Little Tikes out here ripping off Boeing manufacturing procedures.

Free Rust course developed by the Android team at Google "Comprehensive Rust" google.github.io/comprehensive-… #rustlang

The FCC has entered the chat

Now waiting for the "Derek Zoolander school for those who can't use LLMs good and want to learn how to do other stuff good too" to open up.

|￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣| | Don't Push To Production On Friday | |＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

Not exactly what I was expecting to see when I opened the app, but okay.

"OpenSSH Backdoors" -- a few thoughts on supply-chain attacks against OpenSSH, and what we can learn from both historical and modern events. blog.isosceles.com/openssh-backdo…

Microsoft has open sourced its new cross-platform virtual machine layer written in Rust: github.com/microsoft/open… From many of the same team who created WSL, including 𝕓𝕖𝕟 𝕙𝕚𝕝𝕝𝕚𝕤.

reminder that the bcrypt hash function ignores input above a certain length! so if you do bcrypt(username || password) for some reason, a sufficiently long username will make it accept any password. to fix this you can sha256 the input first.

Word of the day is ‘recrudescence’ (17th century): the return of something terrible after a time of reprieve.

A seminal tome. Definitely worth reading!

You can't make this stuff up.

Heads up: Microsoft Office, like many companies in recent months, has slyly turned on an “opt-out” feature that scrapes your Word and Excel documents to train its internal AI systems. This setting is turned on by default, and you have to manually uncheck a box in order to opt

Ok so someone MUST have already made a Class Action Park map for Parkitect right? I don't have to do this myself, do I?

The lack of end-to-end encryption through the telco infra *is* the vulnerability. We improved Internet infra security by largely de-privileging the intermediate hops through widespread use of TLS. Now attackers go for VPN boxes because that's where traffic exists in plaintext.

Nice overview of webauthn by Adam Langley : imperialviolet.org/tourofwebauthn…

A lot of people don’t know this, but any platform Chrome runs on *except iOS* has a fully featured Bluetooth scanner that allows viewing, connecting, and read/writing GATT attributes. Go have some fun. You already have the tools chrome://bluetooth-internals

A friend of mine (Gynvael Coldwind) is organizing a course about reversing binary files and protocols: hackarcana.com/workshop-sessi… recommendation++

Fun. Atlassian jams some AI enabled app called Rovo into orgs you create. It can't be removed, and you can't delete the org as long as there are active apps in it, leading to no way to delete the org.

🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems. security.apple.com/blog/memory-in…