Help, I need a code signing certificate that won't bankrupt me.

Three years ago, I paid $100 for a three-year code signing certificate. I've signed all my open-source projects' releases with it. Now that it's renewal time, Certera (SignMyCode.com) wants almost $700 for the same three-year certificate (excluding the mandatory HSM purchase, which I am totally on board with).

I write silly C and PowerShell code, and I timestamp my signatures so that they're perpetually valid. My PowerShell Gallery stuff, as well as binaries of aprs-weather-submit on Windows and macOS, are all signed and hashed (but not notarized by Apple, because that's another $99 a year for something that feels done unless Bob Bruninga's followers are thinking about APRS 2.0).

If I can't find a solution, anything I write or update in the future will have to be released as unsigned unless I half-ass something (like the Notepad++ developer using self-signed certs -- semi-dangerously clever). $100 every three years, fine. $700 every three years, and I'll do it if my three fans click my Buy Me A Coffee link over and over.

Is there any CA out there that will offer open-source, not-for-profit developers like me a chance to get globally-trusted code signing certificates? I don't think SigStore ever took off (sadly), and even if it did, I don't think it's part of the Microsoft Authenticode program.

#CodeSigning #SSL #TLS #certificates #Certera #SoftwareDevelopment #C #PowerShell #PowerShellGallery #AmateurRadio #HamRadio #APRS #APRS-Weather-Submit #GitHub #security #developer #Windows #macOS #Linux #Authenticode #DevSecOps #DevOps

SALLY STRUTHERS: Do you use floats? Sure. We all do. But did you know a + b + c ≠ c + b + a with many floats? No. Well, neither did I, but with this one PDF you can become a fount of floating-point foibles to impress and depress your colleagues around the water cooler. Isn't this fun?

https://dl.acm.org/doi/pdf/10.1145/103162.103163 #compsci

Let's say I have a couple of MP3's (very royalty free ofc) that I want to share with normie friends on a web server. Is there a playlist format or maybe even some web frontend that I can use to organize these tracks so my friends can listen to the tracks without installing anything on their Win/Mac boxes, just opening a single URL/file?

It's be nice if there was support for basic HTTP auth because I don't want to open this to everyone either.

#FOSS #MP3 #mixtape

[RSS] The Phantom Extension: Backdooring chrome through uncharted pathways

https://www.synacktiv.com/en/publications/the-phantom-extension-backdooring-chrome-through-uncharted-pathways.html

at this point anybody still using solarwinds should just be considered a huge security risk

https://www.theregister.com/2025/09/23/solarwinds_patches_rce/

New video: Inside Windows Sessions
https://trainsec.net/library/windows-internals/inside-windows-sessions/

[RSS] Kmemdump step by step on Qualcomm Automotive platform

https://www.linaro.org/blog/kmemdump-step-by-step-on-qualcomm-automotive-platform/

New vulnerability report from Talos:

Adobe Acrobat Reader Page Property Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2222

CVE-2025-54257

With all this discourse about "AI art" I think we've lost sight of the simple joy of generating terrible nonsense via Markov Chains

UXLINK exploited for around $28 million, then hacker gets phished

September 22, 2025
https://www.web3isgoinggreat.com/?id=uxlink-exploit

/me trying hard not to antropomorphise the LLM

RE: https://infosec.exchange/@mttaggart/115219922584580823

Ayyy look at that! Deprecating TOTP in favor of FIDO-based MFA, and removing the local publishing bypass!

https://www.bleepingcomputer.com/news/security/github-tightens-npm-security-with-mandatory-2fa-access-tokens/

"Employees are using AI tools to create low-effort, passable looking work that ends up creating more work for their coworkers.[...] it shifts the burden of the work downstream, requiring the receiver to interpret, correct, or redo the work. In other words, it transfers the effort from creator to receiver"

Good to see this finally phrased out!

https://hbr.org/2025/09/ai-generated-workslop-is-destroying-productivity

“AI-Generated “Workslop” Is Destroying Productivity”

https://hbr.org/2025/09/ai-generated-workslop-is-destroying-productivity

> For an organization of 10,000 workers, given the estimated prevalence of workslop (41%), this yields over $9 million per year in lost productivity.

Add the impact of variability on work queues (delays, delays, delays) and this loss is a massive underestimation

(Edited to add: the "article" itself is tripe and I don't endorse it in any way.)

(Edited again: like, it's really bad.)

macOS WindowServer

unironically yes
https://bird.makeup/users/fishoutofwaterb/statuses/1969920969776206123

RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀
In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
https://blog.quarkslab.com/security-review-of-php-documentation.html

[RSS] Exploring GrapheneOS secure allocator: Hardened Malloc

https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc.html

Something I've been thinking about for most of 2025, but haven't found a good way to solve, is the need to preserve history and educate each other in spite of what the fascists in power want.

When they ban "Critical Race Theory" in public schools, there ought to be a decentralized system that folks can turn to to learn it without their school's permission.

There were many atrocities against minority communities that never got discussed when I went to public school. I remember also needing a permission slip to learn about natural selection in biology class.

In short, I think there ought to be a Pirate Systen of Education (and I don't just mean PDF scans of $400 textbooks).

With the Straw Hat flag becoming an International symbol of freedom, I can't help but think about the scholars of Ohara from One Piece. Learning and preserving a forbidden history.

Maybe this idea isn't mine to bring to fruition. So I'm letting it scatter to the wind. May someone clever and motivated make it bloom.