The truth about "free" search and why it's a trap:

https://www.youtube.com/shorts/IrGegzLXRUk

#Kagi #Search

from my link log —

Turing completeness of GNU find: from mkdir-assisted loops to standalone computation.

https://arxiv.org/abs/2602.20762

saved 2026-02-25 https://dotat.at/:/XR86F.html

Signficant segments of the tech industry think we’re months away from not needing to review LLM-agent code anymore.

I just reviewed an LLM-generated PR in which it quietly switched two out of 100 calls to the get_customer_data() function to the variant that doesn’t check that the customer owns the requested data.

I’m sure this is fine.

Is it possible/reasonable to compile @fridadotre with V8 in 2026? (I just reported a couple of QuickJS bugs that are blockers for me)

If so, are there any documentation available about the build process or is that knowledge lost to bitrot?

#Frida #ReverseEngineering

[ZDI-26-124|CVE-2025-15060] claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus of Trend Research) https://zerodayinitiative.com/advisories/ZDI-26-124/

Today's oofness is on us :(:

https://blog.talosintelligence.com/uat-8616-sd-wan/

#threatintel, #sdwan

And so but anyway, did I ever tell you about my most humiliating experience as a skilled and successful computer programmer?

How many people know that #WordPress was co-founded by a black man, Mike Little?

Or that he's from the north of England? A self-taught coder from #Stockport, just south of #Manchester? Or that he never received so much as a share, cent or job offer from the $7bn+ valued Automattic after spending five months working exclusively with Matt Mullenweg on the B2 fork?

After @bevangelist told me about @mikelittle I interviewed him for a documentary I never got round to making. Back then I was left with two certainties: he's Wozniak to Mullenweg's Jobs. Among other things he added the one-click upgrade that's been central to WP's bonkers 45%-of-the-web-success. And he's one of the nicest people I've ever interviewed, which is also bonkers given that he not only didn't share in WP's financial success, but that he's barely known.

But he should be - so, better late than never - please meet #MikeLittle, perhaps the most-influential-least-known person in #foss… https://25.netribution.co.uk/nic/mike-little-the-british-co-founder-of-wordpress-youve-probably-never-heard-of/

Observation:

- People started deploying anti-scraping measures to fight LLM scraping
- Web indexers can't index stuff anymore
- Search results are even worse than before
- The only way to retrieve the information is to use models that were trained in pre-anti-scraping times (or beat anti-scraping)

If I'm right, anti-scraping can actually push people towards LLM's (who currently absolutely have the capacity to circumvent most anti-scraping).

If you think you share knowledge worth finding, please consider this before deploying countermeasures!

#scraping #search #llm

Something new in our community and that deserves more attention: Breakdown of BLERP, the BLE re-pairing attacks by
Daniele Antonioli
& Sacchetti (NDSS 2026). TL;DR: the BLE standard doesn't authenticate re-pairing.
Paper + PoC indexed there:
https://community.penthertz.com/t/blerp-ble-re-pairing-attacks-and-defenses/17

Access control bypass via header smuggling, with no desync required! Using header smuggling for more than HTTP desync like this is totally underrated - a lot of defences only filter the CL and TE headers. You can detect these with Parser Discrepancy Scan.
https://www.linkedin.com/posts/jakedmurphy1_excited-to-share-that-i-recently-identified-activity-7431735557115789313-xhnA/

[RSS] Abusing Cortex XDR Live Terminal as a C2

https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/

I have a successful build and I only had to patch Meson twice!

#curl security moves again. Back to #hackerone

https://daniel.haxx.se/blog/2026/02/25/curl-security-moves-again/

It often feels like the world of tech is nothing but bad actors and bad news these days, it is always refreshing to read about something that is a fundamentally amazing example of technology and human ingenuity. This article about the process and people that sit behind the undersea cables that connect our world (and how they are productively recovered) is an example of that type of story. You should check it out!

https://www.wired.com/story/say-goodbye-to-the-undersea-cable-that-made-the-global-internet-possible/

The Cycle 2 deadline for the USENIX WOOT Conference is in just one week (March 3, 2026).

Full details are available in the Call for Papers:
https://www.usenix.org/conference/woot26/call-for-papers

IBM crashes because we’re gonna YOLO a replacement for banking and credit-card back-ends, replacing billions of lines of COBOL with vibe code. Uh…

https://www.techbuzz.ai/articles/ibm-crashes-11-as-anthropic-threatens-cobol-empire

After 6 years of waiting we are promised to finally be able to reliably open terminals in Windows VMs:

https://github.com/microsoft/terminal/issues/4750

#progress

It's a blog post I should have published months ago, but here we finally are.

"CVE-2025-59201 - Network Connection Status Indicator (NCSI) EoP"

Credit goes to t0zhang (on X) for the discovery.

👉 https://itm4n.github.io/cve-2025-59201-ncsi-eop/

I'd like to write more of those but it's so time-consuming. 😔

#cve #windows

A Meta employee who works on AI safety let an AI agent named OpenClaw loose on her inbox and it deleted all her email. (This tracks; companies like Meta actually don’t care about AI safety and hire accordingly.) https://techcrunch.com/2026/02/23/a-meta-ai-security-researcher-said-an-openclaw-agent-ran-amok-on-her-inbox/