A few weeks ago I discoverd an unauthenticated endpoint in a local outdoors activity app. The disclosoure is now pubilc!

maxammann.org/posts/2026/0...

Maybe in the form of a hobby. Apprenticeship in crafts/woodworking is still full or toxicity, at least here in Germany from what I've heard.

Guess it all also comes down to dependencies between people (teacher vs apprentice).

Just published a post about reversing a rooting method for Dreame robots.

maxammann.org/posts/2025/0...

Hm, haven't seen that yet, but I also never turned on Gemini. Maybe turning Gemini off fixes that.

Senior Security Engineer, Cryptography - Trail of Bits Who We AreFounded in 2012 by 3 expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology’s newest and most ch...

My team at Trail of Bits is hiring! 🎉 If you enjoy building and breaking novel cryptographic protocols like threshold signature schemes and zero-knowledge proof systems please come and work with us!

apply.workable.com/trailofbits/...

LibAFL docs that I wrote during my time at Trail of Bits are released now!! Check it out to learn some best practices including tips and tricks! appsec.guide/docs/fuzzing...

WebAuthn support by FiloSottile · Pull Request #28 · FiloSottile/typage

It works! Beyond passkeys, I can encrypt a file in the browser with typage and WebAuthn, and then decrypt it with the same YubiKey from the CLI with age-plugin-fido2prf.

README: github.com/FiloSottile/ty…
PR: github.com/FiloSottile/ty…

Awesome!

Sky Follower Bridge Instantly find and follow the same users from your 𝕏 followers on Bluesky

I used that one: www.sky-follower-bridge.dev

It only requires trusting the service once and only on bsky. So if you have a fresh account that one is nice.

GitHub - slimm609/checksec: Checksec Checksec. Contribute to slimm609/checksec development by creating an account on GitHub.

what's the go-to binary security check tool? Just for basic stuff like source fortification, stack canaries etc.

Is github.com/slimm609/che... the go-to tool?

Haha I mean I'm aware of the practice, never heard the term though, wonder if there is a German one

TIL what a SLAPP is :D Strategic lawsuit against public participation

Re your question: The lifetimes are unconstrained here actually.

impl<'a> IntoIterator for &'a TicketStore {
type Item = &'a Ticket;
type IntoIter = std::collections::btree_map::Values<'a, TicketId, Ticket>;

fn into_iter(self) -> Self::IntoIter {
self.tickets.values()
}
}

Rust is very precise about which parameterized trait is implement for which type. All is clearly defined, e.g. you can't get owned Tickets out of a store. Only references.

For any lifetime 'a implement the IntoIterator trait for all references of TicketStore with lifetime 'a. We implement a specific kind of the IntoIterator trait here, where the iterator type is Self::IntoIter and the Self::Item is a reference to a ticket.

Not sure if I get what you mean. Which generic syntax do you mean?

I can give you some mathy describing words based on the following solution:

It's documented here doc.rust-lang.org/reference/it...

I think the key thing to know is that any & implicitly has a lifetime, e.g. 'a

You can't use a lifetime without introducing it. By using a LifetimeParam in the GenericParams you can achieve that.

Does that answer it to you?

tls_protocol_version_t | Apple Developer Documentation The collection of supported TLS and DTLS versions.

Their network framework seems to support it though developer.apple.com/documentatio...

Secure Transport support in curl is on its way out In May 2024 we finally decided that maybe the time has come for curl to drop support of older TLS libraries. Libraries that because they don't support the modern TLS version (1.3) for many users are m...

daniel.haxx.se/blog/2025/01...

Secure Transport | Apple Developer Documentation Secure network communication using standardized transport layer security mechanisms.

Ufff, TIL Apple Secure Transport does not support TLS 1.3 :O

developer.apple.com/documentatio...

Well, not anymore -- not with my patented POWER COMMENT technique!

godbolt.org/z/nEqhbhbse

My new C programming book is slowly taking shape. If you want to learn along, let's start with the basics of control flow:

godbolt.org/z/3GerY3zEc

1/5

Awesome! We need a Rust version of this!

I'd love to see Sebastian praise Rust

Program in C YouTube video by Kaslai

Always lightens the mood.

Bonus points for Sebastian being a crab 🦀🦀🦀

Telegram Hands U.S. Authorities Data on Thousands of Users The number of data requests fulfilled by Telegram skyrocketed, with the company providing data to U.S. authorities on 2,253 users last year.

A reminder that Telegram is not an encrypted messaging app, unless you know what you’re doing. www.404media.co/telegram-han...

LLMs are a general purpose technology. Essentially the community is doing what you ask. It is replacing "plain fuzzing" with "LLM augmented fuzzing" for certain cases.

LLMs are no magic tool. It is just tech that has gotten surprisingly better 2 years ago

Wait what? The US is doing this now already? :O this is an active discussion in Germany :O

Not good if the US prooves you can just do that

The Worst Ghosts of 2024! It's that time of the year once again where I present to you, the unsuspecting public, the 5 worst ghosts caught on camera which made headlines during the past year. Fear not. These apparitions are no...

Introducing... The Worst Ghosts of 2024! Enjoy the latest instalment of this end-of-year tradition on my science blog about spooky things! 👻

hayleyisaghost.co.uk/the-worst-gh... #paranormal #skepticism #scicomm #ghosts #psychology

Left. Looks more "real" to me.