We're excited to share that Firefox now uses zlib-rs for gzip (de)compression. This has both performance and safety advantages, but it took a while to get zlib-rs into production. Read why in Folkert's blog: https://trifectatech.org/blog/zlib-rs-in-firefox/

Thanks to @glandium, @gabrielesvelto, Bobby Holley, @nlnet, @sovtechfund, Chainguard, Astral / @charliermarsh, @mozilla, @ProssimoISRG

#rustlang #opensource

It's not too late to sign-up...

We're hosting a free virtual workshop/webinar on idalib — IDA as a library. Call IDA's analysis engine directly from your own code, automate workflows without launching the GUI, and integrate IDA into any toolchain you're already running.

👉 https://2dgu4h.share-eu1.hsforms.com/2D4ZYPjdCRFODEGRKtMILwQ

[RSS] I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.

https://bobdahacker.com/blog/fifa-hack

well this is the scariest thing my work computer has ever done. I didn’t even know it was structurally possible for popup windows to appear over the Windows Update screen

Imagine going to the hospital to see a doctor. You wait for hours, then the doctors shift is over so they tell you that you are healthy and should go home.

This is how autoclosing issues feels like.

Today I learned that glibc has a broken %s implementation in strftime. It applies the timezone even when we want UTC...

https://github.com/curl/curl/issues/22038

I spend a lot of time discussing digital autonomy over at think tanks & other civil society places. I think we're going round in circles & need to look further ahead into more practical things to make any progress: https://berthub.eu/articles/posts/eu-civil-society-need-progress-digital-autonomy/

I can't believe that we live in a timeline where the thing people go most apeshit for in the world is a repository that literally consists of 77 lines of markdown that literally just say "don't write code that is pointless to write" in 6 bullet points

Okay, could someone explain something to me please?

Why did ANYONE ever think “guardrails” would work?

We all know that blocklisting is suboptimal because you can’t possibly enumerate all the badness (see also: antivirus). And anyone who has had to write a statement of work that includes application security requirements knows how impossible THAT is without adding a whole textbook as an appendix. (Or just writing “Don’t do stupid shit with the code,” which covers it pretty broadly.)

Don’t do that. Or that. Or that, either. And not like that. Oh, we didn’t know you could do that! Don’t do that.

Seriously, why??

#windows #graphics #design #ui

A bunch of GeoVision vulns just got published by @TalosSecurity

RE: https://infosec.place/objects/b8c930b2-f169-4211-98a5-a02661c15990

I have just published a new bug fixes minor release for #Diaphora, version 3.4.1.

https://github.com/joxeankoret/diaphora/releases/tag/3.4.1

UK government to make Mastodon compulsory for annoying children

The video of the Kernel-Hack-Drill Masterclass that I gave in Kuala Lumpur🌴

A lot of live demos of Linux kernel attacks and defenses🛠

https://www.youtube.com/watch?v=zXVqGaJY6iM

Re: Social media bans

Does IRC count as social media?

As a teenager I was intensely isolated from my peers. I had been removed from education by a parent and, along with my siblings, spent all my time at home. I had little in the way of homeschooling.

The internet, and in particular social mediums, ended up giving me a lifeline. It was my connection to the outside world and gave me a way to socialise, as well as signpost me to subjects I could then look up and learn.

https://www.gov.uk/government/news/social-media-to-be-banned-for-under-16s-in-landmark-government-move-to-givekids-their-childhood-back

1/2

Last iOS27 optimizations are kind of a challenge for reversing tools. Thanks @codecolorist for the analysis. i'll do my best to handle all those new constructions in r2, if you have suggestions i'm all ears https://codecolor.ist/posts/2026-06-15-ios27-reworked-stub-islands/

Can't quotetoot the original but:

This is a VERY CLEAR attack on open source projects. Why would random people be registering domains en masse for popular open source projects that (currently) only redirect to the authoritative home?

Why? Because they're building search engine credibility. Once the attackers have gained enough credibility, they will pull the bait and swap to an attack payload at the domain.

Exercise EXTREME caution with your internet searches.

https://social.kernel.org/objects/bc6c59fe-a58c-47f7-9f1a-604d21b7f003

I am collecting material, sources on LLMs and vulns before and after the recent mythical moment in time.

The (searchable) list is here: https://tzafaar.codeberg.page/

Take a look and let me know if your favourite source, paper, blog post, repo is missing.

Would appreciate retoots