LLMs will lead you to lose skills that you are not going to get back because your brain will change and have no patience anymore to do the hardwork that needs to be done. That will be one of the fundamental problems of this tech.

A great piece on the value and importance of blogs, and a call to begin blogging (or in my case, resolving to post regularly again).

No matter how silly or inconsequential a topic may seem, if it’s interesting enough that you spend days doing it, it’s probably worth blogging about.

Share your work. Out of billions of people, there’s *always* gonna be someone who appreciates what you’ve done.

https://www.joanwestenberg.com/the-case-for-blogging-in-the-ruins/

[RSS] Reverse Engineering the Tapo C260 and Tapo Discovery Protocol v2

https://spaceraccoon.dev/reverse-engineer-tapo-c260-tdp-v2/

[RSS] New Year post: Anti-cheat evolution in Windows 11

https://www.andrea-allievi.com/blog/new-year-post-anti-cheat-evolution-in-windows-11/

A sundial that shows time digitally.

How you make it: https://www.thingiverse.com/thing:1068443

Video demonstration: https://www.youtube.com/watch?v=r5Su0ZqP_0c

#creativity #3dprinting #time #howyoumakeit #interesting

Nonsense in the FT: "Miguel De Bruycker, director of the Centre for Cybersecurity Belgium (CCB), told the Financial Times that it was “currently impossible” to store data fully in Europe because US companies dominate digital infrastructure". Nonsense, yet policymakers believe this - I talk about our *Self-inflicted* cloud crisis in this piece: https://berthub.eu/articles/posts/our-self-inflicted-cloud-crisis/

Open Printer

https://www.crowdsupply.com/open-tools/open-printer

I've been looking for something like this for a long time! Unfortunately I don't yet see how ink could be supplied, and as @pojntfx points out, the chosen CC license would make establishing a sustainable ecosystem difficult...

the AI slop in security reports have developed slightly over time. Less mind-numbingly stupid reports now, but instead almost *everyone* writes their reports with AI so they still get overly long and complicated to plow through. And every follow-up question is another minor essay discussing pros and cons with bullet points and references to multiple specifications.

Exhausting nonetheless.

For the Berlin peeps:

I’ll be playing some tunes tonight together with the amazing poco1oco, don’t miss out https://www.eschschloraque.de/vinyltrottel-02012026

[RSS] The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance

https://mehmetince.net/the-story-of-a-perfect-exploit-chain-six-bugs-that-looked-harmless-until-they-became-pre-auth-rce-in-a-security-appliance/

New Project Zero issue:

Samsung: libimagecodec.quram.so buffer overflow in WINKJ_YcbcrWriteOutput1to1_YUV422_H1V2_toRGBA8888 during JPEG decoding

https://project-zero.issues.chromium.org/issues/450884207

CVE-2025-58480

California residents now have a real tool against the data broker industry.

The state has launched DROP, a single portal to demand deletion of your personal data from 500+ registered data brokers in one request, for free.

To start: https://consumer.drop.privacy.ca.gov/

#ca #drop #privacy #consumer
1/2

“Move fast and break kings.” I love @pluralistic and his rallying cry: https://pluralistic.net/2026/01/01/39c3/

Bonne année 2026 à tout le monde !

N'oubliez pas que l'appel à soumission est en ligne et que la date limite pour envoyer vos articles est le 18 janvier.

https://www.sstic.org/2026/cfp/

#sstic #sstic2026

Now those gpg.fail people made me find similar vulns elsewhere (console control character injection). By "elsewhere" I mean... my own code.
Opinions wanted: should "input can inject console output with ansi and control chars" always be considered a vuln/CVE?
(I'll fix it in any case, I'm just wondering if I should do all the "security release/advisory/request CVE/..." stuff.)

Thinking back to last year I remembered the us-east-1 outage, how it affected Signal and how some of the users freaked out that they have to rely on US hyperscalers.

Wouldn't it be useful if @signalapp (and maybe similar providers) published their infra requirements with little crosses and ticks, so alternative providers could aim for "good enough for Signal" service levels?

Related articles by @bert_hubert :

https://berthub.eu/articles/posts/the-european-cloud-ladder/

[RSS] Reverse Engineering the Miele Diagnostic Interface

https://medusalix.github.io/posts/miele-interface/

[RSS] Understanding and mitigating a stack overflow in [Raymond Chen's custom] task sequencer

https://devblogs.microsoft.com/oldnewthing/20251231-00/?p=111950

C++ coroutine debugging

[RSS] Detect Go's silent arithmetic bugs with go-panikint

https://blog.trailofbits.com/2025/12/31/detect-gos-silent-arithmetic-bugs-with-go-panikint/

TyphoonCon 2026 Early Bird tickets now on sale!

Dive into exploits, reverse engineering and cutting-edge insights in offensive security. May 28-29 in Seoul, South Korea

🎟️ Limited tickets available: https://www.eventbrite.com/e/typhooncon-2026-tickets-1968561639857