In 4 hours (noon EST), I'm hosting a demo with office hours for #ApacheTika in belated celebration of World Digital Preservation Day #wdpd2025! www.meetup.com/apache-tika-... Please dm me for the meeting info.

Make your 2025 words-of-the-year nominations for the only vote that matters! bit.ly/2025WOTYNOMS

New: Google says it has discovered at least 5 malware families that use AI to rewrite their code and generate new capabilities on the fly, suggesting AI-powered malware is finally starting to take off. cloud.google.com/blog/topics/... Report also has interesting stories about state actors' AI use.

If you're attending #iPres2025, make sure to check out @petervwyatt.bsky.social 's tutorial on Monday: "A forensic spotlight on PDF/A"! twelve.eventsair.com/QuickEventWe...

Is AI fueling the old 'Dead Internet' conspiracy theory? Yes! AI is building a fake internet just for you. #ai #psychology #cybersecurity #society #internet www.toxsec.com/p/ai-is-buil...

In belated celebration of World Digital Preservation Day, I'm throwing a "What's new with Apache Tika/Office hours" meetup: November 13, noon EST. Everyone interested in files is welcome to join! #ApacheTika #wdpd2025 #digipres #fileForensics #reverseEngineering www.meetup.com/apache-tika-...

We're officially announcing our speakers DistrictCon Year 1! Check out our incredible lineup: www.districtcon.org/speakers This also includes our Day 1 & Day 2 Keynotes from Ian Levy and Dan Ridge. And don't forget, GA tickets go on sale November 16! See you in January! 🪩

It's your responsibility - but how do you even get started fixing search? A blog for Search Product Managers and other search leads thesearchjuggler.com/its-your-res...

So, the news for #ApacheTika and #ipres2025: I implemented fully recursive extraction of raw embedded files from the commandline. issues.apache.org/jira/browse/...

goddamn is there anything Wikipedia editors can’t do www.nytimes.com/2025/10/17/n...

Everyone tests in production. Some people just don’t know it yet

Looking forward to some baking with #ApacheTika! News soon on some #conferenceDrivenDevelopment. #ipres2025

Amazing work, as always, @seeinglogic.bsky.social ! #AIxCC

And, y, I'm late to the game, but I'm really excited for this course, @softwaredoug.bsky.social !

F3: The Open-Source Data File Format for the Future Packaging WASM code to read an evolving file format with the data. Interesting approach and a good idea to test the sandbox abilities of the execution engine. Also mentions of a lot of alternatives to parquet/ORC.

A biological 0-day? Threat-screening tools may miss AI-designed proteins. arstechnica.com/science/2025...

The new bugfix release 2.0.35 of #Apache #PDFBox is available pdfbox.apache.org/download.html

Anyone in #bugbounty looking to connect?

New 7-8B OCR model release from AliBaba. Integrated structures data approach looks promising for specialized use cases with complex visual inputs. huggingface.co/Logics-MLLM/...

Tomorrow I'll be talking about vector retrieval, continuing Cheat at Search Essentials. Full details on my blog article softwaredoug.com/blog/2025/07...

📣This #WebArchiveWednesday, plan your proposal for #iipcWAC26, “Sustainable #WebArchiving,” at KBR, Royal Library of Belgium! netpreserve.org/ga2026/CfP 🗓️ Deadline for proposals: OCT 15 #webarchives #DigitalPreservation #DigitalHumanities

Recording for BM25 + Lexical Search now up maven.com/p/e9fbe4/che...

This Wednesday I'll be discussing how to Cheat at Query Understanding using LLMs with Jason Liu. If you want a taste of "Cheat at Search with LLMs", please come hang out! maven.com/p/eebe98

The annual award ceremony features miniature operas, scientific demos, and 24/7 lectures. www.wired.com/story/say-he...

Great paper on finding and exploiting parser differentials between ZIP parsers to bypass signature validation, malware detection, or VSCode extension ID validation. www.usenix.org/conference/u...

Lucene 10.3 is out with 40% faster lexical search, 15% faster dense vector search and 30% faster terms dictionary lookups. lucene.apache.org/core/corenew...

🚨 Breaking News from Community Over Code 🚨 Introducing The ASF’s New Logo buff.ly/DzgT82w #CommunityOverCode #opensource

Bluesky- "If you can't cite peer reviewed literature, your opinion is morally equivalent to fart noises <links to papers>" Anyhow, I just want to show of my LLM side projects, there really isn't a forum for that anymore.

People on Twitter - "LLMs are gods and I command them so I am a god and people will finally give me the respect I crave" People on Mastodon - "<frothing> slop <pant shitting> LLMs :( <howler monkey sounds> stochastic parrot <growling noises> by the way, Github is the root of all social evils"

W00t!

🚨T I C K E T D R O P D A T E S 🚨 you asked, we're answering 😉 Early Bird: Sep 15 (Mon), noon EST GA: Nov 16, 2025 (Sat), noon EST www.eventbrite.com/e/districtco...

This is supposed to be ironic but I saw it and went “Yeah!”

This is a great post on how to bypass code signing (e.g. for malware persistence or to introduce backdoors) by tampering with V8 heap snapshots. All Electron apps (like Slack, 1Password, and Signal) and Chromium based browsers were vulnerable to this issue. blog.trailofbits.com/2025/09/03/s...

Trey Grainger and I are offering an "AI Powered Search" course in November. Hope to see you there 30% off in Sept maven.com/search-schoo...

Started watching a few videos about MCP. Learned that there are semi official MCP SDKs, where Spring contributed the Java one. Any 1 hour talk to get more up to speed? Curious about learning more, but as condensed as possible - afraid that knowledge outdates fast 😂

Now that school is starting for lots of folks, it's time for a new release of Speech and Language Processing! Jim and I added all sorts of material for the August 2025 release! With slides to match! Check it out here: web.stanford.edu/~jurafsky/sl...

W00t! The #aixcc stage talks recently dropped: aicyberchallenge.com/def-con-33/ #defcon #defcon33

Microsoft just dropped a COPILOT function for Excel so you can run Gen AI on spreadsheets. They warn not to trust it for math or legal/compliance work since it hallucinates. Which of course means people will and the results will be both hilarious and catastrophic.

ICYMI: 5 systems built to compete in DARPA's AI Cyber Challenge are now Open Source: archive.aicyberchallenge.com Everything from prompt templates, to terraform code, to implementations of very recent research techniques, it's all there.

At long last - Phrack 72 has been released online for your reading pleasure! Check it out: phrack.org

Fun fact: Linux allows file names to be any byte sequence except / and the null character. You can also mix character encodings in the same directory #!/usr/bin/env bash prefix="$(dd if=/dev/urandom bs=128 count=1)" touch “$(printf ‘%s\n%s’ “you can’t hurt me I’m already dead” “$prefix”)”

An Open Source sustainability story in two slides. (for a coming talk of mine) Slide 1: car brands using #curl Slide 2: car brands sponsoring or paying for #curl support

So much to unpack here from @micahflee.com but for now I’m just taking it as a permanent cure to any imposter syndrome I ever feel ever. youtu.be/KFYyfrTIPQY?...

Security researchers found a weakness in OpenAI’s Connectors, which let you hook up ChatGPT to other services, that allowed them to extract data from a Google Drive without any user interaction.

Somebody on LinkedIn said what we're all thinking.

Phrack #72 release reveals TTPs, backdoors and targets of a Chinese/North Korean state actor mimicking Kimsuky A copy of his workstation is available for all researchers to analyze! Article: data.ddosecrets.com/APT%20Down%2... Data dump: ddosecrets.com/article/apt-...

I'm sorry folks, the spec made it clear

If you’re at @defcon.bsky.social today and want to learn how we developed the challenges and scoring algorithm, please join us at the #AIxCC stage at 10:30!

We’re open sourcing our AI reasoning system Buttercup, which placed second in DARPAs AI Cyber Challenge! It runs on your laptop and works with any OSS-fuzz/ClusterFuzz compatible project. blog.trailofbits.com/2025/08/08/b...