A Lifetime of Disobedience (#Disobey2026) slides are up! https://grandideastudio.com/portfolio/library/lifetime-of-disobedience/

First CHERIoT Silicon!

Most CHERIoT work to date has been done on software or FPGA simulations. We have several such implementations: The executable model built from our formal ISA specification, the MPact simulator from Google, Microsoft’s CHERIoT SAFE FPGA target for the Arty A7, and of course lowRISC’s beautiful Sonata FPGA board, which is designed to simulate CHERIoT systems. These were always intended to be developing and prototyping systems, so I’m delighted to announce that SCI Semiconductor has the first silicon CHERIoT implementation.

[ Conflict disclaimer: I am a co-founder of SCI Semiconductor. ]

The dev board pictured above contains one of the first batch of ICENI chips to come back from the fab. This is a complete CHERIoT system, with all of the core CHERI properties (spatial memory safety, no pointer injection, and so on) along with all of the CHERIoT extensions that provide deterministic use-after-free protection, auditable control over interrupt state, and everything that we need for an aggressively compartmentalised RTOS.

This chip uses the CHERIoT Ibex core, running at up to 250 MHz, and includes a few feature that accelerate temporal safety, improve interrupt determinism, and so on. These build on top of all of the benefits of any CHERIoT implementation: deterministic mitigation of memory safety bugs from simple buffer overflows up to use-after-free, fine-grained compartmentalisation, and a programming model co-designed with both the ISA and the software stack to provide a tiny TCB. Anything that works on CHERIoT SAFE or Sonata should be very easy to port to ICENI for production use. Anything that runs on the software simulators should just work.

We’ll be showing the chips at Embedded World (Stand 4A - 131) next week and at CHERI Blossoms a couple of weeks later. From tomorrow, one will also be on display in the CHERI 15th anniversary exhibit in the Cambridge Computer Laboratory.

Aside: The Iceni tribe were one of the pre-Roman tribes in Britain and are famous for their chariots (though more due to this statue than historical fact). I am only partially to blame for the bad puns in the naming.

CHERIoT

The latest episode of 'Where Warlocks Stay up Late" dropped yesterday. Featuring yours truly. The interview goes pretty deep from growing up in Maine, working at Lotus, stories about L0pht you may not have heard before to getting fired from @stake. Probably the most personal interview I have ever given.

https://www.youtube.com/watch?v=j6jhAugNqvE

#l0pht #spacerogue #warlocks

RE: https://tldr.nettime.org/@tante/116170621153319970

Kept thinking about it so I tried to add to it in a quick article. It's about software and love. And Open source.

https://tante.cc/2026/03/04/artisanal-care/

SolarWinds RCE (@chudypb), Windows 11 Recall-based LPE (@filip_dragovic), Robot RCEs (@olivier_boschko + @ruikai), EDR as a RAT (@p0w1_), and more!

https://blog.badsectorlabs.com/last-week-in-security-lwis-2026-03-02.html

My second article in Paged Out! #8 was about the architecture of the terminal emulator on Linux - it's a really obvious thing until you start digging into details, as usual.

Web viewer: https://pagedout.institute/webview.php?issue=8&page=43&article=Linux+terminal+emulator+architecture
PDF download: https://pagedout.institute/?page=issues.php

f(x,y) = ((((-y) % (y ^ 11)) / ((1 % x) * (-x))) & (-((~y) | (~x)))) % 13

Extent: 256x256 (scaled x2)

"Onebit" colouring scheme.

Axios: Exclusive: Researchers trick a bot that prescribes meds

"Security researchers used relatively simple jailbreaking techniques to trick the AI system powering Utah's new prescription refill bot.

Researchers were able to make the bot spread vaccine conspiracy theories, triple a patient's prescribed pain medication dosage, and recommend methamphetamine as treatment."

https://www.axios.com/2026/03/04/doctronic-utah-prescriptions-ai-jailbreak

#AI #doctor #health #prescription #utah

Solved but now unsolved problems in computer science:
- copying files off a phone without using a network/cloud/internet

NEW macOS 26.3 🥫🍝 sauce! 🎉

xnu:
https://github.com/apple-oss-distributions/xnu/compare/xnu-12377.61.12...xnu-12377.81.4

dyld:
https://github.com/apple-oss-distributions/dyld/compare/dyld-1335...dyld-1340

Security:
https://github.com/apple-oss-distributions/Security/compare/Security-61901.60.40...Security-61901.80.25

- this post was generated by `ipsw` 🤖

»CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements« https://www.404media.co/cbp-tapped-into-the-online-advertising-ecosystem-to-track-peoples-movements/?Fedizen.EU #Fedizen #Fediverse #ActivityPub #News

That one XKCD thing, now interactive.

This is so much fun... Craig S. Kaplan: In my online undergraduate P5.js course, students are about to begin the module on motion and physics, including a bit of physics simulation using Matter.js. It suddenly...
https://jwz.org/b/yk4B

Can you feel it too?

Join us today for our analysis of Juniper's recent pre-auth RCE - CVE-2026-21902 - affecting a very specific set of devices. Curious?

https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/