modrobert @modrobert@qoto.org

The slides for the #radare2 #ai presentation made by @pancake are now public! Check them out while they are still hot! https://github.com/radareorg/radare2-extras/blob/master/r2ai/local/r2ai.pdf

How about a Friday WIP video? Metal Gear for the MD/Genesis. #metalgear #genesis #megadrive

https://youtu.be/PST8wHey_A0?si=uuozPwYpiZ4ZoldJ

#libwebp 1.3.2 has two #security related flaws that have been fixed in main:
• Fix invalid incremental decoding check:
https://github.com/webmproject/libwebp/commit/95ea5226c870449522240ccff26f0b006037c520
• Fix next is invalid pointer when WebPSafeMalloc fails:
https://github.com/webmproject/libwebp/commit/dce8397fec159c9edfeec7c6388cb81428c87ed8

While these are not as easy to exploit as CVE-2023-4863 it seems evident that there has been some gaps in libwebp fuzzing at google. Also CVE-2023-4863 was obviously assigned to a wrong project. #infosec #vulnerabilities #cve

brutal first blood for cytrox on iOS 17, but also damn that's some clear cut misuse.

if this infosec stuff doesn't work i'll start an ice cream shop

Need to know whether a piece of hardware is supported by free software? #hNode has you covered! Its search engine will help you verify #freesoftware compatibility. https://u.fsf.org/3uj

@lupyuen

100MHz FM transmitter from 1982, 25 Watts that we used for 3 months of non-licensed radio broadcast. A few coils in power amplifier are missing, and 2N6081/2N6082 (wrong marking) replaced the very expensive original BLY87/BLY89 (~$80-100 for a pair in those days!).

A while ago I tested #nostr and all i found was cryptobros and porn. Today it seems like the porn issue is under control and the feed seems nicer.

Clients got significant UI improvements, but still it feels a bit dangerous to post on a place where data spreads beyond author's control.

I managed to remove notes i published. But in theory all devs say this is UB. Considering there are tons of relays replicating and caching data, some users may still see it.

About this privacy topic it makes me think about the fact that we are not aware enough about all the data we give away and the false feeling of controlling it. Maybe being anonymous instead of having your real persona in this network is the way to go.. but still, i have mixed feelings with this interesting technology (yeah i like the protocol and it's simplicity)

Thoughs?

Say hello to #curl 8.3.0. 170+ bugfixes, 9 changes and one CVE fixed.

https://daniel.haxx.se/blog/2023/09/13/curl-8-3-0/

Pretty good summary. Dark Web.

Spent some time implementing a cheap-ass custom ring bus for CoreScore that I have had in my head for a long time now.

Resource usage improved a bit and P&R time was 20% shorter on the midrange FPGAs I tried. Will be very interesting to see how much this affects the highest CoreScore where P&R times can be 48h right now. I suspect both time and resource savings will be more significant on larger devices

Today's threads (a thread)

Inside: The Sacklers woulda gotten away with it if it wasn't for those darned meddling feds; and more!

Archived at: https://pluralistic.net/2023/08/11/justice-delayed/

#Pluralistic

1/

"Latest updates on Flat_z’s PS5 Exploit chain" https://wololo.net/2023/07/29/latest-updates-on-flat_zs-ps5-exploit/