This is me, arguing with rustc about various ways of setting one bit in memory:

https://www.youtube.com/watch?v=Hz1JWzyvv8A

so this password manager paper: https://eprint.iacr.org/2026/058 starts with:

> We examine the extent to which security against a fully malicious server holds true for three leading vendors who make the Zero Knowledge Encryption claim: Bitwarden, LastPass and Dashlane

with https://sphinx.pm, we consider it - half-jokingly, with some caveats - normal, the server being fully malicious and it's fine have it hosted by the nsa/u8200/gru/prc

1/n

I've seen a lot of people asking for an option for "are" in the marshdeer xkcd-2501 generator... so I made one! Yay open source.

https://foone.github.io/xkcd2501-generator/

(pull request about to be in progress, but this is my fork of my changes)

ブースト、お気に入り大歓迎！yuya_maekadoさんの投稿作品です。

【yuya_maekadoさん】
https://tokyocameraclub.com/mstdn/yuya_maekado/

【投稿作品】
https://tokyocameraclub.com/mstdn/yuya_maekado/111940073051394315

【登録はこちら：東京カメラ部インスタンス】
https://mstdn.tokyocameraclub.com/

東京カメラ部インスタンスに登録いただき、ハッシュタグ「#tokyocameraclub」を付けていただいた投稿が対象となります。ぜひ、気軽にご参加ください。

※各種法令、マナー、関係者の指示に従った撮影をお願いします。
*Please ensure that your photography adheres to all relevant laws, etiquette, and instructions issued by authorized persons.

Today in This Should Be Easy But in #Rust It Apparently Isn't: how do I encapsulate the widget initialization (without triggering E0515) in this example, so it becomes reusable?

https://play.rust-lang.org/?version=stable&mode=debug&edition=2024&gist=f31dd1ecf5530b11e301bb19af85b0fa

[RSS] Cryptographic Issues in Matrix's Rust Library Vodozemac

https://soatok.blog/2026/02/17/cryptographic-issues-in-matrixs-rust-library-vodozemac/

[RSS] Building a Secure Electron Auto-Updater

https://blog.doyensec.com/2026/02/16/electron-safe-updater.html

🎥 PTML: emitting rich decompiled code

Jack introduces PTML and how rev.ng goes beyond raw text, enriching decompiled code (e.g., decompiled C, disassembly, etc.) with HTML-like markup to provide richer and useful information for the viewer.

https://www.youtube.com/watch?v=_Xtwu_EaRJg

Happy Presidents Day.

Two weeks ago, the CIA shut down the World Factbook - a public
domain reference on every country, used by 6 million people
monthly since 1997.

We built a replacement:
https://openfactbook.org

261 countries · Instant search · Country comparisons

Public data should stay public.

#OpenData #CivicTech #OpenSource #PresidentsDay
#PublicDomain #DataRescue

#wh40k #windows

May I present to you; a full copy of doom, running inside of a Rollercoaster Tycoon 1 save game exploit ✨

Thanks for everyone that came to check out our @districtcon Junkyard talk! We had a lot of fun putting it together. (check the thread for slides / exploit)

(No) surprise!

I think we all saw this coming... #Odido didn't remove data when they said they would, which we now know because it leaked out. Some leaked data was from customers who left 10 years ago, while they state they remove it after 2. Only 8 years late. Even the tax office doesn't need it that long...

https://nos.nl/artikel/2602804-odido-overschrijdt-eigen-termijn-bewaren-gegevens

#datalek #privacy #databreach #cybersecurity #dataleak #security #TMobile

OPNSense managed to destroy itself during an update, still people wonder why companies buy Fortinet...

What stage of #enshittification is it when Amazon adds a "Download Problems" option to it's Refund menu instead of fixing their system so people can download their digital purchases?

(Would it be ironic if I supported Anna's Archive with Amazon gift cards after I downloaded the books from there?)

a nice neat “quartz of course” generator

https://marshdeer.github.io/xkcd2501-generator/

RE: https://furry.engineer/@soatok/116082533052740652

ok the ghost vuln is quite funny. the WAF example really sounds like an array is involved there and it would have bet 20 bucks that its a type confusion (because despite it being 2026 its really easy to shoot yourself in the foot if your types get quirky)

but - spoilers - nope, its really just straight up string interpolation into raw sql like in the good ol days lmao. oh well, happens

[RSS] When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise (CVE-2025-32355, CVE-2025-59793)

https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/

nono - kernel-enforced capability sandbox for AI agents https://nono.sh

I’ve been working on this for a while, but let’s make it official: I started a little Tumblr-like microblog about software craft and quality!

You can sign up via RSS or a weekly newsletter digest. There’s already almost two months of content in there, if you just want to check it out.

Hope you like it!

https://unsung.aresluna.org/

Just got this link on my discord - https://www.kickstarter.com/projects/bitman/bootblock-rebels - passing it along because this book looks fun!