Opinion: Browsers are FAR too willing to enter full-screen mode. textslashplain.com/2023/09/12/att…

The best things I’ve ever read `impl Trait` and `async fn` details in Rust. (Not that it matters, but I prefer explicit capture syntax over any of the automatically-capture-too-much stuff, and I think it should be done such that TAIT is never needed.): hackmd.io/sFaSIMJOQcuwCd…

Just renewed my JetBrains All Products license for $173. It is not an exaggeration to say that it is one of the best purchases I make each year.

Great post and great conclusions, including “This bug also shows that we have an over-reliance on fuzzing for security assurance of complex parser code. Fuzzing is great, but we know that there are many serious security issues that aren't easy to fuzz.”

From the TLS newsletter: Paul Bottinelli writes on NCC Group’s blog about a subtle issue the group discovered while auditing a random number generator. buff.ly/48li9je

Mitigations=off considered harmful or spurious SIGILL on AMD Zen4 forum.level1techs.com/t/mitigations-…

The most significant supply chain security improvement cargo (and similar systems like npm) could make is to make —locked the default for all cargo commands.

Lenovo X1 Carbon Bitlocker Key Sniffing any% Speedrun (42.9 seconds)

WebGPU allows websites to use your GPU for general-purpose computations without asking for permission in the browser. To understand which attack vectors are possible using this interface, see our AsiaCCS paper and try the PoC in your browser.

Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun: md5("TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak") = md5("TEXTCOLLBYfGiJUETHQ4hEcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak")

Ouch. The Windows Wi-Fi driver can be exploited by an attacker that is within Wi-Fi range. It requires no interaction from the victim and no prior knowledge of the system from the attacker. Just like the movies! It affects all modern versions of Windows. Patch immediately! 👇

Out of all the things Entrust did to get booted, which was the *single* worst thing they did? Like, what is the bugzilla bug number of the most severe bug?

"Weaponizing Chrome CVE-2023-2033 for RCE in Electron: Some Assembly Required" by turb0 turb0.one/pages/Weaponiz…