⊥ᵒᵚ⁄Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️ @falken@qoto.org

It is WILD that we now live in a time where my job as an astrophysics professor has gone from "learn cool things about space" to "try to get someone to hold billionaires accountable for dropping shit on us from orbit"

Drax 15 case thrown out after £3m police operation

#uk #police

https://www.thecanary.co/skwawkbox/2025/09/23/drax-15/

This satirical blog post really illustrates the problem with a lot of technical writing. Amazing technical writing is so good and then everything else reads like this

https://anniemueller.com/posts/how-i-a-non-developer-read-the-tutorial-you-a-developer-wrote-for-me-a-beginner

Anyone out there making a combination AV receiver + KVM?

I mean, the AV receiver is already doing the "V" part of kvm, but I don't see something obvious in the market and it seems like I must be missing something.

@falken I've got a receiver here, that's a nice, big amplifier that connects to a bunch of nice big speakers and when I turn the input dial, it picks which of the HDMI inputs go to the screen and speakers. What I want is, when I turn that same dial, to have a keyboard and mouse point back to whatever those inputs are.

I'm not saying this one is intentional, but it sure feels negligent at best.

https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/

sev:HIGH 8.2 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks.

The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers.

and

While OnePlus does advertise a public bug bounty program for reporting vulnerabilities, Rapid7 cannot engage with their bug bounty program due to its restrictive Non Disclosure Agreement (NDA) terms and conditions. Therefore CVE-2025-10184 is being disclosed as not fixed by the vendor at the time of disclosure.

https://www.cve.org/CVERecord?id=CVE-2025-10184

Apple fails with DMA emergency brake: iPhone must become more compatible

The EU has rejected Apple's objections: the iPhone must be just as compatible with devices from other manufacturers as it is with Apple Watch & Co.

https://www.heise.de/en/news/Apple-fails-with-DMA-emergency-brake-iPhone-must-become-more-compatible-10666570.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Apple #DigitalMarketsAct #EU #iOS #iPhone #IT #Mobiles #Wirtschaft #news

Finally! The Poles have had it with the Russian clown, and Foreign Minister Radosław Sikorski tells the Kremlin,

"You have been warned."

— Meaning from now on, Poland will fire at Russian aircraft.

Full speech: https://www.youtube.com/watch?v=2fgLtZJWNJ4

New: We have just sued ICE to demand it turns over a secretive spyware contract that it refuses to release:

https://www.404media.co/were-suing-ice-for-its-2-million-spyware-contract/

I'm seeing these (blurry) images of the new "official" Lego Enterprise all over social media today - people saying "we have the first images" - but no links, no official word from Lego, CBS or Paramount. I really want it to be true, but it all seems pretty vague 🤔

Very curious

#LEGO #StarTrek #LEGOStarTrek #CBS #Paramount

Some classic sounds for your ears ✨ Collab with @CasproMusic out now on all music platforms 👾

Born #onthisday in 1866, the "father of science fiction" H. G. Wells. Read our essay by Peter J. Bowler on the writer's many musings on the future of humanity: https://publicdomainreview.org/essay/h-g-wells-and-the-uncertainties-of-progress #otd

A popular man ahead of his first front row start with the Williams team ✍️👊 @Carlossainz55@twitter.com

#F1 #AzerbaijanGP

Just released Tusky 31!
Changelog: https://codeberg.org/tusky/Tusky/src/branch/develop/CHANGELOG.md#v31-0

If you would like for me to come to your conference or convening and give a 45-minute rant about what makes good digital privacy trainings and guides, particularly for high-risk populations, hit me up.

I further regret to report that an unbelievably large, mildly ill dog sneezes like a shotgun, and he will repeatedly walk into mommy’s room in the middle of the night to do so (which probably means he wants me to fix it… oh buddy, I’m sorry… )