"some risks for users facing a strong adversary, such as a government focusing all its resources on a very specific target"

Translation: The police has to write a carefully worded mail to Switzerland.

If you ask AI to rewrite the entirety of an open-source program, do you still need to abide by the original license? In philosophy, this problem is known as the Slop of Theseus

If you don’t build infrastructure to conduct indiscriminate and omnipresent mass surveillance, then your enemies can’t gain access to it.
https://edition.cnn.com/2026/03/05/politics/fbi-investigating-cyber-breach-critical-surveillance-network

so if you want to subscribe to a vpn, and you were considering proton, maybe dont

https://infosec.exchange/@josephcox/116178496048136287

So, the Dutch government tried to whitewash Amazon's sovereign cloud offering, only to be called out so hard that they had to withdraw the paper.
#digitalsovereignty
https://nltimes.nl/2026/03/05/dutch-govt-pulls-report-dangers-american-cloud-service-criticism

RE: https://fosstodon.org/@kdkorte/116180140578126363

"Bert Hubert posted a blog on his website criticizing the research. According to him, the report underestimates the risk governments face by using Amszon’s new cloud service. "

@bert_hubert holding the door :)

[RSS] Bypassing debug password protection on the RH850 family using fault injection

http://blog.quarkslab.com/bypassing-debug-password-protection-on-the-rh850-family-using-fault-injection.html

I've been seeing a lot of comments online about how browser telemetry is just a way to spy on users and we never actually use it, and it provides no value.

We can debate whether you think someone (Firefox or otherwise) overcollects telemetry, or doesn't collect it in a privacy-preserving enough way. And you should be able to turn it all off, for any reason.

But it's been instrumental for me, personally, to ship multiple security improvements to Firefox - and I'm just one of hundreds of developers. I wrote up some more here: https://ritter.vg/blog-telemetry.html

When looking at calculations of the environmental impact of LLM systems, consider carefully where the system boundary is drawn.

eg. Is the increased energy usage of the servers being scraped for source data included? Or the increased energy usage of every 3rd-party browser doing proof of work just to access the site? What about the network in between?

If I punch you in the face, and we want to measure the pain caused, we need to consider more than just how *my* hand feels afterwards.

I have just updated this old #IDA Plugin of mine: IDA Magic Strings.

https://github.com/joxeankoret/idamagicstrings

It now supports installation using hcli (https://hcli.docs.hex-rays.com/getting-started/installation/)

#IDAMagicStrings

Daily fill-the-blanks game:

"[REDACTED] technology is characterised by a constant stream of poorly thought-out experimentation and constantly trying to outdo the competition [...] Therefore [REDACTED] technology is not uniform, lending [REDACTED] a cobbled together and random appearance.[...] Much of [REDACTED] technology is unreliable and sometimes seemingly inoperable to [REDACTED], in some cases only working properly in the hands of an [REDACTED]."

Solution below...

🎉 The 10th Nix Milano Unconference is back at our HQ!
Limited seats, so secure your spot and join us!
📅 Saturday, Mar 14, 2026 | 9:30 AM
📍 Via Carlo Farini 57A, Milan
🔗 https://mobilizon.it/events/096bf456-efd6-4230-9ddc-0cce7c72046a

[RSS] Aha, I found a counterexample to the documentation that says that Query-Performance-Counter never fails

https://devblogs.microsoft.com/oldnewthing/20260304-00/?p=112110

DOMPurify 2.5.9 and DOMPurify 3.3.2 were released today in a rush to fix a security issue caused by jsdom's faulty tag parsing.

A total of four people reported the exacty same bug within a window of three days.

One did so via email, thank you. One did so via private security advisory, thank you too.

One however simply published a ticket for everyone to see, the other one just dropped a CVE on us without a working fix release. Thanks for nothing.

https://github.com/cure53/DOMPurify/releases/tag/3.3.2

https://github.com/cure53/DOMPurify/releases/tag/2.5.9

I'm here waiting until the multi-trillion dollar wunderchild of human progress finishes "Finagling..."

Btw. is it me or these pinnacles of technology only ask confirmation for `echo` when they are about to execute `echo lol && rm -rf ~/`?

[RSS] Reverse Engineering Crazy Taxi, Part 1

https://wretched.computer/post/crazytaxi

If you as a journalist bring up the fact the Linus Torvalds vibe-codes, but fail to add "for his guitar effect pet-project" you can consider yourself a permanent resident of the tabloid/propaganda shelf.

"Every single time you mandate #ageverification, you are mandating the creation of a centralized database of extraordinarily sensitive personal information. Government IDs. #Biometric facial data. The kind of data that, once breached, cannot be “changed” like a password. You get one face. You get one #government ID number. When those leak—and they will leak—the damage is permanent."

https://www.techdirt.com/2026/02/25/hackers-expose-the-massive-surveillance-stack-hiding-inside-your-age-verification-check/

A few years ago I designed a way to detect bit-flips in Firefox crash reports and last year we deployed an actual memory tester that runs on user machines after the browser crashes. Today I was looking at the data that comes out of these tests and now I'm 100% positive that the heuristic is sound and a lot of the crashes we see are from users with bad memory or similarly flaky hardware. Here's a few numbers to give you an idea of how large the problem is. 🧵 1/5

[RSS] Building a Custom Architecture and Platform: Part 3

https://binary.ninja/2026/03/04/quark-platform-part-3.html

#BinaryNinja