New #OpenBSD story, on kernel stacks.

http://miod.online.fr/software/openbsd/stories/stack.html

Remember "don't print this email" in signatures that was a bit cringe? It doesn't feel that cringe anymore in retrospect. I'm doing an experiment now with this new email signature :D Anyone doing something similar? Could it catch on?

Today's threads (a thread)

Inside: Google's AI pricing plan; and more!

Archived at: https://pluralistic.net/2026/01/21/cod-marxism/

#Pluralistic

1/

After auditing the @mullvadnet client applications in 2024, we have recently audited Mullvad VPN's API.
The API is used by clients, partners, and internal services to manage user accounts and parts of the VPN infrastructure.
Five issues were identified, of which only one had a very limited impact on users of the service.

The technical details may be found in our report. https://www.x41-dsec.de/security/research/news/2026/01/20/mullvad/

Last December I solved Synacktiv's 2025 Winter Challenge: Quinindrome https://www.synacktiv.com/en/publications/2025-winter-challenge-quinindrome . Here is a 81-byte Linux program which is both a quine (it prints itself when executed) and a palindrome (it is symmetrical)! To learn how I achieved it: https://github.com/fishilico/synacktiv-winter-chall-2025-quinindrome/blob/main/writeup.md

[RSS] X41 Audited Mullvad VPN AB API

https://x41-dsec.de/security/research/news/2026/01/20/mullvad/

[RSS] Windows Internals: Check Your Privilege - The Curious Case of ETW's SecurityTrace Flag

https://connormcgarr.github.io/securitytrace-etw-ppl/

[reddit] Possible new SSO Exploit (CVE-2025-59718) on 7.4.9?

https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/

/via @Hetti

#Fortinet

I feel I have this instinct to feed programs data that they won't be able to handle.

Unfortunately this is mostly true for tools I'd like to use, not targets I review.

Humble request for vibe-coders: report your runtime errors!

LLM tends to insert Pokémon exception handlers everywhere, making problems (of which vide-code has a *lot*) hard to even notice.

Slightly related illustration:

I positively surprised that AWS apparently built a separate IAM for their European Sovereign Cloud:

https://aws.amazon.com/blogs/aws/opening-the-aws-european-sovereign-cloud/

I can't tell if this whole thing will be good enough, but some key issues seem to be addressed here.

In the shitty state of tech today: Soundcloud!

I want to filter for DJ mixes (long tracks) on the web:

- The mobile app groups sets to a tab when searching, but the web version does not.
- The web version allows you to filter search based on duration, but the official help page doesn't tell you how to do it (you have to do a search, select Tracks then you can filter for duration).
- Neither interfaces allow you to search only artists you follow.

I thought these were solved problems by 2001.

Looking for all the results from Day One of #Pwn2Own Automotive 2026? You can find them here https://www.zerodayinitiative.com/blog/2026/1/21/pwn2own-automotive-2026-day-one-results #P2OAuto

RE: https://infosec.exchange/@thezdi/115931905240534687

I did it !!!!!! akebbfakos

This might be the most difficult CPU to program.

The Intel i860 was useless for general operating systems.

Context switches took ~2,000 cycles.

*You* controlled the floating point pipeline. But, if you’re a genius, it was one of the most powerful chips that existed.

oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd https://seclists.org/oss-sec/2026/q1/89

🆕 iOS emulator update: we now have an #AI assistant to support your iOS security investigations.

What do you think? 💬
Our shortlist is still ongoing: https://u.eshard.com/ios-emulation
#ios #software #cybersecurity #softwaredevelopment #iosdev #

I never applied for an amateur radio license because I didn't like the idea of appearing on an official list of "skilled" people. Until now that was a theoretical fear. One I wasn't even sure if it was warranted or just me being overly cautious.

In Belarus things escalated quickly. Radio amateurs - usually recognized as men of goodwill - have been declared enemies of the state and publicly shamed and indicted for high treason.

https://steanlab.medium.com/mayday-389f5713fee4

[RSS] What was the secret sauce that allows for a faster restart of Windows 95 if you hold the shift key?

https://devblogs.microsoft.com/oldnewthing/20260119-06/?p=111995

The full schedule for #Pwn2Own Automotive 2026 is live! 73 entries over three days should keep us hopping. Be sure to stay tuned for al the results #P2OAuto https://www.zerodayinitiative.com/blog/2026/1/20/pwn2own-automotive-2026-the-full-schedule