We expect to continue support for #MIPS for the foreseeable future, and welcome contributions. Especially now that the patents have expired on many 64-bit MIPS designs! :)

OK, I feel like an absolute noob:

I just spent hours debugging that I left a comma at the end of a #Python assignment, so the value became a tuple instead of the object I wanted 🤦

The library I passed the value to also has very liberal typing so it failed quietly, and the IDE didn't tip me off because I overwrote the value inside a loop...

Extra commas are the new lack of semicolons!

#fail #programming

#curl 8.18.0 has been released. This release fixes 2 medium and 4 low level vulnerabilities:
- CVE-2025-13034: No QUIC certificate pinning with GnuTLS https://curl.se/docs/CVE-2025-13034.html
- CVE-2025-14017: broken TLS options for threaded LDAPS https://curl.se/docs/CVE-2025-14017.html
- CVE-2025-14524: bearer token leak on cross-protocol redirect https://curl.se/docs/CVE-2025-14524.html
- CVE-2025-14819: OpenSSL partial chain store policy bypass https://curl.se/docs/CVE-2025-14819.html
- CVE-2025-15079: libssh global knownhost override https://curl.se/docs/CVE-2025-15079.html
- CVE-2025-15224: libssh key passphrase bypass without agent set https://curl.se/docs/CVE-2025-15224.html

I discovered the last 2 vulnerabilities.

Download curl 8.18.0 from https://curl.se/download.html

#vulnerabilityresearch #vulnerability #cybersecurity #infosec

TIL #pwndbg accepts donations, so if you care about your debuger command line being actually *good* then consider throwing some money at them:

https://github.com/sponsors/pwndbg/

#ReverseEngineering

Well, I didn't have this on my 2026 Bingo card...

"‘Stop sending butt plugs to Bahrain’: Toronto sex store receives letters from U.S. Department of War":

https://www.ctvnews.ca/toronto/article/stop-sending-butt-plugs-to-bahrain-toronto-sex-store-receives-letters-from-us-department-of-war/

[RSS] Micropatches Released for Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability (CVE-2025-47987)

https://blog.0patch.com/2026/01/micropatches-released-for-credential.html

Nominations for the Top 10 (new) Web Hacking Techniques of 2025 are now live! Review the submissions & make your own nominations here: https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open

its so cold im using chrome instead of firefox to read news on my phone cuz i need the ads to warm up my phone and hands

Are we entering a world where chatbots will replace devs?
Probably not. Prompting an LLM with natural language is inherently lossy and ambiguous. Up to this point, programming has always been deterministic: Your code does what you say it should do otherwise, it’s a bug. Coding agents break that contract.

Our blog:
https://blog.trailofbits.com/2025/12/19/can-chatbots-craft-correct-code/

buckle up and prepare for an unload of *six* CVEs against #curl getting published tomorrow, severity low and medium

Has someone tried redeploying 2026?

Do your work poorly and blame it on bad tools, machinery, or equipment.

I’m working on the next hacklore newsletter, and the holiday season delivered a fresh wave of peak hacklore! 🎁 😜

📬 If you want fewer security myths and more reality-based advice for everyday people (including ways for you to help!), subscribe here: https://www.hacklore.org/about

Commodore Disk Drive Becomes General Purpose Computer

https://hackaday.com/2026/01/05/commodore-disk-drive-becomes-general-purpose-computer/

I wrote a photo essay with 20+ of my favourite tech museums in the world, and tried to figure out what makes a great museum in the process.

I am very curious what tech museums you like – and why!

(Will work on any device, but worth checking out on the biggest screen you or your neighbour might have.)

https://aresluna.org/fav-tech-museums/

Decorative Cryptography

https://www.dlp.rip/decorative-cryptography

"All encryption is end-to-end, if you’re not picky about the ends."

"The purpose of a system is what it does"

https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does

This is exactly what I've been trying to articulate re: cookie banners. The word of the regulation and intent is largely irrelevant to the effect it caused.