Apparently on #Fediverse - where safety is so critical that you got burned at the stake when dared to say that searching for things would be actually useful - when I block a user or mute a thread they still show up when my client is not in the mood of hiding them?

#Akkoma

Hey #39c3, Come see my lightning talk on a safe variant for `.innerHTML ` that is built right into the browser. https://events.ccc.de/congress/2025/hub/event/detail/lightning-talks-tag-2 on Day 2.

Ah Saturday morning! What a great time to...

...write a 1-page article for Paged Out! zine!

Deadline is 4th Jan - just a week away.

CFP: https://pagedout.institute/?page=cfp.php

[RSS] Hunting CVE-2025-59287 in Memory Dumps

https://medium.com/@Debugger/hunting-cve-2025-59287-in-memory-dumps-b70afd7d2dcf?source=rss-3ba65b326b28------2

Edited: Wrong diagnosis, sry!

The documentation for this image processing library by @vruba is one of the most interesting things I've read in weeks:

https://github.com/celoyd/potato/blob/main/docs/personal.md
https://github.com/celoyd/potato/blob/main/README.md
https://github.com/celoyd/potato/blob/main/docs/concepts.md

Philosophical discussion of the nature of seeing and what am image is vs a map, fascinating technical details about how satellite imaging works and why it looks as bad as it often does, a lot of really thoughtful conversation about engineering and aesthetic process, and even an amusing unit of measurement — grams per terrapixel.

All I want for Xmas is sane documentation <3

Dropping a Xmas-sploit for CVE-2025-14847

I truly appreciate the work of those who keep an eye on threats during the holiday season, but:

- MongoDB has nothing to do with MySQL
- A memory disclosure is not an RCE (but you should probably prioritize similarly in this case)

CVE-2025-14847

Oh. yay.

"mongobleed" — https://github.com/joe-desimone/mongobleed/blob/main/mongobleed.py

CVE-2025-14847

"Exploits zlib decompression bug to leak server memory via BSON field names.”

"Technique: Craft BSON with inflated doc_len, server reads field names from leaked memory until null byte.”

"What if Bitcoin was one big mining company?":

https://no01.substack.com/p/what-if-bitcoin-was-one-big-mining

You'd be insane buying its shares.

Do you or somebody you know have a Windows 10 that isn't fit for a Windows 11 upgrade? (e.g. no TPM)

1. Get a Windows 11 25H2 ISO
2. Run setup /product server

Enjoy your Windows 11 with no coerced Microsoft Account, TPM features, etc.

AFL++ 4.35c release! Complete hidden coverage gathering, GUIFuzz++ support, IJON for qemu, various fixes! https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.35c #fuzzing #fuzzer

c3nav is out!!! come hang out with your favorite has-beens and get lectured about the good old days at the console hackers retirement home! non-retired hackers also welcome we are here to support the new generation 🫡

Console Hackers Retirement Home
Assembly, F6, Hall 3, Level 0

#39c3

https://39c3.c3nav.de/l/nintenbros/

does anyone know of an artist taking commissions who has a sense of humour and a style somewhere in the realms of Hieronymus Bosch / medieval era classical painting, who would be willing to make me a t-shirt design? (paid work, of course.)

I'm looking to get a seasonal parody recreation of Slayer's Seasons In The Abyss album cover, in the theme of "Sleigher - Season's Greetings In The Abyss".

[RSS] Update: unique Unix v4 source code recovered off random tape

https://www.tomshardware.com/software/linux/unix-v4-recovered-from-randomly-found-tape-at-university-of-utah-only-known-copy-of-first-os-version-with-kernel-and-core-utilities-written-in-c

I'm sorry to report that I lost #Whamageddon on the 23rd :(

[RSS] CVE-2025-38352 (Part 2) - Extending The Race Window Without a Kernel Patch

https://faith2dxy.xyz/2025-12-24/cve_2025_38352_analysis_part_2/

I didn't sleep well last night so had way way way too much caffeine to compensate and that usually leads me to strange thoughts. Today's strange thought: I see parallels between what cell phones did to telephone service audio quality and what Cloudflare is doing to internet availability.

My fellow hose drinkers will remember the MCI ads about hearing a pin drop on a phone call to the other side of the world, and from there it was a race to have the best audio quality. Then cell phones came and the convenience was so compelling that no one gives a crap about audit quality now, so long as it's intelligible.

I see the same sort of thing happening with Cloudflare - it's so convenient that we are coming to accept outages (NB: it's not just cloudflare, they are just on my mind - also AWS, Azure, et al), and it makes me wonder if 5 years how we are going to be thinking about high availability Internet services.

We (Orange Cyberdefense) are attempting to become a CVE CNA & in prep for that collected the various vulns we had reported over the years that had corresponding public information. 108 of them! It’s mostly a vanity list but will be where we publish new vulns in future. https://advisories.orangecyberdefense.com/advisories