New blog post: Perfect types with `setHTML()` - https://frederikbraun.de/perfect-types-with-sethtml.html - TLDR: Use require-trusted-types-for 'script'; trusted-types 'none'; in your CSP and nothing besides setHTML() works, essentially removing all DOM-XSS risks....

Composing Sanitizer configurations (https://frederikbraun.de/composable-sanitizers.html): The HTML Sanitizer API allows multiple ways to customize the default allow list and this blog post aims to describe a few variations and tricks we came up with while writing the specification.

Building a Super-Compact Cistercian Numerals Clock

https://hackaday.com/2026/03/08/building-a-super-compact-cistercian-numerals-clock/

Darknet Diaries 170: Phrack

"Phrack is legendary. It is the oldest, and arguably the most prestigious, underground hacking magazine in the world..."

🔗 https://darknetdiaries.com/episode/170/

#Phrack #Hacking #CyberSecurity

Watching pro developers discussing how stupid some of the exploits of widely used software are is pretty entertaining:

https://www.youtube.com/watch?v=OgfdyH4iaps

Good to see the "other side" gets it!

I wrote a not very serious thing about #3Dprinter and #warhammer

https://matduggan.com/the-year-of-the-3d-printed-miniature-and-other-lies-we-tell-ourselves/

Phrack 73 CFP

https://phrack.org/

With a demo!

The perfect headline doesn’t exi…

https://www.engadget.com/big-tech/google-pledges-roughly-three-hours-of-its-annual-profit-to-fight-climate-change-164808010.html

[RSS] Reverse-engineered the WiFi transfer protocol for HeyCyan smart glasses (BLE + USR-W630 WiFi module) -- first iOS implementation

https://alexschar.dev/HeyCyanCaseStudy

[RSS] A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets

https://blog.calif.io/p/a-race-within-a-race-exploiting-cve

[RSS] Reviving a 20-year-old puzzle game Chromatron with Ghidra and AI

https://quesma.com/blog/chromatron-recompiled/

[RSS] U-Boot security improvements using Arm memory permissions

https://www.linaro.org/blog/undefined/

[RSS] Coercing machine accounts through MsSense.exe -- MDE becomes the attack vector

https://medium.com/@Sniffler/stuck-without-coercion-options-why-not-just-coerce-mde-aecc23b43b66

[RSS] Getting a Shell on the Tapo C260 Camera (CVE-2026-0651, CVE-2026-0652, CVE-2026-0653)

https://spaceraccoon.dev/getting-shell-tapo-c260-webcam/

"Besides, they are good company, my sheep."

A new page of my comic Ekphrasis, which you can read for free at https://ekphrasiscomic.neocities.org/.

RE: https://framapiaf.org/@Bristow_69/116178473393080452

inkscape is hiring 2 c++ developers. they have a big red warning box saying absolutely fuck off with your genai

Neptune's Spatuala is a great scene about care and quality (see how I carefully avoid the A word?):

https://www.youtube.com/watch?v=eYeNKdJhk98

IT people should watch more Sponge Bob!

The FBI got compromised, again. Their wiretap system got compromised, again?!

https://edition.cnn.com/2026/03/05/politics/fbi-investigating-cyber-breach-critical-surveillance-network

"some risks for users facing a strong adversary, such as a government focusing all its resources on a very specific target"

Translation: The police has to write a carefully worded mail to Switzerland.

If you ask AI to rewrite the entirety of an open-source program, do you still need to abide by the original license? In philosophy, this problem is known as the Slop of Theseus