modrobert @modrobert@qoto.org

We are happy to tell you that we accept your proposal "Broom not included: curling the modern way" in the Network devroom at #FOSDEM 2024.

It looks like I will blab at FOSDEM again.

I can finally reveal some research I've been involved with over the past year or so.

We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parti
es.

1/4

You probably never figured the Caribbean island of Anguilla would be a hotbed of AI activity, but here we are. One of the more interesting press releases I received this morning:

"Due to the rise in popularity of Artificial Intelligence (AI), .ai domain registration figures have skyrocketed. The small island of Anguilla, whose government owns the country code top-level domain (ccTLD) .ai, has had a huge spell of luck after reaping significant profits amid this tech-driven trend."

"Anguilla’s government is earning around $3 million every month from registrations, which has almost surpassed the revenue generated from all goods and services, from all of their shops and restaurants each month of the year so far. Should this trend persist, projections suggest a potential additional revenue of up to $45 million by the end of 2024."

"Although this presents a significant opportunity for a tiny island of only 16,000 inhabitants, such reliance on a single revenue stream poses potential risks to the nation’s economic prospects."

Always amazes me to find quotes like this one from a coder like Dan Scott: "While I was learning and coding, I was always in awe of the crackers. Cracking encrypted code, rearranging disk Content to find space for a cracktro, one filing games, squeezing 2 disk games onto 1 disk etc.. Seemed like voodoo to me" (https://eab.abime.net/showthread.php?p=1657173#post1657173)

Did you know that there is full coverage of the C radare2 api for Rust and Python autogenerated with bindgen and ctypeslib respectively? It’s not idiomatic and certainly needs some maintainance and cosmetic work but the hard part is done. https://github.com/radareorg/radare2-bindings

#Debian 11.8 released

https://www.debian.org/News/2023/2023100702

The #OPLArchive is my project to preserve the history of DOS-based chiptune music in a central location, using the universal VGM file format. I'm trying to find and add as many songs as I can. Check it out at https://opl.wafflenet.com - You can even listen in your browser! #YM3812 #YMF262

You can learn how to use radius2 by checking the new repository collecting several usage examples! By @alkali https://github.com/aemmitt-ns/radius2-examples

In 2000, the Beatles created THEBEATLES.COM in relation to a new Beatles compilation album set, "1". For whatever reason, the legendary demoscene group MELON was hired to make flash animations for their songs. The results are now emulated at Internet Archive.

Warning: Flashing lights galore.

https://archive.org/details/melon-cometogether
https://archive.org/details/melon-ifeelfine

The slides for the #radare2 #ai presentation made by @pancake are now public! Check them out while they are still hot! https://github.com/radareorg/radare2-extras/blob/master/r2ai/local/r2ai.pdf

How about a Friday WIP video? Metal Gear for the MD/Genesis. #metalgear #genesis #megadrive

https://youtu.be/PST8wHey_A0?si=uuozPwYpiZ4ZoldJ

#libwebp 1.3.2 has two #security related flaws that have been fixed in main:
• Fix invalid incremental decoding check:
https://github.com/webmproject/libwebp/commit/95ea5226c870449522240ccff26f0b006037c520
• Fix next is invalid pointer when WebPSafeMalloc fails:
https://github.com/webmproject/libwebp/commit/dce8397fec159c9edfeec7c6388cb81428c87ed8

While these are not as easy to exploit as CVE-2023-4863 it seems evident that there has been some gaps in libwebp fuzzing at google. Also CVE-2023-4863 was obviously assigned to a wrong project. #infosec #vulnerabilities #cve

brutal first blood for cytrox on iOS 17, but also damn that's some clear cut misuse.

if this infosec stuff doesn't work i'll start an ice cream shop