"Never have, never will." Promise, shmomise.

This is some bullshit, Mozilla.

https://github.com/mozilla/bedrock/commit/d459addab846d8144b61939b7f4310eb80c5470e#diff-a24e74e4595fa85440a2f4e7e5dcfe68aba6e1e593aef05a2d35581a91423847

And the explanation is bullshit, too, and sounds rather annoyed at having to explain to us silly users that *of course* you have to "share some data with our partners".

https://blog.mozilla.org/en/firefox/update-on-terms-of-use/

A very good use of Gorton.

*long drag on cigarette* Kid, this is Mastodon. We're all the algorithm here. You. Me. Everybody. Now get out there and boost somebody's bullshit.

Team member @sigabrt was able to bypass Apache FOP Postscript escaping to reach GhostScript engine.

https://offsec.almond.consulting/bypassing-apache-fop-escaping-to-reach-ghostscript.html

In case anyone was still under the assumption that US Big Tech and the Trump regime aren't one and the same:

The US has ordered its diplomats to lobby against EU attempts to regulate US tech companies 🚨

We need ethical open alternatives.

https://www.reuters.com/sustainability/boards-policy-regulation/us-orders-diplomats-fight-data-sovereignty-initiatives-2026-02-25/

[RSS] From DDS Packets to Robot Shells: Two RCEs in Unitree Robots (CVE-2026-27509 & CVE-2026-27510)

https://boschko.ca/unitree-go2-rce/

A tale in 3 pictures. In which our hero wonders if he can and doesn't stop to ask if he should.

#c #programming

[RSS] Building a Custom Architecture and Platform: Part 2

https://binary.ninja/2026/02/26/quark-platform-part-2.html

#BinaryNinja

[RSS] Reverse Engineering Garmin Watch Applications with Ghidra

https://www.anvilsecure.com/blog/reverse-engineering-garmin-watch-applications-with-ghidra.html

[RSS] Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain

https://labs.watchtowr.com/buy-a-help-desk-bundle-a-remote-access-solution-solarwinds-web-help-desk-pre-auth-rce-chain-s/

[RSS] Intego X9: Why your macOS antivirus should not trust PIDs

http://blog.quarkslab.com/intego_lpe_macos_2.html

My final blog related to admin protection is up. https://projectzero.google/2026/02/gphfh-deep-dive.html I go into a bit of history of the interesting GetProcessHandleFromHwnd API, how it ended up allow you to bypass protected process restrictions and how it's now "fixed".

Former General Manager [L3Harris Trenchant] Sentenced to 87 Months for Selling Stolen [0day] to Russian Broker

https://www.justice.gov/opa/pr/former-general-manager-us-defense-contractor-sentenced-87-months-selling-stolen-trade

PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

[RSS] Filesystem 101

https://u1f383.github.io/linux/2026/02/26/filesystem-101.html

#Linux

Today, let’s remember Charles Thacker, who was born on this day in 1943. Thacker received the #ACMTuringAward in 2009 for the pioneering design and realization of the first modern personal computer -- the Alto at Xerox PARC -- and seminal inventions and contributions to local area networks (including the Ethernet), multiprocessor workstations, snooping cache coherence protocols, and tablet personal computers.

Read more about him, here: https://amturing.acm.org/award_winners/thacker_1336106.cfm #OTD

You know what, I'm kind of OK with the #Firefox AI opt-whatever solution they have

...compared to the fact that they kill all my sessions by a forced fucking restart when I try to act responsibly and update.

That's fucking outrageous!

Wow, Blogspot seems to have a massive spam problem!

Log4j, *the* project that escalated the need for funding open source in the first place, is currently being DOS’d by slop vulnerability reports. Well done everyone. Slow fucking clap.

https://github.com/apache/logging-log4j2/discussions/4052