The “opposite” of a GPU is kinda weird.

Graphcore has a strange chip (IPU) that loves tiny batches...but is also massively parallel.

It used to cost ~$100k. Now you can get one on Ebay for $160 bucks.

The catch is it's almost impossible to use.

Time to promote this one in 1h. This was an incredible research project, and having seen the talk before at WHY, it's really well explained despite how technical it is.

Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities
dimarts, 30 de desembre del 2025 0:15 CET (Europe/Berlin), Zero

https://events.ccc.de/congress/2025/hub/event/detail/spectre-in-the-real-world-leaking-your-private-data-from-the-cloud-with-cpu-vulnerabilities

#39c3 #fahrplan #security #spectre #meltdown #Google #Cloud

From Silicon to Darude Sand-storm: breaking famous synthesizer DSPs

https://media.ccc.de/v/39c3-from-silicon-to-darude-sand-storm-breaking-famous-synthesizer-dsps

I love CCC talks because you get to hear "pretty easy" and things like "special microscope lenses" in the same sentence :)

Demo video of moving types and symbols from #IDA to #Ghidra with REshare:

https://video.infosec.exchange/w/7VRDzwthgrSzeAHwHvkPtt

#ReverseEngineering

Please note: There are currently problems with uploading to YouTube.
You might want to use media.ccc.de instead.

#39c3

^ta

I pushed an early version of REshare IDA exporter:

https://github.com/v-p-b/reshare-ida/blob/main/reshare-ida-export.py

I don't have time to run x-platform tests right now, but if you do I'd appreciate any bug reports!

#ReverseEngineering #IDA #IDAPro

🔔 CFP for #offensivecon26 is still open — don’t miss your chance to take the stage!

We're actively seeking cutting-edge security research, novel exploit techniques, and deep technical investigations that push the industry forward. If you've been sitting on something brilliant, this is your sign to submit.

🗓️ CFP Deadline: 1 March 2026, 6:00 pm UTC
📬 Submit your talk: https://cfp.offensivecon.org/offensivecon26/cfp

Bring your best work. Surprise us. Challenge us.

Instead of storing my data in the cloud, I just store it in the bush. It's the same thing, only palette-swapped. More accessible, too.

“We learn different lessons from finishing projects than we do from starting them. Starting teaches us about ideation and initial implementation. Finishing, on the other hand, teaches us about perseverance, attention to detail, and the art of knowing when to let go. These are invaluable skills that can only be honed through the act of completion.”

https://www.bytedrum.com/posts/art-of-finishing/

Why Simple Everyday Objects Are Impossible to Make

https://www.youtube.com/watch?v=pj0ze8GnBKA

there’s a bubble machine labelled nvidia 😭 #39c3

A post-American, enshittification-resistant internet

https://media.ccc.de/v/39c3-a-post-american-enshittification-resistant-internet

Damn this is a good talk! #39c3

Zero day… all those patches seem so far away… #gpgfail #39c3

For those being notified or first learning about the #WIRED #databreach:

On December 25, I broke the story of how I had been contacted in November by "Lovely," who claimed to have discovered a vulnerability. They asked for help getting Condé Nast to respond to them. They claimed they were not seeking any bounty or payment and had only downloaded a few profiles as proof.

They showed me my own data.

Trying to help, I reached out to Condé Nast corporate as well as to a contact at #WIRED.

Condé Nast never responded to me -- or to "Lovely" who eventually showed their true colors as someone trying to extort Condé Nast.

Do they have more data? Yes, it appears they do.

@troyhunt verified the data leak and #HIBP has been notifying its affected subscribers.

Read more details in my blog post at https://databreaches.net/2025/12/25/conde-nast-gets-hacked-and-databreaches-gets-played-christmas-lump-of-coal-edition/

@zackwhittaker @campuscodi @gcluley @euroinfosec @ValeryMarchive

#databreach #dataleak #infosec #cybersecurity #incidentresponse

TIL about Lockheed's System-User-Engineered minicomputer which seems like a pretty cool modular hardware system for purpose-built computers:

http://www.bitsavers.org/pdf/lockheed/sue/SUE_Computer_Handbook_Jul73.pdf

I still don't know what tinfo_t.is_sue() does though.

"Search advertising continues to be the largest form of internet advertising. Search revenue grew nearly 16% year on year."

$103B in search ad revenue (in U.S alone!) means results are ranked by who pays most, not what's most relevant.

This is the model Kagi Search rejects.

There's a new Fediverse music streaming service showing music videos by small independent artists with their permission. You can view the channel at:

➡️ https://tv.theindiebeat.fm

It's like the old-style MTV but for the Fediverse 🙂

You can follow the channel at:

➡️ @TIBtv

The service runs on @owncast and you can find out more about OwnCast at:

➡️ https://fedi.tips/owncast-live-streaming-and-chat-on-the-fediverse

#Music #OwnCast

Want to know how Apple's Low Latency WiFi works?

Today, 3:40pm CET, Hall 1, #39c3.

More details: https://events.ccc.de/congress/2025/hub/event/detail/cracking-open-what-makes-apple-s-low-latency-wifi-so-fast
Stream: https://streaming.media.ccc.de/39c3/one

I recently saw a lot of examples of using LLMs when you could get away e.g. with and API call, but now I think I found the perfect example of LLMs being more niche then even skeptics (like myself) think they are:

Even skeptics have to admit that LLMs are very good at natural language translation. @kagihq introduced a fast ("Standard") #LLM for its translation service that seems to fail miserably if you try to translate single words for less common languages:

https://kagifeedback.org/d/9373-standard-translation-is-unusable-for-hungarian

My point is that doing a dictionary lookup for all words (~1mil for English) could be done on a disposable vape in no time with better results, incl. clear indication of lookup failures, so you can fall back to your GPUs when needed.