GitHub’s leadership blames the 3.5x increase in service load as the cause of degradation – or it might be self-inflicted.

Home Assistant automation triggers are becoming easier to use. Here is what purpose-specific triggers and duration support mean in a real smart home.

After many years of running a few Wordpress sites, last year around September I moved the last of them over to static content serving. It’s been over 6 months, and today as I was checking…

We cancelled Auth0 over a year ago. Not because it stopped working, but because scaling to 350,000 monthly active users made the pricing model untenable. The migration to MojoAuth cut our…

TrustedVolumes, a resolver and market maker used by 1inch and other defi platforms, suffered a $6.7 million exploit after an attacker was able to steal funds without proper validation. The thief then…

Rooted Android phone Disabled IMS (VoLTE, VoWIFI) Lock the LTE band to the lowest band available No voice calls SMS via SGd

By Peter Gabaldon (X / LinkedIn) TL;DR This past summer (2025), during an Ethical Hacking process, we found a Smart Drawer machine for automated payment management. The employees of this recreation…

ocurrent/docker-base-images publishes the ocaml/opam:* Docker images which the OCaml CI systems use. For each distro, it tracks 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, and master opam release branches in…

Thomas Scheibe walked on stage and said the quiet part out loud. Most “AI for networking” pitches you’ve sat through this year work the same way: vendor has a controller, they…

Twelve critical vulnerabilities were just published for vm2, a Node.js security library that sits inside millions of applications. Three of them score a perfect 10 out of 10. The creator shut the…

Two weeks ago, we at Halcyon hosted our first large in-person event on time and speed to power: the critical paths for companies building the energy infrastructure required to meet soaring demand for…

Rooting a VMC2040 security camera part 7: Conclusion and summary Brief In this part we are going to give some thoughts about the security of the camera and what to do to prevent this kind of attack.…

Rooting a VMC2040 security camera part 6: What did work Brief In this part I will show how I finally got root access to the camera. The other parts of the series are: Part1: Basic examination Part2:…

Microsoft has announced a new security change for Microsoft Entra ID. Starting June 2026, App Instance Lock will be enabled by default for all newly created applications. In this article, we will…

LibreNMS has been a faithful companion for years now. It quietly handles the monitoring of my servers, devices, and services without demanding much in return - exactly what you want from a tool whose…

A WooCommerce site with an ERP integration in progress. The external developer reported a mixed encoding in the database: latin1, utf8mb3, and utf8mb4. ALTER TABLE looked like the right move. But it…

Recently at work (on my last day), I dealt with a SQL query that got pretty complex because of new features making the business logic increasingly involved. The query ended up quite lengthy, but it…

This article documents a specific, real incident. It exposes a class of vulnerability that deserves attention: the unsupervised mutability of security rules by autonomous agents.

ISSUE 23.18.1 • 2026-05-07 By Susan Bradley It’s time to prepare for the May updates, which includes pausing and deferring them. That’s why the MS-DEFCON level is going to 2. There may be some…

I rewrote I/O Riot. The old version, written in C and SystemTap, dates back to 2017. The new version (called `ior`) uses Go, C, and BPF via libbpfgo. It runs on Linux and is primarily a TUI dashboard…

Naveen Kumar Devaraj mentioned an interesting fact in his EVPN-related comment : The EOS default ARP timeout is 4 hours, and MAC aging is 5 minutes. Arista is not the only platform using these…

The UK’s cyber security data does not describe a single reality; it describes three filtered views of it. By overlaying Breaches Survey, ICO, and NCSC data, a clearer model emerges: one of layered…

The HTML Sanitizer API is a new browser feature that helps developers prevent XSS vulnerabilities by safely sanitizing HTML content.

...

Oh boy yet more linux kernel vulns

This post is a written description of a presentation titled Phone unlocking tools and where to find them that we have delivered privately to different events and organizations, including Primavera…

Part of the "FreeBSD on a Laptop" series. Disable password logins on the FreeBSD SERVER in favour of using SSH keys for authentication. Create the necessary SSH keys on a FreeBSD CLIENT that will be…

Let's say you are the maintainer of a Python library that depends on another Python library like “ urllib3 ”. Because you want to make sure users receive a compatible version of urllib3 you add a…

Disclaimer: Mesh networks over LoRa as described here (MeshCore/Meshtastic) do not require a license in the US, since they operate on the unlicensed & public domain 915 MHz ISM band under FCC…

We are self-hosting LaSuite, an open-source Google Docs alternative, for our small agency - and opening it up for others to try.

Every time you load a website, send an email, or update an app, you’re quietly relying on a handful of unglamorous services that route your packets to the right place: DNS to translate names into…

Hey, look out! this is an addendum to yesterday's post on setting up a Sun Ray server on OpenIndiana Hipster 2025.10 . all of this is written with the assumption you've followed the setup steps in…

This is a topic that I have been planning to dive into for a long time, but I kept procrastinating. Yet, finally I sat down to it and found out it is much, much simple than I anticipated. I am a fan…

Hugo builds static pages; publishing determines whether deployed artifacts carry accurate cache validators and whether search engines receive explicit update notification. The implementation…

Jwt should not be persisted

AI is finding bugs faster, researchers pile on the moment one drops, and registries ship malware by the hundred-thousand. Defenders are caught between two contradictory imperatives. The fix is…

This page tracks my vulnerability disclosures. Inspired by the P0 folks, this follows a 90-day deadline policy. Disclosure Policy 90-day deadline from the date a vulnerability is reported After the…

A fake CEO voice, gift cards, urgency, and secrecy almost worked. The defense is simple: break isolation, verify through known channels, and never treat voice as identity.

Este artigo documenta um incidente específico e real. Ele expõe uma classe de vulnerabilidade que merece atenção: a mutabilidade não supervisionada de regras de segurança por agentes autônomos.

I just learned that forgejo has a push to create repo feature and it is a gamechanger. Upon first try it didn't work, with just a couple of environment...

I got to really put my recently-practised and newly-learned system administrator skills to the test again, mere months after my my last update about migrating the server that hosts my websites. Why’s…

Somewhere, I mentioned the fact that my new, cheap but premium-finished Lenovo IdeaPad Slim 5 had a single issue under Kubuntu 26.04 LTS: resuming after sleep would break Bluetooth. I […]

First track test on the calendar. Last week was the sprint to close the gap. Three big ones got done — and one of them was an actual drag-out fight with the drive inverter. o o o RADIATOR MISTING…

Stephen Hackett blogs about the Anthropic + SpaceX / xAI news, with more questions: Colossus 2 is believed to be up and running, at least to some degree, and xAI may no longer need the first site.…

The BTS evening meeting of June 2025 provided a briefing on Prague Metro Line D from Petr Makasek, Head of Tunnel Department, Mott MacDonald Czech Republic. The focus was on station design,…

In this part of the Yocto hardening we talk about how to verify the integrity of a file system with dm-verity in embedded systems. The post Yocto Hardening: File System Integrity with dm-verity first…

I have briggs.seattle.wa.us , and you might be able to get one for yourself, with your own city and state, if you're in the US! They're free, too. I had success following Frederick Chan's great guide…

For quite a few years the Rails project has been working with the Internet Bug Bounty (IBB). The IBB is an organization that awarded cash to security researchers that reported issues to OSS projects…

Some weeks ago I discovered Immich and was immediately hooked and started feeding the family photo collection into it. Immich on CIFS It’s running on a VM at Hetzner, and I immediately filled…

I collect and analyse e-Bike fleet data for three vendors in Edmonton, Canada.