For readers new to Expat: libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one of the most widely used software libre XML parsers written in C, specifically C99. It is…

David Stauss of Stauss Law writes: Key point: Our new chart compares the data broker laws of California, Connecticut, Nevada, Oregon, Texas, and Vermont, covering applicability standards,…

Users of the Cardano wallet SecondFi (formerly Yoroi) have lost a cumulative 16 million ADA (~$2.4 million) across three attacks targeting a vulnerability in the project's wallet generation code.…

Last year, Jun Kokatsu disclosed an interesting vulnerability with ChatGPT Operator by exploiting a race condition. I was wondering if I could reproduce this attack chain, and this post describes the…

Back in 2015, when the Node.js, NoSQL, and microservices ecosystem was still fresh and the tooling hadn’t matured, choosing one solution over the other would be a hit-and-miss situation. We didn’t kno

I’m not back at work full-time, but I am starting back and paging the OpenZFS Mastery manuscript back into my skull’s RAM. Here’s a tidbit. Compression is a key feature of OpenZFS. A computer…

[MAGIC](https://github.com/flybot-sg/magic) is a compiler. It turns Clojure into .NET so Clojure can run in Unity, even on iOS. To do its job, it commits some of its build outputs straight into the…

Cloudflare Tunnel changed local integration testing for me because it gave local services stable HTTPS names that behave like the real app boundary.

Why skip past the why When someone says “I run Qwen 3.6 at 25 tokens per second”, or makes any similar performance claim about their self-hosted LLM setup, this is only meaningful if we…

Sniffnet just reached 500k total downloads! When I started developing Sniffnet nearly 4 years ago, I’d have never imagined that a project born almost for fun could one day be installed half a million…

Kasia Ozga, Spiderwebs, 2018. I was watching fedgeoday 2026 when a speaker from one of my favorite and trusted data source in the US, the “US Census Bureau”, introduced a change in their data…

The Accenture / Dragos / runZero / NetRise deal may be the most significant single event in the OT Security Community & Market since Colonial Pipeline. I tackle this in 3 parts over the next 3…

Disclosures 🧠 This post is fully human-written: all prose with the exception of the IoC information. Because it was time-sensitive, Claude was used to accelerate the RAT analysis and build an…

Anthropic and OpenAI sell flat-rate coding seats and expose zero per-user token counts to go with them. The only way to see who is actually using the tools, and how hard, is the CLI's own…

The following is a message from SafecomLink : For decades, HF radio ARQ digital modes such as PACTOR has been governed by two "laws" everyone simply accepted: ❌ ARQ is point-to-point. ❌ Both stations…

Introduction The setup Laying the foundation The foundation: schemas and user roles for modularity Domains Accounts, managed and external Transfers, constrained by a state machine and temporal…

A service whose throughput never drops can still see its goodput collapse to zero under a load spike — and stay collapsed. Why it happens, and three fixes, in Go.

The AWS Summit in Shanghai

Introduction Note: The research and tooling covered in this post are not my original work,. All credit goes to Yaxxine7 for creating the ASRepCatcher tool and doing all the heavy lifting! AS-REP…

In the hours following the release of CVE-2026-8461 for the project FFmpeg , site reliability workers and systems administrators scrambled to desperately rebuild and patch all their systems to fix an…

I was writing a controller that watches Kubernetes HPAs and Istio VirtualServices for changes and coordinates between the two. Both watchers feed updates into the same reconciliation loop, and the…

Arizona Governor Katie Hobbs has vetoed a bill which would have ended the state’s compliance with the Federal REAL-ID Act. Like many other states, Arizona gives applicants for driver’s…

A senior colleague found the best model she'd used all year. A day later, an export directive switched it off for everyone. She went back to Opus and kept working. But what happens when the model…

There are layers to Universal Links on iOS which add complexity to deploying and testing updates.

One of the most interesting capabilities introduced by EVPN is native active-active multihoming. If you’ve spent time designing data center networks over the last decade, you’ve most likely used or…

How I finally migrated my Immich setup from External Libraries to internal storage — covering storage templates, community migration scripts, and surviving face recognition quirks. Read the full post…

This means I need fewer certificates, and works around the IP blocks

DiskImageMounter.app silently fails to mount Linux ISOs in macOS and hdiutil attach linux.iso returns "attach failed - Resource temporarily unavailable". However, the built-in tar (bsdtar…

HAMi moves from cluster to desktop with Olares.

When we moved into our current place, we knew pretty quickly we'd want to change our bedroom ceiling fan. That thing easily covered a quarter of our ceiling, wobbled like crazy, and I could not…

Every now and then I go digging through Report URI's Threat Intelligence data feeds, looking for domains that show up in CSP reports where they really shouldn't. Last week one jumped out at…

A vulnerability scan passes. The code ships. Two days later, an attacker finds a way in.... The post 4 Best Snyk Alternatives with Runtime Protection appeared first on FF-Gler Code.

The FreeBSD CI workers get slower over time. Is this a build-up on ZFS snapshots or something else?

This year's hacker house: same crew, a villa in the south, and the first time we all met up since Claude landed in our lives. Now we all just point it at the scope, and we all surface the same bugs.…

One day around 2010, we experimented at work with ARP poisoning and intercepting traffic for other hosts on the network at work. We immediately saw all traffic flowing through the network. Between…

Source

You use a JetBrains IDE? That's your choice. Maybe you prefer Neovim. OK hacker. Maybe you just kept it simple and went with VS Code. Smart move. While I might judge your choice of IDE, I don't…

MAGIC (Morgan And Grand Iron Clojure) compiles Clojure to .NET so we can run it in Unity, including on iOS. [Ramsey Nasser](https://nas.sr/about/) built it and maintained it almost single-handedly…

  So, you have successfully completed your master’s degree in international security, international relations, history, intelligence studies or something similar, and you are very…

For the first time since I’ve been a full-time Linux user (25+ years), my machine is hitting some sort of bug –either software or hardware– that randomly makes the PC fans stop…

What Happened Over the course of September 2025 to May 2026, Hargreaves Lansdown the UK-based investment platform has been the subject of IT glitches, hacker claims, and technical outages that have…

Before In the previous version, when you hit “sync” to create a new profile, it fetched from the server ALL data (locations, operators, plans, browsers). This was slower, especially…

I Lost My Setup Once. Now It Lives in a Repo. This week I switched to a new laptop. Nothing dramatic — nothing lost or stolen. Just the old one out, a new one in. Almost everything moved over on its…

Coding agents are quite good at writing code now. Any of the agents can easily add a function, wire up an endpoint, or open a pull request for you. But there's a gap that you run into in practice.…

The Accenture / Dragos / runZero / NetRise deal may be the most significant single event in the OT Security Community & Market since Colonial Pipeline. I tackle this in 3 parts over the next 3…

In a delivery system reshaped by AI, metrics are the only defence against blind risk

Preface I am an avid selfhoster, and I follow the gitops pattern with ArgoCD for controlling the state of my Kubernetes (k3s) cluster. Something which I probably do different than most folks is that…

Codra is a private, free and open-source AI code review engine with bring-your-own models, infrastructure and limits.

I recently set up [nono](nono.sh) sandboxes on my Mac to put my Claude Code sessions into a more restricted playground. Having Claude live unrestricted on my whole filesystem did not feel right,…

Here's how to install MediaWiki on a desktop computer running Debian 13 (Trixie).