on a zoom call Chuck Moore the author of Forth announced that Windows updates have rendered his otherwise working colorForth system inoperable and unfixable. moving to another operating system would amount to a rewrite. as a result he said it's "time to move on" from Forth.

several people on the call thanked him for changing their lives with his language, for giving them a lifetime of joyful work and a powerful simple way of thinking about computing, to which he responded "I can only hope it was worthwhile"

Has someone here reverse engineered the USB configuration protocol between the #Logitech GHub software and #BlueYeti microphones?
Want to configure the hardware DSP on #Linux.

#ReverseEngineering

Day 22 of Advent of Compiler Optimisations!

Comparing a string_view against "ABCDEFG" should call memcmp, right? Watch what Clang actually generates — no function call at all, just a handful of inline instructions using some rather cunning tricks. How does it compare 7 bytes so efficiently when they don't fit in a single register?

Read more: https://xania.org/202512/22-memory-cunningness
Watch: https://youtu.be/kXmqwJoaapg

#AoCO2025

🚨 In 2026, Pedro Ribeiro (@pedrib1337) and Radek Domanski (@RabbitPro) return to OffensiveCon with a training on "Hunting Zero-Days in Embedded Devices".

☝️This training equips you with skills to uncover zero-day vulnerabilities through in-depth study and practical exercises on various vulnerabilities across different CPU architectures. More details here🔗https://www.offensivecon.org/trainings/2026/hunting-zero-days-in-embedded-devices.html

🚀 Don't miss this chance to improve your skills!

For those looking for a covid/flu vaccine around #39c3 bcrt at the globetrotter(.de) shop in hamburg north gives out shots, about 20-30 per shot. I paid 49 for covid+flu, also for non-germans.

(They do ask for your details, no idcard or details needed)

[RSS] From UART to Root: Breaking Into the Xiaomi C200 via U-Boot

https://github.com/h3xDum/Xiaomi-C200-Firmware-Analysis

Pretty cool - it turns out that the way I write my blog posts is called 'BLUF': Bottom Line up Front, and it was standardized by the US Army in their information management guidelines: https://en.wikipedia.org/wiki/BLUF_(communication)

CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability writeup

https://www.pixiepointsecurity.com/blog/nday-cve-2025-29970/

[RSS] When OAuth Becomes a Weapon: Lessons from CVE-2025-6514

https://amlalabs.com/blog/oauth-cve-2025-6514/

[RSS] CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC

https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/

as promised, here is a repository that lets you quickly turn any random VPS into a Forgejo Actions runner in under 30 minutes, for use with Codeberg or your private forge! https://codeberg.org/whitequark/nixos-forgejo-actions-runner

it uses NixOS internally, but Nix knowledge is neither required nor assumed, and the README walks you through the entire process.

After several years of refusing to communicate on Meta's platforms I just managed to get my high school friends on Signal for an Xmas chat.

Can I now get my attaboy from @pluralistic?

Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack https://www.cyberark.com/resources/threat-research-blog/vulnhalla-picking-the-true-vulnerabilities-from-the-codeql-haystack

I discovered a wonderful hack that likely would allow me to run Windows 2 on my vintage Apricot PC Xi before the New Year.

Quick recap: Apricot PC is a British computer from 1983, not compatible with the IBM PC. It had a Windows 1 port, but not Windows 2, and thus couldn't run Word, Excel, or Illustrator. With a bit of driver-writing, I managed to start Windows 2 on it, but my video driver is rudimentary and cannot be used for practical purposes. Windows video drivers are super-complicated, so I was fully expecting to spend over a month writing one (at least there are docs for everything!)

But I just discovered a way to run Windows 2 with Windows 1 video drivers. So if I had a Windows 1 driver for Apricot, I could use it in Windows 2. Of course, it's never that simple...

Find the difference between Windows 2 with Win1 driver and Windows 2 with the real Win2 driver - both are EGA 640x350!

🧵 thread with a few more screenshots and pointers

Picard management tip: Think.

New vulnerability report from Talos:

Foxit Reader Text Widget Format Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2278

CVE-2025-59488

New vulnerability report from Talos:

Foxit Reader Barcode Calculate CPDF_FormField Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2277

CVE-2025-58085

New vulnerability report from Talos:

Foxit PDF Editor Installation Uncontrolled Search Path Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2275

CVE-2025-57779

[RSS] TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering

https://www.evilsocket.net/2025/12/18/TP-Link-Tapo-C200-Hardcoded-Keys-Buffer-Overflows-and-Privacy-in-the-Era-of-AI-Assisted-Reverse-Engineering/

Anna's Archive backed up Spotify. They got 99.9% of metadata, and 300TB of music representing 86 million tracks - original 160kbps OGG for tracks with popularity>0, and re-encoded 75kbps for popularity=0. absolutely wild project.

the metadata in particular is a hugely useful data source. MusicBrainz catalogues 5 million unique ISRCs (like ISBNs but for music releases), whereas this archive has a whopping 186 million.

https://annas-archive.li/blog/backing-up-spotify.html