solarwinds should just be considered a huge security risk

https://www.theregister.com/2025/09/23/solarwinds_patches_rce/

New video: Inside Windows Sessions
https://trainsec.net/library/windows-internals/inside-windows-sessions/

[RSS] Kmemdump step by step on Qualcomm Automotive platform

https://www.linaro.org/blog/kmemdump-step-by-step-on-qualcomm-automotive-platform/

New vulnerability report from Talos:

Adobe Acrobat Reader Page Property Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2222

CVE-2025-54257

With all this discourse about "AI art" I think we've lost sight of the simple joy of generating terrible nonsense via Markov Chains

UXLINK exploited for around $28 million, then hacker gets phished

September 22, 2025
https://www.web3isgoinggreat.com/?id=uxlink-exploit

/me trying hard not to antropomorphise the LLM

RE: https://infosec.exchange/@mttaggart/115219922584580823

Ayyy look at that! Deprecating TOTP in favor of FIDO-based MFA, and removing the local publishing bypass!

https://www.bleepingcomputer.com/news/security/github-tightens-npm-security-with-mandatory-2fa-access-tokens/

"Employees are using AI tools to create low-effort, passable looking work that ends up creating more work for their coworkers.[...] it shifts the burden of the work downstream, requiring the receiver to interpret, correct, or redo the work. In other words, it transfers the effort from creator to receiver"

Good to see this finally phrased out!

https://hbr.org/2025/09/ai-generated-workslop-is-destroying-productivity

“AI-Generated “Workslop” Is Destroying Productivity”

https://hbr.org/2025/09/ai-generated-workslop-is-destroying-productivity

> For an organization of 10,000 workers, given the estimated prevalence of workslop (41%), this yields over $9 million per year in lost productivity.

Add the impact of variability on work queues (delays, delays, delays) and this loss is a massive underestimation

(Edited to add: the "article" itself is tripe and I don't endorse it in any way.)

(Edited again: like, it's really bad.)

macOS WindowServer

unironically yes
https://bird.makeup/users/fishoutofwaterb/statuses/1969920969776206123

RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀
In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
https://blog.quarkslab.com/security-review-of-php-documentation.html

[RSS] Exploring GrapheneOS secure allocator: Hardened Malloc

https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc.html

Something I've been thinking about for most of 2025, but haven't found a good way to solve, is the need to preserve history and educate each other in spite of what the fascists in power want.

When they ban "Critical Race Theory" in public schools, there ought to be a decentralized system that folks can turn to to learn it without their school's permission.

There were many atrocities against minority communities that never got discussed when I went to public school. I remember also needing a permission slip to learn about natural selection in biology class.

In short, I think there ought to be a Pirate Systen of Education (and I don't just mean PDF scans of $400 textbooks).

With the Straw Hat flag becoming an International symbol of freedom, I can't help but think about the scholars of Ohara from One Piece. Learning and preserving a forbidden history.

Maybe this idea isn't mine to bring to fruition. So I'm letting it scatter to the wind. May someone clever and motivated make it bloom.

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0071d200

mime_parse_hdr

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0071d200.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0071d200.json&colors=light